program: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYRES32=0x0, @ANYRES16, @ANYRES16], 0x11, 0x2d5, &(0x7f0000000bc0)="$eJzs3ctqFEscx/Ff9UySycmQ07kcDriMBnQjMW7EzQSZhxAXomZGCA4RTQR1YxQXIqJ7976CryC4UXwBXbnyAUYQWqq65pqe7jhkujP4/YChp7uq61/pS9V/wJQA/LWu1L++u/jd/jNSSSXp5WUpkPRCKkv6T/9XHuzu7+y3mo2U87QjRxXJKK5pDhXa3m0m1a3I1/BC+6msav8+TEYURVvfJO0VHQgK5Z7+BIE0559Od7ySe2Tpno5Z7+CY45g2pq22Hmqx6DgAAMXy43/gx/mqn78HgbTuh/0TOf6Pq110ABMXpR7tG/9dlhUZe33/dYd6+Z5L4ezxoJMlHqXlmaHPs4rvrIEJpsnKKl0swfztnVbz/PbdViPQM9W8vmKr7mcjvnU7MqJdS8hNUxyh7yZ5Rrng+jBj+7A5Iv6VMVscm/loPpvrJtRbNbrzv3Jk7GVyVyoculJx/Bujz+h6GdpS8q+NWq0WDBRZco2c8i14Gb2sJGck6txRSxr8giDMitPVWh6qFffuQkatlbjW1vxArc3OpxG1Vgfasr3p3s2j25s089pcNWv6ofeq983/AxvfulKfzN5TY9bjocD9xuP+zCY3V3bnDA+NHAe6Vh3c0/0tzo0K/Wf6Ow1DnqQce6VbuqTFvUeP75RareZ9u3EzYeNetbtn5rmUWKaAjUC9PTroHZpT/EXkoVqdQSnPUM8d6wnt+yOzsH3KcungibkTitiof8r3RipiI6d3FArVu+iZRT/kEhDy5uZdcf7Xl69suMme/RGmzNMzJ2T+jJGdY3czoMpA/WW39c8fZXALozO4o+Zcp89KZ7q7fkUZLYY+zukQpU39LFPXF93g+38AAAAAAAAAAAAAAAAAAIBpk8d/Jyi6jwAAAAAAAAAAAAAAAAAAAAAATLvu+r/qrP8rv/5vJX393+G//F2KV3g5lvV/3+yK9X+ByfsdAAD//y0Iis0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) syz_mount_image$exfat(0x0, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2941842, 0x0, 0x0, 0x0, &(0x7f0000000300)) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) [ 87.441411][ T5310] Bluetooth: hci0: command tx timeout [ 87.584276][ T5333] loop0: detected capacity change from 0 to 64 [ 88.314644][ T5333] [ 88.315819][ T5333] ============================================ [ 88.318423][ T5333] WARNING: possible recursive locking detected [ 88.322547][ T5333] syzkaller #0 Not tainted [ 88.324429][ T5333] -------------------------------------------- [ 88.327021][ T5333] syz.0.0/5333 is trying to acquire lock: [ 88.329423][ T5333] ffff8880417580b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 88.333767][ T5333] [ 88.333767][ T5333] but task is already holding lock: [ 88.336929][ T5333] ffff8880417580b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 88.340757][ T5333] [ 88.340757][ T5333] other info that might help us debug this: [ 88.343910][ T5333] Possible unsafe locking scenario: [ 88.343910][ T5333] [ 88.346836][ T5333] CPU0 [ 88.348214][ T5333] ---- [ 88.349585][ T5333] lock(&tree->tree_lock/1); [ 88.351440][ T5333] lock(&tree->tree_lock/1); [ 88.353282][ T5333] [ 88.353282][ T5333] *** DEADLOCK *** [ 88.353282][ T5333] [ 88.356579][ T5333] May be due to missing lock nesting notation [ 88.356579][ T5333] [ 88.360026][ T5333] 5 locks held by syz.0.0/5333: [ 88.362269][ T5333] #0: ffff88801f33e420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 88.366254][ T5333] #1: ffff888038559620 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 88.371338][ T5333] #2: ffff888038559478 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 88.376470][ T5333] #3: ffff8880417580b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 88.380800][ T5333] #4: ffff8880385580f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 88.385546][ T5333] [ 88.385546][ T5333] stack backtrace: [ 88.388067][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 88.388082][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.388090][ T5333] Call Trace: [ 88.388097][ T5333] [ 88.388104][ T5333] dump_stack_lvl+0xe8/0x150 [ 88.388145][ T5333] print_deadlock_bug+0x279/0x290 [ 88.388176][ T5333] __lock_acquire+0x253f/0x2cf0 [ 88.388193][ T5333] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 88.388316][ T5333] ? lockdep_hardirqs_on+0x7a/0x110 [ 88.388327][ T5333] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 88.388342][ T5333] ? stack_depot_save_flags+0x3f3/0x810 [ 88.388437][ T5333] ? hfs_find_init+0x18e/0x300 [ 88.388453][ T5333] lock_acquire+0x106/0x330 [ 88.388468][ T5333] ? hfs_find_init+0x18e/0x300 [ 88.388485][ T5333] __mutex_lock+0x19f/0x1300 [ 88.388497][ T5333] ? hfs_find_init+0x18e/0x300 [ 88.388515][ T5333] ? hfs_find_init+0x18e/0x300 [ 88.388530][ T5333] ? __pfx___mutex_lock+0x10/0x10 [ 88.388542][ T5333] ? rcu_is_watching+0x15/0xb0 [ 88.388554][ T5333] ? trace_kmalloc+0x1f/0xb0 [ 88.388568][ T5333] ? __kmalloc_noprof+0x42d/0x7e0 [ 88.388583][ T5333] ? hfs_find_init+0xaa/0x300 [ 88.388597][ T5333] ? hfs_bnode_read_u8+0x8b/0xd0 [ 88.388613][ T5333] hfs_find_init+0x18e/0x300 [ 88.388628][ T5333] hfs_extend_file+0x35c/0x15e0 [ 88.388640][ T5333] ? hfs_ext_keycmp+0x1c7/0x320 [ 88.388652][ T5333] ? __pfx_hfs_extend_file+0x10/0x10 [ 88.388665][ T5333] ? __pfx___hfs_brec_find+0x10/0x10 [ 88.388683][ T5333] ? hfs_brec_find+0x3cc/0x510 [ 88.388707][ T5333] hfs_bmap_reserve+0x107/0x430 [ 88.388722][ T5333] __hfs_ext_write_extent+0x1fa/0x470 [ 88.388735][ T5333] __hfs_ext_cache_extent+0x6b/0x9b0 [ 88.388748][ T5333] ? hfs_find_init+0x18e/0x300 [ 88.388764][ T5333] hfs_extend_file+0x39b/0x15e0 [ 88.388775][ T5333] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 88.388794][ T5333] ? __pfx_hfs_extend_file+0x10/0x10 [ 88.388807][ T5333] ? clean_bdev_aliases+0x62e/0x750 [ 88.388823][ T5333] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 88.388838][ T5333] hfs_get_block+0x412/0xc50 [ 88.388852][ T5333] ? __pfx_hfs_get_block+0x10/0x10 [ 88.388865][ T5333] ? do_raw_spin_unlock+0x4d/0x210 [ 88.388878][ T5333] ? _raw_spin_unlock+0x28/0x50 [ 88.388894][ T5333] __block_write_begin_int+0x6c6/0x1910 [ 88.388911][ T5333] ? __pfx_hfs_get_block+0x10/0x10 [ 88.388924][ T5333] ? __pfx___block_write_begin_int+0x10/0x10 [ 88.388938][ T5333] cont_write_begin+0x737/0xae0 [ 88.388952][ T5333] ? irqentry_exit+0x59c/0x620 [ 88.388965][ T5333] ? __pfx_cont_write_begin+0x10/0x10 [ 88.388980][ T5333] hfs_write_begin+0x66/0xb0 [ 88.388992][ T5333] ? __pfx_hfs_get_block+0x10/0x10 [ 88.389003][ T5333] generic_perform_write+0x2e2/0x8f0 [ 88.389017][ T5333] ? __pfx_generic_perform_write+0x10/0x10 [ 88.389028][ T5333] ? file_update_time_flags+0x2cb/0x4d0 [ 88.389040][ T5333] ? __generic_file_write_iter+0xf9/0x230 [ 88.389050][ T5333] ? generic_file_write_iter+0x136/0x680 [ 88.389062][ T5333] generic_file_write_iter+0x14a/0x680 [ 88.389074][ T5333] ? __pfx_generic_file_write_iter+0x10/0x10 [ 88.389085][ T5333] ? __lock_acquire+0x6b5/0x2cf0 [ 88.389099][ T5333] ? __pfx_aa_file_perm+0x10/0x10 [ 88.389153][ T5333] ? preempt_schedule_thunk+0x16/0x30 [ 88.389165][ T5333] ? try_to_wake_up+0x82a/0x1380 [ 88.389180][ T5333] ? vfs_write+0x227/0xb90 [ 88.389194][ T5333] ? vfs_write+0x227/0xb90 [ 88.389210][ T5333] vfs_write+0x61d/0xb90 [ 88.389225][ T5333] ? __pfx_vfs_write+0x10/0x10 [ 88.389238][ T5333] ? __fget_files+0x2a/0x420 [ 88.389250][ T5333] __x64_sys_pwrite64+0x199/0x230 [ 88.389264][ T5333] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 88.389280][ T5333] do_syscall_64+0xe2/0xf80 [ 88.389291][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.389326][ T5333] ? trace_irq_disable+0x37/0x100 [ 88.389338][ T5333] ? clear_bhb_loop+0x60/0xb0 [ 88.389350][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.389362][ T5333] RIP: 0033:0x7fe52b79aeb9 [ 88.389374][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 88.389384][ T5333] RSP: 002b:00007fe52c592028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 88.389397][ T5333] RAX: ffffffffffffffda RBX: 00007fe52ba15fa0 RCX: 00007fe52b79aeb9 [ 88.389405][ T5333] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000004 [ 88.389413][ T5333] RBP: 00007fe52b808c1f R08: 0000000000000000 R09: 0000000000000000 [ 88.389420][ T5333] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000000 [ 88.389427][ T5333] R13: 00007fe52ba16038 R14: 00007fe52ba15fa0 R15: 00007ffebdc33d78 [ 88.389438][ T5333] [ 89.498041][ T4671] Bluetooth: hci0: command tx timeout [ 91.578124][ T4671] Bluetooth: hci0: command tx timeout [ 91.821924][ T10] cfg80211: failed to load regulatory.db [ 92.698162][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.698162][ T1048] loop0: rw=9437185, sector=65, nr_sectors = 1 limit=64 [ 92.703933][ T1048] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 92.707244][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.707244][ T1048] loop0: rw=9437185, sector=66, nr_sectors = 1 limit=64 [ 92.713232][ T1048] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 92.716290][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.716290][ T1048] loop0: rw=9437185, sector=67, nr_sectors = 1 limit=64 [ 92.721874][ T1048] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 92.725481][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.725481][ T1048] loop0: rw=9437185, sector=68, nr_sectors = 1 limit=64 [ 92.731510][ T1048] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 92.735171][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.735171][ T1048] loop0: rw=9437185, sector=72, nr_sectors = 1 limit=64 [ 92.741379][ T1048] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 92.744559][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.744559][ T1048] loop0: rw=9437185, sector=73, nr_sectors = 1 limit=64 [ 92.750338][ T1048] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 92.753771][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.753771][ T1048] loop0: rw=9437185, sector=76, nr_sectors = 1 limit=64 [ 92.759771][ T1048] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 92.763142][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.763142][ T1048] loop0: rw=9437185, sector=77, nr_sectors = 1 limit=64 [ 92.768710][ T1048] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 92.773222][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.773222][ T1048] loop0: rw=1048577, sector=78, nr_sectors = 1560 limit=64 [ 92.780708][ T1048] kworker/u4:8: attempt to access beyond end of device [ 92.780708][ T1048] loop0: rw=9437185, sector=1638, nr_sectors = 1 limit=64 [ 92.786500][ T1048] Buffer I/O error on dev loop0, logical block 1638, lost async page write [ 92.790670][ T1048] Buffer I/O error on dev loop0, logical block 1639, lost async page write