program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@redirect_dir_nofollow}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r1, 0x2007ffc) [ 74.947722][ T46] Bluetooth: hci0: command tx timeout [ 74.987840][ T5344] loop0: detected capacity change from 0 to 64 [ 75.026560][ T5344] ======================================================= [ 75.026560][ T5344] WARNING: The mand mount option has been deprecated and [ 75.026560][ T5344] and is ignored by this kernel. Remove the mand [ 75.026560][ T5344] option from the mount to silence this warning. [ 75.026560][ T5344] ======================================================= [ 75.123530][ T5344] [ 75.124514][ T5344] ============================================ [ 75.126835][ T5344] WARNING: possible recursive locking detected [ 75.129314][ T5344] syzkaller #0 Not tainted [ 75.131221][ T5344] -------------------------------------------- [ 75.133911][ T5344] syz.0.0/5344 is trying to acquire lock: [ 75.136394][ T5344] ffff8880415e80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.141070][ T5344] [ 75.141070][ T5344] but task is already holding lock: [ 75.144733][ T5344] ffff8880415e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.149422][ T5344] [ 75.149422][ T5344] other info that might help us debug this: [ 75.152903][ T5344] Possible unsafe locking scenario: [ 75.152903][ T5344] [ 75.156160][ T5344] CPU0 [ 75.157648][ T5344] ---- [ 75.159096][ T5344] lock(&HFS_I(tree->inode)->extents_lock); [ 75.161781][ T5344] lock(&HFS_I(tree->inode)->extents_lock); [ 75.164471][ T5344] [ 75.164471][ T5344] *** DEADLOCK *** [ 75.164471][ T5344] [ 75.168329][ T5344] May be due to missing lock nesting notation [ 75.168329][ T5344] [ 75.171665][ T5344] 5 locks held by syz.0.0/5344: [ 75.173584][ T5344] #0: ffff888043840420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.177197][ T5344] #1: ffff8880415e8fa0 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: path_openat+0xb47/0x3dd0 [ 75.181151][ T5344] #2: ffff8880348c40b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.184862][ T5344] #3: ffff8880415e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.189446][ T5344] #4: ffff8880348c20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.193657][ T5344] [ 75.193657][ T5344] stack backtrace: [ 75.196264][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.196279][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.196286][ T5344] Call Trace: [ 75.196295][ T5344] [ 75.196301][ T5344] dump_stack_lvl+0x189/0x250 [ 75.196320][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.196333][ T5344] ? __pfx__printk+0x10/0x10 [ 75.196349][ T5344] ? print_lock_name+0xde/0x100 [ 75.196364][ T5344] print_deadlock_bug+0x279/0x290 [ 75.196378][ T5344] __lock_acquire+0x2540/0x2cf0 [ 75.196394][ T5344] ? is_bpf_text_address+0x292/0x2b0 [ 75.196411][ T5344] ? hfs_extend_file+0xda/0x14c0 [ 75.196423][ T5344] lock_acquire+0x117/0x340 [ 75.196434][ T5344] ? hfs_extend_file+0xda/0x14c0 [ 75.196449][ T5344] __mutex_lock+0x187/0x1350 [ 75.196530][ T5344] ? hfs_extend_file+0xda/0x14c0 [ 75.196545][ T5344] ? stack_trace_save+0x9c/0xe0 [ 75.196555][ T5344] ? __pfx_stack_trace_save+0x10/0x10 [ 75.196566][ T5344] ? check_noncircular+0xda/0x150 [ 75.196579][ T5344] ? hfs_extend_file+0xda/0x14c0 [ 75.196592][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 75.196605][ T5344] ? lockdep_unlock+0x89/0x120 [ 75.196615][ T5344] ? __lock_acquire+0x146f/0x2cf0 [ 75.196629][ T5344] hfs_extend_file+0xda/0x14c0 [ 75.196644][ T5344] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.196652][ T5344] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.196662][ T5344] ? rcu_is_watching+0x15/0xb0 [ 75.196671][ T5344] ? trace_contention_end+0x39/0x100 [ 75.196680][ T5344] ? __asan_memset+0x22/0x50 [ 75.196688][ T5344] ? hfs_brec_find+0x1a7/0x510 [ 75.196699][ T5344] hfs_bmap_reserve+0x107/0x430 [ 75.196708][ T5344] __hfs_ext_write_extent+0x1fa/0x470 [ 75.196717][ T5344] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.196725][ T5344] ? hfs_find_init+0x18e/0x2c0 [ 75.196736][ T5344] hfs_extend_file+0x31e/0x14c0 [ 75.196745][ T5344] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.196754][ T5344] ? __mutex_lock+0x335/0x1350 [ 75.196771][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 75.196787][ T5344] hfs_bmap_reserve+0x107/0x430 [ 75.196800][ T5344] hfs_cat_create+0x1c5/0x730 [ 75.196812][ T5344] ? do_raw_spin_lock+0x121/0x290 [ 75.196827][ T5344] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.196842][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 75.196852][ T5344] ? hfs_new_inode+0x837/0xbd0 [ 75.196867][ T5344] hfs_create+0x66/0xe0 [ 75.196877][ T5344] ? __pfx_hfs_create+0x10/0x10 [ 75.196889][ T5344] path_openat+0x18bb/0x3dd0 [ 75.196907][ T5344] ? __pfx_path_openat+0x10/0x10 [ 75.196922][ T5344] do_filp_open+0x1fa/0x410 [ 75.196934][ T5344] ? __pfx_do_filp_open+0x10/0x10 [ 75.196951][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 75.196961][ T5344] ? alloc_fd+0x64c/0x6c0 [ 75.196979][ T5344] do_sys_openat2+0x121/0x200 [ 75.196991][ T5344] ? __se_sys_futex+0x36f/0x400 [ 75.197003][ T5344] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.197025][ T5344] __x64_sys_open+0x11e/0x150 [ 75.197037][ T5344] do_syscall_64+0xfa/0xf80 [ 75.197051][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.197062][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 75.197075][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.197086][ T5344] RIP: 0033:0x7faf6218f7c9 [ 75.197097][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.197107][ T5344] RSP: 002b:00007faf62f9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 75.197119][ T5344] RAX: ffffffffffffffda RBX: 00007faf623e5fa0 RCX: 00007faf6218f7c9 [ 75.197127][ T5344] RDX: 0000000000000000 RSI: 0000000000145142 RDI: 0000200000000240 [ 75.197134][ T5344] RBP: 00007faf62213f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.197142][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.197148][ T5344] R13: 00007faf623e6038 R14: 00007faf623e5fa0 R15: 00007ffd5d6add78 [ 75.197158][ T5344]