program: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x4002d1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2d1, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x2d3, 0x0) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") open(&(0x7f0000000000)='./file1\x00', 0x101247, 0x5) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000080)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000280)={0x0, 0xfffffffffffffe6c, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000700)={r5, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f0000000800)={0x0, 0x80, 0xd, 0x20203143, 0x0, [r6, r8, r7], [0x401, 0x9, 0x0, 0xfffffefd], [0xfffffffe, 0x0, 0x20], [0x0, 0xffffffffffffffff, 0x3ffe, 0x800000000000000]}) r9 = socket$inet_udp(0x2, 0x2, 0x0) close(r9) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(r0, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000380)=ANY=[@ANYRES64=r10], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") write$binfmt_script(r11, &(0x7f0000000d00)={'#! ', './file1', [{0x20, 'udf\x00I]\n\x8djw\xa8\x03\xb9S\xe7P\x16X\xba\x92F\x93<\xc4\xa3wB\x15\x1b\xf3\xe9^.BI*AT\xf3\x9f^%\xb8v\f\xf8\xf0\xc7\n\x94\xa5\x97\x02\xf8\x9b\x06Kx\x04\x01\xc9,\xc4w3\xb9\xf5\xe2{W\xf1\xc6dq\xafM1Ze\xa4|\xdd\"\xaa\xa2\x13\x887\xfd\xb1\x94\xe6K9\xfc\xbc\x8b@\x86\x96\xdd\x16\xa6\xf0H)3\xe7\x04\x8d\xbb\xc9\xb4\xeaF\xc5\x1f\xfb\xf3Qr\x05\x98\x10\x8b3\xd8\"\x8cf~\xcb\xad\"AK\x14i\a\xa9\xd4\vO\xeb\xe5j\xc6\xc1\xeeSE\xbe\x9ao\x0e8\x06\'v`\xf8\xcf\x8fZ\'P\x85@\xba\x19\xb9=\x03\x17\x94\xd9D\x05\xd3\x9c\x97\x7f\x9a\xe8\x87\xbf\xe6wDm5\xda\xbe\xa0\xf3\a\xfc\x89K84|\xf9\x16\x15\t\xecno[\xb3\xb9K\xca I=\xf3\xac\x9d\xc8\x91\xb8\x97\xca\xa8\xb0\xf7\xbb\xf5\x02\x9fJ\x1b7:\xf7\xdf\xee\xb8Q\xf1\xaa\xfd\x10\xef\xf9eq\x7f\xde\xd7\xfag\xe3\"\x97d\x10\x9a\xc5L\xc5\xdf\x82O7T\xef\x1f\xfb\x86\r\xcc\x1b\xf9\xc2\x91\x87\x15\xcd\xb9\x9a'}, {0x20, '@[[&*}&%-'}, {0x20, '#! '}, {0x20, '$.'}, {0x20, '#! '}, {0x20, 'hfs\x00'}, {0x20, '/dev/dri/card#\x00'}, {0x20, '-$l+\''}, {0x20, '!@'}]}, 0x15a) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x143000, 0x80) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) [ 83.851857][ T5305] Bluetooth: hci0: command tx timeout [ 84.131155][ T5329] loop0: detected capacity change from 0 to 64 [ 84.157239][ T5329] ======================================================= [ 84.157239][ T5329] WARNING: The mand mount option has been deprecated and [ 84.157239][ T5329] and is ignored by this kernel. Remove the mand [ 84.157239][ T5329] option from the mount to silence this warning. [ 84.157239][ T5329] ======================================================= [ 84.391024][ T5329] [ 84.412035][ T5329] ============================================ [ 84.414991][ T5329] WARNING: possible recursive locking detected [ 84.419357][ T5329] syzkaller #0 Not tainted [ 84.423065][ T5329] -------------------------------------------- [ 84.444430][ T5329] syz.0.0/5329 is trying to acquire lock: [ 84.447370][ T5329] ffff888042cf4878 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 84.451742][ T5329] [ 84.451742][ T5329] but task is already holding lock: [ 84.454689][ T5329] ffff888042cf41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 84.484710][ T5329] [ 84.484710][ T5329] other info that might help us debug this: [ 84.502165][ T5329] Possible unsafe locking scenario: [ 84.502165][ T5329] [ 84.505919][ T5329] CPU0 [ 84.511708][ T5329] ---- [ 84.513312][ T5329] lock(&HFS_I(tree->inode)->extents_lock); [ 84.516004][ T5329] lock(&HFS_I(tree->inode)->extents_lock); [ 84.523510][ T5329] [ 84.523510][ T5329] *** DEADLOCK *** [ 84.523510][ T5329] [ 84.526756][ T5329] May be due to missing lock nesting notation [ 84.526756][ T5329] [ 84.535494][ T5329] 5 locks held by syz.0.0/5329: [ 84.541309][ T5329] #0: ffff888000ea0420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 84.545110][ T5329] #1: ffff888042cf3d20 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 84.565353][ T5329] #2: ffff88801cd040b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 84.572865][ T5329] #3: ffff888042cf41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 84.600171][ T5329] #4: ffff888000ea20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 84.604587][ T5329] [ 84.604587][ T5329] stack backtrace: [ 84.607053][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.607077][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.607087][ T5329] Call Trace: [ 84.607099][ T5329] [ 84.607106][ T5329] dump_stack_lvl+0xe8/0x150 [ 84.607134][ T5329] print_deadlock_bug+0x279/0x290 [ 84.607155][ T5329] __lock_acquire+0x253f/0x2cf0 [ 84.607171][ T5329] ? rcu_is_watching+0x15/0xb0 [ 84.607256][ T5329] ? lock_release+0x4b/0x3d0 [ 84.607271][ T5329] ? lock_release+0x4b/0x3d0 [ 84.607284][ T5329] ? is_bpf_text_address+0x292/0x2b0 [ 84.607296][ T5329] ? is_bpf_text_address+0x26/0x2b0 [ 84.607306][ T5329] lock_acquire+0xf0/0x2e0 [ 84.607321][ T5329] ? hfs_extend_file+0xf2/0x15e0 [ 84.607337][ T5329] __mutex_lock+0x19f/0x1300 [ 84.607408][ T5329] ? hfs_extend_file+0xf2/0x15e0 [ 84.607425][ T5329] ? stack_trace_save+0xa9/0x100 [ 84.607439][ T5329] ? __pfx_stack_trace_save+0x10/0x10 [ 84.607454][ T5329] ? hfs_extend_file+0xf2/0x15e0 [ 84.607466][ T5329] ? check_path+0x21/0x40 [ 84.607482][ T5329] ? check_noncircular+0xda/0x150 [ 84.607497][ T5329] ? __pfx___mutex_lock+0x10/0x10 [ 84.607510][ T5329] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 84.607530][ T5329] hfs_extend_file+0xf2/0x15e0 [ 84.607546][ T5329] ? __pfx_hfs_extend_file+0x10/0x10 [ 84.607559][ T5329] ? __pfx___mutex_trylock_common+0x10/0x10 [ 84.607577][ T5329] ? rcu_is_watching+0x15/0xb0 [ 84.607590][ T5329] ? trace_contention_end+0x3d/0x150 [ 84.607600][ T5329] ? __asan_memset+0x22/0x50 [ 84.607617][ T5329] ? hfs_brec_find+0x19a/0x510 [ 84.607632][ T5329] hfs_bmap_reserve+0x107/0x430 [ 84.607647][ T5329] __hfs_ext_write_extent+0x1fa/0x470 [ 84.607661][ T5329] __hfs_ext_cache_extent+0x6b/0x9b0 [ 84.607676][ T5329] ? hfs_find_init+0x18e/0x300 [ 84.607693][ T5329] hfs_extend_file+0x39b/0x15e0 [ 84.607707][ T5329] ? __pfx_hfs_extend_file+0x10/0x10 [ 84.607729][ T5329] ? __mutex_lock+0x319/0x1300 [ 84.607748][ T5329] ? __pfx___mutex_lock+0x10/0x10 [ 84.607761][ T5329] ? rcu_is_watching+0x15/0xb0 [ 84.607778][ T5329] hfs_bmap_reserve+0x107/0x430 [ 84.607791][ T5329] hfs_cat_create+0x20f/0x800 [ 84.607803][ T5329] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.607814][ T5329] ? __pfx_hfs_cat_create+0x10/0x10 [ 84.607828][ T5329] ? _raw_spin_unlock+0x28/0x50 [ 84.607842][ T5329] ? hfs_new_inode+0x92d/0xc70 [ 84.607856][ T5329] hfs_create+0x75/0xe0 [ 84.607868][ T5329] ? __pfx_hfs_create+0x10/0x10 [ 84.607879][ T5329] path_openat+0x1395/0x3860 [ 84.607896][ T5329] ? __pfx_path_openat+0x10/0x10 [ 84.607904][ T5329] ? __x64_sys_openat+0x138/0x170 [ 84.607920][ T5329] ? __lock_acquire+0x6b5/0x2cf0 [ 84.607934][ T5329] do_file_open+0x23e/0x4a0 [ 84.607945][ T5329] ? __pfx_do_file_open+0x10/0x10 [ 84.607958][ T5329] ? _raw_spin_unlock+0x28/0x50 [ 84.607972][ T5329] ? alloc_fd+0x64b/0x6c0 [ 84.607987][ T5329] do_sys_openat2+0x113/0x200 [ 84.608001][ T5329] ? __se_sys_futex+0x3a8/0x450 [ 84.608015][ T5329] ? __pfx_do_sys_openat2+0x10/0x10 [ 84.608028][ T5329] ? rcu_is_watching+0x15/0xb0 [ 84.608043][ T5329] __x64_sys_openat+0x138/0x170 [ 84.608059][ T5329] do_syscall_64+0x14d/0xf80 [ 84.608071][ T5329] ? trace_irq_disable+0x3b/0x150 [ 84.608082][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.608096][ T5329] ? clear_bhb_loop+0x40/0x90 [ 84.608108][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.608123][ T5329] RIP: 0033:0x7f1222d9c799 [ 84.608138][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.608150][ T5329] RSP: 002b:00007f1223d21fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 84.608167][ T5329] RAX: ffffffffffffffda RBX: 00007f1223015fa0 RCX: 00007f1222d9c799 [ 84.608176][ T5329] RDX: 0000000000000040 RSI: 000020000000c380 RDI: ffffffffffffff9c [ 84.608184][ T5329] RBP: 00007f1222e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 84.608192][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.608201][ T5329] R13: 00007f1223016038 R14: 00007f1223015fa0 R15: 00007ffdfcbda248 [ 84.608214][ T5329]