program: syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x1, 0x70f, &(0x7f0000000d00)="$eJzs3c9vHGf9B/D3rNeut99+U6dNaIQCmEQqSBGJEyuFcMEghHKoUFUOPVuJ01jZJFXiorRC1AUEJ6Qe+gcUJN84ICTugXDhUm69WpwqIXGJkIh6WTSzs/buev0r8Y8UXq9oPM/M88wzn/nMMzPedVYb4H/W5TNp3k+Ry2devVcur67MtldXZp+pq9v54N9luZE0u7MUt5LiQTJX1hd9U/rmG3y4eOn1Tx6uftqolpr1VLUf22q7EUa0Xa6nTNf9TY/ccnynu1iuw8tzSa7U80ETO+1roGGZtNP1HA5dZ1AjneXdbL6b6xZ4yvSeTkX3ubnBVPJskskk1e8E9d2hcXAR7qmv9gq7ussBAADA59THtw87AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj8qb7/v7W22OiuSqZT9L7/f6K3ri4/heZGrGuObHl/32MBAAAAAAAAgP33lUd5lHs5UpbHk3SK6m/+p6rKY/msk/xf3s7dLOROzuZe5rOUpdzJ+SRTfR1N3JtfWrpzfm3L0ugtL4zc8sJBHjUAAAAAAAAA/Nf5WVrdv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDTokjGurNqOlbPM5VGM+t1WU7+lmTisOPdhWLUyvsHHwcAAAA8kcnH2Ob5R3mUeznSW+4U1Wv+L1Svlyfzdm5lKYtZSjsLuVq/hi5f9TdWV2bbqyuzN8upXB7s97v/3FUYE3UPY9XSqD2fqFq0ci2L1ZqzuVIFczWN7r5PJyd68fTF1ef9MqbiO7UdRtas01ru7IPN3kXYE4NvRTS2aNlaDy5Zy8hMHVu55dFuBorqjZpk9uZgd8NnZ8POmgNLU1WT8bU9nU9j7Z2fY/uQ82freXk8v9zXnO9Efy7WMtFIlYkLvdFXXjPDmfj7nwc7+toff/fG9fatG9ev3T0zeEidTue9/T+QxzK2yfrhMTHbl4mXth4TW2XiKdDcZfuZKhPH15Yv5wf5Uc5kOq/lThbz48xnKQvp1PXz9Xguf05tnam5gaXXtotkoj4v3XO2k5im8/2qNJ9T1bZHspgit3M1C3ml+nch5/PNXMzFXOo7w8d7z5oNcVfHVl31jeGrvnem/zQy+NNfrwvl3e1Xvbvcl4dyMGSz0blXuodZ5vVoX167o/7hWqujfdfBTF+WXuhlZ3xk549zb2x+sS6U+/j5Ns+JgzVVZ6K8gHpPiV50L3Yz0ayeRRvH+W865XZp3+p0rs+/tUn/y0PLL9fzclitfGm71j2jT8XeKsfLC5ms7ySDo6Ose3HtLtNX11kfy926wSduud3xqq4oelfqD3O7GgAbr9SJ+ne4jT1dqOpeGqo7Wd/Dy7oTfXUDv2/ldtq5egD5A+Bx/PWNteJUnp1o/aP1ceuj1i9a11uvTn7vmW89c3Ii438Z/3ZzZuzlxsniD/koP11//Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy+u++8e2O+3V64M7rQ2LxqoNDK8Jrteh4qFPUX+oxqc6P+loJddXgIhbv/v75mMslAm+p7jg48sNZwGBsKnfeSA89Y70sER7f5dVlo7uh0zw2s+f3GDt/fPp6xDI3DHVwX+1hoZF967jy/yUgYy+gBcFh3JOCgnFu6+da5u++8+43Fm/NvLry5cGv84sVLM5cuvjJ77tpie2Gm+/OwowT2w/pD/7AjAQAAAAAAAAAAAHZq1EcFTj233YdGNhQaSYY/4+F/FgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB74vKZNO+nyPmZszPl8urKbLuceuX1ls0kjUZS/CQpHiRz6U6Z6tZPdme/fZDOiP18uHjp9U8ern663lc5pSg7reeb27o2yXI9ZTrJWD1/AgP9XXni/op/9Y6hTNhnnU5n7snig73xnwAAAP//lvnu8g==") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') write$P9_RWSTAT(r0, 0x0, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0x98, 0x0, 0xb, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_NAME={0x18, 0x1, 'security.capability\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_COMPAT_NAME={0x18, 0x1, 'security.capability\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0xb, 0x1, 'sockfs\x00'}, @NFTA_COMPAT_NAME={0x18, 0x1, 'security.capability\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}, 0x98}, 0x1, 0x0, 0x0, 0x801}, 0xc054) fsopen(&(0x7f0000000240)='sockfs\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="28000f09028a67bdb00010005fba00000000000000007500000000", @ANYRES32=0x0, @ANYBLOB="800002008824010008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb763e", 0x10, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x41}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}}}}, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1) mount$cgroup(0x0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100), 0x1000000, &(0x7f0000000200)={[{@none}]}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0) link(&(0x7f0000010100)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') lsetxattr$security_capability(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180)=@v3={0x3000000, [{0x80000001, 0x5193}, {0x1, 0x2}]}, 0x18, 0x0) r3 = gettid() ioprio_set$pid(0x2, r3, 0x6000) truncate(&(0x7f0000000440)='./file1\x00', 0x2) [ 77.247040][ T45] Bluetooth: hci0: command tx timeout [ 77.335129][ T5316] loop0: detected capacity change from 0 to 1024 [ 77.431938][ T5316] [ 77.433063][ T5316] ============================================ [ 77.435941][ T5316] WARNING: possible recursive locking detected [ 77.439320][ T5316] syzkaller #0 Not tainted [ 77.441424][ T5316] -------------------------------------------- [ 77.444005][ T5316] syz.0.0/5316 is trying to acquire lock: [ 77.446324][ T5316] ffff88801203f708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 77.450751][ T5316] [ 77.450751][ T5316] but task is already holding lock: [ 77.454565][ T5316] ffff888012b407c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 77.459808][ T5316] [ 77.459808][ T5316] other info that might help us debug this: [ 77.463149][ T5316] Possible unsafe locking scenario: [ 77.463149][ T5316] [ 77.466309][ T5316] CPU0 [ 77.467700][ T5316] ---- [ 77.469223][ T5316] lock(&HFSPLUS_I(inode)->extents_lock); [ 77.472339][ T5316] lock(&HFSPLUS_I(inode)->extents_lock); [ 77.475706][ T5316] [ 77.475706][ T5316] *** DEADLOCK *** [ 77.475706][ T5316] [ 77.479430][ T5316] May be due to missing lock nesting notation [ 77.479430][ T5316] [ 77.482995][ T5316] 5 locks held by syz.0.0/5316: [ 77.485221][ T5316] #0: ffff8880129820e0 (&type->s_umount_key#51/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0 [ 77.489289][ T5316] #1: ffff888038a82998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1246/0x1a00 [ 77.494034][ T5316] #2: ffff88801ed8e0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 77.498018][ T5316] #3: ffff888012b407c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 77.503265][ T5316] #4: ffff888038a828f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 77.508251][ T5316] [ 77.508251][ T5316] stack backtrace: [ 77.511090][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.511112][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 77.511121][ T5316] Call Trace: [ 77.511130][ T5316] [ 77.511137][ T5316] dump_stack_lvl+0xe8/0x150 [ 77.511164][ T5316] print_deadlock_bug+0x279/0x290 [ 77.511186][ T5316] __lock_acquire+0x253f/0x2cf0 [ 77.511203][ T5316] ? lock_release+0x4b/0x3d0 [ 77.511218][ T5316] ? lock_release+0x4b/0x3d0 [ 77.511234][ T5316] ? is_bpf_text_address+0x292/0x2b0 [ 77.511248][ T5316] ? is_bpf_text_address+0x26/0x2b0 [ 77.511261][ T5316] lock_acquire+0xf0/0x2e0 [ 77.511276][ T5316] ? hfsplus_get_block+0x39e/0x1670 [ 77.511297][ T5316] __mutex_lock+0x19f/0x1300 [ 77.511372][ T5316] ? hfsplus_get_block+0x39e/0x1670 [ 77.511394][ T5316] ? stack_trace_save+0xa9/0x100 [ 77.511409][ T5316] ? __pfx_stack_trace_save+0x10/0x10 [ 77.511421][ T5316] ? check_path+0x21/0x40 [ 77.511435][ T5316] ? check_noncircular+0xda/0x150 [ 77.511449][ T5316] ? hfsplus_get_block+0x39e/0x1670 [ 77.511466][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 77.511478][ T5316] ? __lock_acquire+0x146e/0x2cf0 [ 77.511495][ T5316] hfsplus_get_block+0x39e/0x1670 [ 77.511514][ T5316] ? __pfx_hfsplus_get_block+0x10/0x10 [ 77.511533][ T5316] ? block_read_full_folio+0x672/0x830 [ 77.511546][ T5316] block_read_full_folio+0x29f/0x830 [ 77.511559][ T5316] ? __pfx_hfsplus_get_block+0x10/0x10 [ 77.511576][ T5316] filemap_read_folio+0x137/0x3b0 [ 77.511589][ T5316] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 77.511604][ T5316] ? __pfx_filemap_read_folio+0x10/0x10 [ 77.511615][ T5316] ? filemap_add_folio+0x356/0x530 [ 77.511633][ T5316] do_read_cache_folio+0x358/0x590 [ 77.511645][ T5316] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 77.511661][ T5316] read_cache_page+0x5d/0x170 [ 77.511673][ T5316] hfsplus_block_allocate+0xf3/0xce0 [ 77.511691][ T5316] hfsplus_file_extend+0xb2d/0x1d70 [ 77.511710][ T5316] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 77.511728][ T5316] ? hfsplus_find_init+0x168/0x2d0 [ 77.511742][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 77.511754][ T5316] ? rcu_is_watching+0x15/0xb0 [ 77.511771][ T5316] hfsplus_bmap_reserve+0x125/0x510 [ 77.511787][ T5316] hfsplus_create_cat+0x1e2/0x11b0 [ 77.511800][ T5316] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 77.511823][ T5316] ? do_raw_spin_unlock+0x4d/0x210 [ 77.511849][ T5316] ? _raw_spin_unlock+0x28/0x50 [ 77.511871][ T5316] ? hfsplus_new_inode+0x6c3/0x900 [ 77.511894][ T5316] hfsplus_fill_super+0x12bb/0x1a00 [ 77.511917][ T5316] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 77.511932][ T5316] ? string+0x279/0x2b0 [ 77.511973][ T5316] ? snprintf+0xe8/0x140 [ 77.511997][ T5316] ? sb_set_blocksize+0x155/0x240 [ 77.512089][ T5316] ? setup_bdev_super+0x4c1/0x5b0 [ 77.512102][ T5316] get_tree_bdev_flags+0x431/0x4f0 [ 77.512114][ T5316] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 77.512130][ T5316] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 77.512141][ T5316] vfs_get_tree+0x92/0x2a0 [ 77.512150][ T5316] do_new_mount+0x341/0xd30 [ 77.512162][ T5316] ? apparmor_capable+0x126/0x170 [ 77.512175][ T5316] ? __pfx_do_new_mount+0x10/0x10 [ 77.512186][ T5316] ? ns_capable+0x89/0xe0 [ 77.512199][ T5316] ? user_path_at+0xd4/0x160 [ 77.512215][ T5316] __se_sys_mount+0x31d/0x420 [ 77.512227][ T5316] ? __pfx___se_sys_mount+0x10/0x10 [ 77.512237][ T5316] ? __x64_sys_mount+0x20/0xc0 [ 77.512246][ T5316] do_syscall_64+0x14d/0xf80 [ 77.512254][ T5316] ? trace_irq_disable+0x3b/0x150 [ 77.512265][ T5316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.512276][ T5316] ? clear_bhb_loop+0x40/0x90 [ 77.512288][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.512301][ T5316] RIP: 0033:0x7f2efd99da0a [ 77.512315][ T5316] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 77.512325][ T5316] RSP: 002b:00007f2ef9dece18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.512339][ T5316] RAX: ffffffffffffffda RBX: 00007f2ef9decea0 RCX: 00007f2efd99da0a [ 77.512347][ T5316] RDX: 0000200000000100 RSI: 0000200000000700 RDI: 00007f2ef9dece60 [ 77.512355][ T5316] RBP: 0000200000000100 R08: 00007f2ef9decea0 R09: 0000000002000010 [ 77.512362][ T5316] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000000700 [ 77.512369][ T5316] R13: 00007f2ef9dece60 R14: 000000000000070f R15: 0000200000000000 [ 77.512380][ T5316] [ 77.797498][ T5316] cgroup: Need name or subsystem set