program: r0 = socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x6a2, &(0x7f0000000580)="$eJzs3U1sHGcZB/D/bnZtb0Cp0yZpQJWIGqkgIhInVlLMpQEhFIkKVeWAOFqJ01jZpJXjIidCEL4PXDj0TpHIjQtI3IPKGTj16mMlJC49BZBYNLOz6/X3bhp7bfX3i2bnnXk/5pln3tnxrhU5wKfWtXNpPE4t1869vlJsrz6aba8+mr3TKyeZTFJPGt1VaneT2gfJ1XSXfK7YWQ1X2+447y3Ovfnhx6sfdbca1VK2r+/Ub5Mr9S12PqyWnElypFpnYD2ideNd3zDOxMjD1fpnWCTsbC9xMG7NJJ11vn9qrWZXw9+3wIFVK5+bm+/56eRokqnq54DuU7H7zD7UHo47AAAAANgHz/26/Ah/bNxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGHS/fv/xapc6r3ymdR6f/9/otqXqnyoPR53AAAAAAAAAAAwum9/dsOOLzzJk6zkWG+7Uyt/5/9yuXGifP1M3s29LGQp57OS+SxnOUu5mGS6rG+WrxMr88vLSxeH6Hmp3zMDPS8NeQatpz95AAAAAAAAADgsGqN3+Wmurf3+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoJacqS7KpcTvfJ06o0kU0kminYPk7/3ygfSb/8yuNX5b6e0qdnj/YwJAAAAxuS5J3mSlRzrbXdq5Wf+U+Xn/qm8m7tZzmKW085CbpTfBXQ/9ddXH822Vx/N3imWzeN+/V8jhVGOmO53D1sf+XTZopWbWSz3nM/1vJ12bqRe9iyc7sWzdVw/KWKqvVYZMrIb1bo489+kOdJZPY3a0C2ny4wUEXUzMlP1LbJxfOdMjHh1ekfq5f5i6v1vfk48y5yvdFev/r67Ls7nlyPlZK9tzMSlgdl3ajW1HTKRfPHPf/jerfbd25M37507OKc0gsmBb9A2ZmJ2IBMv7jwn0kyVidb+xr83ZspMnOxvX8u38t2cy5m8kaUs5geZz3IWcibfzHyOZL6az8Xr9M6Zurpu641hoplOs3oXHT6m5czn5bLvsSzmO3k7N7KQK+W/S7mYV6sR07/CJ4e46+ujvdOe/dLAl8m/SnJwJkcR2PH+02lw1s+U98HxdXvW7oPnd8xS7y1gpCw1Pl8VimP8bOCKjN/GTFwcyMQLO8+X35VvK/fad28v3Zp/Z8jjvVKtizz+4kA9JYr58nxxscqt9bOjqHthY91UN18T1W9cunX9eVZPVXeyX7f9nXo5lzNXtj61eaTyiVXUvbhl3WxZd3qgbt3PW1e7P28BcOAd/fLRidY/W39rvd/6eetW6/Wpb0x+dfKliTT/2vxaY+bIK/WXan/K+/nR2ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6d27/+D2fLu9sLSh0Ol0frxN1R4WWkl6e5LdejWze5u9KUwkKQuNslAfNYzJoRpPrF2d1/74SWJujtoreSaJalST7P6D2//udDr7fpm2KDR3mPNrhU5lU1VnqO5jK/yn8+wGHPMbE7DnLizfeefCvfsPvrJ4Z/6thbcW7s5dvjw3M3f5yj8u3FxsL8x0X8cdJbAX1h76444EAAAAAAAAAAAAGNYn+68CD4dqvM2h/7fPpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcUtfOTVal8zPF6+qj2Xax9Mr9hmWzepLaD5PaB8nVdJdMDwxX2+447y3Ovfnhx6sfdbca1VK2r6/r19w21M62g+dhteRMkiPVejCeqW277j7e9Wq9fWS7qfUjKRJ2tpc4GLf/BwAA///uOAzG") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x70000}]) r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc1}, &(0x7f00000000c0)={0x0, "9b2376c582b3c68f57147e98267b2f90fb1dd4eb3f52e717e7b180941c70ae0b61805253359a6419cc2d511ff0fadf90aabf9e6a3d3a2da9d5a7e05c7c0619ce", 0x1c}, 0x48, 0xfffffffffffffffe) keyctl$clear(0x7, r3) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe) r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r4, r6, 0x8, 0x0, 0x0, 0x3, 0x0, 0x46d, 0xfff9, 0x3, 0x0, 0x8, 'syz0\x00'}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x4, 0x8, 0x7, 0x8, 0x20, @remote, @local, 0x20, 0x8000, 0x4c1d, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000001c00)={'syztnl0\x00', 0x0}) [ 69.351328][ T4683] Bluetooth: hci0: command tx timeout [ 69.401547][ T5338] loop0: detected capacity change from 0 to 1024 [ 69.491295][ T5338] [ 69.492587][ T5338] ============================================ [ 69.495576][ T5338] WARNING: possible recursive locking detected [ 69.498742][ T5338] syzkaller #0 Not tainted [ 69.501239][ T5338] -------------------------------------------- [ 69.504209][ T5338] syz.0.0/5338 is trying to acquire lock: [ 69.506817][ T5338] ffff88801f67e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 69.511114][ T5338] [ 69.511114][ T5338] but task is already holding lock: [ 69.514290][ T5338] ffff88801f67e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 69.518655][ T5338] [ 69.518655][ T5338] other info that might help us debug this: [ 69.522275][ T5338] Possible unsafe locking scenario: [ 69.522275][ T5338] [ 69.525551][ T5338] CPU0 [ 69.526999][ T5338] ---- [ 69.528456][ T5338] lock(&tree->tree_lock/1); [ 69.530557][ T5338] lock(&tree->tree_lock/1); [ 69.532619][ T5338] [ 69.532619][ T5338] *** DEADLOCK *** [ 69.532619][ T5338] [ 69.536096][ T5338] May be due to missing lock nesting notation [ 69.536096][ T5338] [ 69.539865][ T5338] 4 locks held by syz.0.0/5338: [ 69.542030][ T5338] #0: ffff8880424e6b78 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 69.546869][ T5338] #1: ffff8880424e6988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 69.551483][ T5338] #2: ffff88801f67e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 69.556255][ T5338] #3: ffff8880424e4108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 69.561344][ T5338] [ 69.561344][ T5338] stack backtrace: [ 69.563877][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.563895][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.563903][ T5338] Call Trace: [ 69.563910][ T5338] [ 69.563916][ T5338] dump_stack_lvl+0xe8/0x150 [ 69.563939][ T5338] print_deadlock_bug+0x279/0x290 [ 69.563955][ T5338] __lock_acquire+0x2540/0x2cf0 [ 69.563968][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 69.564040][ T5338] ? lockdep_hardirqs_on+0x7b/0x110 [ 69.564050][ T5338] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 69.564066][ T5338] ? stack_depot_save_flags+0x3f3/0x810 [ 69.564083][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 69.564098][ T5338] lock_acquire+0x107/0x340 [ 69.564111][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 69.564127][ T5338] __mutex_lock+0x187/0x1350 [ 69.564137][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 69.564152][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 69.564168][ T5338] ? __pfx___mutex_lock+0x10/0x10 [ 69.564179][ T5338] ? rcu_is_watching+0x15/0xb0 [ 69.564191][ T5338] ? trace_kmalloc+0x1f/0xb0 [ 69.564204][ T5338] ? __kmalloc_noprof+0x43e/0x800 [ 69.564217][ T5338] ? hfsplus_find_init+0x8c/0x2d0 [ 69.564233][ T5338] hfsplus_find_init+0x168/0x2d0 [ 69.564248][ T5338] hfsplus_file_extend+0x40e/0x1c30 [ 69.564262][ T5338] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 69.564272][ T5338] ? __pfx___mutex_trylock_common+0x10/0x10 [ 69.564286][ T5338] ? rcu_is_watching+0x15/0xb0 [ 69.564299][ T5338] ? __asan_memset+0x22/0x50 [ 69.564311][ T5338] ? hfsplus_brec_find+0x1a9/0x510 [ 69.564327][ T5338] hfsplus_bmap_reserve+0x125/0x510 [ 69.564342][ T5338] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 69.564354][ T5338] __hfsplus_ext_cache_extent+0x89/0xe30 [ 69.564369][ T5338] hfsplus_file_extend+0x437/0x1c30 [ 69.564383][ T5338] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 69.564394][ T5338] ? clean_bdev_aliases+0x5c9/0x6b0 [ 69.564410][ T5338] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 69.564426][ T5338] hfsplus_get_block+0x40a/0x1600 [ 69.564440][ T5338] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.564451][ T5338] ? do_raw_spin_unlock+0x4d/0x240 [ 69.564465][ T5338] ? _raw_spin_unlock+0x28/0x50 [ 69.564481][ T5338] __block_write_begin_int+0x6b5/0x1900 [ 69.564499][ T5338] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.564512][ T5338] ? __pfx___block_write_begin_int+0x10/0x10 [ 69.564528][ T5338] cont_write_begin+0x78c/0xb50 [ 69.564547][ T5338] ? __pfx_cont_write_begin+0x10/0x10 [ 69.564564][ T5338] hfsplus_write_begin+0x66/0xb0 [ 69.564575][ T5338] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.564586][ T5338] generic_perform_write+0x2c5/0x900 [ 69.564599][ T5338] ? __pfx_generic_perform_write+0x10/0x10 [ 69.564609][ T5338] ? file_update_time_flags+0x2cb/0x4e0 [ 69.564624][ T5338] ? __generic_file_write_iter+0xf9/0x230 [ 69.564633][ T5338] ? generic_file_write_iter+0x103/0x550 [ 69.564643][ T5338] generic_file_write_iter+0x117/0x550 [ 69.564654][ T5338] ? __pfx_generic_file_write_iter+0x10/0x10 [ 69.564664][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 69.564675][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 69.564700][ T5338] ? lockdep_hardirqs_on+0x7b/0x110 [ 69.564711][ T5338] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 69.564727][ T5338] ? stack_depot_save_flags+0x3f3/0x810 [ 69.564743][ T5338] ? io_submit_one+0x775/0x1430 [ 69.564760][ T5338] ? aio_write+0x4c4/0x7a0 [ 69.564775][ T5338] aio_write+0x535/0x7a0 [ 69.564792][ T5338] ? __pfx_aio_write+0x10/0x10 [ 69.564808][ T5338] ? __might_fault+0xb0/0x130 [ 69.564824][ T5338] io_submit_one+0x775/0x1430 [ 69.564839][ T5338] ? irqentry_exit+0x5dd/0x660 [ 69.564849][ T5338] ? __pfx_io_submit_one+0x10/0x10 [ 69.564862][ T5338] ? __might_fault+0xb0/0x130 [ 69.564877][ T5338] ? __might_fault+0xb0/0x130 [ 69.564891][ T5338] __se_sys_io_submit+0x185/0x320 [ 69.564904][ T5338] ? __pfx___se_sys_io_submit+0x10/0x10 [ 69.564919][ T5338] do_syscall_64+0xec/0xf80 [ 69.564929][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.564940][ T5338] ? trace_irq_disable+0x37/0x100 [ 69.564954][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 69.564964][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.564975][ T5338] RIP: 0033:0x7f11da58f7c9 [ 69.564989][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.564997][ T5338] RSP: 002b:00007f11db4e1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 69.565010][ T5338] RAX: ffffffffffffffda RBX: 00007f11da7e5fa0 RCX: 00007f11da58f7c9 [ 69.565019][ T5338] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f11db497000 [ 69.565027][ T5338] RBP: 00007f11da613f91 R08: 0000000000000000 R09: 0000000000000000 [ 69.565033][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.565039][ T5338] R13: 00007f11da7e6038 R14: 00007f11da7e5fa0 R15: 00007ffe0194fd18 [ 69.565050][ T5338] [ 71.384556][ T4683] Bluetooth: hci0: command tx timeout [ 73.464866][ T4683] Bluetooth: hci0: command tx timeout [ 75.544095][ T4683] Bluetooth: hci0: command tx timeout