program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2002}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000080}, 0x0) (async) creat(&(0x7f0000000600)='./bus\x00', 0x6) (async, rerun: 64) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 64) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r3, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) creat(&(0x7f0000000300)='./bus\x00', 0x4) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) [ 127.061298][ T5332] Bluetooth: hci0: command tx timeout [ 127.203293][ T5351] loop0: detected capacity change from 0 to 64 [ 127.224041][ T5351] ======================================================= [ 127.224041][ T5351] WARNING: The mand mount option has been deprecated and [ 127.224041][ T5351] and is ignored by this kernel. Remove the mand [ 127.224041][ T5351] option from the mount to silence this warning. [ 127.224041][ T5351] ======================================================= [ 127.270433][ T5352] [ 127.271583][ T5352] ============================================ [ 127.274274][ T5352] WARNING: possible recursive locking detected [ 127.276925][ T5352] syzkaller #0 Not tainted [ 127.278987][ T5352] -------------------------------------------- [ 127.281704][ T5352] syz.0.0/5352 is trying to acquire lock: [ 127.284242][ T5352] ffff8880122c00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540 [ 127.289209][ T5352] [ 127.289209][ T5352] but task is already holding lock: [ 127.292410][ T5352] ffff8880122c0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540 [ 127.297480][ T5352] [ 127.297480][ T5352] other info that might help us debug this: [ 127.300919][ T5352] Possible unsafe locking scenario: [ 127.300919][ T5352] [ 127.303972][ T5352] CPU0 [ 127.305308][ T5352] ---- [ 127.306556][ T5352] lock(&HFS_I(tree->inode)->extents_lock); [ 127.308698][ T5352] lock(&HFS_I(tree->inode)->extents_lock); [ 127.310982][ T5352] [ 127.310982][ T5352] *** DEADLOCK *** [ 127.310982][ T5352] [ 127.314535][ T5352] May be due to missing lock nesting notation [ 127.314535][ T5352] [ 127.318144][ T5352] 5 locks held by syz.0.0/5352: [ 127.320425][ T5352] #0: ffff8880410d4420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 127.324599][ T5352] #1: ffff8880122c0fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb47/0x3dd0 [ 127.328833][ T5352] #2: ffff8880410d60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 127.332865][ T5352] #3: ffff8880122c0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540 [ 127.337370][ T5352] #4: ffff8880410d20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 127.341371][ T5352] [ 127.341371][ T5352] stack backtrace: [ 127.343800][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 127.343815][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.343821][ T5352] Call Trace: [ 127.343828][ T5352] [ 127.343834][ T5352] dump_stack_lvl+0xe8/0x150 [ 127.343851][ T5352] print_deadlock_bug+0x279/0x290 [ 127.343865][ T5352] __lock_acquire+0x2540/0x2cf0 [ 127.343878][ T5352] ? lock_release+0x4b/0x3b0 [ 127.343887][ T5352] ? lock_release+0x4b/0x3b0 [ 127.343897][ T5352] ? is_bpf_text_address+0x292/0x2b0 [ 127.343920][ T5352] ? hfs_extend_file+0xda/0x1540 [ 127.343933][ T5352] lock_acquire+0x107/0x340 [ 127.343943][ T5352] ? hfs_extend_file+0xda/0x1540 [ 127.343982][ T5352] __mutex_lock+0x187/0x1350 [ 127.344031][ T5352] ? hfs_extend_file+0xda/0x1540 [ 127.344040][ T5352] ? stack_trace_save+0x9c/0xe0 [ 127.344048][ T5352] ? __pfx_stack_trace_save+0x10/0x10 [ 127.344057][ T5352] ? check_noncircular+0xda/0x150 [ 127.344064][ T5352] ? hfs_extend_file+0xda/0x1540 [ 127.344072][ T5352] ? __pfx___mutex_lock+0x10/0x10 [ 127.344078][ T5352] ? __lock_acquire+0x146f/0x2cf0 [ 127.344084][ T5352] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 127.344094][ T5352] hfs_extend_file+0xda/0x1540 [ 127.344103][ T5352] ? __pfx_hfs_extend_file+0x10/0x10 [ 127.344110][ T5352] ? __pfx___mutex_trylock_common+0x10/0x10 [ 127.344118][ T5352] ? rcu_is_watching+0x15/0xb0 [ 127.344126][ T5352] ? trace_contention_end+0x39/0x100 [ 127.344133][ T5352] ? __asan_memset+0x22/0x50 [ 127.344142][ T5352] ? hfs_brec_find+0x1a7/0x510 [ 127.344149][ T5352] hfs_bmap_reserve+0x107/0x430 [ 127.344160][ T5352] __hfs_ext_write_extent+0x1fa/0x470 [ 127.344173][ T5352] __hfs_ext_cache_extent+0x6b/0x9b0 [ 127.344187][ T5352] ? hfs_find_init+0x18e/0x300 [ 127.344197][ T5352] hfs_extend_file+0x31e/0x1540 [ 127.344209][ T5352] ? __pfx_hfs_extend_file+0x10/0x10 [ 127.344220][ T5352] ? __mutex_lock+0x335/0x1350 [ 127.344233][ T5352] ? __pfx___mutex_lock+0x10/0x10 [ 127.344243][ T5352] hfs_bmap_reserve+0x107/0x430 [ 127.344253][ T5352] hfs_cat_create+0x1c5/0x770 [ 127.344261][ T5352] ? do_raw_spin_lock+0x121/0x290 [ 127.344269][ T5352] ? __pfx_hfs_cat_create+0x10/0x10 [ 127.344278][ T5352] ? _raw_spin_unlock+0x28/0x50 [ 127.344290][ T5352] ? hfs_new_inode+0x837/0xbd0 [ 127.344303][ T5352] hfs_create+0x66/0xe0 [ 127.344315][ T5352] ? __pfx_hfs_create+0x10/0x10 [ 127.344326][ T5352] path_openat+0x18bb/0x3dd0 [ 127.344348][ T5352] ? __pfx_path_openat+0x10/0x10 [ 127.344364][ T5352] do_filp_open+0x1fa/0x410 [ 127.344373][ T5352] ? __pfx_do_filp_open+0x10/0x10 [ 127.344383][ T5352] ? _raw_spin_unlock+0x28/0x50 [ 127.344391][ T5352] ? alloc_fd+0x64c/0x6c0 [ 127.344398][ T5352] do_sys_openat2+0x121/0x200 [ 127.344406][ T5352] ? __pfx_do_sys_openat2+0x10/0x10 [ 127.344413][ T5352] ? rcu_is_watching+0x15/0xb0 [ 127.344420][ T5352] __x64_sys_creat+0x8f/0xc0 [ 127.344427][ T5352] do_syscall_64+0xec/0xf80 [ 127.344434][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.344440][ T5352] ? trace_irq_disable+0x37/0x100 [ 127.344448][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 127.344454][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.344461][ T5352] RIP: 0033:0x7f79f2d8f7c9 [ 127.344469][ T5352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.344474][ T5352] RSP: 002b:00007f79ef1f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 127.344483][ T5352] RAX: ffffffffffffffda RBX: 00007f79f2fe6090 RCX: 00007f79f2d8f7c9 [ 127.344488][ T5352] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000600 [ 127.344492][ T5352] RBP: 00007f79f2e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 127.344496][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.344499][ T5352] R13: 00007f79f2fe6128 R14: 00007f79f2fe6090 R15: 00007ffe8112a298 [ 127.344506][ T5352] [ 127.580007][ T5352] syz.0.0: attempt to access beyond end of device [ 127.580007][ T5352] loop0: rw=8388608, sector=4200, nr_sectors = 1 limit=64 [ 127.585743][ T5352] Buffer I/O error on dev loop0, logical block 4200, async page read [ 127.589137][ T5352] syz.0.0: attempt to access beyond end of device [ 127.589137][ T5352] loop0: rw=8388608, sector=4201, nr_sectors = 1 limit=64 [ 127.596766][ T5352] Buffer I/O error on dev loop0, logical block 4201, async page read [ 127.602745][ T5352] syz.0.0: attempt to access beyond end of device [ 127.602745][ T5352] loop0: rw=8388608, sector=4202, nr_sectors = 1 limit=64 [ 127.609522][ T5352] Buffer I/O error on dev loop0, logical block 4202, async page read [ 127.614740][ T5352] syz.0.0: attempt to access beyond end of device [ 127.614740][ T5352] loop0: rw=8388608, sector=4203, nr_sectors = 1 limit=64 [ 127.620813][ T5352] Buffer I/O error on dev loop0, logical block 4203, async page read