program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) lstat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000900)) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000980)={[], [{@measure}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@dont_appraise}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}, 0xfd, 0x244, &(0x7f0000000680)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x80042, 0x0) pwritev2(r1, &(0x7f0000000180)=[{&(0x7f0000000200)='\x00', 0x1}], 0x1, 0x7, 0x0, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]}) r3 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0) fallocate(r3, 0x20, 0x0, 0x7000000) (async) fallocate(r3, 0x20, 0x0, 0x7000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) (async) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r4) (async) r5 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r4) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r5, 0x0) (async) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15) (async) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r6, 0xc0384707, &(0x7f0000000080)={0x29f, 0x6, 0x609152b0, 0xffffffc, 0xf}) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) (async) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) r7 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r7, 0x2007ffc) [ 68.874375][ T5299] Bluetooth: hci0: command tx timeout [ 68.898148][ T5318] loop0: detected capacity change from 0 to 64 [ 68.926982][ T5318] ======================================================= [ 68.926982][ T5318] WARNING: The mand mount option has been deprecated and [ 68.926982][ T5318] and is ignored by this kernel. Remove the mand [ 68.926982][ T5318] option from the mount to silence this warning. [ 68.926982][ T5318] ======================================================= [ 68.992932][ T5319] [ 68.993973][ T5319] ============================================ [ 68.996379][ T5319] WARNING: possible recursive locking detected [ 68.998722][ T5319] syzkaller #0 Not tainted [ 69.000493][ T5319] -------------------------------------------- [ 69.002895][ T5319] syz.0.0/5319 is trying to acquire lock: [ 69.005242][ T5319] ffff8880336680f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 69.010033][ T5319] [ 69.010033][ T5319] but task is already holding lock: [ 69.013172][ T5319] ffff888033668778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 69.017819][ T5319] [ 69.017819][ T5319] other info that might help us debug this: [ 69.021282][ T5319] Possible unsafe locking scenario: [ 69.021282][ T5319] [ 69.024571][ T5319] CPU0 [ 69.025950][ T5319] ---- [ 69.027448][ T5319] lock(&HFS_I(tree->inode)->extents_lock); [ 69.030047][ T5319] lock(&HFS_I(tree->inode)->extents_lock); [ 69.032618][ T5319] [ 69.032618][ T5319] *** DEADLOCK *** [ 69.032618][ T5319] [ 69.035929][ T5319] May be due to missing lock nesting notation [ 69.035929][ T5319] [ 69.039267][ T5319] 5 locks held by syz.0.0/5319: [ 69.041337][ T5319] #0: ffff888035e3c420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 69.045293][ T5319] #1: ffff888033668fa0 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: path_openat+0x8da/0x3830 [ 69.049525][ T5319] #2: ffff888035d260b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 69.053675][ T5319] #3: ffff888033668778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 69.058318][ T5319] #4: ffff8880358e40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 69.062462][ T5319] [ 69.062462][ T5319] stack backtrace: [ 69.065026][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.065041][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.065047][ T5319] Call Trace: [ 69.065056][ T5319] [ 69.065061][ T5319] dump_stack_lvl+0x189/0x250 [ 69.065080][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.065092][ T5319] ? __pfx__printk+0x10/0x10 [ 69.065102][ T5319] ? print_lock_name+0xde/0x100 [ 69.065111][ T5319] print_deadlock_bug+0x28b/0x2a0 [ 69.065125][ T5319] validate_chain+0x1a3f/0x2140 [ 69.065136][ T5319] ? rcu_is_watching+0x15/0xb0 [ 69.065148][ T5319] ? rcu_is_watching+0x15/0xb0 [ 69.065158][ T5319] ? lock_release+0x4b/0x3e0 [ 69.065166][ T5319] ? lock_release+0x4b/0x3e0 [ 69.065174][ T5319] ? look_up_lock_class+0x74/0x170 [ 69.065227][ T5319] ? register_lock_class+0x51/0x320 [ 69.065237][ T5319] __lock_acquire+0xab9/0xd20 [ 69.065248][ T5319] ? hfs_extend_file+0xda/0x14c0 [ 69.065261][ T5319] lock_acquire+0x120/0x360 [ 69.065270][ T5319] ? hfs_extend_file+0xda/0x14c0 [ 69.065286][ T5319] __mutex_lock+0x187/0x1350 [ 69.065299][ T5319] ? hfs_extend_file+0xda/0x14c0 [ 69.065314][ T5319] ? lockdep_unlock+0x89/0x120 [ 69.065328][ T5319] ? hfs_extend_file+0xda/0x14c0 [ 69.065343][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 69.065359][ T5319] hfs_extend_file+0xda/0x14c0 [ 69.065374][ T5319] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.065386][ T5319] ? __pfx___mutex_trylock_common+0x10/0x10 [ 69.065398][ T5319] ? rcu_is_watching+0x15/0xb0 [ 69.065408][ T5319] ? trace_contention_end+0x39/0x120 [ 69.065420][ T5319] ? __asan_memset+0x22/0x50 [ 69.065431][ T5319] ? hfs_brec_find+0x1a7/0x510 [ 69.065444][ T5319] hfs_bmap_reserve+0x107/0x430 [ 69.065458][ T5319] __hfs_ext_write_extent+0x1fa/0x470 [ 69.065468][ T5319] __hfs_ext_cache_extent+0x6b/0x9b0 [ 69.065476][ T5319] ? hfs_find_init+0x18e/0x2c0 [ 69.065487][ T5319] hfs_extend_file+0x31e/0x14c0 [ 69.065501][ T5319] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.065514][ T5319] ? __mutex_lock+0x335/0x1350 [ 69.065529][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 69.065544][ T5319] hfs_bmap_reserve+0x107/0x430 [ 69.065559][ T5319] hfs_cat_create+0x1c5/0x730 [ 69.065571][ T5319] ? do_raw_spin_lock+0x121/0x290 [ 69.065584][ T5319] ? __pfx_hfs_cat_create+0x10/0x10 [ 69.065600][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 69.065611][ T5319] ? hfs_new_inode+0x837/0xbd0 [ 69.065621][ T5319] hfs_create+0x66/0xe0 [ 69.065634][ T5319] ? __pfx_hfs_create+0x10/0x10 [ 69.065647][ T5319] path_openat+0x14f4/0x3830 [ 69.065666][ T5319] ? __pfx_path_openat+0x10/0x10 [ 69.065678][ T5319] do_filp_open+0x1fa/0x410 [ 69.065687][ T5319] ? __lock_acquire+0xab9/0xd20 [ 69.065696][ T5319] ? __pfx_do_filp_open+0x10/0x10 [ 69.065709][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 69.065719][ T5319] ? alloc_fd+0x64c/0x6c0 [ 69.065734][ T5319] do_sys_openat2+0x121/0x1c0 [ 69.065744][ T5319] ? __se_sys_futex+0x36f/0x400 [ 69.065759][ T5319] ? __pfx_do_sys_openat2+0x10/0x10 [ 69.065769][ T5319] __x64_sys_open+0x11e/0x150 [ 69.065778][ T5319] do_syscall_64+0xfa/0xfa0 [ 69.065791][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.065803][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.065812][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 69.065824][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.065835][ T5319] RIP: 0033:0x7f97b9f8f749 [ 69.065846][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.065854][ T5319] RSP: 002b:00007f97bad77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 69.065866][ T5319] RAX: ffffffffffffffda RBX: 00007f97ba1e6090 RCX: 00007f97b9f8f749 [ 69.065874][ T5319] RDX: 0000000000000000 RSI: 000000000014d27e RDI: 0000200000000080 [ 69.065880][ T5319] RBP: 00007f97ba013f91 R08: 0000000000000000 R09: 0000000000000000 [ 69.065886][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.065892][ T5319] R13: 00007f97ba1e6128 R14: 00007f97ba1e6090 R15: 00007ffd1ca9f7f8 [ 69.065902][ T5319] [ 69.691153][ T5319] hfs: request for non-existent node 8 in B*Tree [ 69.693442][ T5319] hfs: request for non-existent node 8 in B*Tree