program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) (async) recvmmsg(r0, &(0x7f0000008f80)=[{{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000001580)=""/4096, 0x1068}, {&(0x7f0000000540)=""/74, 0x4a}], 0x2}}], 0x1, 0x0, 0x0) fallocate(r0, 0x10, 0xfffffffffffffff9, 0x7fffffffffffffff) (async) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0xfffffffffffffe55, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) (async) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f0000000240)) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000730124000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async, rerun: 32) pwrite64(r4, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async, rerun: 32) r5 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r5, 0x2007ffc) (async) setsockopt$inet6_tcp_int(r2, 0x6, 0x18, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10) (async) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x300}}) (async) openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/locks\x00', 0x0, 0x0) (async) ioctl$TIOCL_PASTESEL(r7, 0x541c, &(0x7f00000004c0)) [ 74.946836][ T5300] Bluetooth: hci0: command tx timeout [ 75.031349][ T5321] loop0: detected capacity change from 0 to 64 [ 75.044264][ T5321] ======================================================= [ 75.044264][ T5321] WARNING: The mand mount option has been deprecated and [ 75.044264][ T5321] and is ignored by this kernel. Remove the mand [ 75.044264][ T5321] option from the mount to silence this warning. [ 75.044264][ T5321] ======================================================= [ 75.075776][ T26] audit: type=1800 audit(1759900540.763:2): pid=5322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=22 res=0 errno=0 [ 75.097013][ T5321] [ 75.098050][ T5321] ============================================ [ 75.100637][ T5321] WARNING: possible recursive locking detected [ 75.103394][ T5321] syzkaller #0 Not tainted [ 75.105318][ T5321] -------------------------------------------- [ 75.107907][ T5321] syz.0.0/5321 is trying to acquire lock: [ 75.110401][ T5321] ffff8880332880f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.114997][ T5321] [ 75.114997][ T5321] but task is already holding lock: [ 75.118209][ T5321] ffff888033288778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.122523][ T5321] [ 75.122523][ T5321] other info that might help us debug this: [ 75.125677][ T5321] Possible unsafe locking scenario: [ 75.125677][ T5321] [ 75.128308][ T5321] CPU0 [ 75.129587][ T5321] ---- [ 75.130928][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 75.133809][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 75.136204][ T5321] [ 75.136204][ T5321] *** DEADLOCK *** [ 75.136204][ T5321] [ 75.139720][ T5321] May be due to missing lock nesting notation [ 75.139720][ T5321] [ 75.143118][ T5321] 5 locks held by syz.0.0/5321: [ 75.145432][ T5321] #0: ffff88803138e420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.149323][ T5321] #1: ffff888033288fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 75.153326][ T5321] #2: ffff88803a2960b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.157167][ T5321] #3: ffff888033288778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.161995][ T5321] #4: ffff8880415800b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.166000][ T5321] [ 75.166000][ T5321] stack backtrace: [ 75.168580][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.168593][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.168599][ T5321] Call Trace: [ 75.168605][ T5321] [ 75.168610][ T5321] dump_stack_lvl+0x189/0x250 [ 75.168627][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.168635][ T5321] ? __pfx__printk+0x10/0x10 [ 75.168645][ T5321] ? print_lock_name+0xde/0x100 [ 75.168653][ T5321] print_deadlock_bug+0x28b/0x2a0 [ 75.168666][ T5321] validate_chain+0x1a3f/0x2140 [ 75.168676][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.168688][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.168698][ T5321] ? lock_release+0x4b/0x3e0 [ 75.168706][ T5321] ? lock_release+0x4b/0x3e0 [ 75.168713][ T5321] ? look_up_lock_class+0x74/0x170 [ 75.168780][ T5321] ? register_lock_class+0x51/0x320 [ 75.168789][ T5321] __lock_acquire+0xab9/0xd20 [ 75.168800][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.168813][ T5321] lock_acquire+0x120/0x360 [ 75.168822][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.168837][ T5321] __mutex_lock+0x187/0x1350 [ 75.168848][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.168861][ T5321] ? lockdep_unlock+0x89/0x120 [ 75.168875][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.168889][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 75.168902][ T5321] hfs_extend_file+0xda/0x14c0 [ 75.168915][ T5321] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.168928][ T5321] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.168940][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.168951][ T5321] ? trace_contention_end+0x39/0x120 [ 75.168963][ T5321] ? __asan_memset+0x22/0x50 [ 75.168974][ T5321] ? hfs_brec_find+0x1a7/0x510 [ 75.168985][ T5321] hfs_bmap_reserve+0x107/0x430 [ 75.169000][ T5321] __hfs_ext_write_extent+0x1fa/0x470 [ 75.169014][ T5321] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.169027][ T5321] ? hfs_find_init+0x18e/0x2c0 [ 75.169037][ T5321] hfs_extend_file+0x31e/0x14c0 [ 75.169051][ T5321] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.169063][ T5321] ? __mutex_lock+0x335/0x1350 [ 75.169076][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 75.169088][ T5321] hfs_bmap_reserve+0x107/0x430 [ 75.169102][ T5321] hfs_cat_create+0x1c5/0x730 [ 75.169115][ T5321] ? do_raw_spin_lock+0x121/0x290 [ 75.169127][ T5321] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.169142][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.169150][ T5321] ? hfs_new_inode+0x837/0xbd0 [ 75.169165][ T5321] hfs_create+0x66/0xe0 [ 75.169178][ T5321] ? __pfx_hfs_create+0x10/0x10 [ 75.169189][ T5321] path_openat+0x14f1/0x3830 [ 75.169206][ T5321] ? __pfx_path_openat+0x10/0x10 [ 75.169218][ T5321] do_filp_open+0x1fa/0x410 [ 75.169226][ T5321] ? __lock_acquire+0xab9/0xd20 [ 75.169235][ T5321] ? __pfx_do_filp_open+0x10/0x10 [ 75.169261][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.169270][ T5321] ? alloc_fd+0x64c/0x6c0 [ 75.169284][ T5321] do_sys_openat2+0x121/0x1c0 [ 75.169293][ T5321] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.169303][ T5321] __x64_sys_open+0x11e/0x150 [ 75.169312][ T5321] do_syscall_64+0xfa/0xfa0 [ 75.169322][ T5321] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.169332][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.169342][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 75.169351][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.169361][ T5321] RIP: 0033:0x7fde5878eec9 [ 75.169372][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.169379][ T5321] RSP: 002b:00007fde59646038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 75.169390][ T5321] RAX: ffffffffffffffda RBX: 00007fde589e5fa0 RCX: 00007fde5878eec9 [ 75.169396][ T5321] RDX: 0000000000000000 RSI: 000000000014927e RDI: 0000200000000180 [ 75.169402][ T5321] RBP: 00007fde58811f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.169408][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.169413][ T5321] R13: 00007fde589e6038 R14: 00007fde589e5fa0 R15: 00007ffc3a0faf08 [ 75.169422][ T5321]