program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000080)='./file0\x00', 0x200080, &(0x7f0000000040)=ANY=[], 0xfe, 0x63f, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrNcbO4jUbZM2oEpYjVQQFolf5IK5NEEIfKhQVQ6crcRprGzcynaRWyFk3iVOHPoHlINvnJC4RypnuPXqYyUkLj35ZjSzs/bGWTt+a9Yhn080+zzPPjPP/Oa3M7M7u7EmwHNrfiLNhykyP/H2etne2pxpb23OXKi720nKeiNpdooUy0nxWXIznSnfKJ+s5y8OWs8nS3Pvfv7l1hd7czVzlOWOZqOeMp5kqC73af35OOMNdyrlOLf7j3ccP+1uYZmwa93EwaDt9Kqe2Bh0SMBTVnTeNx8zllxMMlJ/Dkh9dmg83ejOnrMcAAAAz4MXtrOd9VwadBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwLKnv/1/UU6NbH0/Rvf9/K8mtevbWgMM9tYeDDgAAAAAAAAAAzsC3trOd9VzqtneK6jf/16vG5erxa/kwq1nMSq5nPQtZy1pWMpVkrGeg1vrC2trK1BGWnO675PTT2V4AAAAAAAAA+D/128zv/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDNFSXRada1NPlbn0sjWaSke78G8m/k7QGF/GxFf2efPj04wAAAIBTGTnBMi9sZzvrudRt7xTVNf8r1fXySD7MctaylLW0s5g79TV0edXf2NqcaW9tzjwop8fHvfXfY4VRjbj7NUS/NV+t5hjN3SxVz1zP7SqYO2lUS5auduPpH9dvypiKt2pHjOxOXZYr+8tB3yIMxFiVkeHdjEzWsZXZePHwTDzx1WkeuqapNHa/+bn8FeT8Yl2W2/PH85nzRqpMTPfsfa8cnonk2//42y/utZfv37u7OnF+NumE9u8TMz2ZePWZzkTzCf1f39eerDJxZbc9n5/k55nIeN7JSpbyyyxkLYvZqfsX6v25fBw7PFM3H2m986TIW/Xr0jmLHiWm8fy4qi3k9WrZS1lKkfdzJ4t5s/o3nal8P7OZzVzPK3zlwLirbauO+sbxjvpr36kro0n+VJeD1nlLLfP6Yk9ee8+5Y1Vf7zN7WXrp7M+NzW/WlXIdv6vL82F/JqZ6MvHy4Zn4a3VsrLaX76/cW/jggPE39rXfqMtyj/vDuXqXKPeXlzJSn0ke3TvKvpd3zzKP5qtV/+LS6Ws81nel6iuK7pH6swOP1Fb9Ge7xkaarvlf79s1UfVd7+h75vJX30979PATAOXbxuxdbo/8Z/dfop6O/H703+vbIjy784MJrrQz/c/iHzcmhNxqvFX/Pp/n13vU/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwcqsffXx/od1eXOlfaRzcdbaVor6Rz2HzNI8Ws8q5r3RvInjqAW8ObCtuDTqHZ1UZStKvq36JTnJzUeCZcGPtwQc3Vj/6+HtLDxbeW3xvcXl4dnZucm72zZkbd5fai5Odx0FHCXwV9t70+/cX5+oGmwAAAAAAAAAAAECO9rc0O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZ9v8RJoPU2Rq8vpk2d7anGmXU7e+N2czSaORFL9Kis+Sm+lMGesZrnjrgPV8sjT37udfbn2xN1azmr8ctC5PYaOeMp5kqC7Parzbpx6v2N3CMmHXuomDQftfAAAA//+shPnK") r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x7, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x7}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x20000011) [ 84.632157][ T5286] Bluetooth: hci0: command tx timeout [ 84.770499][ T5322] loop0: detected capacity change from 0 to 1024 [ 84.866027][ T5322] [ 84.867200][ T5322] ============================================ [ 84.869799][ T5322] WARNING: possible recursive locking detected [ 84.872520][ T5322] syzkaller #0 Not tainted [ 84.874435][ T5322] -------------------------------------------- [ 84.877065][ T5322] syz.0.0/5322 is trying to acquire lock: [ 84.879228][ T5322] ffff888012743500 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 84.883597][ T5322] [ 84.883597][ T5322] but task is already holding lock: [ 84.886433][ T5322] ffff888012744200 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 84.891512][ T5322] [ 84.891512][ T5322] other info that might help us debug this: [ 84.894791][ T5322] Possible unsafe locking scenario: [ 84.894791][ T5322] [ 84.897953][ T5322] CPU0 [ 84.899426][ T5322] ---- [ 84.900881][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.903366][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.905924][ T5322] [ 84.905924][ T5322] *** DEADLOCK *** [ 84.905924][ T5322] [ 84.909392][ T5322] May be due to missing lock nesting notation [ 84.909392][ T5322] [ 84.913067][ T5322] 5 locks held by syz.0.0/5322: [ 84.915446][ T5322] #0: ffff888012ab00d8 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0 [ 84.920806][ T5322] #1: ffff888042649988 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x141b/0x1eb0 [ 84.926169][ T5322] #2: ffff888037e220a8 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.931265][ T5322] #3: ffff888012744200 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 84.937207][ T5322] #4: ffff8880426498f0 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 84.942402][ T5322] [ 84.942402][ T5322] stack backtrace: [ 84.945338][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.945371][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.945378][ T5322] Call Trace: [ 84.945387][ T5322] [ 84.945392][ T5322] dump_stack_lvl+0xe8/0x150 [ 84.945417][ T5322] print_deadlock_bug+0x279/0x290 [ 84.945432][ T5322] __lock_acquire+0x253f/0x2cf0 [ 84.945445][ T5322] ? lock_release+0x4b/0x3c0 [ 84.945456][ T5322] ? is_bpf_text_address+0x292/0x2b0 [ 84.945467][ T5322] ? is_bpf_text_address+0x26/0x2b0 [ 84.945478][ T5322] ? kernel_text_address+0xa5/0xe0 [ 84.945493][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 84.945507][ T5322] lock_acquire+0x106/0x350 [ 84.945518][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 84.945539][ T5322] __mutex_lock+0x1a3/0x1550 [ 84.945610][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 84.945632][ T5322] ? check_path+0x21/0x40 [ 84.945647][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 84.945667][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 84.945684][ T5322] hfsplus_get_block+0x39e/0x1670 [ 84.945701][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.945717][ T5322] ? block_read_full_folio+0x672/0x830 [ 84.945734][ T5322] block_read_full_folio+0x29f/0x830 [ 84.945751][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.945764][ T5322] filemap_read_folio+0x137/0x3b0 [ 84.945779][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 84.945792][ T5322] ? __pfx_filemap_read_folio+0x10/0x10 [ 84.945806][ T5322] ? filemap_add_folio+0x356/0x530 [ 84.945817][ T5322] do_read_cache_folio+0x358/0x590 [ 84.945830][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 84.945844][ T5322] read_cache_page+0x5d/0x170 [ 84.945858][ T5322] hfsplus_block_allocate+0xf3/0xce0 [ 84.945872][ T5322] hfsplus_file_extend+0xb21/0x1db0 [ 84.945888][ T5322] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 84.945904][ T5322] ? hfsplus_find_init+0x168/0x2d0 [ 84.945915][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 84.945927][ T5322] hfsplus_bmap_reserve+0x180/0x5a0 [ 84.945939][ T5322] hfsplus_create_cat+0x1eb/0x11e0 [ 84.945954][ T5322] ? __lock_acquire+0x146e/0x2cf0 [ 84.945967][ T5322] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 84.945993][ T5322] ? do_raw_spin_unlock+0x4d/0x210 [ 84.946009][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 84.946022][ T5322] ? hfsplus_new_inode+0x6c3/0x900 [ 84.946036][ T5322] hfsplus_fill_super+0x1499/0x1eb0 [ 84.946052][ T5322] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 84.946063][ T5322] ? string+0x279/0x2b0 [ 84.946076][ T5322] ? bdev_name+0x2ce/0x430 [ 84.946098][ T5322] ? __pfx_snprintf+0x10/0x10 [ 84.946110][ T5322] ? set_blocksize+0x1c9/0x440 [ 84.949470][ T5322] ? sb_set_blocksize+0x155/0x240 [ 84.949488][ T5322] ? setup_bdev_super+0x4c1/0x5b0 [ 84.949505][ T5322] get_tree_bdev_flags+0x431/0x4f0 [ 84.949523][ T5322] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 84.949536][ T5322] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 84.949553][ T5322] vfs_get_tree+0x92/0x2a0 [ 84.949567][ T5322] do_new_mount+0x341/0xd30 [ 84.949578][ T5322] ? apparmor_capable+0x126/0x170 [ 84.949595][ T5322] ? __pfx_do_new_mount+0x10/0x10 [ 84.949606][ T5322] ? ns_capable+0x89/0xe0 [ 84.949620][ T5322] ? user_path_at+0xd4/0x160 [ 84.949634][ T5322] __se_sys_mount+0x31d/0x420 [ 84.949646][ T5322] ? __pfx___se_sys_mount+0x10/0x10 [ 84.949658][ T5322] ? __x64_sys_mount+0x20/0xc0 [ 84.949668][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.949680][ T5322] do_syscall_64+0x15f/0xf80 [ 84.949699][ T5322] ? trace_irq_disable+0x3b/0x140 [ 84.949716][ T5322] ? clear_bhb_loop+0x40/0x90 [ 84.949728][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.949741][ T5322] RIP: 0033:0x7fc41bf9e0ca [ 84.949753][ T5322] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.949763][ T5322] RSP: 002b:00007fc41ce1ae18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 84.949779][ T5322] RAX: ffffffffffffffda RBX: 00007fc41ce1aea0 RCX: 00007fc41bf9e0ca [ 84.949787][ T5322] RDX: 0000200000000600 RSI: 0000200000000080 RDI: 00007fc41ce1ae60 [ 84.949795][ T5322] RBP: 0000200000000600 R08: 00007fc41ce1aea0 R09: 0000000000200080 [ 84.949802][ T5322] R10: 0000000000200080 R11: 0000000000000246 R12: 0000200000000080 [ 84.949809][ T5322] R13: 00007fc41ce1ae60 R14: 000000000000063f R15: 0000200000000040 [ 84.949819][ T5322]