program: r0 = socket$nl_route(0x10, 0x3, 0x0) (async) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x300484a, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000600)='./bus\x00', 0x6) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) creat(&(0x7f0000000300)='./bus\x00', 0x4) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000005b80)=@newlink={0x4c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_FAIL_OVER_MAC={0x5, 0xd, 0x1}, @IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x0) [ 109.167238][ T4669] Bluetooth: hci0: command tx timeout [ 109.289031][ T5326] loop0: detected capacity change from 0 to 64 [ 109.328043][ T5326] ======================================================= [ 109.328043][ T5326] WARNING: The mand mount option has been deprecated and [ 109.328043][ T5326] and is ignored by this kernel. Remove the mand [ 109.328043][ T5326] option from the mount to silence this warning. [ 109.328043][ T5326] ======================================================= [ 109.452311][ T5325] [ 109.453518][ T5325] ============================================ [ 109.456362][ T5325] WARNING: possible recursive locking detected [ 109.459280][ T5325] syzkaller #0 Not tainted [ 109.461241][ T5325] -------------------------------------------- [ 109.463931][ T5325] syz.0.0/5325 is trying to acquire lock: [ 109.467007][ T5325] ffff888011ce4878 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 109.473526][ T5325] [ 109.473526][ T5325] but task is already holding lock: [ 109.476889][ T5325] ffff888011ce41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 109.481741][ T5325] [ 109.481741][ T5325] other info that might help us debug this: [ 109.485588][ T5325] Possible unsafe locking scenario: [ 109.485588][ T5325] [ 109.489555][ T5325] CPU0 [ 109.491220][ T5325] ---- [ 109.492746][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 109.495451][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 109.498225][ T5325] [ 109.498225][ T5325] *** DEADLOCK *** [ 109.498225][ T5325] [ 109.502533][ T5325] May be due to missing lock nesting notation [ 109.502533][ T5325] [ 109.506262][ T5325] 5 locks held by syz.0.0/5325: [ 109.508341][ T5325] #0: ffff888011c86420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 109.513009][ T5325] #1: ffff888011ce3d20 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 109.518737][ T5325] #2: ffff8880409620b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 109.522884][ T5325] #3: ffff888011ce41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 109.527982][ T5325] #4: ffff88803913e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 109.532802][ T5325] [ 109.532802][ T5325] stack backtrace: [ 109.535383][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 109.535404][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.535412][ T5325] Call Trace: [ 109.535423][ T5325] [ 109.535430][ T5325] dump_stack_lvl+0xe8/0x150 [ 109.535454][ T5325] print_deadlock_bug+0x279/0x290 [ 109.535474][ T5325] __lock_acquire+0x253f/0x2cf0 [ 109.535490][ T5325] ? rcu_is_watching+0x15/0xb0 [ 109.535505][ T5325] ? lock_release+0x4b/0x3d0 [ 109.535518][ T5325] ? lock_release+0x4b/0x3d0 [ 109.535532][ T5325] ? is_bpf_text_address+0x292/0x2b0 [ 109.535545][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 109.535557][ T5325] lock_acquire+0xf0/0x2e0 [ 109.535569][ T5325] ? hfs_extend_file+0xf2/0x15e0 [ 109.535585][ T5325] __mutex_lock+0x19f/0x1300 [ 109.535650][ T5325] ? hfs_extend_file+0xf2/0x15e0 [ 109.535664][ T5325] ? stack_trace_save+0xa9/0x100 [ 109.535676][ T5325] ? __pfx_stack_trace_save+0x10/0x10 [ 109.535688][ T5325] ? hfs_extend_file+0xf2/0x15e0 [ 109.535699][ T5325] ? check_path+0x21/0x40 [ 109.535713][ T5325] ? check_noncircular+0xda/0x150 [ 109.535734][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 109.535748][ T5325] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 109.535765][ T5325] hfs_extend_file+0xf2/0x15e0 [ 109.535780][ T5325] ? __pfx_hfs_extend_file+0x10/0x10 [ 109.535792][ T5325] ? __pfx___mutex_trylock_common+0x10/0x10 [ 109.535810][ T5325] ? rcu_is_watching+0x15/0xb0 [ 109.535824][ T5325] ? trace_contention_end+0x3d/0x150 [ 109.535836][ T5325] ? __asan_memset+0x22/0x50 [ 109.535853][ T5325] ? hfs_brec_find+0x19a/0x510 [ 109.535870][ T5325] hfs_bmap_reserve+0x107/0x430 [ 109.535884][ T5325] __hfs_ext_write_extent+0x1fa/0x470 [ 109.535899][ T5325] __hfs_ext_cache_extent+0x6b/0x9b0 [ 109.535911][ T5325] ? hfs_find_init+0x18e/0x300 [ 109.535927][ T5325] hfs_extend_file+0x39b/0x15e0 [ 109.535941][ T5325] ? __pfx_hfs_extend_file+0x10/0x10 [ 109.535952][ T5325] ? __mutex_lock+0x319/0x1300 [ 109.535965][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 109.535975][ T5325] ? rcu_is_watching+0x15/0xb0 [ 109.535986][ T5325] hfs_bmap_reserve+0x107/0x430 [ 109.535998][ T5325] hfs_cat_create+0x20f/0x800 [ 109.536010][ T5325] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.536020][ T5325] ? __pfx_hfs_cat_create+0x10/0x10 [ 109.536034][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 109.536049][ T5325] ? hfs_new_inode+0x92d/0xc70 [ 109.536063][ T5325] hfs_create+0x75/0xe0 [ 109.536075][ T5325] ? __pfx_hfs_create+0x10/0x10 [ 109.536086][ T5325] path_openat+0x1395/0x3860 [ 109.536104][ T5325] ? __pfx_path_openat+0x10/0x10 [ 109.536113][ T5325] ? __x64_sys_creat+0x8f/0xc0 [ 109.536129][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 109.536144][ T5325] do_file_open+0x23e/0x4a0 [ 109.536156][ T5325] ? __pfx_do_file_open+0x10/0x10 [ 109.536169][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 109.536184][ T5325] ? alloc_fd+0x64b/0x6c0 [ 109.536200][ T5325] do_sys_openat2+0x113/0x200 [ 109.536214][ T5325] ? __se_sys_futex+0x3a8/0x450 [ 109.536229][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 109.536243][ T5325] ? rcu_is_watching+0x15/0xb0 [ 109.536259][ T5325] __x64_sys_creat+0x8f/0xc0 [ 109.536275][ T5325] do_syscall_64+0x14d/0xf80 [ 109.536287][ T5325] ? trace_irq_disable+0x3b/0x150 [ 109.536297][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.536309][ T5325] ? clear_bhb_loop+0x40/0x90 [ 109.536321][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.536332][ T5325] RIP: 0033:0x7f3d94f9c799 [ 109.536348][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.536357][ T5325] RSP: 002b:00007f3d95ec2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 109.536371][ T5325] RAX: ffffffffffffffda RBX: 00007f3d95215fa0 RCX: 00007f3d94f9c799 [ 109.536380][ T5325] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000600 [ 109.536386][ T5325] RBP: 00007f3d95032c99 R08: 0000000000000000 R09: 0000000000000000 [ 109.536393][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.536399][ T5325] R13: 00007f3d95216038 R14: 00007f3d95215fa0 R15: 00007fff21a751c8 [ 109.536411][ T5325]