program: r0 = syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) chdir(&(0x7f00000000c0)='./bus\x00') lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f0000000680), &(0x7f00000006c0)=ANY=[], 0x835, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x18) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fanotify_mark(r4, 0x80, 0x48000000, r0, &(0x7f0000000300)='./bus\x00') sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000280)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0], 0x8, 0x5, 0x4, 0x1}) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x1d, 0x33, @action={{{}, {0x9}, @device_b}, @channel_switch={0x0, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x64}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) [ 68.256434][ T5332] Bluetooth: hci0: command tx timeout [ 68.287422][ T5354] loop0: detected capacity change from 0 to 64 [ 68.324480][ T5354] ======================================================= [ 68.324480][ T5354] WARNING: The mand mount option has been deprecated and [ 68.324480][ T5354] and is ignored by this kernel. Remove the mand [ 68.324480][ T5354] option from the mount to silence this warning. [ 68.324480][ T5354] ======================================================= [ 68.415143][ T5354] [ 68.416190][ T5354] ============================================ [ 68.418635][ T5354] WARNING: possible recursive locking detected [ 68.421227][ T5354] syzkaller #0 Not tainted [ 68.423173][ T5354] -------------------------------------------- [ 68.425781][ T5354] syz.0.0/5354 is trying to acquire lock: [ 68.428132][ T5354] ffff8880335c80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 68.432699][ T5354] [ 68.432699][ T5354] but task is already holding lock: [ 68.435687][ T5354] ffff8880335c8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 68.440263][ T5354] [ 68.440263][ T5354] other info that might help us debug this: [ 68.443717][ T5354] Possible unsafe locking scenario: [ 68.443717][ T5354] [ 68.446802][ T5354] CPU0 [ 68.448262][ T5354] ---- [ 68.449694][ T5354] lock(&HFS_I(tree->inode)->extents_lock); [ 68.451968][ T5354] lock(&HFS_I(tree->inode)->extents_lock); [ 68.454530][ T5354] [ 68.454530][ T5354] *** DEADLOCK *** [ 68.454530][ T5354] [ 68.457888][ T5354] May be due to missing lock nesting notation [ 68.457888][ T5354] [ 68.461121][ T5354] 5 locks held by syz.0.0/5354: [ 68.463091][ T5354] #0: ffff888037fe6428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 68.466550][ T5354] #1: ffff8880335c8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 68.470609][ T5354] #2: ffff888011c460b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 68.474617][ T5354] #3: ffff8880335c8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 68.479317][ T5354] #4: ffff88803e9600b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 68.483386][ T5354] [ 68.483386][ T5354] stack backtrace: [ 68.485895][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.485910][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.485917][ T5354] Call Trace: [ 68.485926][ T5354] [ 68.485932][ T5354] dump_stack_lvl+0x189/0x250 [ 68.485951][ T5354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.485964][ T5354] ? __pfx__printk+0x10/0x10 [ 68.485980][ T5354] ? print_lock_name+0xde/0x100 [ 68.485995][ T5354] print_deadlock_bug+0x28b/0x2a0 [ 68.486007][ T5354] validate_chain+0x1a3f/0x2140 [ 68.486018][ T5354] ? rcu_is_watching+0x15/0xb0 [ 68.486029][ T5354] ? rcu_is_watching+0x15/0xb0 [ 68.486038][ T5354] ? lock_release+0x4b/0x3e0 [ 68.486052][ T5354] ? lock_release+0x4b/0x3e0 [ 68.486065][ T5354] ? look_up_lock_class+0x74/0x170 [ 68.486115][ T5354] ? register_lock_class+0x51/0x320 [ 68.486132][ T5354] __lock_acquire+0xab9/0xd20 [ 68.486149][ T5354] ? hfs_extend_file+0xda/0x1230 [ 68.486163][ T5354] lock_acquire+0x120/0x360 [ 68.486177][ T5354] ? hfs_extend_file+0xda/0x1230 [ 68.486194][ T5354] __mutex_lock+0x187/0x1350 [ 68.486205][ T5354] ? hfs_extend_file+0xda/0x1230 [ 68.486218][ T5354] ? lockdep_unlock+0x89/0x120 [ 68.486232][ T5354] ? hfs_extend_file+0xda/0x1230 [ 68.486246][ T5354] ? __pfx___mutex_lock+0x10/0x10 [ 68.486261][ T5354] hfs_extend_file+0xda/0x1230 [ 68.486275][ T5354] ? __pfx_hfs_extend_file+0x10/0x10 [ 68.486285][ T5354] ? __pfx___mutex_trylock_common+0x10/0x10 [ 68.486293][ T5354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.486302][ T5354] ? rcu_is_watching+0x15/0xb0 [ 68.486310][ T5354] ? trace_contention_end+0x39/0x120 [ 68.486320][ T5354] ? __mutex_lock+0x335/0x1350 [ 68.486330][ T5354] ? hfs_brec_find+0x18e/0x500 [ 68.486342][ T5354] hfs_bmap_reserve+0x107/0x430 [ 68.486357][ T5354] __hfs_ext_write_extent+0x1fa/0x470 [ 68.486372][ T5354] __hfs_ext_cache_extent+0x6b/0x9b0 [ 68.486385][ T5354] ? hfs_find_init+0x184/0x200 [ 68.486395][ T5354] hfs_extend_file+0x316/0x1230 [ 68.486410][ T5354] ? __pfx_hfs_extend_file+0x10/0x10 [ 68.486421][ T5354] ? __mutex_lock+0x335/0x1350 [ 68.486433][ T5354] ? __pfx___mutex_lock+0x10/0x10 [ 68.486443][ T5354] hfs_bmap_reserve+0x107/0x430 [ 68.486463][ T5354] hfs_cat_create+0x1b3/0x640 [ 68.486477][ T5354] ? do_raw_spin_lock+0x121/0x290 [ 68.486490][ T5354] ? __pfx_hfs_cat_create+0x10/0x10 [ 68.486506][ T5354] ? _raw_spin_unlock+0x28/0x50 [ 68.486520][ T5354] ? hfs_new_inode+0x7c9/0xba0 [ 68.486535][ T5354] hfs_create+0x66/0xe0 [ 68.486546][ T5354] ? __pfx_hfs_create+0x10/0x10 [ 68.486557][ T5354] path_openat+0x14f1/0x3830 [ 68.486568][ T5354] ? arch_stack_walk+0xfc/0x150 [ 68.486587][ T5354] ? __pfx_path_openat+0x10/0x10 [ 68.486597][ T5354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.486611][ T5354] do_filp_open+0x1fa/0x410 [ 68.486622][ T5354] ? __lock_acquire+0xab9/0xd20 [ 68.486635][ T5354] ? __pfx_do_filp_open+0x10/0x10 [ 68.486650][ T5354] ? _raw_spin_unlock+0x28/0x50 [ 68.486664][ T5354] ? alloc_fd+0x64c/0x6c0 [ 68.486678][ T5354] do_sys_openat2+0x121/0x1c0 [ 68.486695][ T5354] ? __pfx_do_sys_openat2+0x10/0x10 [ 68.486709][ T5354] ? rcu_is_watching+0x15/0xb0 [ 68.486720][ T5354] __x64_sys_open+0x11e/0x150 [ 68.486735][ T5354] do_syscall_64+0xfa/0x3b0 [ 68.486746][ T5354] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.486760][ T5354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.486770][ T5354] ? clear_bhb_loop+0x60/0xb0 [ 68.486783][ T5354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.486794][ T5354] RIP: 0033:0x7f8eceb8eba9 [ 68.486804][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.486813][ T5354] RSP: 002b:00007f8ecf95f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 68.486823][ T5354] RAX: ffffffffffffffda RBX: 00007f8ecedd5fa0 RCX: 00007f8eceb8eba9 [ 68.486831][ T5354] RDX: 0000000000000000 RSI: 0000000000064842 RDI: 0000200000000040 [ 68.486837][ T5354] RBP: 00007f8ecec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 68.486843][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.486849][ T5354] R13: 00007f8ecedd6038 R14: 00007f8ecedd5fa0 R15: 00007ffeafbd47c8 [ 68.486860][ T5354] [ 69.106964][ T5355] hfs: request for non-existent node 6 in B*Tree [ 69.109900][ T5355] hfs: request for non-existent node 6 in B*Tree [ 69.126995][ T5355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.