program: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5a, 0x9, 0x0, 0x0, 0x0, 0xd, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x3, @perf_bp={0x0, 0x2}, 0x12105, 0x4, 0x9, 0x6, 0x2, 0x7ffc, 0x4, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xfffffffbffffffff, 0xffffffffffffffff, 0x9) mmap(&(0x7f00006ba000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8032, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file4\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000005c0), 0xc, 0x2000) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000600), &(0x7f0000000680)=0x4) fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000000c0), &(0x7f0000000580), 0x2, 0x1) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='cpu.stat\x00', 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x6c}}, 0x0) [ 73.709067][ T5302] Bluetooth: hci0: command tx timeout [ 73.807717][ T5323] loop0: detected capacity change from 0 to 64 [ 73.829033][ T5323] ======================================================= [ 73.829033][ T5323] WARNING: The mand mount option has been deprecated and [ 73.829033][ T5323] and is ignored by this kernel. Remove the mand [ 73.829033][ T5323] option from the mount to silence this warning. [ 73.829033][ T5323] ======================================================= [ 73.901400][ T5323] [ 73.902289][ T5323] ============================================ [ 73.904398][ T5323] WARNING: possible recursive locking detected [ 73.906837][ T5323] syzkaller #0 Not tainted [ 73.908633][ T5323] -------------------------------------------- [ 73.911147][ T5323] syz.0.0/5323 is trying to acquire lock: [ 73.913744][ T5323] ffff888012dc80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 73.918586][ T5323] [ 73.918586][ T5323] but task is already holding lock: [ 73.921688][ T5323] ffff888012dc8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 73.926502][ T5323] [ 73.926502][ T5323] other info that might help us debug this: [ 73.930103][ T5323] Possible unsafe locking scenario: [ 73.930103][ T5323] [ 73.933448][ T5323] CPU0 [ 73.934982][ T5323] ---- [ 73.936519][ T5323] lock(&HFS_I(tree->inode)->extents_lock); [ 73.939288][ T5323] lock(&HFS_I(tree->inode)->extents_lock); [ 73.942042][ T5323] [ 73.942042][ T5323] *** DEADLOCK *** [ 73.942042][ T5323] [ 73.945677][ T5323] May be due to missing lock nesting notation [ 73.945677][ T5323] [ 73.949383][ T5323] 5 locks held by syz.0.0/5323: [ 73.951593][ T5323] #0: ffff88804287a420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 73.956288][ T5323] #1: ffff888012dc8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb53/0x3e20 [ 73.960722][ T5323] #2: ffff888044a0e0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 73.965529][ T5323] #3: ffff888012dc8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 73.970117][ T5323] #4: ffff888044a0c0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 73.974329][ T5323] [ 73.974329][ T5323] stack backtrace: [ 73.976868][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 73.976885][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 73.976894][ T5323] Call Trace: [ 73.976902][ T5323] [ 73.976907][ T5323] dump_stack_lvl+0xe8/0x150 [ 73.976991][ T5323] print_deadlock_bug+0x279/0x290 [ 73.977034][ T5323] __lock_acquire+0x253f/0x2cf0 [ 73.977053][ T5323] ? lock_release+0x4b/0x3a0 [ 73.977069][ T5323] ? lock_release+0x4b/0x3a0 [ 73.977083][ T5323] ? is_bpf_text_address+0x292/0x2b0 [ 73.977098][ T5323] ? hfs_extend_file+0xf2/0x15e0 [ 73.977110][ T5323] lock_acquire+0x106/0x330 [ 73.977123][ T5323] ? hfs_extend_file+0xf2/0x15e0 [ 73.977138][ T5323] __mutex_lock+0x19f/0x1300 [ 73.977191][ T5323] ? hfs_extend_file+0xf2/0x15e0 [ 73.977203][ T5323] ? stack_trace_save+0xa9/0x100 [ 73.977218][ T5323] ? __pfx_stack_trace_save+0x10/0x10 [ 73.977233][ T5323] ? check_path+0x21/0x40 [ 73.977242][ T5323] ? check_noncircular+0xda/0x150 [ 73.977251][ T5323] ? hfs_extend_file+0xf2/0x15e0 [ 73.977264][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 73.977275][ T5323] ? __lock_acquire+0x146e/0x2cf0 [ 73.977290][ T5323] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 73.977307][ T5323] hfs_extend_file+0xf2/0x15e0 [ 73.977316][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 73.977324][ T5323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 73.977332][ T5323] ? rcu_is_watching+0x15/0xb0 [ 73.977339][ T5323] ? trace_contention_end+0x39/0x100 [ 73.977346][ T5323] ? __asan_memset+0x22/0x50 [ 73.977356][ T5323] ? hfs_brec_find+0x19a/0x510 [ 73.977366][ T5323] hfs_bmap_reserve+0x107/0x430 [ 73.977375][ T5323] __hfs_ext_write_extent+0x1fa/0x470 [ 73.977384][ T5323] __hfs_ext_cache_extent+0x6b/0x9b0 [ 73.977392][ T5323] ? hfs_find_init+0x18e/0x300 [ 73.977401][ T5323] hfs_extend_file+0x39b/0x15e0 [ 73.977410][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 73.977418][ T5323] ? __mutex_lock+0x319/0x1300 [ 73.977426][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 73.977434][ T5323] hfs_bmap_reserve+0x107/0x430 [ 73.977447][ T5323] hfs_cat_create+0x20f/0x800 [ 73.977458][ T5323] ? do_raw_spin_lock+0x12b/0x2f0 [ 73.977469][ T5323] ? __pfx_hfs_cat_create+0x10/0x10 [ 73.977484][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 73.977498][ T5323] ? hfs_new_inode+0x838/0xbd0 [ 73.977511][ T5323] hfs_create+0x66/0xe0 [ 73.977521][ T5323] ? __pfx_hfs_create+0x10/0x10 [ 73.977531][ T5323] path_openat+0x18dd/0x3e20 [ 73.977552][ T5323] ? __pfx_path_openat+0x10/0x10 [ 73.977568][ T5323] do_filp_open+0x22d/0x490 [ 73.977581][ T5323] ? __pfx_do_filp_open+0x10/0x10 [ 73.977598][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 73.977613][ T5323] ? alloc_fd+0x64b/0x6c0 [ 73.977631][ T5323] do_sys_openat2+0x12f/0x220 [ 73.977642][ T5323] ? __se_sys_futex+0x3a8/0x450 [ 73.977657][ T5323] ? __pfx_do_sys_openat2+0x10/0x10 [ 73.977668][ T5323] ? rcu_is_watching+0x15/0xb0 [ 73.977677][ T5323] __x64_sys_openat+0x138/0x170 [ 73.977690][ T5323] do_syscall_64+0xe2/0xf80 [ 73.977701][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.977732][ T5323] ? trace_irq_disable+0x37/0x100 [ 73.977745][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 73.977759][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.977770][ T5323] RIP: 0033:0x7f4342f9aeb9 [ 73.977783][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 73.977793][ T5323] RSP: 002b:00007f4343f3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 73.977807][ T5323] RAX: ffffffffffffffda RBX: 00007f4343215fa0 RCX: 00007f4342f9aeb9 [ 73.977818][ T5323] RDX: 0000000000000a5d RSI: 0000200000000640 RDI: ffffffffffffff9c [ 73.977827][ T5323] RBP: 00007f4343008c1f R08: 0000000000000000 R09: 0000000000000000 [ 73.977835][ T5323] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 73.977842][ T5323] R13: 00007f4343216038 R14: 00007f4343215fa0 R15: 00007ffc2e622798 [ 73.977854][ T5323]