program: syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./bus\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x68f, &(0x7f0000000a80)="$eJzs3U9sHFcdB/DvbJy1Ny3BTZM2oEq1GgkQEYkdKwVzISCEcqhQVQ6crcRprGzS4rjIrRB1+HvtoQdOqBxyQZyQuEcqHLjALSeQj5WQuPSCOS2a2Vl7ba/NOg3eTfl8otn33ryZ9+c3OzO7Y0Ub4P/W1fOZeJAiV8+/slaWN+7Ptzfuz9/u5ZNMJllPJpI0khT/6nQ6HyZXkmKrmWJXusf7ywuvPfx446NuaaJequ0bB+23S73devLrRt/q9XrJTJJjSaYOF4XddrR3rU4fXbE18itJztUpjNzxJJ0dfvDnp7dq+rQG7f0JTzNgLBTVffP633avn05O1Cd6+Tmge1fs3rPHxPqO0uQj7QUAAABPnmG+A392M5tZK04ewXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgU2F96/f/y6RaGr38TIre7/8363Wp8+PlxcNt/uB/NQ4AAAAAAAAAOEIvbmYzaznZK3eK6m/+L1WF09XrU3krd7OUlVzIWhazmtWsZC7JdF9DzbXF1dWVuSH2vDRwz0v/ZaCTddp6PPMGAAAAAAAAgE+Zn+Tq9t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJsW6S4l7f6uk0JpJMJWmWK9aTv/byT7IHox4AAAAAHIHJZDNrOdkrd4qcTvJc9QxgKm/lTlaznNW0s5Tr1XOB7rf+xsb9+fbG/fnb5bK33W/+81DDqFpM99nD4J7PVlu0ciPL1ZoLuZY30s71NKo9S2fr8fRa7RvXVJJ75ZiKb9SGHNn1Oi1n/l6d7vHuoSa7n0M+TJmuInJ8KyKz9djKaDzTOzKDj9Ahj87unubS6B/sjp6aOydz2JhXz5xO1IVyPr/YL+YjsTsSl/refc8dHPPki3/43fdn6/z4TGk4x+q0U7229kZivi8Szw8TiZvtO7du3rh7/kmLxB6zVSTObJWv5jv5Xs5nJq9mJcv5YRazmqXM5NtVbrE++EXfKb9PpK7sKL263wh+VV++m/U7tHuwyjE9HHpML1X7nsxyvps3cj1Lebn6dylz+Wou53IW+o7wmYOPcHXWN/Y56zuf2TOBcuDnvlQXWkl+WafjoRzeM31x7b/mTld1/Wu2o3RqiCgd8n408fk6U/bx0zodD7sjMdcXiWcPjsRvqsvK3fadWys3F98crrtT79WZ8jz6eTIz2gtJc1f+VHmwqtLOd0dZ9+zAurmq7vRWXWNP3Zmtuu6Zur7vmdqsP8PtbelSVff8wLr5qu5sX92gz1sAjL0TXz7RbP2j9ZfWB62ftW62Xpn61uTXJl9o5vgfj399YvbYFxovFL/PB/nx9vd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0d19+51bi+320ko300xSZTqdzrs7qw6bmah76KsqBnf6CTKNQVWZ+ftTZTcDqno/Z/Z4eh8q87mnk6Pqa3wz/+50OvWaYp9tfvunsQlUpzYWoRtRZjTXI+DoXFy9/ebFu2+/85Xl24uvL72+dGfh8uWF2YXLL89fvLHcXprtvu7ea2o0gwUeq+2b/qhHAgAAAAAAAAAAAAzrKP47wajnCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzZrp7PxIMUmZu9MFuWN+7Pt8ull9/eciJJI0nxo6T4MLmS7pLpvuaK/fp5f3nhtYcfb3y03dZEb/vGQfsNZ71eMpPkWDe997jau1anByoOmkKxNcMyYOd6gYNR+08AAAD//99LA7I=") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) [ 84.387999][ T45] Bluetooth: hci0: command tx timeout [ 84.468176][ T5317] loop0: detected capacity change from 0 to 1024 [ 84.562635][ T24] audit: type=1800 audit(1772753377.937:2): pid=5317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=0 res=0 errno=0 [ 84.587748][ T5317] [ 84.588968][ T5317] ============================================ [ 84.591737][ T5317] WARNING: possible recursive locking detected [ 84.594909][ T5317] syzkaller #0 Not tainted [ 84.597278][ T5317] -------------------------------------------- [ 84.600375][ T5317] syz.0.0/5317 is trying to acquire lock: [ 84.602977][ T5317] ffff888012b8a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.607494][ T5317] [ 84.607494][ T5317] but task is already holding lock: [ 84.610837][ T5317] ffff888012b8a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.616667][ T5317] [ 84.616667][ T5317] other info that might help us debug this: [ 84.620454][ T5317] Possible unsafe locking scenario: [ 84.620454][ T5317] [ 84.624561][ T5317] CPU0 [ 84.626496][ T5317] ---- [ 84.628524][ T5317] lock(&tree->tree_lock/1); [ 84.630642][ T5317] lock(&tree->tree_lock/1); [ 84.633366][ T5317] [ 84.633366][ T5317] *** DEADLOCK *** [ 84.633366][ T5317] [ 84.637860][ T5317] May be due to missing lock nesting notation [ 84.637860][ T5317] [ 84.642360][ T5317] 6 locks held by syz.0.0/5317: [ 84.644487][ T5317] #0: ffff888034c8ad38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 84.648537][ T5317] #1: ffff888012530420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 84.652813][ T5317] #2: ffff8880128f24b8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 84.657556][ T5317] #3: ffff8880128f22c8 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 84.662115][ T5317] #4: ffff888012b8a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.668439][ T5317] #5: ffff888011998e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 84.676208][ T5317] [ 84.676208][ T5317] stack backtrace: [ 84.679232][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.679254][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.679262][ T5317] Call Trace: [ 84.679271][ T5317] [ 84.679277][ T5317] dump_stack_lvl+0xe8/0x150 [ 84.679303][ T5317] print_deadlock_bug+0x279/0x290 [ 84.679322][ T5317] __lock_acquire+0x253f/0x2cf0 [ 84.679339][ T5317] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 84.679413][ T5317] ? stack_depot_save_flags+0x3f3/0x810 [ 84.679472][ T5317] ? kasan_save_track+0x4f/0x80 [ 84.679490][ T5317] ? kasan_save_track+0x3e/0x80 [ 84.679507][ T5317] ? __kasan_kmalloc+0x93/0xb0 [ 84.679516][ T5317] ? __kmalloc_noprof+0x35c/0x760 [ 84.679530][ T5317] ? hfsplus_find_init+0x8c/0x2d0 [ 84.679542][ T5317] ? hfsplus_file_extend+0x46d/0x1d70 [ 84.679557][ T5317] ? hfsplus_bmap_reserve+0x125/0x510 [ 84.679575][ T5317] lock_acquire+0xf0/0x2e0 [ 84.679588][ T5317] ? hfsplus_find_init+0x168/0x2d0 [ 84.679603][ T5317] __mutex_lock+0x19f/0x1300 [ 84.679621][ T5317] ? hfsplus_find_init+0x168/0x2d0 [ 84.679637][ T5317] ? hfsplus_find_init+0x168/0x2d0 [ 84.679655][ T5317] ? __pfx___mutex_lock+0x10/0x10 [ 84.679673][ T5317] ? rcu_is_watching+0x15/0xb0 [ 84.679693][ T5317] ? __kmalloc_noprof+0x37d/0x760 [ 84.679710][ T5317] ? hfsplus_find_init+0x8c/0x2d0 [ 84.679723][ T5317] ? __kmalloc_noprof+0x1b8/0x760 [ 84.679739][ T5317] hfsplus_find_init+0x168/0x2d0 [ 84.679752][ T5317] hfsplus_file_extend+0x46d/0x1d70 [ 84.679769][ T5317] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 84.679784][ T5317] ? __pfx___mutex_trylock_common+0x10/0x10 [ 84.679798][ T5317] ? rcu_is_watching+0x15/0xb0 [ 84.679810][ T5317] ? __asan_memset+0x22/0x50 [ 84.679821][ T5317] ? hfsplus_brec_find+0x19d/0x520 [ 84.679833][ T5317] hfsplus_bmap_reserve+0x125/0x510 [ 84.679848][ T5317] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 84.679865][ T5317] __hfsplus_ext_cache_extent+0x89/0xe30 [ 84.679883][ T5317] hfsplus_file_extend+0x4af/0x1d70 [ 84.679901][ T5317] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 84.679917][ T5317] ? clean_bdev_aliases+0x62e/0x750 [ 84.679929][ T5317] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 84.679940][ T5317] hfsplus_get_block+0x42c/0x1670 [ 84.679957][ T5317] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.679972][ T5317] ? do_raw_spin_unlock+0x4d/0x210 [ 84.679982][ T5317] ? _raw_spin_unlock+0x28/0x50 [ 84.679997][ T5317] __block_write_begin_int+0x6c6/0x1910 [ 84.680010][ T5317] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.680026][ T5317] ? __pfx___block_write_begin_int+0x10/0x10 [ 84.680038][ T5317] cont_write_begin+0x737/0xae0 [ 84.680049][ T5317] ? irqentry_exit+0x59e/0x620 [ 84.680066][ T5317] ? __pfx_cont_write_begin+0x10/0x10 [ 84.680113][ T5317] hfsplus_write_begin+0x66/0xb0 [ 84.680131][ T5317] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.680151][ T5317] generic_perform_write+0x2e2/0x8f0 [ 84.680166][ T5317] ? __pfx_generic_perform_write+0x10/0x10 [ 84.680177][ T5317] ? file_update_time_flags+0x400/0x4a0 [ 84.680194][ T5317] ? __generic_file_write_iter+0xf9/0x230 [ 84.680205][ T5317] ? generic_file_write_iter+0x136/0x680 [ 84.680217][ T5317] generic_file_write_iter+0x14a/0x680 [ 84.680228][ T5317] ? __pfx_generic_file_write_iter+0x10/0x10 [ 84.680239][ T5317] ? add_lock_to_list+0xc7/0x100 [ 84.680253][ T5317] ? lockdep_unlock+0x5d/0xd0 [ 84.680264][ T5317] ? __lock_acquire+0x146e/0x2cf0 [ 84.680285][ T5317] vfs_write+0x61d/0xb90 [ 84.680302][ T5317] ? __pfx_vfs_write+0x10/0x10 [ 84.680319][ T5317] ? __fget_files+0x2a/0x420 [ 84.680334][ T5317] ksys_write+0x150/0x270 [ 84.680348][ T5317] ? __pfx_ksys_write+0x10/0x10 [ 84.680365][ T5317] do_syscall_64+0x14d/0xf80 [ 84.680380][ T5317] ? trace_irq_disable+0x3b/0x150 [ 84.680396][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.680407][ T5317] ? clear_bhb_loop+0x40/0x90 [ 84.680417][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.680428][ T5317] RIP: 0033:0x7ff71bf9c799 [ 84.680442][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.680452][ T5317] RSP: 002b:00007ff71cdd0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 84.680467][ T5317] RAX: ffffffffffffffda RBX: 00007ff71c215fa0 RCX: 00007ff71bf9c799 [ 84.680475][ T5317] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000006 [ 84.680482][ T5317] RBP: 00007ff71c032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 84.680489][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.680495][ T5317] R13: 00007ff71c216038 R14: 00007ff71c215fa0 R15: 00007ffe6f6e0c28 [ 84.680508][ T5317] [ 86.441071][ T45] Bluetooth: hci0: command tx timeout [ 88.520640][ T45] Bluetooth: hci0: command tx timeout [ 88.619859][ T3009] Trying to write to read-only block-device loop0 [ 90.600398][ T45] Bluetooth: hci0: command tx timeout