program: keyctl$clear(0x3, 0xfffffffffffffffc) keyctl$session_to_parent(0x12) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000000300)=ANY=[], 0xfd, 0x651, &(0x7f0000000cc0)="$eJzs3c9vHGf9B/D3rDdONt9+UzdN2oAq1WokQFgk/iEXzIWAEPKhQlU5cLYSp7GySYvtIrdC1Py+9tA/oBx844TEPVK5cIFbrz5WQuLSC+a0aGdn1xt77dht7F2X1yuafZ5nn5lnPvOZmZ2dtaIJ8D9rcSr1RymyOPXaRru9vTXX3N6ae9CtJzmfZDOpJ6klKf7darU+Tm4lRW+YYk+5z4crC2988tn2p51WvZrK+WuHLXc0m9WUySRjVfm0xrv9hccrelt4K8n1qoShO5ek9Zif/e2ZXk+fxqClL5xKjMDJKsrr5vi+9yeSi9WJ3v4e0Lkqdq7ZZ9rmsAMAAACAp+EJd+jP7mQnG8Wl0woHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrrN3vP/u9Xy6YFFsZlMpug+/3+86ktVHy0vH2/2RycVBwAAAAAAAACcopd3spONXOq2W0X5N/9XysaV8vX/8k7WspzV3MhGlrKe9axmJslE30DjG0vr66szR1hyduCSs08I9HxVNp7OdgMAAAAAAADAl8yvs7j7938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgFRTLWKcrpSrc+kVo9yYUk4+35NpN/dOtn2aNhBwAAAACn4Nmd7GQjl7rtVlHe879Q3vdfyDt5mPWsZD3NLOdO+VtA566/tr0119zemnvQnvaP+/1/HSuMcsR0fnsYvOZr5RyN3M1K+c6N3M5baeZOauWSbdeqeLqj7onrV+2Yiu9VjhjZnapsb/kHVbnP+8fa2IMc88eUiTIj53oZma5ia2fjue6eGbyHjrl39q5pJrVesFf2rGnPRnyunF+syvb2/P6gnA/F3kzM9h19Lxye8+Trf/nTT+81H96/d3dtanQ26WjGqrJVvjb2Z2KuLxMvfpkzsc90mYmrvfZifpSfZCqTeT2rWcnPs5T1LGcyPyxrS9XxXPSd8gdk6tZjrdefFMl4dYR2dtbxYnqlXPZSVvLjvJU7Wc6r5b/ZzOTbmc98Fvr28NXD93B51tcOOOtb/z8w+OvfqCqNJH+oytHQzutzfXnt/8ydKPv639nN0uUjZOmYn431r1aV9jp+U5WjYW8mZvoy8fz2VqsyKBN/LD9W1poP76/eW3r7aKu7/EFVaZ9Hvxupq0T7eLnc3lll6/Gjo933/MC+mbLvSq+vtq/vaq+vc6ZuHnimjlff4faPNFv2vTiwb67su9bXN+j7FgAj7+I3L443/tn4e+Ojxm8b9xqvXfjB+e+cf2k85/567rv16bGv1V4q/pyP8svd+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODzW3v3vftLzeby6p5Kq9V6/4Cus1zpPs7sFFf6lWeSk1tF/cA9OFqV/7RareqdYhTiObzSfWbVqMQzjMqQP5iAE3dz/cHbN9fefe9bKw+W3lx+c/nhwvz8wvTC/KtzN++uNJenO6/DjhI4CbsX/bJ5zEdRAwAAAAAAAAAAAMNwGv+dYNjbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxti1OpP0qRmekb0+329tZcsz1167tz1pPUkhS/SIqPk1vpTJnoG644aD0friy88cln25/ujlXvzl87bLmj2aymTCYZq8qnNd7tLzxe0dvCdsKudxMHw/bfAAAA//84UBLF") removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'osx.', '@:\'\x00'}) keyctl$clear(0x3, 0xfffffffffffffffc) (async) keyctl$session_to_parent(0x12) (async) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) (async) syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000000300)=ANY=[], 0xfd, 0x651, &(0x7f0000000cc0)="$eJzs3c9vHGf9B/D3rDdONt9+UzdN2oAq1WokQFgk/iEXzIWAEPKhQlU5cLYSp7GySYvtIrdC1Py+9tA/oBx844TEPVK5cIFbrz5WQuLSC+a0aGdn1xt77dht7F2X1yuafZ5nn5lnPvOZmZ2dtaIJ8D9rcSr1RymyOPXaRru9vTXX3N6ae9CtJzmfZDOpJ6klKf7darU+Tm4lRW+YYk+5z4crC2988tn2p51WvZrK+WuHLXc0m9WUySRjVfm0xrv9hccrelt4K8n1qoShO5ek9Zif/e2ZXk+fxqClL5xKjMDJKsrr5vi+9yeSi9WJ3v4e0Lkqdq7ZZ9rmsAMAAACAp+EJd+jP7mQnG8Wl0woHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrrN3vP/u9Xy6YFFsZlMpug+/3+86ktVHy0vH2/2RycVBwAAAAAAAACcopd3spONXOq2W0X5N/9XysaV8vX/8k7WspzV3MhGlrKe9axmJslE30DjG0vr66szR1hyduCSs08I9HxVNp7OdgMAAAAAAADAl8yvs7j7938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgFRTLWKcrpSrc+kVo9yYUk4+35NpN/dOtn2aNhBwAAAACn4Nmd7GQjl7rtVlHe879Q3vdfyDt5mPWsZD3NLOdO+VtA566/tr0119zemnvQnvaP+/1/HSuMcsR0fnsYvOZr5RyN3M1K+c6N3M5baeZOauWSbdeqeLqj7onrV+2Yiu9VjhjZnapsb/kHVbnP+8fa2IMc88eUiTIj53oZma5ia2fjue6eGbyHjrl39q5pJrVesFf2rGnPRnyunF+syvb2/P6gnA/F3kzM9h19Lxye8+Trf/nTT+81H96/d3dtanQ26WjGqrJVvjb2Z2KuLxMvfpkzsc90mYmrvfZifpSfZCqTeT2rWcnPs5T1LGcyPyxrS9XxXPSd8gdk6tZjrdefFMl4dYR2dtbxYnqlXPZSVvLjvJU7Wc6r5b/ZzOTbmc98Fvr28NXD93B51tcOOOtb/z8w+OvfqCqNJH+oytHQzutzfXnt/8ydKPv639nN0uUjZOmYn431r1aV9jp+U5WjYW8mZvoy8fz2VqsyKBN/LD9W1poP76/eW3r7aKu7/EFVaZ9Hvxupq0T7eLnc3lll6/Gjo933/MC+mbLvSq+vtq/vaq+vc6ZuHnimjlff4faPNFv2vTiwb67su9bXN+j7FgAj7+I3L443/tn4e+Ojxm8b9xqvXfjB+e+cf2k85/567rv16bGv1V4q/pyP8svd+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODzW3v3vftLzeby6p5Kq9V6/4Cus1zpPs7sFFf6lWeSk1tF/cA9OFqV/7RareqdYhTiObzSfWbVqMQzjMqQP5iAE3dz/cHbN9fefe9bKw+W3lx+c/nhwvz8wvTC/KtzN++uNJenO6/DjhI4CbsX/bJ5zEdRAwAAAAAAAAAAAMNwGv+dYNjbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxti1OpP0qRmekb0+329tZcsz1167tz1pPUkhS/SIqPk1vpTJnoG644aD0friy88cln25/ujlXvzl87bLmj2aymTCYZq8qnNd7tLzxe0dvCdsKudxMHw/bfAAAA//84UBLF") (async) removexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@random={'osx.', '@:\'\x00'}) (async) [ 84.788922][ T4662] Bluetooth: hci0: command tx timeout [ 84.902860][ T5317] loop0: detected capacity change from 0 to 1024 [ 85.050969][ T5317] [ 85.052254][ T5317] ============================================ [ 85.055214][ T5317] WARNING: possible recursive locking detected [ 85.058007][ T5317] syzkaller #0 Not tainted [ 85.059954][ T5317] -------------------------------------------- [ 85.062973][ T5317] syz.0.0/5317 is trying to acquire lock: [ 85.065711][ T5317] ffff888042588e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.070712][ T5317] [ 85.070712][ T5317] but task is already holding lock: [ 85.073903][ T5317] ffff888042588108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.078765][ T5317] [ 85.078765][ T5317] other info that might help us debug this: [ 85.082851][ T5317] Possible unsafe locking scenario: [ 85.082851][ T5317] [ 85.086258][ T5317] CPU0 [ 85.087967][ T5317] ---- [ 85.089408][ T5317] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.091916][ T5317] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.094382][ T5317] [ 85.094382][ T5317] *** DEADLOCK *** [ 85.094382][ T5317] [ 85.098075][ T5317] May be due to missing lock nesting notation [ 85.098075][ T5317] [ 85.102318][ T5317] 6 locks held by syz.0.0/5317: [ 85.104575][ T5317] #0: ffff8880126fe420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.109498][ T5317] #1: ffff888033552b78 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: vfs_removexattr+0x6c/0x230 [ 85.114844][ T5317] #2: ffff888012bb20b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.119129][ T5317] #3: ffff888012bb00b0 (&tree->tree_lock/2){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.123616][ T5317] #4: ffff888042588108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.128612][ T5317] #5: ffff88801f7f80b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.134488][ T5317] [ 85.134488][ T5317] stack backtrace: [ 85.137461][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.137477][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.137484][ T5317] Call Trace: [ 85.137492][ T5317] [ 85.137498][ T5317] dump_stack_lvl+0xe8/0x150 [ 85.137519][ T5317] print_deadlock_bug+0x279/0x290 [ 85.137537][ T5317] __lock_acquire+0x253f/0x2cf0 [ 85.137552][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.137567][ T5317] ? lock_release+0x4b/0x3d0 [ 85.137579][ T5317] ? lock_release+0x4b/0x3d0 [ 85.137594][ T5317] lock_acquire+0xf0/0x2e0 [ 85.137607][ T5317] ? hfsplus_file_extend+0x215/0x1d70 [ 85.137625][ T5317] __mutex_lock+0x19f/0x1300 [ 85.137683][ T5317] ? hfsplus_file_extend+0x215/0x1d70 [ 85.137699][ T5317] ? stack_trace_save+0xa9/0x100 [ 85.137711][ T5317] ? __pfx_stack_trace_save+0x10/0x10 [ 85.137721][ T5317] ? hfsplus_file_extend+0x215/0x1d70 [ 85.137737][ T5317] ? __pfx___mutex_lock+0x10/0x10 [ 85.137748][ T5317] ? lockdep_unlock+0x5d/0xd0 [ 85.137760][ T5317] ? __lock_acquire+0x146e/0x2cf0 [ 85.137773][ T5317] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.137789][ T5317] hfsplus_file_extend+0x215/0x1d70 [ 85.137807][ T5317] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.137822][ T5317] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.137839][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.137852][ T5317] ? trace_contention_end+0x3d/0x150 [ 85.137866][ T5317] ? __asan_memset+0x22/0x50 [ 85.137880][ T5317] ? hfsplus_brec_find+0x19d/0x520 [ 85.137900][ T5317] hfsplus_bmap_reserve+0x125/0x510 [ 85.137915][ T5317] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.137932][ T5317] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.137949][ T5317] hfsplus_file_extend+0x4af/0x1d70 [ 85.137966][ T5317] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.137984][ T5317] ? __pfx___mutex_lock+0x10/0x10 [ 85.137994][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.138009][ T5317] hfsplus_bmap_reserve+0x125/0x510 [ 85.138023][ T5317] hfsplus_delete_attr+0x164/0x320 [ 85.138037][ T5317] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.138051][ T5317] ? __kmalloc_noprof+0x1b8/0x760 [ 85.138068][ T5317] ? hfsplus_find_init+0x168/0x2d0 [ 85.138081][ T5317] __hfsplus_setxattr+0x78b/0x2610 [ 85.138095][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.138109][ T5317] ? lock_release+0x4b/0x3d0 [ 85.138121][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.138134][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.138147][ T5317] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.138162][ T5317] ? is_bpf_text_address+0x292/0x2b0 [ 85.138173][ T5317] ? is_bpf_text_address+0x26/0x2b0 [ 85.138185][ T5317] ? __kernel_text_address+0xd/0x30 [ 85.138210][ T5317] ? posix_xattr_acl+0x93/0xc0 [ 85.139039][ T5317] ? evm_protect_xattr+0x4d4/0xac0 [ 85.139054][ T5317] ? hfsplus_osx_setxattr+0xc2/0x110 [ 85.139068][ T5317] ? __pfx_hfsplus_osx_setxattr+0x10/0x10 [ 85.139083][ T5317] __vfs_removexattr+0x431/0x470 [ 85.139102][ T5317] __vfs_removexattr_locked+0xe2/0x280 [ 85.139116][ T5317] vfs_removexattr+0x7f/0x230 [ 85.139131][ T5317] path_removexattrat+0x3d0/0x750 [ 85.139141][ T5317] ? __pfx_path_removexattrat+0x10/0x10 [ 85.139150][ T5317] ? do_futex+0x395/0x420 [ 85.139163][ T5317] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.139187][ T5317] ? rcu_is_watching+0x15/0xb0 [ 85.139204][ T5317] __x64_sys_removexattr+0x62/0x70 [ 85.139220][ T5317] do_syscall_64+0x14d/0xf80 [ 85.139236][ T5317] ? trace_irq_disable+0x3b/0x150 [ 85.139252][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.139262][ T5317] ? clear_bhb_loop+0x40/0x90 [ 85.139274][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.139286][ T5317] RIP: 0033:0x7f7c7eb9c799 [ 85.139298][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.139307][ T5317] RSP: 002b:00007f7c7fb29fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 85.139321][ T5317] RAX: ffffffffffffffda RBX: 00007f7c7ee15fa0 RCX: 00007f7c7eb9c799 [ 85.139329][ T5317] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000140 [ 85.139336][ T5317] RBP: 00007f7c7ec32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 85.139342][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.139349][ T5317] R13: 00007f7c7ee16038 R14: 00007f7c7ee15fa0 R15: 00007ffec256cf88 [ 85.139360][ T5317]