program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@bridge_newneigh={0x24, 0x1c, 0x1, 0x70bd25, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x40, 0x60, 0xb}, [@NDA_DST_IPV4={0x8, 0x1, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x6f}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xf4) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) [ 86.140584][ T5332] loop0: detected capacity change from 0 to 64 [ 86.168014][ T5332] ======================================================= [ 86.168014][ T5332] WARNING: The mand mount option has been deprecated and [ 86.168014][ T5332] and is ignored by this kernel. Remove the mand [ 86.168014][ T5332] option from the mount to silence this warning. [ 86.168014][ T5332] ======================================================= [ 86.266911][ T5332] [ 86.267993][ T5332] ============================================ [ 86.270448][ T5332] WARNING: possible recursive locking detected [ 86.272955][ T5332] syzkaller #0 Not tainted [ 86.274773][ T5332] -------------------------------------------- [ 86.277205][ T5332] syz.0.0/5332 is trying to acquire lock: [ 86.279674][ T5332] ffff88801feb80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 86.287107][ T5332] [ 86.287107][ T5332] but task is already holding lock: [ 86.290427][ T5332] ffff88801feb8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 86.295430][ T5332] [ 86.295430][ T5332] other info that might help us debug this: [ 86.298696][ T5332] Possible unsafe locking scenario: [ 86.298696][ T5332] [ 86.301769][ T5332] CPU0 [ 86.303235][ T5332] ---- [ 86.304591][ T5332] lock(&HFS_I(tree->inode)->extents_lock); [ 86.306934][ T5332] lock(&HFS_I(tree->inode)->extents_lock); [ 86.309232][ T5332] [ 86.309232][ T5332] *** DEADLOCK *** [ 86.309232][ T5332] [ 86.312856][ T5332] May be due to missing lock nesting notation [ 86.312856][ T5332] [ 86.316241][ T5332] 5 locks held by syz.0.0/5332: [ 86.318235][ T5332] #0: ffff88803e25e420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.321552][ T5332] #1: ffff88801feb8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 86.325637][ T5332] #2: ffff88801f2640b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 86.329779][ T5332] #3: ffff88801feb8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 86.334668][ T5332] #4: ffff88801f2620b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 86.338874][ T5332] [ 86.338874][ T5332] stack backtrace: [ 86.341553][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.341569][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.341578][ T5332] Call Trace: [ 86.341585][ T5332] [ 86.341592][ T5332] dump_stack_lvl+0x189/0x250 [ 86.341613][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.341628][ T5332] ? __pfx__printk+0x10/0x10 [ 86.341641][ T5332] ? print_lock_name+0xde/0x100 [ 86.341652][ T5332] print_deadlock_bug+0x28b/0x2a0 [ 86.341667][ T5332] validate_chain+0x1a3f/0x2140 [ 86.341678][ T5332] ? rcu_is_watching+0x15/0xb0 [ 86.341692][ T5332] ? rcu_is_watching+0x15/0xb0 [ 86.341703][ T5332] ? lock_release+0x4b/0x3e0 [ 86.341711][ T5332] ? lock_release+0x4b/0x3e0 [ 86.341720][ T5332] ? look_up_lock_class+0x74/0x170 [ 86.342628][ T5332] ? register_lock_class+0x51/0x320 [ 86.342642][ T5332] __lock_acquire+0xab9/0xd20 [ 86.342654][ T5332] ? hfs_extend_file+0xda/0x14c0 [ 86.342669][ T5332] lock_acquire+0x120/0x360 [ 86.342678][ T5332] ? hfs_extend_file+0xda/0x14c0 [ 86.342694][ T5332] __mutex_lock+0x187/0x1350 [ 86.342709][ T5332] ? hfs_extend_file+0xda/0x14c0 [ 86.342724][ T5332] ? lockdep_unlock+0x89/0x120 [ 86.342738][ T5332] ? hfs_extend_file+0xda/0x14c0 [ 86.342753][ T5332] ? __pfx___mutex_lock+0x10/0x10 [ 86.342770][ T5332] hfs_extend_file+0xda/0x14c0 [ 86.342786][ T5332] ? __pfx_hfs_extend_file+0x10/0x10 [ 86.342799][ T5332] ? __pfx___mutex_trylock_common+0x10/0x10 [ 86.342812][ T5332] ? rcu_is_watching+0x15/0xb0 [ 86.342824][ T5332] ? trace_contention_end+0x39/0x120 [ 86.342836][ T5332] ? __asan_memset+0x22/0x50 [ 86.342849][ T5332] ? hfs_brec_find+0x1a7/0x510 [ 86.342863][ T5332] hfs_bmap_reserve+0x107/0x430 [ 86.342881][ T5332] __hfs_ext_write_extent+0x1fa/0x470 [ 86.342898][ T5332] __hfs_ext_cache_extent+0x6b/0x9b0 [ 86.342907][ T5332] ? hfs_find_init+0x18e/0x2c0 [ 86.342919][ T5332] hfs_extend_file+0x31e/0x14c0 [ 86.342936][ T5332] ? __pfx_hfs_extend_file+0x10/0x10 [ 86.342950][ T5332] ? __mutex_lock+0x335/0x1350 [ 86.342966][ T5332] ? __pfx___mutex_lock+0x10/0x10 [ 86.342981][ T5332] hfs_bmap_reserve+0x107/0x430 [ 86.342997][ T5332] hfs_cat_create+0x1c5/0x730 [ 86.343012][ T5332] ? do_raw_spin_lock+0x121/0x290 [ 86.343025][ T5332] ? __pfx_hfs_cat_create+0x10/0x10 [ 86.343042][ T5332] ? _raw_spin_unlock+0x28/0x50 [ 86.343053][ T5332] ? hfs_new_inode+0x837/0xbd0 [ 86.343064][ T5332] hfs_create+0x66/0xe0 [ 86.343077][ T5332] ? __pfx_hfs_create+0x10/0x10 [ 86.343091][ T5332] path_openat+0x14f4/0x3830 [ 86.343108][ T5332] ? __pfx_path_openat+0x10/0x10 [ 86.343122][ T5332] do_filp_open+0x1fa/0x410 [ 86.343131][ T5332] ? __lock_acquire+0xab9/0xd20 [ 86.343140][ T5332] ? __pfx_do_filp_open+0x10/0x10 [ 86.343156][ T5332] ? _raw_spin_unlock+0x28/0x50 [ 86.343167][ T5332] ? alloc_fd+0x64c/0x6c0 [ 86.343182][ T5332] do_sys_openat2+0x121/0x1c0 [ 86.343193][ T5332] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.343204][ T5332] ? rcu_is_watching+0x15/0xb0 [ 86.343216][ T5332] __x64_sys_openat+0x138/0x170 [ 86.343227][ T5332] do_syscall_64+0xfa/0xfa0 [ 86.343241][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.343254][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.343264][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 86.343274][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.343283][ T5332] RIP: 0033:0x7ffa1078f749 [ 86.343294][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.343302][ T5332] RSP: 002b:00007ffa11606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 86.343314][ T5332] RAX: ffffffffffffffda RBX: 00007ffa109e5fa0 RCX: 00007ffa1078f749 [ 86.343323][ T5332] RDX: 000000000000275a RSI: 0000200000006ac0 RDI: ffffffffffffff9c [ 86.343331][ T5332] RBP: 00007ffa10813f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.343337][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.343344][ T5332] R13: 00007ffa109e6038 R14: 00007ffa109e5fa0 R15: 00007fff2a355978 [ 86.343364][ T5332] [ 86.517387][ T47] Bluetooth: hci0: command tx timeout