program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x695, &(0x7f0000000a40)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXX77tJ7LXF5xPNPs8zz8s885uZnd1ZRQ7wP+vauTQep5Zr595cLsorj2Y6K49m7vTzSSaS1JNGL0ntblL7KLma3pLPFCur4WrbbeeDhdm3P/505ZNeqVEtZfv6Tv02uVLfYuXDasmZJEeq9BmsG+/6hvFaIw9XW93DImBn+4GDcWsm6a7z3VNrNbsa/roFDqxaed/cfM1PJUeTTFafA3p3xd49+1B7OO4JAAAAwD544ZflV/hj454HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCa9v/9fJOVS7+fPpNb/+/+tal2q/KH2eNwTAAAAAAAAAIDRffP/N6z43JM8yXKO9cvdWvmb/6tl4UT5+n95P/cyn8Wcz3LmspSlLOZikqmyvlm+tpbnlpYWLw7R89Jqzwz0vDTkHrSffucBAAAAAAAA4LBojN7lx7m29vs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBLXkSC8plxP9/FTqjSSTSVpFu4fJX/v5A+nXfxosdf/dLW1q9ng/5wQAAAB7obl7kxee5EmWc6xf7tbK7/ynyu/9k3k/d7OUhSylk/ncKJ8F9L7111cezXRWHs3cKZbN4371HyPNtBwxvWcPW2/5dNminZtZKNecz/W8m05upF72LJzuz2fref2omFPtjcqQM7tRpcWe/2qYiD6j2tAtp8qIFDPqRWS66ltE4/jOkRjx6PS31I/9xdRXn/yceJ4xX+4lr/+2lxb78/ORYrLXNkbi0sDZd2oltR0ikXz+j7/7zq3O3dsTN++dOzi7NIKJgSdoGyMxMxCJl3c+J9JMFYlbhzUSg6bLSJxcLV/LN/LtnMuZvJXFLOR7mctS5nMmX89cjmSuOp+L16mdI3V1Xemt3WbSKo9Ls3oXHX5OS5nLq2XfY1nIt/JubmQ+V8p/l3Ixr1cjZvUInxziqq+P9k579gsDD5N/kaQ9XL99UEzs+OrdafCsny6vg+Pr1qxdBy8+//tR47NVptjGTwaOyPhtjMTFgUi8tHMkflO+rdzr3L29eGvuvSG391qVFtfRzw7UXaI4X14sDlZZWn92FHUvbayb7MWrVf3i0qtbf8ct6k6u1m1/pV7O5cyWrU9tOdKlsu7lLetmyrrTA3XrPm9d7X3eAuDAO/rFo63239t/aX/Y/mn7VvvNya9NfHnilVaaf25+pTF95LX6K7U/5MP8YO37PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8PTu3X9we67TmV/ckOl2uz/cpmoPM+0k/TXJbr2a2b3N3mRaScpMo58ZbZyJoRq31o7OG79/ljk3R+2VPJdANaqT7P6D2//sdrv7fpi2yDR3OOfXMt3KpqruUN3HlvlX9/kNOOY3JmDPXVi6896Fe/cffGnhztw78+/M3529fHl2evbylb9duLnQmZ/uvY57lsBeWLvpj3smAAAAAAAAAAAAwLD2478lbLPp/+zzrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH1LVzE1Xu/HTxuvJoplMs/fxqw7JZPUnt+0nto+RqekumBoarbbedDxZm3/7405VPeqVGtZTt6+v6NZ9mLx5WS84kOVKlgyafYbzrVfpUMyvVVvewCNjZfuBg3P4bAAD//9G6EAc=") r0 = creat(&(0x7f0000000100)='./file1\x00', 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = add_key(&(0x7f0000000240)='big_key\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000a00)="14", 0x1, 0x0) keyctl$read(0x3, r2, 0x0, 0x0) keyctl$revoke(0x3, 0x0) ioctl$sock_ifreq(r1, 0x8926, &(0x7f0000000000)={'bridge_slave_1\x00', @ifru_addrs=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}, 0x3}}) r3 = accept4$x25(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x12, 0x80000) connect$x25(r3, &(0x7f0000000280)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) [ 69.997521][ T5300] Bluetooth: hci0: command tx timeout [ 70.078614][ T5315] loop0: detected capacity change from 0 to 1024 [ 70.124874][ T5315] [ 70.125842][ T5315] ============================================ [ 70.128106][ T5315] WARNING: possible recursive locking detected [ 70.130380][ T5315] 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 Not tainted [ 70.132934][ T5315] -------------------------------------------- [ 70.135287][ T5315] syz.0.0/5315 is trying to acquire lock: [ 70.137397][ T5315] ffff888053140108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 70.142017][ T5315] [ 70.142017][ T5315] but task is already holding lock: [ 70.144705][ T5315] ffff888053142988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 70.148823][ T5315] [ 70.148823][ T5315] other info that might help us debug this: [ 70.151778][ T5315] Possible unsafe locking scenario: [ 70.151778][ T5315] [ 70.154557][ T5315] CPU0 [ 70.155826][ T5315] ---- [ 70.157321][ T5315] lock(&HFSPLUS_I(inode)->extents_lock); [ 70.159622][ T5315] lock(&HFSPLUS_I(inode)->extents_lock); [ 70.161884][ T5315] [ 70.161884][ T5315] *** DEADLOCK *** [ 70.161884][ T5315] [ 70.164982][ T5315] May be due to missing lock nesting notation [ 70.164982][ T5315] [ 70.168112][ T5315] 3 locks held by syz.0.0/5315: [ 70.169964][ T5315] #0: ffff888053142b78 (&sb->s_type->i_mutex_key#19){+.+.}-{4:4}, at: generic_file_write_iter+0x82/0x310 [ 70.174162][ T5315] #1: ffff888053142988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 70.178116][ T5315] #2: ffff8880409c40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 70.181753][ T5315] [ 70.181753][ T5315] stack backtrace: [ 70.184045][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 70.188452][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.193648][ T5315] Call Trace: [ 70.195301][ T5315] [ 70.196794][ T5315] dump_stack_lvl+0x241/0x360 [ 70.199191][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.201735][ T5315] ? __pfx__printk+0x10/0x10 [ 70.203973][ T5315] ? lockdep_unlock+0x16a/0x300 [ 70.206192][ T5315] print_deadlock_bug+0x483/0x620 [ 70.208631][ T5315] validate_chain+0x15e2/0x5920 [ 70.210635][ T5315] ? __bfs+0x368/0x6f0 [ 70.212206][ T5315] ? __pfx_hlock_conflict+0x10/0x10 [ 70.214077][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 70.215868][ T5315] ? check_path+0x21/0x40 [ 70.217357][ T5315] ? check_noncircular+0x259/0x4a0 [ 70.219247][ T5315] ? look_up_lock_class+0x77/0x170 [ 70.221126][ T5315] ? register_lock_class+0x102/0x980 [ 70.223146][ T5315] ? lockdep_unlock+0x16a/0x300 [ 70.225007][ T5315] ? __pfx_register_lock_class+0x10/0x10 [ 70.227154][ T5315] ? mark_lock+0x9a/0x360 [ 70.228778][ T5315] __lock_acquire+0x1397/0x2100 [ 70.230463][ T5315] lock_acquire+0x1ed/0x550 [ 70.232216][ T5315] ? hfsplus_file_extend+0x21b/0x1b70 [ 70.234253][ T5315] ? __pfx_lock_acquire+0x10/0x10 [ 70.235992][ T5315] ? __pfx___might_resched+0x10/0x10 [ 70.238123][ T5315] __mutex_lock+0x1ac/0xee0 [ 70.239993][ T5315] ? hfsplus_file_extend+0x21b/0x1b70 [ 70.242176][ T5315] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.244472][ T5315] ? mark_lock+0x9a/0x360 [ 70.246010][ T5315] ? hfsplus_file_extend+0x21b/0x1b70 [ 70.248003][ T5315] ? __pfx___mutex_lock+0x10/0x10 [ 70.249831][ T5315] hfsplus_file_extend+0x21b/0x1b70 [ 70.251778][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 70.253914][ T5315] ? __pfx___mutex_trylock_common+0x10/0x10 [ 70.256063][ T5315] ? rcu_is_watching+0x15/0xb0 [ 70.257881][ T5315] ? trace_contention_end+0x3c/0x120 [ 70.259808][ T5315] ? __mutex_lock+0x37f/0xee0 [ 70.261472][ T5315] ? hfsplus_brec_find+0x19d/0x570 [ 70.263297][ T5315] hfsplus_bmap_reserve+0x105/0x4e0 [ 70.265048][ T5315] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 70.267036][ T5315] __hfsplus_ext_cache_extent+0x84/0xe10 [ 70.268998][ T5315] hfsplus_file_extend+0x48c/0x1b70 [ 70.270868][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 70.272913][ T5315] ? clean_bdev_aliases+0x654/0x7e0 [ 70.274801][ T5315] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 70.276896][ T5315] hfsplus_get_block+0x406/0x14f0 [ 70.278743][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 70.280794][ T5315] ? create_empty_buffers+0x53e/0x740 [ 70.282986][ T5315] __block_write_begin_int+0x50c/0x1a70 [ 70.285021][ T5315] ? irqentry_exit+0x63/0x90 [ 70.286731][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 70.288760][ T5315] ? __pfx___block_write_begin_int+0x10/0x10 [ 70.290823][ T5315] cont_write_begin+0x6e2/0x9d0 [ 70.292643][ T5315] ? __pfx_cont_write_begin+0x10/0x10 [ 70.294457][ T5315] ? __pfx_fault_in_readable+0x10/0x10 [ 70.296514][ T5315] ? __mark_inode_dirty+0x3db/0xe90 [ 70.298467][ T5315] hfsplus_write_begin+0x68/0xb0 [ 70.300340][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 70.302395][ T5315] generic_perform_write+0x344/0x6d0 [ 70.304329][ T5315] ? __pfx_generic_perform_write+0x10/0x10 [ 70.306402][ T5315] ? file_update_time+0x2ab/0x450 [ 70.308308][ T5315] ? __generic_file_write_iter+0x102/0x230 [ 70.310455][ T5315] generic_file_write_iter+0xae/0x310 [ 70.312420][ T5315] aio_write+0x56b/0x7c0 [ 70.313804][ T5315] ? __pfx_aio_write+0x10/0x10 [ 70.315667][ T5315] ? __might_fault+0xaa/0x120 [ 70.317214][ T5315] ? __pfx_lock_release+0x10/0x10 [ 70.318950][ T5315] ? __fget_files+0x2a/0x410 [ 70.320658][ T5315] ? __might_fault+0xaa/0x120 [ 70.322467][ T5315] io_submit_one+0x8a7/0x18a0 [ 70.324180][ T5315] ? __pfx_io_submit_one+0x10/0x10 [ 70.326055][ T5315] ? __might_fault+0xaa/0x120 [ 70.327792][ T5315] ? __pfx_lock_release+0x10/0x10 [ 70.329639][ T5315] ? __might_fault+0xaa/0x120 [ 70.331433][ T5315] ? __might_fault+0xc6/0x120 [ 70.333257][ T5315] __se_sys_io_submit+0x171/0x2e0 [ 70.335081][ T5315] ? __pfx___se_sys_io_submit+0x10/0x10 [ 70.337203][ T5315] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.339251][ T5315] ? do_syscall_64+0x100/0x230 [ 70.341124][ T5315] ? do_syscall_64+0xb6/0x230 [ 70.342886][ T5315] do_syscall_64+0xf3/0x230 [ 70.344637][ T5315] ? clear_bhb_loop+0x35/0x90 [ 70.346393][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.348662][ T5315] RIP: 0033:0x7f34cf57ff19 [ 70.350314][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.357400][ T5315] RSP: 002b:00007f34d0363058 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 70.360153][ T5315] RAX: ffffffffffffffda RBX: 00007f34cf745fa0 RCX: 00007f34cf57ff19 [ 70.363196][ T5315] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007f34d0319000 [ 70.366265][ T5315] RBP: 00007f34cf5f3986 R08: 0000000000000000 R09: 0000000000000000 [ 70.369300][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.372309][ T5315] R13: 0000000000000000 R14: 00007f34cf745fa0 R15: 00007ffc850dcb38 [ 70.375271][ T5315]