program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_forget\x00', r0, 0x0, 0x100000000}, 0x18) rt_sigprocmask(0x0, &(0x7f0000000480)={[0xfffffffffffffffd]}, 0x0, 0x8) (async) syz_mount_image$hfsplus(&(0x7f0000000400), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, &(0x7f00000022c0)=ANY=[], 0x5, 0x6ce, &(0x7f0000000d40)="$eJzs3c9vHGcZB/DvrNeOt1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/b6VxKvHfh8ovG8M/O+7zzzzDsz3nVWG+D/1tVzaT5Ikavn3rifRpK1+fb62vyxenM7SVluJM3uLMXtpHiYLJTbi4EpA/MtPl6+8tZnj9Y/T93hQP2JndqNMKLuaj1ltu5vdmTLyb3uYrV7uMmLSa7V82FTe+1rqGKZtLP1HA5dZ4vV/TTfz3ULHDG9p1PRfW5uMZO8kGS699iu7w6N8UV4MPZ1lwMAAIDn1Kd3DjsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeP7U3/9f1FOjnmc2Re/7/6d66+ryEbSw55oPDjQOAAAAAAAAABiPrz/O49zP8d5yp6j+5n+mWjiZLzrJl/J+7mUpd3M+97OYlazkbi4mmRnoaOr+4srK3Yv9lqXRLS+NbHlpXEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgKCiSie6smk7W88yk0czGtqwm/0wyddjx7kMxauWD8ccBAAAAT2W6X2rtuc2XH+dx7ud4b7lTVK/5v1K9Xp7O+7mdlSxnJe0s5Xr9Grp81d9YX5tvr6/N3yqncnm43+//e1+hT9U9TFRLo/Z8uqrRyo0sV2vO51oVzPU0uvs+m5zuxTMQ14CPypiK79X2GFmzTmu5s99v9y7CMzH8VkRjh5qtjeCSfkbm6tjKlie6GSiqN2qSzZnY9ew0h5Zmql4n+3u6mEb/nZ+TB5DzF+p5eTy/OdCc71c/E41UmbjUG33lNbNzJpJv/PVPb99s33735o17547OIe1iYpv1m8fE/EAmXnmuM9HcZ/25KhOn+stX86P8JOcymzdzN8v5aRazkqV06u2L9Xguf87snKmFoaU3d4tkqj4v3XO2l5hm88OqtJgzVdvjWU6RO7mepbxe/buUi/l2Ludyrgyc4VPbxl0dW3XVNzZf9b0z/beRwZ/9Zl0o726/3bjLLex0xNuNzmele+8v83piIK/dUf+oX+vEwHUwN5Cll3rZmRzZ+ZPcG5tfrQvlPn61y3NivGbqTJQXUO8p0Yvu5W4mmtWzaOs4/0OnbJf27U7n5uJ72/S/umn5tXpeDqu1r+1Wu2f0qXi2yvHyUqbrO8nw6Ci3vdy/ywxs62yM5WPVz+EnbtnuVNWuKHpX6o9zpxoAW6/Uqfp3uOaWni5V214ZuW2+2nZ6YNvQ71u5k3aujyF/ADyJf7zdL87khanWv1qftj5p/bp1s/XG9A+OfefYq1OZ/Pvkd5tzE681Xi3+kk/y843X/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJO798GH7y6220t3Rxca228aKrSyec1uPW8qFPUX+uyv1dEtTCcZWlN9z9HYw2htDmNLofOLZOz56X2J4Og6vysLzS0jalRhYWjNn7d2+NE+Iyz2dl0cYKGR8e50IqMHwCHelICxuLBy670L9z748FvLtxbfWXpn6fbk5ctX5q5cfn3+wo3l9tJc9+dhRwkchI2H/mFHAgAAAAAAAAAAAOzVqA8GnHlxtw+N7OkzHv5nIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBMXD2X5oMUuTh3fq5cXl+bb5dTr7xRs5mk0UiKnyXFw2Qh3SkzA90V+ePDdEbs5+PlK2999mj9842+mt36SaOeb2/nrUlW6ymzSSbq+VMY6u/aU/dX/Kd3DGXCvuh0OgtPFx88G/8NAAD//1Lq9D8=") r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) read$qrtrtun(0xffffffffffffffff, &(0x7f00000004c0)=""/100, 0x64) (async) write$binfmt_elf32(r1, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46fe7df904050000000000000002000300155eef2e5d020000380000000b0300000700000000002000030009008700000400000000050000003016000000e00100018000000300000000080000000000000000000051e5746401"], 0x98) (async) close(r1) (async) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000300)={[], [{@smackfsroot={'smackfsroot', 0x3d, '-'}}, {@audit}, {@dont_measure}, {@smackfsdef={'smackfsdef', 0x3d, '\x00'}}, {@obj_type={'obj_type', 0x3d, ')--'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@fowner_eq={'fowner', 0x3d, r2}}, {@euid_lt={'euid<', r2}}]}, 0x7, 0x4d6, &(0x7f0000000740)="$eJzs3EFsVEUfAPD/27a0QPnoh4iCqEU0NhpbKCgcTAxGEw+aGPGgx6YtBFmooTURQmRJDB4NiXfj0asHr+rNcDLxikcTQ0IMF8DTM2/3bXe73V3a7bYr9PdLlp2Znbczs/Pm7bwZtgFsWqPZP0nEcETcjIidEVFozDBaebp35/L0/TuXp6OUpif/TrLD4m4WzyX58/Y8MlaIKHyZ1F6oM3/x0tmpYnH2Qh6fWDj36cT8xUuvnDk3dXr29Oz5yePHjx45fOy1yVdX36gm5WXturvvi7n9e9/5+Pp70/3V9KH8ub4d3TIao82qUvZCtwvrsR114aS/Xc431r8yrFh2/mfdNVAe/zujL9p2HvAISdM0HWz9ciltdHVZCvDQSqLXNQB6o/pFn93/Vh/NJgJb1mf60XO3T1RugLJ238sfEc+WE6vrIAMN97fdNBoRH5X++TZ7xDqtQwAA1Pv5RHUm2DD/G4nYU5fvf/keykhE/D8idkXEYxGxOyIej0reJyLiyYb374uItE35ow3x5fOfwq21tbC9bP73er63VZv/Rf0u2EhfHtsRUZ0wzx7KP5OxGBg8daY4e7hNGb+89fvXrV6rn/9lj6z86lwwr8et/oYFupmphamOG9zg9tWIff2N7U/6I5LFnYAkIvZGxL5VvO9IXfjMS9/vX4wMLM334PaXpU330bqwVZF+F/Fipf9LsaT/ayUm7fcnJ4aiOHtoIjsLDjUt48Zv195vVf4D2//jn42HvH3sp5P5yFq7rP+31Z3/Ud2/rbV/JIlIFvdr51dfxrU/vmp5T9Pp+b8l+bAcrt6Xfj61sHDhcMSW5N3l6ZO1Y6vx7DlKlfaPHWw+/nflx2SfxFMRkZ3ET0fEM1G5QxyN9MqBiHguIg62af+vbz7/SeftX19Z+2eaXv+W9H9tvz4LZKkXlqRMFZNSJXctZTHQd/bAzfstLh4r6/+j5dBYntL8+pcsuUQsr0XzwBo/PgAAAHgoFCJiuG4taTgKhfHxyhrQ7thWKM7NL7x8au6z8zOV3wiMxEChutJVWQ8eSKrrnyN18cmG+JF83fibvq3l+Pj0XHGmpy0HtpfHfFIYX7wWVMZ/5q/uLDED/2V+8gOb14PG/57rG1QRYMP5/ofNq278l1pkKfmfMvBoWsn3v7VAeDQ1G/9XOjgGeLikxjJsaqsZ/0vz3tjZ9coAG6o/PlgMF3paE2Cjmf/DprSiH8l3HEgHm780FMszx1D7N+yLzqqxtUlZPQlkM6uelL61k6Oqf02hZZ4orO4NB5f9yYjO+vTU2j+W03u6fvKn+f5Yt3vwhw0Zp80C7a8bk8Prd00CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopn8DAAD//7x926o=") [ 74.751895][ T4708] Bluetooth: hci0: command tx timeout [ 74.814710][ T5359] loop0: detected capacity change from 0 to 1024 [ 74.866285][ T5359] [ 74.867426][ T5359] ============================================ [ 74.870103][ T5359] WARNING: possible recursive locking detected [ 74.872457][ T5359] syzkaller #0 Not tainted [ 74.874374][ T5359] -------------------------------------------- [ 74.877016][ T5359] syz.0.0/5359 is trying to acquire lock: [ 74.879415][ T5359] ffff88805348d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 74.883879][ T5359] [ 74.883879][ T5359] but task is already holding lock: [ 74.886815][ T5359] ffff88805348c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 74.891632][ T5359] [ 74.891632][ T5359] other info that might help us debug this: [ 74.894997][ T5359] Possible unsafe locking scenario: [ 74.894997][ T5359] [ 74.898272][ T5359] CPU0 [ 74.899711][ T5359] ---- [ 74.901187][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.903757][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.906321][ T5359] [ 74.906321][ T5359] *** DEADLOCK *** [ 74.906321][ T5359] [ 74.909785][ T5359] May be due to missing lock nesting notation [ 74.909785][ T5359] [ 74.913247][ T5359] 5 locks held by syz.0.0/5359: [ 74.915323][ T5359] #0: ffff888036ec00e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 74.919606][ T5359] #1: ffff888053487998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1278/0x1b50 [ 74.923730][ T5359] #2: ffff888032fd60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 74.927828][ T5359] #3: ffff88805348c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 74.932409][ T5359] #4: ffff8880534878f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 74.936559][ T5359] [ 74.936559][ T5359] stack backtrace: [ 74.938957][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.938972][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.938979][ T5359] Call Trace: [ 74.938986][ T5359] [ 74.938992][ T5359] dump_stack_lvl+0x189/0x250 [ 74.939009][ T5359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.939021][ T5359] ? __pfx__printk+0x10/0x10 [ 74.939036][ T5359] ? print_lock_name+0xde/0x100 [ 74.939051][ T5359] print_deadlock_bug+0x28b/0x2a0 [ 74.939064][ T5359] validate_chain+0x1a3f/0x2140 [ 74.939076][ T5359] ? lock_release+0x4b/0x3e0 [ 74.939087][ T5359] ? look_up_lock_class+0x74/0x170 [ 74.939138][ T5359] ? register_lock_class+0x51/0x320 [ 74.939154][ T5359] __lock_acquire+0xab9/0xd20 [ 74.939170][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 74.939180][ T5359] lock_acquire+0x120/0x360 [ 74.939194][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 74.939205][ T5359] ? stack_trace_save+0x9c/0xe0 [ 74.939218][ T5359] ? __pfx_hlock_conflict+0x10/0x10 [ 74.939230][ T5359] __mutex_lock+0x187/0x1350 [ 74.939242][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 74.939254][ T5359] ? lockdep_unlock+0x89/0x120 [ 74.939262][ T5359] ? validate_chain+0x897/0x2140 [ 74.939269][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 74.939276][ T5359] ? __pfx___mutex_lock+0x10/0x10 [ 74.939285][ T5359] hfsplus_get_block+0x39e/0x1530 [ 74.939298][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.939307][ T5359] ? do_raw_spin_unlock+0x4d/0x240 [ 74.939320][ T5359] ? _raw_spin_unlock+0x28/0x50 [ 74.939341][ T5359] block_read_full_folio+0x29f/0x830 [ 74.939354][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.939365][ T5359] filemap_read_folio+0x117/0x380 [ 74.939380][ T5359] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.939386][ T5359] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.939398][ T5359] ? filemap_add_folio+0x1af/0x270 [ 74.939411][ T5359] do_read_cache_folio+0x350/0x590 [ 74.939421][ T5359] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.939431][ T5359] read_cache_page+0x5d/0x170 [ 74.939441][ T5359] hfsplus_block_allocate+0xe4/0x9b0 [ 74.939459][ T5359] hfsplus_file_extend+0xae3/0x1990 [ 74.939471][ T5359] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.939484][ T5359] ? hfsplus_find_init+0x15a/0x1d0 [ 74.939497][ T5359] ? __pfx___mutex_lock+0x10/0x10 [ 74.939509][ T5359] hfsplus_bmap_reserve+0x122/0x500 [ 74.939525][ T5359] hfsplus_create_cat+0x183/0x1000 [ 74.939539][ T5359] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 74.939551][ T5359] ? do_raw_spin_unlock+0x4d/0x240 [ 74.939574][ T5359] ? do_raw_spin_unlock+0x4d/0x240 [ 74.939586][ T5359] ? _raw_spin_unlock+0x28/0x50 [ 74.939599][ T5359] ? hfsplus_new_inode+0x643/0x820 [ 74.939610][ T5359] hfsplus_fill_super+0x12f5/0x1b50 [ 74.939625][ T5359] ? __lock_acquire+0xab9/0xd20 [ 74.939641][ T5359] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.939655][ T5359] ? string+0x279/0x2b0 [ 74.939680][ T5359] ? snprintf+0xda/0x120 [ 74.939697][ T5359] ? sb_set_blocksize+0x104/0x180 [ 74.939712][ T5359] ? setup_bdev_super+0x4c1/0x5b0 [ 74.939722][ T5359] get_tree_bdev_flags+0x40e/0x4d0 [ 74.939730][ T5359] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.939740][ T5359] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.939749][ T5359] vfs_get_tree+0x92/0x2b0 [ 74.939757][ T5359] do_new_mount+0x2a2/0x9e0 [ 74.939766][ T5359] ? ns_capable+0x8a/0xf0 [ 74.939773][ T5359] ? __pfx_do_new_mount+0x10/0x10 [ 74.939781][ T5359] ? path_mount+0x61c/0xfe0 [ 74.939789][ T5359] ? user_path_at+0x44/0x60 [ 74.939796][ T5359] __se_sys_mount+0x317/0x410 [ 74.939806][ T5359] ? __pfx___se_sys_mount+0x10/0x10 [ 74.939815][ T5359] ? do_syscall_64+0xbe/0x3b0 [ 74.939822][ T5359] ? __x64_sys_mount+0x20/0xc0 [ 74.939830][ T5359] do_syscall_64+0xfa/0x3b0 [ 74.939837][ T5359] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.939843][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.939850][ T5359] ? clear_bhb_loop+0x60/0xb0 [ 74.939857][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.939865][ T5359] RIP: 0033:0x7f6d2799066a [ 74.939873][ T5359] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.939882][ T5359] RSP: 002b:00007f6d2884ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.939893][ T5359] RAX: ffffffffffffffda RBX: 00007f6d2884aef0 RCX: 00007f6d2799066a [ 74.939901][ T5359] RDX: 0000200000000400 RSI: 0000200000002900 RDI: 00007f6d2884aeb0 [ 74.939908][ T5359] RBP: 0000200000000400 R08: 00007f6d2884aef0 R09: 0000000000000004 [ 74.939913][ T5359] R10: 0000000000000004 R11: 0000000000000246 R12: 0000200000002900 [ 74.939918][ T5359] R13: 00007f6d2884aeb0 R14: 00000000000006ce R15: 00002000000022c0 [ 74.939925][ T5359]