program: r0 = socket(0x28, 0x1, 0x0) connect$packet(r0, &(0x7f0000000500)={0x28, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") write$binfmt_script(r1, &(0x7f00000008c0), 0xfecc) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) syz_open_dev$loop(&(0x7f0000000400), 0x0, 0x41) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='pids.current\x00', 0x275a, 0x0) [ 85.453890][ T5331] loop0: detected capacity change from 0 to 64 [ 85.486076][ T5331] ======================================================= [ 85.486076][ T5331] WARNING: The mand mount option has been deprecated and [ 85.486076][ T5331] and is ignored by this kernel. Remove the mand [ 85.486076][ T5331] option from the mount to silence this warning. [ 85.486076][ T5331] ======================================================= [ 85.584220][ T5331] [ 85.585493][ T5331] ============================================ [ 85.588128][ T5331] WARNING: possible recursive locking detected [ 85.590765][ T5331] syzkaller #0 Not tainted [ 85.592734][ T5331] -------------------------------------------- [ 85.595508][ T5331] syz.0.0/5331 is trying to acquire lock: [ 85.598046][ T5331] ffff888032ee00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 85.603020][ T5331] [ 85.603020][ T5331] but task is already holding lock: [ 85.606259][ T5331] ffff888032ee0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 85.610963][ T5331] [ 85.610963][ T5331] other info that might help us debug this: [ 85.614425][ T5331] Possible unsafe locking scenario: [ 85.614425][ T5331] [ 85.617638][ T5331] CPU0 [ 85.619128][ T5331] ---- [ 85.620586][ T5331] lock(&HFS_I(tree->inode)->extents_lock); [ 85.623248][ T5331] lock(&HFS_I(tree->inode)->extents_lock); [ 85.625901][ T5331] [ 85.625901][ T5331] *** DEADLOCK *** [ 85.625901][ T5331] [ 85.629502][ T5331] May be due to missing lock nesting notation [ 85.629502][ T5331] [ 85.633138][ T5331] 5 locks held by syz.0.0/5331: [ 85.635282][ T5331] #0: ffff888032e52420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.639264][ T5331] #1: ffff888032ee0fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 85.643626][ T5331] #2: ffff8880110a80b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 85.647759][ T5331] #3: ffff888032ee0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 85.652713][ T5331] #4: ffff8880117ce0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 85.656935][ T5331] [ 85.656935][ T5331] stack backtrace: [ 85.659527][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.659544][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.659552][ T5331] Call Trace: [ 85.659561][ T5331] [ 85.659567][ T5331] dump_stack_lvl+0x189/0x250 [ 85.659590][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.659606][ T5331] ? __pfx__printk+0x10/0x10 [ 85.659619][ T5331] ? print_lock_name+0xde/0x100 [ 85.659632][ T5331] print_deadlock_bug+0x28b/0x2a0 [ 85.659648][ T5331] validate_chain+0x1a3f/0x2140 [ 85.659662][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.659675][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.659688][ T5331] ? lock_release+0x4b/0x3e0 [ 85.659699][ T5331] ? lock_release+0x4b/0x3e0 [ 85.659709][ T5331] ? look_up_lock_class+0x74/0x170 [ 85.659769][ T5331] ? register_lock_class+0x51/0x320 [ 85.659783][ T5331] __lock_acquire+0xab9/0xd20 [ 85.659796][ T5331] ? hfs_extend_file+0xda/0x14c0 [ 85.659812][ T5331] lock_acquire+0x120/0x360 [ 85.659823][ T5331] ? hfs_extend_file+0xda/0x14c0 [ 85.659844][ T5331] __mutex_lock+0x187/0x1350 [ 85.659860][ T5331] ? hfs_extend_file+0xda/0x14c0 [ 85.659878][ T5331] ? lockdep_unlock+0x89/0x120 [ 85.659895][ T5331] ? hfs_extend_file+0xda/0x14c0 [ 85.659912][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 85.659931][ T5331] hfs_extend_file+0xda/0x14c0 [ 85.659961][ T5331] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.659979][ T5331] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.659994][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.660007][ T5331] ? trace_contention_end+0x39/0x120 [ 85.660022][ T5331] ? __asan_memset+0x22/0x50 [ 85.660035][ T5331] ? hfs_brec_find+0x1a7/0x510 [ 85.660050][ T5331] hfs_bmap_reserve+0x107/0x430 [ 85.660069][ T5331] __hfs_ext_write_extent+0x1fa/0x470 [ 85.660088][ T5331] __hfs_ext_cache_extent+0x6b/0x9b0 [ 85.660105][ T5331] ? hfs_find_init+0x18e/0x2c0 [ 85.660119][ T5331] hfs_extend_file+0x31e/0x14c0 [ 85.660137][ T5331] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.660153][ T5331] ? __mutex_lock+0x335/0x1350 [ 85.660171][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 85.660186][ T5331] hfs_bmap_reserve+0x107/0x430 [ 85.660201][ T5331] hfs_cat_create+0x1c5/0x730 [ 85.660216][ T5331] ? do_raw_spin_lock+0x121/0x290 [ 85.660231][ T5331] ? __pfx_hfs_cat_create+0x10/0x10 [ 85.660248][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 85.660259][ T5331] ? hfs_new_inode+0x837/0xbd0 [ 85.660269][ T5331] hfs_create+0x66/0xe0 [ 85.660283][ T5331] ? __pfx_hfs_create+0x10/0x10 [ 85.660299][ T5331] path_openat+0x14f4/0x3830 [ 85.660318][ T5331] ? __pfx_path_openat+0x10/0x10 [ 85.660331][ T5331] do_filp_open+0x1fa/0x410 [ 85.660342][ T5331] ? __lock_acquire+0xab9/0xd20 [ 85.660353][ T5331] ? __pfx_do_filp_open+0x10/0x10 [ 85.660369][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 85.660381][ T5331] ? alloc_fd+0x64c/0x6c0 [ 85.660398][ T5331] do_sys_openat2+0x121/0x1c0 [ 85.660410][ T5331] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.660422][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.660436][ T5331] __x64_sys_openat+0x138/0x170 [ 85.660449][ T5331] do_syscall_64+0xfa/0xfa0 [ 85.660464][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.660478][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.660489][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 85.660502][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.660513][ T5331] RIP: 0033:0x7f333e18f6c9 [ 85.660526][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.660537][ T5331] RSP: 002b:00007f333f025038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.660551][ T5331] RAX: ffffffffffffffda RBX: 00007f333e3e5fa0 RCX: 00007f333e18f6c9 [ 85.660560][ T5331] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 85.660569][ T5331] RBP: 00007f333e211f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.660577][ T5331] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000 [ 85.660585][ T5331] R13: 00007f333e3e6038 R14: 00007f333e3e5fa0 R15: 00007ffcde386978 [ 85.660599][ T5331] [ 85.848578][ T4671] Bluetooth: hci0: command tx timeout