program: r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0xb, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="7a9b7095d5711ebfd631df55998026b95089d6229c049868ea3aeec24ec55bbeda55f97e430bdfb7a7167a8d57f527060d91a4cd56ade7c9b0c399bc35a75cc11074ebbc0c16edd526430d65cabf3370ebdf8b2d88663a38809e7e3f26ee308c2a669b0a9a173484a290abd6552a759269fc5f5843b89a63c4b661745d264e501c44ac6a3e29be6abbb2c08a8f81ded6e1f3706c9a3380df10a96f1c8f2a6ee6f2c7193ed35ccd86af4ae7c243cec87998a84cf5eeec13c6f1b1e8f5f947f19ea3909507b4d68325"}) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) (async, rerun: 32) creat(&(0x7f0000000100)='./bus\x00', 0x0) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) [ 74.848036][ T5299] Bluetooth: hci0: command tx timeout [ 74.895247][ T5320] loop0: detected capacity change from 0 to 64 [ 74.932758][ T5320] ======================================================= [ 74.932758][ T5320] WARNING: The mand mount option has been deprecated and [ 74.932758][ T5320] and is ignored by this kernel. Remove the mand [ 74.932758][ T5320] option from the mount to silence this warning. [ 74.932758][ T5320] ======================================================= [ 75.004478][ T5321] [ 75.005552][ T5321] ============================================ [ 75.008144][ T5321] WARNING: possible recursive locking detected [ 75.010858][ T5321] syzkaller #0 Not tainted [ 75.012828][ T5321] -------------------------------------------- [ 75.015475][ T5321] syz.0.0/5321 is trying to acquire lock: [ 75.017994][ T5321] ffff888035dc80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.022778][ T5321] [ 75.022778][ T5321] but task is already holding lock: [ 75.026107][ T5321] ffff888035dc8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.030747][ T5321] [ 75.030747][ T5321] other info that might help us debug this: [ 75.034187][ T5321] Possible unsafe locking scenario: [ 75.034187][ T5321] [ 75.037531][ T5321] CPU0 [ 75.039032][ T5321] ---- [ 75.040628][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 75.043285][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 75.045934][ T5321] [ 75.045934][ T5321] *** DEADLOCK *** [ 75.045934][ T5321] [ 75.049457][ T5321] May be due to missing lock nesting notation [ 75.049457][ T5321] [ 75.053051][ T5321] 5 locks held by syz.0.0/5321: [ 75.055204][ T5321] #0: ffff888011138420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.059165][ T5321] #1: ffff888035dc8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 75.063449][ T5321] #2: ffff888011a800b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.067548][ T5321] #3: ffff888035dc8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 75.072197][ T5321] #4: ffff888011a840b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 75.076279][ T5321] [ 75.076279][ T5321] stack backtrace: [ 75.078892][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.078906][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.078914][ T5321] Call Trace: [ 75.078921][ T5321] [ 75.078926][ T5321] dump_stack_lvl+0x189/0x250 [ 75.078945][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.078960][ T5321] ? __pfx__printk+0x10/0x10 [ 75.078971][ T5321] ? print_lock_name+0xde/0x100 [ 75.078982][ T5321] print_deadlock_bug+0x28b/0x2a0 [ 75.078997][ T5321] validate_chain+0x1a3f/0x2140 [ 75.079009][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.079022][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.079034][ T5321] ? lock_release+0x4b/0x3e0 [ 75.079043][ T5321] ? lock_release+0x4b/0x3e0 [ 75.079052][ T5321] ? look_up_lock_class+0x74/0x170 [ 75.079105][ T5321] ? register_lock_class+0x51/0x320 [ 75.079117][ T5321] __lock_acquire+0xab9/0xd20 [ 75.079129][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.079144][ T5321] lock_acquire+0x120/0x360 [ 75.079154][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.079176][ T5321] __mutex_lock+0x187/0x1350 [ 75.079190][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.079211][ T5321] ? lockdep_unlock+0x89/0x120 [ 75.079226][ T5321] ? hfs_extend_file+0xda/0x14c0 [ 75.079242][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 75.079260][ T5321] hfs_extend_file+0xda/0x14c0 [ 75.079277][ T5321] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.079292][ T5321] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.079306][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.079318][ T5321] ? trace_contention_end+0x39/0x120 [ 75.079331][ T5321] ? __asan_memset+0x22/0x50 [ 75.079350][ T5321] ? hfs_brec_find+0x1a7/0x510 [ 75.079364][ T5321] hfs_bmap_reserve+0x107/0x430 [ 75.079382][ T5321] __hfs_ext_write_extent+0x1fa/0x470 [ 75.079399][ T5321] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.079415][ T5321] ? hfs_find_init+0x18e/0x2c0 [ 75.079427][ T5321] hfs_extend_file+0x31e/0x14c0 [ 75.079445][ T5321] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.079459][ T5321] ? __mutex_lock+0x335/0x1350 [ 75.079476][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 75.079491][ T5321] hfs_bmap_reserve+0x107/0x430 [ 75.079508][ T5321] hfs_cat_create+0x1c5/0x730 [ 75.079524][ T5321] ? do_raw_spin_lock+0x121/0x290 [ 75.079537][ T5321] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.079556][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.079567][ T5321] ? hfs_new_inode+0x837/0xbd0 [ 75.079578][ T5321] hfs_create+0x66/0xe0 [ 75.079593][ T5321] ? __pfx_hfs_create+0x10/0x10 [ 75.079607][ T5321] path_openat+0x14f4/0x3830 [ 75.079627][ T5321] ? __pfx_path_openat+0x10/0x10 [ 75.079643][ T5321] do_filp_open+0x1fa/0x410 [ 75.079653][ T5321] ? __lock_acquire+0xab9/0xd20 [ 75.079664][ T5321] ? __pfx_do_filp_open+0x10/0x10 [ 75.079680][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.079690][ T5321] ? alloc_fd+0x64c/0x6c0 [ 75.079706][ T5321] do_sys_openat2+0x121/0x1c0 [ 75.079718][ T5321] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.079730][ T5321] __x64_sys_creat+0x8f/0xc0 [ 75.079742][ T5321] do_syscall_64+0xfa/0xfa0 [ 75.079755][ T5321] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.079767][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.079778][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 75.079789][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.079800][ T5321] RIP: 0033:0x7efe4798efc9 [ 75.079815][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.079824][ T5321] RSP: 002b:00007efe4887c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.079836][ T5321] RAX: ffffffffffffffda RBX: 00007efe47be6090 RCX: 00007efe4798efc9 [ 75.079844][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 75.079851][ T5321] RBP: 00007efe47a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.079858][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.079864][ T5321] R13: 00007efe47be6128 R14: 00007efe47be6090 R15: 00007ffc38e9f198 [ 75.079876][ T5321]