program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async, rerun: 64) creat(&(0x7f0000000600)='./bus\x00', 0x6) (rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x2fb8, 0xc0002) ioctl$USBDEVFS_GET_CAPABILITIES(r1, 0x8004551a, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async, rerun: 64) creat(&(0x7f0000000300)='./bus\x00', 0x4) (rerun: 64) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) [ 84.989625][ T4688] Bluetooth: hci0: command tx timeout [ 85.180184][ T5344] loop0: detected capacity change from 0 to 64 [ 85.191006][ T5344] ======================================================= [ 85.191006][ T5344] WARNING: The mand mount option has been deprecated and [ 85.191006][ T5344] and is ignored by this kernel. Remove the mand [ 85.191006][ T5344] option from the mount to silence this warning. [ 85.191006][ T5344] ======================================================= [ 85.292699][ T5344] [ 85.294220][ T5344] ============================================ [ 85.297117][ T5344] WARNING: possible recursive locking detected [ 85.299795][ T5344] syzkaller #0 Not tainted [ 85.301710][ T5344] -------------------------------------------- [ 85.304481][ T5344] syz.0.0/5344 is trying to acquire lock: [ 85.306829][ T5344] ffff8880126b80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.311406][ T5344] [ 85.311406][ T5344] but task is already holding lock: [ 85.314340][ T5344] ffff8880126b8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.318588][ T5344] [ 85.318588][ T5344] other info that might help us debug this: [ 85.322129][ T5344] Possible unsafe locking scenario: [ 85.322129][ T5344] [ 85.325347][ T5344] CPU0 [ 85.326801][ T5344] ---- [ 85.328255][ T5344] lock(&HFS_I(tree->inode)->extents_lock); [ 85.332300][ T5344] lock(&HFS_I(tree->inode)->extents_lock); [ 85.335135][ T5344] [ 85.335135][ T5344] *** DEADLOCK *** [ 85.335135][ T5344] [ 85.338754][ T5344] May be due to missing lock nesting notation [ 85.338754][ T5344] [ 85.342530][ T5344] 5 locks held by syz.0.0/5344: [ 85.344793][ T5344] #0: ffff8880444d0420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.348902][ T5344] #1: ffff8880126b8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb53/0x3e20 [ 85.353489][ T5344] #2: ffff8880118560b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.357657][ T5344] #3: ffff8880126b8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.362116][ T5344] #4: ffff8880118540b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.366065][ T5344] [ 85.366065][ T5344] stack backtrace: [ 85.368471][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.368521][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.368567][ T5344] Call Trace: [ 85.368616][ T5344] [ 85.368624][ T5344] dump_stack_lvl+0xe8/0x150 [ 85.368645][ T5344] print_deadlock_bug+0x279/0x290 [ 85.368663][ T5344] __lock_acquire+0x253f/0x2cf0 [ 85.368678][ T5344] ? lock_release+0x4b/0x3a0 [ 85.368689][ T5344] ? lock_release+0x4b/0x3a0 [ 85.368702][ T5344] ? is_bpf_text_address+0x292/0x2b0 [ 85.368720][ T5344] ? hfs_extend_file+0xf2/0x15e0 [ 85.368736][ T5344] lock_acquire+0x106/0x330 [ 85.368748][ T5344] ? hfs_extend_file+0xf2/0x15e0 [ 85.368766][ T5344] __mutex_lock+0x19f/0x1300 [ 85.368823][ T5344] ? hfs_extend_file+0xf2/0x15e0 [ 85.368839][ T5344] ? stack_trace_save+0xa9/0x100 [ 85.368857][ T5344] ? __pfx_stack_trace_save+0x10/0x10 [ 85.368874][ T5344] ? check_path+0x21/0x40 [ 85.368887][ T5344] ? check_noncircular+0xda/0x150 [ 85.368899][ T5344] ? hfs_extend_file+0xf2/0x15e0 [ 85.368914][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 85.368929][ T5344] ? __lock_acquire+0x146e/0x2cf0 [ 85.368942][ T5344] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 85.368959][ T5344] hfs_extend_file+0xf2/0x15e0 [ 85.368977][ T5344] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.368993][ T5344] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.369011][ T5344] ? rcu_is_watching+0x15/0xb0 [ 85.369026][ T5344] ? trace_contention_end+0x39/0x100 [ 85.369041][ T5344] ? __asan_memset+0x22/0x50 [ 85.369058][ T5344] ? hfs_brec_find+0x19a/0x510 [ 85.369071][ T5344] hfs_bmap_reserve+0x107/0x430 [ 85.369089][ T5344] __hfs_ext_write_extent+0x1fa/0x470 [ 85.369107][ T5344] __hfs_ext_cache_extent+0x6b/0x9b0 [ 85.369123][ T5344] ? hfs_find_init+0x18e/0x300 [ 85.369136][ T5344] hfs_extend_file+0x39b/0x15e0 [ 85.369161][ T5344] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.369175][ T5344] ? __mutex_lock+0x319/0x1300 [ 85.369194][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 85.369210][ T5344] hfs_bmap_reserve+0x107/0x430 [ 85.369228][ T5344] hfs_cat_create+0x20f/0x800 [ 85.369243][ T5344] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.369258][ T5344] ? __pfx_hfs_cat_create+0x10/0x10 [ 85.369277][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 85.369290][ T5344] ? hfs_new_inode+0x838/0xbd0 [ 85.369308][ T5344] hfs_create+0x66/0xe0 [ 85.369322][ T5344] ? __pfx_hfs_create+0x10/0x10 [ 85.369337][ T5344] path_openat+0x18dd/0x3e20 [ 85.369361][ T5344] ? __pfx_path_openat+0x10/0x10 [ 85.369379][ T5344] do_filp_open+0x22d/0x490 [ 85.369395][ T5344] ? __pfx_do_filp_open+0x10/0x10 [ 85.369414][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 85.369426][ T5344] ? alloc_fd+0x64b/0x6c0 [ 85.369440][ T5344] do_sys_openat2+0x12f/0x220 [ 85.369455][ T5344] ? __se_sys_futex+0x3a8/0x450 [ 85.369469][ T5344] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.369483][ T5344] ? rcu_is_watching+0x15/0xb0 [ 85.369498][ T5344] __x64_sys_openat+0x138/0x170 [ 85.369512][ T5344] do_syscall_64+0xe2/0xf80 [ 85.369528][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.369539][ T5344] ? trace_irq_disable+0x37/0x100 [ 85.369555][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 85.369569][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.369581][ T5344] RIP: 0033:0x7f2244b9acb9 [ 85.369617][ T5344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.369628][ T5344] RSP: 002b:00007f2245a69028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.369656][ T5344] RAX: ffffffffffffffda RBX: 00007f2244e15fa0 RCX: 00007f2244b9acb9 [ 85.369665][ T5344] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 85.369672][ T5344] RBP: 00007f2244c08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 85.369680][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.369686][ T5344] R13: 00007f2244e16038 R14: 00007f2244e15fa0 R15: 00007ffd47b5d008 [ 85.369700][ T5344]