program: ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000300)={0x800, 0xa, 0xd00, 0x4, 0x7}) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f00000001c0)='./file0\x00') unlink(&(0x7f0000000280)='./file1\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', &(0x7f0000000400), 0x1000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r2 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x0, &(0x7f0000000000), 0x0, 0x248, &(0x7f0000000940)="$eJzs3T9oFFkcB/DfzO5eLsly5O6ag4O7g+M47gIh1x3YxEYhICGICCpERGyURIgJdomVjYXWKqlsgtgZrdMEG0Ww8k+K2AgaLAwWWqzsTiLRbDBxN7uS+Xxg2JnZee/3hp3v221mNoDc6omIgYgoRERvRJQiIll/wB/Z0rO6OdO5MBJRqRx8ndSOy7Yza+26I2I6Iv6PiPk0idPFiMm5o0tvH+//+9JE6a8bc0c6W3qSq5aXFg+sXB+6eHvwv8kHj14OJTEQ5U/Oq/mSOvuKScRPO1HsG5EU2z0CtmL4/K0n1dz/HBF/1vJfijSyD+/y+Hfzpfj32mZtr7x6+Gsrxwo0X6VSqn4HTleA3EkjohxJ2hcR2Xqa9vVlv+GfFrrSM2Pj53pPjU2Mnmz3TAU0Szlicd/djjvdn+X/RSHLP7B7VfN/aHj2WXV9pdDu0QCtVM1/7/Gpf0L+IXfkH/JL/iG/5B/yS/4hv+Qf8kv+Ydf4frsN5B/yS/4hv+Qf8mt9/gGAfKl0tPsOZKBd2j3/AAAAAAAAAAAAAAAAAAAAG810LoysLa2qee9qxPLeiCjWq1+o/R/x2qNNu94k1cM+SrJmDTn2e4MdNOjmDt59vZVHuv3wfOfqb8X935rZW3nbLaZGI6YvRER/sbjx+ktWr7+v9+MX3i+daLBAg/Ycbm/997Otq1Wqs2+wkmQr/fXmnzR+qb3Wn3/Km/S5HWffNdgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALfMhAAD//+M2bGo=") ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={r2, 0x10000, 0x1, 0xb062}) ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x20) ioctl$BTRFS_IOC_QUOTA_CTL(r4, 0xc0109428, &(0x7f0000000100)={0x2, 0xffffffff}) r5 = openat(0xffffffffffffffff, &(0x7f0000000540)='mnt\x00', 0x10000, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r5, 0xc0506617, &(0x7f0000000480)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='mnt/encrypted_dir\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) [ 85.849963][ T5339] Bluetooth: hci0: command tx timeout [ 85.926774][ T5362] loop0: detected capacity change from 0 to 64 [ 85.969859][ T5362] ======================================================= [ 85.969859][ T5362] WARNING: The mand mount option has been deprecated and [ 85.969859][ T5362] and is ignored by this kernel. Remove the mand [ 85.969859][ T5362] option from the mount to silence this warning. [ 85.969859][ T5362] ======================================================= [ 86.072604][ T5362] [ 86.073711][ T5362] ============================================ [ 86.076220][ T5362] WARNING: possible recursive locking detected [ 86.079033][ T5362] syzkaller #0 Not tainted [ 86.081154][ T5362] -------------------------------------------- [ 86.084297][ T5362] syz.0.0/5362 is trying to acquire lock: [ 86.086661][ T5362] ffff8880392300f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 86.091174][ T5362] [ 86.091174][ T5362] but task is already holding lock: [ 86.094101][ T5362] ffff888039230778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 86.098559][ T5362] [ 86.098559][ T5362] other info that might help us debug this: [ 86.102331][ T5362] Possible unsafe locking scenario: [ 86.102331][ T5362] [ 86.105550][ T5362] CPU0 [ 86.107062][ T5362] ---- [ 86.108517][ T5362] lock(&HFS_I(tree->inode)->extents_lock); [ 86.110928][ T5362] lock(&HFS_I(tree->inode)->extents_lock); [ 86.113475][ T5362] [ 86.113475][ T5362] *** DEADLOCK *** [ 86.113475][ T5362] [ 86.116862][ T5362] May be due to missing lock nesting notation [ 86.116862][ T5362] [ 86.120649][ T5362] 5 locks held by syz.0.0/5362: [ 86.123079][ T5362] #0: ffff88801256c428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.127169][ T5362] #1: ffff888039230fa0 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 86.131232][ T5362] #2: ffff8880367280b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 86.135554][ T5362] #3: ffff888039230778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 86.141416][ T5362] #4: ffff88803344e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 86.145585][ T5362] [ 86.145585][ T5362] stack backtrace: [ 86.148207][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.148225][ T5362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.148233][ T5362] Call Trace: [ 86.148241][ T5362] [ 86.148247][ T5362] dump_stack_lvl+0x189/0x250 [ 86.148269][ T5362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.148284][ T5362] ? __pfx__printk+0x10/0x10 [ 86.148299][ T5362] ? print_lock_name+0xde/0x100 [ 86.148314][ T5362] print_deadlock_bug+0x28b/0x2a0 [ 86.148327][ T5362] validate_chain+0x1a3f/0x2140 [ 86.148338][ T5362] ? rcu_is_watching+0x15/0xb0 [ 86.148348][ T5362] ? rcu_is_watching+0x15/0xb0 [ 86.148358][ T5362] ? lock_release+0x4b/0x3e0 [ 86.148374][ T5362] ? lock_release+0x4b/0x3e0 [ 86.148389][ T5362] ? look_up_lock_class+0x74/0x170 [ 86.148451][ T5362] ? register_lock_class+0x51/0x320 [ 86.148468][ T5362] __lock_acquire+0xab9/0xd20 [ 86.148487][ T5362] ? hfs_extend_file+0xda/0x1230 [ 86.148502][ T5362] lock_acquire+0x120/0x360 [ 86.148515][ T5362] ? hfs_extend_file+0xda/0x1230 [ 86.148532][ T5362] __mutex_lock+0x187/0x1350 [ 86.148546][ T5362] ? hfs_extend_file+0xda/0x1230 [ 86.148557][ T5362] ? lockdep_unlock+0x89/0x120 [ 86.148572][ T5362] ? hfs_extend_file+0xda/0x1230 [ 86.148586][ T5362] ? __pfx___mutex_lock+0x10/0x10 [ 86.148600][ T5362] hfs_extend_file+0xda/0x1230 [ 86.148617][ T5362] ? __pfx_hfs_extend_file+0x10/0x10 [ 86.148629][ T5362] ? __pfx___mutex_trylock_common+0x10/0x10 [ 86.148640][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.148651][ T5362] ? rcu_is_watching+0x15/0xb0 [ 86.148661][ T5362] ? trace_contention_end+0x39/0x120 [ 86.148672][ T5362] ? __mutex_lock+0x335/0x1350 [ 86.148682][ T5362] ? hfs_brec_find+0x18e/0x500 [ 86.148694][ T5362] hfs_bmap_reserve+0x107/0x430 [ 86.148709][ T5362] __hfs_ext_write_extent+0x1fa/0x470 [ 86.148724][ T5362] __hfs_ext_cache_extent+0x6b/0x9b0 [ 86.148737][ T5362] ? hfs_find_init+0x184/0x200 [ 86.148747][ T5362] hfs_extend_file+0x316/0x1230 [ 86.148761][ T5362] ? __pfx_hfs_extend_file+0x10/0x10 [ 86.148773][ T5362] ? __mutex_lock+0x335/0x1350 [ 86.148792][ T5362] ? __pfx___mutex_lock+0x10/0x10 [ 86.148805][ T5362] hfs_bmap_reserve+0x107/0x430 [ 86.148820][ T5362] hfs_cat_create+0x1b3/0x640 [ 86.148833][ T5362] ? do_raw_spin_lock+0x121/0x290 [ 86.148845][ T5362] ? __pfx_hfs_cat_create+0x10/0x10 [ 86.148867][ T5362] ? _raw_spin_unlock+0x28/0x50 [ 86.148883][ T5362] ? hfs_new_inode+0x7c9/0xba0 [ 86.148900][ T5362] hfs_create+0x66/0xe0 [ 86.148913][ T5362] ? __pfx_hfs_create+0x10/0x10 [ 86.148924][ T5362] path_openat+0x14f1/0x3830 [ 86.148944][ T5362] ? __pfx_path_openat+0x10/0x10 [ 86.148954][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.148968][ T5362] do_filp_open+0x1fa/0x410 [ 86.148977][ T5362] ? __lock_acquire+0xab9/0xd20 [ 86.148991][ T5362] ? __pfx_do_filp_open+0x10/0x10 [ 86.149003][ T5362] ? _raw_spin_unlock+0x28/0x50 [ 86.149015][ T5362] ? alloc_fd+0x64c/0x6c0 [ 86.149030][ T5362] do_sys_openat2+0x121/0x1c0 [ 86.149050][ T5362] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.149066][ T5362] ? rcu_is_watching+0x15/0xb0 [ 86.149076][ T5362] __x64_sys_creat+0x8f/0xc0 [ 86.149084][ T5362] do_syscall_64+0xfa/0x3b0 [ 86.149091][ T5362] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.149100][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.149107][ T5362] ? clear_bhb_loop+0x60/0xb0 [ 86.149114][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.149121][ T5362] RIP: 0033:0x7fc34a38eba9 [ 86.149128][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.149137][ T5362] RSP: 002b:00007fc3467f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 86.149149][ T5362] RAX: ffffffffffffffda RBX: 00007fc34a5d5fa0 RCX: 00007fc34a38eba9 [ 86.149156][ T5362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 86.149162][ T5362] RBP: 00007fc34a411e19 R08: 0000000000000000 R09: 0000000000000000 [ 86.149168][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.149174][ T5362] R13: 00007fc34a5d6038 R14: 00007fc34a5d5fa0 R15: 00007ffcfe9f68b8 [ 86.149185][ T5362]