program: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1}, 0x7fa9a5e0}], 0x1, 0x1, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0x0, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0xc}, {0xd}, {0x0, 0x5}}, [@q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x11}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004080}, 0x80) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000940)=""/218, 0xda}], 0x1}}], 0x2, 0x10002, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x4d06c2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040), 0x6a4b6243, 0x80000) ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r2, 0xc02864c3, &(0x7f0000000080)={0x0, 0xa}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r3) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x83) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r4, &(0x7f0000000140)='2', 0x1, 0x8080c61) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r5) sendmsg$NFC_CMD_GET_SE(r5, &(0x7f0000000100)={0x0, 0xfffffffffffffcc9, &(0x7f0000000580)={&(0x7f0000000540)={0x60, r6, 0xf15, 0x70bd2a, 0x20000000}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 68.905223][ T5333] Bluetooth: hci0: command tx timeout [ 68.999988][ T5353] loop0: detected capacity change from 0 to 64 [ 69.012258][ T5353] ======================================================= [ 69.012258][ T5353] WARNING: The mand mount option has been deprecated and [ 69.012258][ T5353] and is ignored by this kernel. Remove the mand [ 69.012258][ T5353] option from the mount to silence this warning. [ 69.012258][ T5353] ======================================================= [ 69.056621][ T5353] [ 69.057764][ T5353] ============================================ [ 69.060600][ T5353] WARNING: possible recursive locking detected [ 69.063369][ T5353] syzkaller #0 Not tainted [ 69.065348][ T5353] -------------------------------------------- [ 69.068073][ T5353] syz.0.0/5353 is trying to acquire lock: [ 69.070504][ T5353] ffff888043c000f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 69.075160][ T5353] [ 69.075160][ T5353] but task is already holding lock: [ 69.078291][ T5353] ffff888043c00778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 69.082873][ T5353] [ 69.082873][ T5353] other info that might help us debug this: [ 69.086314][ T5353] Possible unsafe locking scenario: [ 69.086314][ T5353] [ 69.089651][ T5353] CPU0 [ 69.091160][ T5353] ---- [ 69.092681][ T5353] lock(&HFS_I(tree->inode)->extents_lock); [ 69.095361][ T5353] lock(&HFS_I(tree->inode)->extents_lock); [ 69.098065][ T5353] [ 69.098065][ T5353] *** DEADLOCK *** [ 69.098065][ T5353] [ 69.101664][ T5353] May be due to missing lock nesting notation [ 69.101664][ T5353] [ 69.105153][ T5353] 5 locks held by syz.0.0/5353: [ 69.107338][ T5353] #0: ffff888011d9c428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 69.111559][ T5353] #1: ffff888043c00fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 69.116100][ T5353] #2: ffff88801a3260b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 69.120295][ T5353] #3: ffff888043c00778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 69.125078][ T5353] #4: ffff888011c1e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 69.129094][ T5353] [ 69.129094][ T5353] stack backtrace: [ 69.131604][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.131621][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.131628][ T5353] Call Trace: [ 69.131635][ T5353] [ 69.131641][ T5353] dump_stack_lvl+0x189/0x250 [ 69.131659][ T5353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.131674][ T5353] ? __pfx__printk+0x10/0x10 [ 69.131688][ T5353] ? print_lock_name+0xde/0x100 [ 69.131702][ T5353] print_deadlock_bug+0x28b/0x2a0 [ 69.131715][ T5353] validate_chain+0x1a3f/0x2140 [ 69.131730][ T5353] ? rcu_is_watching+0x15/0xb0 [ 69.131741][ T5353] ? rcu_is_watching+0x15/0xb0 [ 69.131751][ T5353] ? lock_release+0x4b/0x3e0 [ 69.131764][ T5353] ? lock_release+0x4b/0x3e0 [ 69.131773][ T5353] ? look_up_lock_class+0x74/0x170 [ 69.131827][ T5353] ? register_lock_class+0x51/0x320 [ 69.131841][ T5353] __lock_acquire+0xab9/0xd20 [ 69.131856][ T5353] ? hfs_extend_file+0xda/0x1230 [ 69.131869][ T5353] lock_acquire+0x120/0x360 [ 69.131883][ T5353] ? hfs_extend_file+0xda/0x1230 [ 69.131897][ T5353] __mutex_lock+0x187/0x1350 [ 69.131907][ T5353] ? hfs_extend_file+0xda/0x1230 [ 69.131921][ T5353] ? lockdep_unlock+0x89/0x120 [ 69.131933][ T5353] ? hfs_extend_file+0xda/0x1230 [ 69.131947][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 69.131961][ T5353] hfs_extend_file+0xda/0x1230 [ 69.131975][ T5353] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.131988][ T5353] ? __pfx___mutex_trylock_common+0x10/0x10 [ 69.131996][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.132003][ T5353] ? rcu_is_watching+0x15/0xb0 [ 69.132010][ T5353] ? trace_contention_end+0x39/0x120 [ 69.132016][ T5353] ? __mutex_lock+0x335/0x1350 [ 69.132022][ T5353] ? hfs_brec_find+0x18e/0x500 [ 69.132029][ T5353] hfs_bmap_reserve+0x107/0x430 [ 69.132038][ T5353] __hfs_ext_write_extent+0x1fa/0x470 [ 69.132047][ T5353] __hfs_ext_cache_extent+0x6b/0x9b0 [ 69.132056][ T5353] ? hfs_find_init+0x184/0x200 [ 69.132061][ T5353] hfs_extend_file+0x316/0x1230 [ 69.132071][ T5353] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.132078][ T5353] ? __mutex_lock+0x335/0x1350 [ 69.132086][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 69.132093][ T5353] hfs_bmap_reserve+0x107/0x430 [ 69.132102][ T5353] hfs_cat_create+0x1b3/0x640 [ 69.132109][ T5353] ? do_raw_spin_lock+0x121/0x290 [ 69.132116][ T5353] ? __pfx_hfs_cat_create+0x10/0x10 [ 69.132126][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 69.132134][ T5353] ? hfs_new_inode+0x7c9/0xba0 [ 69.132143][ T5353] hfs_create+0x66/0xe0 [ 69.132150][ T5353] ? __pfx_hfs_create+0x10/0x10 [ 69.132158][ T5353] path_openat+0x14f4/0x3830 [ 69.132168][ T5353] ? arch_stack_walk+0xfc/0x150 [ 69.132185][ T5353] ? __pfx_path_openat+0x10/0x10 [ 69.132193][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.132204][ T5353] do_filp_open+0x1fa/0x410 [ 69.132213][ T5353] ? __lock_acquire+0xab9/0xd20 [ 69.132226][ T5353] ? __pfx_do_filp_open+0x10/0x10 [ 69.132241][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 69.132249][ T5353] ? alloc_fd+0x64c/0x6c0 [ 69.132259][ T5353] do_sys_openat2+0x121/0x1c0 [ 69.132269][ T5353] ? __pfx_do_sys_openat2+0x10/0x10 [ 69.132279][ T5353] ? rcu_is_watching+0x15/0xb0 [ 69.132285][ T5353] __x64_sys_open+0x11e/0x150 [ 69.132294][ T5353] do_syscall_64+0xfa/0x3b0 [ 69.132302][ T5353] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.132315][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.132324][ T5353] ? clear_bhb_loop+0x60/0xb0 [ 69.132334][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.132343][ T5353] RIP: 0033:0x7f120978eba9 [ 69.132354][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.132363][ T5353] RSP: 002b:00007f120a5b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 69.132375][ T5353] RAX: ffffffffffffffda RBX: 00007f12099d5fa0 RCX: 00007f120978eba9 [ 69.132382][ T5353] RDX: 0000000000000000 RSI: 0000000000145142 RDI: 0000200000000040 [ 69.132387][ T5353] RBP: 00007f1209811e19 R08: 0000000000000000 R09: 0000000000000000 [ 69.132391][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.132395][ T5353] R13: 00007f12099d6038 R14: 00007f12099d5fa0 R15: 00007ffcc4ca8258 [ 69.132401][ T5353] [ 69.788968][ T5354] hfs: request for non-existent node 8 in B*Tree [ 69.791477][ T5354] hfs: request for non-existent node 8 in B*Tree