program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000040)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x1, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x8a0c40, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r1 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0) (rerun: 32) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000140)=0xd1) (async) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) (async) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40000240) (async, rerun: 32) open(&(0x7f0000000000)='./file1\x00', 0x101247, 0x5) (rerun: 32) [ 74.974439][ T47] Bluetooth: hci0: command tx timeout [ 75.044842][ T5326] loop0: detected capacity change from 0 to 64 [ 75.048855][ T5326] ======================================================= [ 75.048855][ T5326] WARNING: The mand mount option has been deprecated and [ 75.048855][ T5326] and is ignored by this kernel. Remove the mand [ 75.048855][ T5326] option from the mount to silence this warning. [ 75.048855][ T5326] ======================================================= [ 75.170291][ T5327] [ 75.171385][ T5327] ============================================ [ 75.173826][ T5327] WARNING: possible recursive locking detected [ 75.176370][ T5327] syzkaller #0 Not tainted [ 75.178233][ T5327] -------------------------------------------- [ 75.180759][ T5327] syz.0.0/5327 is trying to acquire lock: [ 75.183076][ T5327] ffff88803e3a80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.187648][ T5327] [ 75.187648][ T5327] but task is already holding lock: [ 75.190885][ T5327] ffff88803e3a8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.195417][ T5327] [ 75.195417][ T5327] other info that might help us debug this: [ 75.198741][ T5327] Possible unsafe locking scenario: [ 75.198741][ T5327] [ 75.201846][ T5327] CPU0 [ 75.203313][ T5327] ---- [ 75.204755][ T5327] lock(&HFS_I(tree->inode)->extents_lock); [ 75.207280][ T5327] lock(&HFS_I(tree->inode)->extents_lock); [ 75.209921][ T5327] [ 75.209921][ T5327] *** DEADLOCK *** [ 75.209921][ T5327] [ 75.213501][ T5327] May be due to missing lock nesting notation [ 75.213501][ T5327] [ 75.217030][ T5327] 5 locks held by syz.0.0/5327: [ 75.219061][ T5327] #0: ffff888000d32420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.223064][ T5327] #1: ffff88803e3a8fa0 (&type->i_mutex_dir_key#9){++++}-{4:4}, at: path_openat+0x8da/0x3830 [ 75.227449][ T5327] #2: ffff8880117760b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.231314][ T5327] #3: ffff88803e3a8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.235699][ T5327] #4: ffff8880117720b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.239831][ T5327] [ 75.239831][ T5327] stack backtrace: [ 75.242376][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.242391][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.242398][ T5327] Call Trace: [ 75.242406][ T5327] [ 75.242412][ T5327] dump_stack_lvl+0x189/0x250 [ 75.242427][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.242438][ T5327] ? __pfx__printk+0x10/0x10 [ 75.242449][ T5327] ? print_lock_name+0xde/0x100 [ 75.242460][ T5327] print_deadlock_bug+0x28b/0x2a0 [ 75.242477][ T5327] validate_chain+0x1a3f/0x2140 [ 75.242492][ T5327] ? rcu_is_watching+0x15/0xb0 [ 75.242507][ T5327] ? rcu_is_watching+0x15/0xb0 [ 75.242521][ T5327] ? lock_release+0x4b/0x3e0 [ 75.242534][ T5327] ? lock_release+0x4b/0x3e0 [ 75.242546][ T5327] ? look_up_lock_class+0x74/0x170 [ 75.242609][ T5327] ? register_lock_class+0x51/0x320 [ 75.242622][ T5327] __lock_acquire+0xab9/0xd20 [ 75.242636][ T5327] ? hfs_extend_file+0xda/0x14c0 [ 75.242648][ T5327] lock_acquire+0x120/0x360 [ 75.242660][ T5327] ? hfs_extend_file+0xda/0x14c0 [ 75.242676][ T5327] __mutex_lock+0x187/0x1350 [ 75.242688][ T5327] ? hfs_extend_file+0xda/0x14c0 [ 75.242701][ T5327] ? lockdep_unlock+0x89/0x120 [ 75.242712][ T5327] ? hfs_extend_file+0xda/0x14c0 [ 75.242724][ T5327] ? __pfx___mutex_lock+0x10/0x10 [ 75.242737][ T5327] hfs_extend_file+0xda/0x14c0 [ 75.242751][ T5327] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.242762][ T5327] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.242779][ T5327] ? rcu_is_watching+0x15/0xb0 [ 75.242793][ T5327] ? trace_contention_end+0x39/0x120 [ 75.242808][ T5327] ? __asan_memset+0x22/0x50 [ 75.242823][ T5327] ? hfs_brec_find+0x1a7/0x510 [ 75.242839][ T5327] hfs_bmap_reserve+0x107/0x430 [ 75.242853][ T5327] __hfs_ext_write_extent+0x1fa/0x470 [ 75.242866][ T5327] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.242880][ T5327] ? hfs_find_init+0x18e/0x2c0 [ 75.242895][ T5327] hfs_extend_file+0x31e/0x14c0 [ 75.242909][ T5327] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.242919][ T5327] ? __mutex_lock+0x335/0x1350 [ 75.242933][ T5327] ? __pfx___mutex_lock+0x10/0x10 [ 75.242945][ T5327] hfs_bmap_reserve+0x107/0x430 [ 75.242958][ T5327] hfs_cat_create+0x1c5/0x730 [ 75.242970][ T5327] ? do_raw_spin_lock+0x121/0x290 [ 75.242980][ T5327] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.242994][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 75.243009][ T5327] ? hfs_new_inode+0x837/0xbd0 [ 75.243023][ T5327] hfs_create+0x66/0xe0 [ 75.243034][ T5327] ? __pfx_hfs_create+0x10/0x10 [ 75.243045][ T5327] path_openat+0x14f4/0x3830 [ 75.243066][ T5327] ? __pfx_path_openat+0x10/0x10 [ 75.243082][ T5327] do_filp_open+0x1fa/0x410 [ 75.243095][ T5327] ? __lock_acquire+0xab9/0xd20 [ 75.243107][ T5327] ? __pfx_do_filp_open+0x10/0x10 [ 75.243125][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 75.243139][ T5327] ? alloc_fd+0x64c/0x6c0 [ 75.243151][ T5327] do_sys_openat2+0x121/0x1c0 [ 75.243165][ T5327] ? __se_sys_futex+0x36f/0x400 [ 75.243177][ T5327] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.243191][ T5327] __x64_sys_open+0x11e/0x150 [ 75.243205][ T5327] do_syscall_64+0xfa/0xfa0 [ 75.243215][ T5327] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.243224][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.243234][ T5327] ? clear_bhb_loop+0x60/0xb0 [ 75.243245][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.243255][ T5327] RIP: 0033:0x7f61f898efc9 [ 75.243266][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.243275][ T5327] RSP: 002b:00007f61f9791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 75.243286][ T5327] RAX: ffffffffffffffda RBX: 00007f61f8be6090 RCX: 00007f61f898efc9 [ 75.243293][ T5327] RDX: 0000000000000005 RSI: 0000000000101247 RDI: 0000200000000000 [ 75.243299][ T5327] RBP: 00007f61f8a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.243306][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.243312][ T5327] R13: 00007f61f8be6128 R14: 00007f61f8be6090 R15: 00007ffc4e67d908 [ 75.243323][ T5327]