program: r0 = syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') (rerun: 64) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}}) (async) mount_setattr(r0, &(0x7f0000000100)='./file1\x00', 0x8800, &(0x7f0000000200)={0xf0, 0x70, 0x120000, {r2}}, 0x20) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) (async) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async, rerun: 32) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async, rerun: 32) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}}]}}}]}, 0x50}}, 0x0) (async) ftruncate(r3, 0x2007ffc) [ 85.308063][ T4702] Bluetooth: hci0: command tx timeout [ 85.380352][ T5358] loop0: detected capacity change from 0 to 64 [ 85.403904][ T5358] ======================================================= [ 85.403904][ T5358] WARNING: The mand mount option has been deprecated and [ 85.403904][ T5358] and is ignored by this kernel. Remove the mand [ 85.403904][ T5358] option from the mount to silence this warning. [ 85.403904][ T5358] ======================================================= [ 85.514478][ T5358] [ 85.515617][ T5358] ============================================ [ 85.518358][ T5358] WARNING: possible recursive locking detected [ 85.521229][ T5358] syzkaller #0 Not tainted [ 85.523084][ T5358] -------------------------------------------- [ 85.525733][ T5358] syz.0.0/5358 is trying to acquire lock: [ 85.528326][ T5358] ffff888043dc00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 85.533244][ T5358] [ 85.533244][ T5358] but task is already holding lock: [ 85.536565][ T5358] ffff888043dc0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 85.541065][ T5358] [ 85.541065][ T5358] other info that might help us debug this: [ 85.544448][ T5358] Possible unsafe locking scenario: [ 85.544448][ T5358] [ 85.547655][ T5358] CPU0 [ 85.549166][ T5358] ---- [ 85.550633][ T5358] lock(&HFS_I(tree->inode)->extents_lock); [ 85.553681][ T5358] lock(&HFS_I(tree->inode)->extents_lock); [ 85.556304][ T5358] [ 85.556304][ T5358] *** DEADLOCK *** [ 85.556304][ T5358] [ 85.559864][ T5358] May be due to missing lock nesting notation [ 85.559864][ T5358] [ 85.563559][ T5358] 5 locks held by syz.0.0/5358: [ 85.565726][ T5358] #0: ffff888000bbc428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.569794][ T5358] #1: ffff888043dc0fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 85.574212][ T5358] #2: ffff8880119620b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 85.578408][ T5358] #3: ffff888043dc0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 85.583037][ T5358] #4: ffff8880119660b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 85.586967][ T5358] [ 85.586967][ T5358] stack backtrace: [ 85.589102][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.589112][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.589117][ T5358] Call Trace: [ 85.589122][ T5358] [ 85.589127][ T5358] dump_stack_lvl+0x189/0x250 [ 85.589139][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.589147][ T5358] ? __pfx__printk+0x10/0x10 [ 85.589159][ T5358] ? print_lock_name+0xde/0x100 [ 85.589172][ T5358] print_deadlock_bug+0x28b/0x2a0 [ 85.589184][ T5358] validate_chain+0x1a3f/0x2140 [ 85.589194][ T5358] ? rcu_is_watching+0x15/0xb0 [ 85.589205][ T5358] ? rcu_is_watching+0x15/0xb0 [ 85.589215][ T5358] ? lock_release+0x4b/0x3e0 [ 85.589226][ T5358] ? lock_release+0x4b/0x3e0 [ 85.589235][ T5358] ? look_up_lock_class+0x74/0x170 [ 85.589282][ T5358] ? register_lock_class+0x51/0x320 [ 85.589297][ T5358] __lock_acquire+0xab9/0xd20 [ 85.589312][ T5358] ? hfs_extend_file+0xda/0x1230 [ 85.589324][ T5358] lock_acquire+0x120/0x360 [ 85.589337][ T5358] ? hfs_extend_file+0xda/0x1230 [ 85.589359][ T5358] __mutex_lock+0x187/0x1350 [ 85.589374][ T5358] ? hfs_extend_file+0xda/0x1230 [ 85.589383][ T5358] ? lockdep_unlock+0x89/0x120 [ 85.589392][ T5358] ? hfs_extend_file+0xda/0x1230 [ 85.589403][ T5358] ? __pfx___mutex_lock+0x10/0x10 [ 85.589420][ T5358] hfs_extend_file+0xda/0x1230 [ 85.589434][ T5358] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.589445][ T5358] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.589454][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.589464][ T5358] ? rcu_is_watching+0x15/0xb0 [ 85.589473][ T5358] ? trace_contention_end+0x39/0x120 [ 85.589483][ T5358] ? __mutex_lock+0x335/0x1350 [ 85.589498][ T5358] ? hfs_brec_find+0x18e/0x500 [ 85.589508][ T5358] hfs_bmap_reserve+0x107/0x430 [ 85.589521][ T5358] __hfs_ext_write_extent+0x1fa/0x470 [ 85.589533][ T5358] __hfs_ext_cache_extent+0x6b/0x9b0 [ 85.589545][ T5358] ? hfs_find_init+0x184/0x200 [ 85.589556][ T5358] hfs_extend_file+0x316/0x1230 [ 85.589570][ T5358] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.589584][ T5358] ? __mutex_lock+0x335/0x1350 [ 85.589599][ T5358] ? __pfx___mutex_lock+0x10/0x10 [ 85.589613][ T5358] hfs_bmap_reserve+0x107/0x430 [ 85.589626][ T5358] hfs_cat_create+0x1b3/0x640 [ 85.589640][ T5358] ? do_raw_spin_lock+0x121/0x290 [ 85.589652][ T5358] ? __pfx_hfs_cat_create+0x10/0x10 [ 85.589667][ T5358] ? _raw_spin_unlock+0x28/0x50 [ 85.589679][ T5358] ? hfs_new_inode+0x7c9/0xba0 [ 85.589695][ T5358] hfs_create+0x66/0xe0 [ 85.589707][ T5358] ? __pfx_hfs_create+0x10/0x10 [ 85.589718][ T5358] path_openat+0x14f1/0x3830 [ 85.589730][ T5358] ? arch_stack_walk+0xfc/0x150 [ 85.589749][ T5358] ? __pfx_path_openat+0x10/0x10 [ 85.589758][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.589773][ T5358] do_filp_open+0x1fa/0x410 [ 85.589782][ T5358] ? __lock_acquire+0xab9/0xd20 [ 85.589797][ T5358] ? __pfx_do_filp_open+0x10/0x10 [ 85.589810][ T5358] ? _raw_spin_unlock+0x28/0x50 [ 85.589822][ T5358] ? alloc_fd+0x64c/0x6c0 [ 85.589837][ T5358] do_sys_openat2+0x121/0x1c0 [ 85.589853][ T5358] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.589869][ T5358] ? rcu_is_watching+0x15/0xb0 [ 85.589879][ T5358] __x64_sys_open+0x11e/0x150 [ 85.589895][ T5358] do_syscall_64+0xfa/0x3b0 [ 85.589910][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.589922][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.589932][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 85.589943][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.589953][ T5358] RIP: 0033:0x7f104d18ebe9 [ 85.589965][ T5358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.589974][ T5358] RSP: 002b:00007f104e0b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 85.589986][ T5358] RAX: ffffffffffffffda RBX: 00007f104d3c5fa0 RCX: 00007f104d18ebe9 [ 85.589993][ T5358] RDX: 0000000000000000 RSI: 000000000014927e RDI: 0000200000000180 [ 85.590000][ T5358] RBP: 00007f104d211e19 R08: 0000000000000000 R09: 0000000000000000 [ 85.590006][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.590012][ T5358] R13: 00007f104d3c6038 R14: 00007f104d3c5fa0 R15: 00007ffdc2065568 [ 85.590022][ T5358]