program: syz_mount_image$xfs(&(0x7f000000c740), &(0x7f000000c780)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nolazytime}, {@qnoenforce}, {@discard}, {@nolargeio}, {@noquota}, {@allocsize={'allocsize', 0x3d, [0x33, 0x6d, 0x33]}}], [{@subj_user={'subj_user', 0x3d, 'qnoenforce'}}, {@subj_type={'subj_type', 0x3d, 'nolazytime\xb6\xab({\xc7\xe2\xa7L\xcf\xdbC\xa1\fs_alloc_mutex){+.+.}-{4:4}, at: udf_free_blocks+0xaaf/0x1940 [ 85.387064][ T5322] [ 85.387064][ T5322] but task is already holding lock: [ 85.390186][ T5322] ffff888011c40928 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 85.393771][ T5322] [ 85.393771][ T5322] other info that might help us debug this: [ 85.397419][ T5322] Possible unsafe locking scenario: [ 85.397419][ T5322] [ 85.400971][ T5322] CPU0 [ 85.402429][ T5322] ---- [ 85.403834][ T5322] lock(&sbi->s_alloc_mutex); [ 85.405847][ T5322] lock(&sbi->s_alloc_mutex); [ 85.408029][ T5322] [ 85.408029][ T5322] *** DEADLOCK *** [ 85.408029][ T5322] [ 85.412346][ T5322] May be due to missing lock nesting notation [ 85.412346][ T5322] [ 85.415798][ T5322] 5 locks held by syz.0.0/5322: [ 85.417933][ T5322] #0: ffff888000f947f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 85.422037][ T5322] #1: ffff888041a54420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.426326][ T5322] #2: ffff888047a3b520 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: udf_file_write_iter+0x6f/0x6b0 [ 85.430976][ T5322] #3: ffff888047a3b350 (&ei->i_data_sem#2){++++}-{4:4}, at: udf_map_block+0x2a4/0x4330 [ 85.435403][ T5322] #4: ffff888011c40928 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 85.440482][ T5322] [ 85.440482][ T5322] stack backtrace: [ 85.443294][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.443314][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.443323][ T5322] Call Trace: [ 85.443332][ T5322] [ 85.443339][ T5322] dump_stack_lvl+0xe8/0x150 [ 85.443365][ T5322] print_deadlock_bug+0x279/0x290 [ 85.443387][ T5322] __lock_acquire+0x253f/0x2cf0 [ 85.443408][ T5322] ? __pfx___schedule+0x10/0x10 [ 85.443465][ T5322] lock_acquire+0xf0/0x2e0 [ 85.443482][ T5322] ? udf_free_blocks+0xaaf/0x1940 [ 85.443499][ T5322] __mutex_lock+0x19f/0x1300 [ 85.443517][ T5322] ? udf_free_blocks+0xaaf/0x1940 [ 85.443529][ T5322] ? preempt_schedule_thunk+0x16/0x30 [ 85.443545][ T5322] ? __lock_acquire+0x6b5/0x2cf0 [ 85.443561][ T5322] ? udf_free_blocks+0xaaf/0x1940 [ 85.443574][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 85.443587][ T5322] ? folio_mark_accessed+0x442/0x8c0 [ 85.443605][ T5322] udf_free_blocks+0xaaf/0x1940 [ 85.443619][ T5322] ? bdev_getblk+0x582/0x6e0 [ 85.443632][ T5322] ? udf_get_fileshortad+0x6e/0x1b0 [ 85.443644][ T5322] ? udf_current_aext+0x698/0xb30 [ 85.443658][ T5322] ? __pfx_udf_free_blocks+0x10/0x10 [ 85.443670][ T5322] ? udf_next_aext+0x447/0x530 [ 85.443692][ T5322] udf_delete_aext+0x4fb/0xbd0 [ 85.443711][ T5322] ? __pfx_udf_delete_aext+0x10/0x10 [ 85.443726][ T5322] ? udf_next_aext+0x447/0x530 [ 85.443747][ T5322] udf_new_block+0x149e/0x1c70 [ 85.443765][ T5322] ? udf_do_extend_file+0xea4/0x11e0 [ 85.443780][ T5322] ? __pfx_udf_new_block+0x10/0x10 [ 85.443797][ T5322] udf_map_block+0x1375/0x4330 [ 85.443818][ T5322] ? __pfx_udf_map_block+0x10/0x10 [ 85.443837][ T5322] ? rcu_is_watching+0x15/0xb0 [ 85.443859][ T5322] ? do_raw_spin_unlock+0x4d/0x210 [ 85.443873][ T5322] __udf_get_block+0x52/0x250 [ 85.443888][ T5322] __block_write_begin_int+0x6c6/0x1910 [ 85.443905][ T5322] ? __pfx_udf_get_block+0x10/0x10 [ 85.443919][ T5322] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.443934][ T5322] ? __pfx_udf_get_block+0x10/0x10 [ 85.443946][ T5322] block_write_begin+0x8d/0x120 [ 85.443959][ T5322] ? udf_write_begin+0x92/0x270 [ 85.443972][ T5322] udf_write_begin+0x118/0x270 [ 85.443987][ T5322] generic_perform_write+0x2e2/0x8f0 [ 85.444004][ T5322] ? __pfx_generic_perform_write+0x10/0x10 [ 85.444018][ T5322] ? file_update_time_flags+0x400/0x4a0 [ 85.444036][ T5322] ? __generic_file_write_iter+0xf9/0x230 [ 85.444049][ T5322] ? udf_file_write_iter+0x1a3/0x6b0 [ 85.444063][ T5322] udf_file_write_iter+0x2ca/0x6b0 [ 85.444078][ T5322] vfs_write+0x61d/0xb90 [ 85.444091][ T5322] ? __pfx_vfs_write+0x10/0x10 [ 85.444105][ T5322] ? __fget_files+0x2a/0x420 [ 85.444123][ T5322] ksys_write+0x150/0x270 [ 85.444135][ T5322] ? __pfx_ksys_write+0x10/0x10 [ 85.444148][ T5322] do_syscall_64+0x14d/0xf80 [ 85.444165][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.444178][ T5322] ? clear_bhb_loop+0x40/0x90 [ 85.444193][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.444229][ T5322] RIP: 0033:0x7f915939c819 [ 85.444245][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.444257][ T5322] RSP: 002b:00007f91557f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.444272][ T5322] RAX: ffffffffffffffda RBX: 00007f9159615fa0 RCX: 00007f915939c819 [ 85.444282][ T5322] RDX: 00000000175d9003 RSI: 0000200000000200 RDI: 000000000000000c [ 85.444290][ T5322] RBP: 00007f9159432c91 R08: 0000000000000000 R09: 0000000000000000 [ 85.444299][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.444307][ T5322] R13: 00007f9159616038 R14: 00007f9159615fa0 R15: 00007ffd910843b8 [ 85.444321][ T5322] [ 85.620747][ T45] Bluetooth: hci0: command tx timeout [ 87.698436][ T45] Bluetooth: hci0: command tx timeout [ 89.778032][ T45] Bluetooth: hci0: command tx timeout [ 90.338341][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 90.342302][ T9] usb 5-1: too many configurations: 101, using maximum allowed: 8 [ 90.346376][ T9] usb 5-1: unable to read config index 0 descriptor/start: -32 [ 90.349970][ T9] usb 5-1: chopping to 0 config(s) [ 90.352318][ T9] usb 5-1: can't read configurations, error -32 [ 90.478068][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd