program: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) syz_open_dev$dri(&(0x7f00000001c0), 0x2, 0x2000) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) (async) chdir(&(0x7f0000000240)='./file0\x00') open$dir(&(0x7f00000002c0)='./file0\x00', 0x80040, 0x0) (async) unlink(&(0x7f0000000340)='./file0\x00') (async) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000180)=""/105, 0x69) (async, rerun: 64) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) (rerun: 64) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async, rerun: 32) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) (rerun: 32) ftruncate(r3, 0x2007ffc) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x10, 0x7, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0xfffffffd, 0x79, 0x10, 0x48}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff}, 0x6c) (async) syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000001f00)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x27e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xeb, 0x80, 0x79, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x3, 0x2, {0x9, 0x21, 0x1, 0x9, 0x1, {0x22, 0x752}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xfa, 0x5, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x2, 0x8, 0xd}}]}}}]}}]}}, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) (async, rerun: 64) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) (rerun: 64) pwritev2(r4, &(0x7f0000000400)=[{&(0x7f00000000c0)="5dd7f6fb393b7b779a677f7efaff30f0ab841eaef7dc0ce20271e8c8c0243e6583e04d79b22efe8a9392d0307baa9705510297edb2bbc9f03ecc4906fc4348f73dfbb5340ca94212207ac780fbb93fb172e2e6c1d602cf5abab452c1101a0e48e711968c6b4f75ec402971c3199d780fa95eb3af07f5afabc5f8837da32e168554cd80286f2a762577a65ceb6955bebd3d02fb7f72411b73bd55fc607251cc", 0x9f}, {&(0x7f0000000180)="9a9778b769b82dcc480a08441f8118cfbc86bcdcb73f5fe0828770affebf6e8a0854dcfab6e5d0636c9d2eb24b8a83bb7d5ed8caf44e87f60cac06f037b3c8a50d2afc5de8c644c8d8265758cf9f76e22e375d63b9b269b8d755050dd12248f84324b9bc1206e4863b0ab0bfa6326d1dfab13af8ddf0d530b2334fa61852c25ad34c0e5f834869d04490184249b87f21b451a5d53dec526414fb7a5ac416", 0x9e}, {&(0x7f0000000240)="b733e577209476784133d705b8014498a245aa3a3e6528cf892ca58641dc033ff601cac434022aca03d350045f17a00b5fd558ec30e8a467581dac69e0ff49b01734593c5c14592a4e38046702dedb6c5f067c37123b1eeaf0b56fa987f221b62271d7ed3e331cca17f03eb3264c421edae1b5db873e47e6cda1ee3ad72cb24b0645fad19ba9a852", 0x88}, {&(0x7f0000000300)="8fd6ebb43a0e162a50c4c79ff4ddfbf7fc4353c7231f4880831f8cc2991b6d4d635ce6f76eb6b63b13c3cf168cc86a4de62008bb349e807ec942056b3b64cb3cf3eaa81b4f5d334d480d44908f23fa60bef444726f0393c73855205e997e193b94f948fc05741f9bef5ed3c315554978", 0x70}, {&(0x7f0000000380)="b3f9022464084eb46128563d78e75dd3cddda9a0f860f6511506e5f15477628ff840d1dec022d5a5e5a7ca885d9532c6fab136d20eacc6a6eaf38a2812b68740641abd8ed4e380c3b8d5e203b5b1", 0x4e}], 0x5, 0x0, 0xa, 0x15) [ 74.772290][ T4671] Bluetooth: hci0: command tx timeout [ 74.840081][ T5321] loop0: detected capacity change from 0 to 64 [ 74.848412][ T5321] ======================================================= [ 74.848412][ T5321] WARNING: The mand mount option has been deprecated and [ 74.848412][ T5321] and is ignored by this kernel. Remove the mand [ 74.848412][ T5321] option from the mount to silence this warning. [ 74.848412][ T5321] ======================================================= [ 74.918078][ T5322] hfs: walked past end of dir [ 74.920316][ T5322] hfs: walked past end of dir [ 74.927078][ T5323] [ 74.928195][ T5323] ============================================ [ 74.930804][ T5323] WARNING: possible recursive locking detected [ 74.933464][ T5323] syzkaller #0 Not tainted [ 74.935350][ T5323] -------------------------------------------- [ 74.937913][ T5323] syz.0.0/5323 is trying to acquire lock: [ 74.940497][ T5323] ffff8880436d00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 74.946340][ T5323] [ 74.946340][ T5323] but task is already holding lock: [ 74.950386][ T5323] ffff8880436d0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 74.955956][ T5323] [ 74.955956][ T5323] other info that might help us debug this: [ 74.959588][ T5323] Possible unsafe locking scenario: [ 74.959588][ T5323] [ 74.962490][ T5323] CPU0 [ 74.963665][ T5323] ---- [ 74.965051][ T5323] lock(&HFS_I(tree->inode)->extents_lock); [ 74.967748][ T5323] lock(&HFS_I(tree->inode)->extents_lock); [ 74.970394][ T5323] [ 74.970394][ T5323] *** DEADLOCK *** [ 74.970394][ T5323] [ 74.973818][ T5323] May be due to missing lock nesting notation [ 74.973818][ T5323] [ 74.977317][ T5323] 5 locks held by syz.0.0/5323: [ 74.979452][ T5323] #0: ffff88800034a420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 74.983356][ T5323] #1: ffff8880436d0fa0 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: path_openat+0x8da/0x3830 [ 74.987814][ T5323] #2: ffff88803eab60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 74.991929][ T5323] #3: ffff8880436d0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 74.996783][ T5323] #4: ffff8880313ac0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.000890][ T5323] [ 75.000890][ T5323] stack backtrace: [ 75.003484][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.003497][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.003504][ T5323] Call Trace: [ 75.003511][ T5323] [ 75.003518][ T5323] dump_stack_lvl+0x189/0x250 [ 75.003536][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.003550][ T5323] ? __pfx__printk+0x10/0x10 [ 75.003560][ T5323] ? print_lock_name+0xde/0x100 [ 75.003569][ T5323] print_deadlock_bug+0x28b/0x2a0 [ 75.003582][ T5323] validate_chain+0x1a3f/0x2140 [ 75.003593][ T5323] ? rcu_is_watching+0x15/0xb0 [ 75.003606][ T5323] ? rcu_is_watching+0x15/0xb0 [ 75.003616][ T5323] ? lock_release+0x4b/0x3e0 [ 75.003624][ T5323] ? lock_release+0x4b/0x3e0 [ 75.003632][ T5323] ? look_up_lock_class+0x74/0x170 [ 75.003684][ T5323] ? register_lock_class+0x51/0x320 [ 75.003694][ T5323] __lock_acquire+0xab9/0xd20 [ 75.003704][ T5323] ? hfs_extend_file+0xda/0x14c0 [ 75.003718][ T5323] lock_acquire+0x120/0x360 [ 75.003727][ T5323] ? hfs_extend_file+0xda/0x14c0 [ 75.003744][ T5323] __mutex_lock+0x187/0x1350 [ 75.003755][ T5323] ? hfs_extend_file+0xda/0x14c0 [ 75.003769][ T5323] ? lockdep_unlock+0x89/0x120 [ 75.003782][ T5323] ? hfs_extend_file+0xda/0x14c0 [ 75.003797][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 75.003813][ T5323] hfs_extend_file+0xda/0x14c0 [ 75.003829][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.003843][ T5323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.003855][ T5323] ? rcu_is_watching+0x15/0xb0 [ 75.003866][ T5323] ? trace_contention_end+0x39/0x120 [ 75.003878][ T5323] ? __asan_memset+0x22/0x50 [ 75.003889][ T5323] ? hfs_brec_find+0x1a7/0x510 [ 75.003902][ T5323] hfs_bmap_reserve+0x107/0x430 [ 75.003918][ T5323] __hfs_ext_write_extent+0x1fa/0x470 [ 75.003932][ T5323] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.003947][ T5323] ? hfs_find_init+0x18e/0x2c0 [ 75.003959][ T5323] hfs_extend_file+0x31e/0x14c0 [ 75.003974][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.003987][ T5323] ? __mutex_lock+0x335/0x1350 [ 75.004003][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 75.004016][ T5323] hfs_bmap_reserve+0x107/0x430 [ 75.004032][ T5323] hfs_cat_create+0x1c5/0x730 [ 75.004045][ T5323] ? do_raw_spin_lock+0x121/0x290 [ 75.004059][ T5323] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.004076][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 75.004085][ T5323] ? hfs_new_inode+0x837/0xbd0 [ 75.004096][ T5323] hfs_create+0x66/0xe0 [ 75.004109][ T5323] ? __pfx_hfs_create+0x10/0x10 [ 75.004121][ T5323] path_openat+0x14f4/0x3830 [ 75.004146][ T5323] ? __pfx_path_openat+0x10/0x10 [ 75.004158][ T5323] do_filp_open+0x1fa/0x410 [ 75.004167][ T5323] ? __lock_acquire+0xab9/0xd20 [ 75.004177][ T5323] ? __pfx_do_filp_open+0x10/0x10 [ 75.004192][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 75.004201][ T5323] ? alloc_fd+0x64c/0x6c0 [ 75.004216][ T5323] do_sys_openat2+0x121/0x1c0 [ 75.004226][ T5323] ? __se_sys_futex+0x36f/0x400 [ 75.004240][ T5323] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.004252][ T5323] __x64_sys_open+0x11e/0x150 [ 75.004262][ T5323] do_syscall_64+0xfa/0xfa0 [ 75.004274][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.004285][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.004295][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 75.004305][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.004315][ T5323] RIP: 0033:0x7fbf49b8efc9 [ 75.004327][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.004335][ T5323] RSP: 002b:00007fbf4aaa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 75.004347][ T5323] RAX: ffffffffffffffda RBX: 00007fbf49de6180 RCX: 00007fbf49b8efc9 [ 75.004354][ T5323] RDX: 0000000000000000 RSI: 000000000014d27e RDI: 0000200000000080 [ 75.004360][ T5323] RBP: 00007fbf49c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.004366][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.004372][ T5323] R13: 00007fbf49de6218 R14: 00007fbf49de6180 R15: 00007ffebedf50b8 [ 75.004382][ T5323]