Extracting prog: 2m12.899605596s Minimizing prog: 72.07µs Simplifying prog options: 0s Extracting C: 29.778779677s Simplifying C: 6m30.719124815s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000cc0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX, @ANYRES8, @ANYRES64, @ANYRES16, @ANYBLOB="4084ee6445465901df3659d59cd2e535f80f"], 0x1, 0x70e, &(0x7f0000000500)="$eJzs3UtoHPcdB/DvrFYvFxzlZaclEBFDWmpqSxZO617qllJ8CCWkh56FLcfCaztISpFNqZU+7j3k1FN60C30UNK7oT03BEp61DFQyCUnn6oyo9mHpNWuZFuW4n4+Znb+M//H/OY3OzO7WswE+L915WyaD1Lkytm3VsvljfW51sj63Hhd3UoylqSRNJOiXFXcTlV7uZ7yzdQ1PfNdPly89M7nX218sdWomWq8rfaNQf36GNu9aq2eMp1kpJ7vNrrHiJ/Umx/pO97VPcfbr6Kzh2XCzrQTlz891qjw2DZ3WevUffyv6rXTpk/3g5y3wDFV9Nz9ku6pPpWcSDKRbN3166tD4+lH+GStHXUAAAAAcFCTB+/y3MM8zGpOHkY4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Kyqn/9f1FOjXZ5O0X7+/1i9LnX5GBr+IMTPxrfmDw4/GAAAAAAAAAA4PJv3q9lrD/MwqznZWV1Uv/m/3vMb/zfyfpazkKWcy2rms5KVLGU2yVTPeGOr8ysrS7NVz+SlAT0v5NM+PS/sHerl7YvF4+88AAAAAAAAABxrE/W0l5uju9f9Nle6v/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBxUCQjW7NqeqldnkqjmWSi3W4t+TTJ2NFGeyBFv5UPnn4cAAAA8Fgmti8WE/vo89z9PMxqTraXN4vqO/+p6vvyRN7P7axkMStpZSHX6u/Q5bf+xsb6XGtjfe5WOe0e98dfHij0asRs/e2h/5ZfqVpM5noWqzXncjVFNiuNepRXNtbnyvmt/nF9UMZU/Kg2IJqRnvK18uX0J1X5j9v/itA80C7u085BG3u2nKpqRzsZmaljK3s8385A/0wMPTrNgVuaTaM8YnWjgVvqn/MPhmy+2N6q719ujsTOTFxIo3OETg3OefLtv338yxut2zdvXF8+e3x2qa/7Q1vszMRcTyZOP0OZGG6mysTLneUr+Vl+kbP5cvztLGUxv8p8VrIw3a6fr9/P5evU4Ex9dqJ36e1hkZRX0enO9atfTNPZFlOm89OqNJ/Xq2N6MospcifJQt6s/l3IbOdq0D3CLw+OuzrrG/u40vY4851q1klTJvdu+5f9DfmklHl9vievvdfcqaqud003Sy/0zVL7Xrf/+1GP5rfqQjnC7wbeH562nZmY7cnEi3u9X7ZS+ufN8nW5dfvm0o359/a5vTfqeXke/WHAXeJQbtMDlUf4hUzUO/d89VpU59RMVfdiJ6p2vv69mMxWdS91Rtl+xy3rXu702zpTf547ubbtTP1+LuZiLlWtT1WtR3fdscq6052Rtl/Dy7ryk1az88PO9f92P2/dSWvr81Cy9rW/bAM8y05898TY5H8m/zn50eTvJ29MvjXxk/EfjL86ltF/jP6wOTPyRuPV4q/5KL/pfv8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe3fLdezfnW62Fpf6FRv+qYnCv+dZm+0Fi/dqMZXevon5UzpB4ykKxfPfe5pA2wwrjdXiP2P1JFtpPaxzeePoQwyjWdh6vieHHov2Up31soqgfU9nz1kryyDG3t9xdM3oMDuXOwvSBe03v2q+60H7D9jQ++Lt3st/xGknSr/GQC8fIE7j4AEfq/Mqt984v3733vcVb8+8uvLtwe/TixUszly6+OXf++mJrYWbrtafD03+qHnBIej9OdIwleW143wEPagUAAAAAAAAAAAAO0dP4vxBHvY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA19uVs2k+SJHZmXMz5fLG+lyrnNrlbstmkkaS4tdJ8ffkcramTPUMV+y1nQ8XL73z+VcbX3THarbbN5K1PfsNGrNrrZ4ynWSknj+GbeNdHT7eWLc43qe66OxFmbAz7cTBUftfAAAA//+KvvPw") program crashed: possible deadlock in hfsplus_get_block single: successfully extracted reproducer found reproducer with 1 syscalls minimizing guilty program extracting C reproducer testing compiled C program (duration=58.331317941s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block simplifying C reproducer testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block testing compiled C program (duration=58.331317941s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus program crashed: possible deadlock in hfsplus_get_block reproducing took 9m13.397597998s repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ============================================ WARNING: possible recursive locking detected 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 Not tainted -------------------------------------------- syz-executor295/5824 is trying to acquire lock: ffff88807e2c9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260 but task is already holding lock: ffff88807e2c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** May be due to missing lock nesting notation 5 locks held by syz-executor295/5824: #0: ffff88807dd440e0 (&type->s_umount_key#43/1){+.+.}-{3:3}, at: alloc_super+0x221/0x9d0 fs/super.c:344 #1: ffff888030b5a998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_fill_super+0x1380/0x1ca0 fs/hfsplus/super.c:559 #2: ffff88807de040b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 fs/hfsplus/bfind.c:28 #3: ffff88807e2c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458 #4: ffff888030b5a8f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35 stack backtrace: CPU: 0 UID: 0 PID: 5824 Comm: syz-executor295 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037 check_deadlock kernel/locking/lockdep.c:3089 [inline] validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752 hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260 block_read_full_folio+0x418/0xcd0 fs/buffer.c:2401 filemap_read_folio+0x14b/0x630 mm/filemap.c:2367 do_read_cache_folio+0x3f5/0x850 mm/filemap.c:3825 do_read_cache_page+0x30/0x200 mm/filemap.c:3891 read_mapping_page include/linux/pagemap.h:1005 [inline] hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37 hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:469 hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358 hfsplus_create_cat+0x1b0/0x1b70 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x13ee/0x1ca0 fs/hfsplus/super.c:566 mount_bdev+0x20a/0x2d0 fs/super.c:1693 legacy_get_tree+0xee/0x190 fs/fs_context.c:662 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3b240cabfa Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1f2e7bf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007ffe1f2e7c10 RCX: 00007f3b240cabfa RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007ffe1f2e7c10 RBP: 0000000000000004 R08: 00007ff final repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ============================================ WARNING: possible recursive locking detected 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 Not tainted -------------------------------------------- syz-executor295/5824 is trying to acquire lock: ffff88807e2c9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260 but task is already holding lock: ffff88807e2c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** May be due to missing lock nesting notation 5 locks held by syz-executor295/5824: #0: ffff88807dd440e0 (&type->s_umount_key#43/1){+.+.}-{3:3}, at: alloc_super+0x221/0x9d0 fs/super.c:344 #1: ffff888030b5a998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_fill_super+0x1380/0x1ca0 fs/hfsplus/super.c:559 #2: ffff88807de040b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 fs/hfsplus/bfind.c:28 #3: ffff88807e2c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458 #4: ffff888030b5a8f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35 stack backtrace: CPU: 0 UID: 0 PID: 5824 Comm: syz-executor295 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037 check_deadlock kernel/locking/lockdep.c:3089 [inline] validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752 hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260 block_read_full_folio+0x418/0xcd0 fs/buffer.c:2401 filemap_read_folio+0x14b/0x630 mm/filemap.c:2367 do_read_cache_folio+0x3f5/0x850 mm/filemap.c:3825 do_read_cache_page+0x30/0x200 mm/filemap.c:3891 read_mapping_page include/linux/pagemap.h:1005 [inline] hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37 hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:469 hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358 hfsplus_create_cat+0x1b0/0x1b70 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x13ee/0x1ca0 fs/hfsplus/super.c:566 mount_bdev+0x20a/0x2d0 fs/super.c:1693 legacy_get_tree+0xee/0x190 fs/fs_context.c:662 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3b240cabfa Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1f2e7bf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007ffe1f2e7c10 RCX: 00007f3b240cabfa RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007ffe1f2e7c10 RBP: 0000000000000004 R08: 00007ff