program: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xad}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x5}}, 0x0, 0xffffffff, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="0203060910"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000240)=@l2tp6={0xa, 0x0, 0x8000, @empty, 0x0, 0x2}, 0x80, &(0x7f0000000140)=[{&(0x7f00000002c0)="7accbe6bf063e5470321bbd77e5ec560688898a98834f662b6753586dc148560a54639a190cee3cd2a0b60ea70f1b84470c56cad186f4fda94bf16685ec4848a87649d5319e269fd3b1c1614", 0x4c}, {&(0x7f0000000340)="d9abcf92b2774c532e7f3260104389378abd97f51d1ab7821d0352a44f02ba18dcef2ad6ad7eaf7507ef4633b11e1dfd0a2e6f3aad21d17b7ab82d635f6520a5c262f05ed5accde26218eb73beee0843c0b6d969bcf7cab20113964b1d937483856869aa2721fb577151f4c1cec2d161eb3fef4ee5e37378daf518c8bc6f64c056e670295606e2cd8b34bbd5903efae54cb59ea752035a4e3d0b91312932a4dfe574750553fa534475cf4b82af74e1efc85d2f29d7ca9f65ac58614b2870e7bb20f653328d1760a55f2b6d904f8e2d4a91b3bbcfdc", 0xd5}], 0x2}}], 0x1, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x40}}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'macinuit'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8080c61) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000480)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000, 0x1}) [ 76.090417][ T5300] Bluetooth: hci0: command tx timeout [ 76.208426][ T5321] loop0: detected capacity change from 0 to 1024 [ 76.287888][ T5321] [ 76.288935][ T5321] ============================================ [ 76.291406][ T5321] WARNING: possible recursive locking detected [ 76.294072][ T5321] syzkaller #0 Not tainted [ 76.296065][ T5321] -------------------------------------------- [ 76.298812][ T5321] syz.0.0/5321 is trying to acquire lock: [ 76.301408][ T5321] ffff8880514d5548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x15d0 [ 76.306101][ T5321] [ 76.306101][ T5321] but task is already holding lock: [ 76.309256][ T5321] ffff8880514d6988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 76.314237][ T5321] [ 76.314237][ T5321] other info that might help us debug this: [ 76.317787][ T5321] Possible unsafe locking scenario: [ 76.317787][ T5321] [ 76.320949][ T5321] CPU0 [ 76.322447][ T5321] ---- [ 76.323995][ T5321] lock(&HFSPLUS_I(inode)->extents_lock); [ 76.326558][ T5321] lock(&HFSPLUS_I(inode)->extents_lock); [ 76.329270][ T5321] [ 76.329270][ T5321] *** DEADLOCK *** [ 76.329270][ T5321] [ 76.332791][ T5321] May be due to missing lock nesting notation [ 76.332791][ T5321] [ 76.336494][ T5321] 4 locks held by syz.0.0/5321: [ 76.338614][ T5321] #0: ffff888035e2a420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xb30 [ 76.342434][ T5321] #1: ffff8880514d6b78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 76.347246][ T5321] #2: ffff8880514d6988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 76.352159][ T5321] #3: ffff8880514d08f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xc40 [ 76.356664][ T5321] [ 76.356664][ T5321] stack backtrace: [ 76.359046][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.359063][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.359071][ T5321] Call Trace: [ 76.359079][ T5321] [ 76.359086][ T5321] dump_stack_lvl+0x189/0x250 [ 76.359108][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.359124][ T5321] ? __pfx__printk+0x10/0x10 [ 76.359137][ T5321] ? print_lock_name+0xde/0x100 [ 76.359148][ T5321] print_deadlock_bug+0x28b/0x2a0 [ 76.359163][ T5321] validate_chain+0x1a3f/0x2140 [ 76.359177][ T5321] ? lock_release+0x4b/0x3e0 [ 76.359188][ T5321] ? look_up_lock_class+0x74/0x170 [ 76.359253][ T5321] ? register_lock_class+0x51/0x320 [ 76.359265][ T5321] __lock_acquire+0xab9/0xd20 [ 76.359278][ T5321] ? hfsplus_get_block+0x398/0x15d0 [ 76.359291][ T5321] lock_acquire+0x120/0x360 [ 76.359302][ T5321] ? hfsplus_get_block+0x398/0x15d0 [ 76.359315][ T5321] ? stack_trace_save+0x9c/0xe0 [ 76.359330][ T5321] ? __pfx_hlock_conflict+0x10/0x10 [ 76.359344][ T5321] __mutex_lock+0x187/0x1350 [ 76.359357][ T5321] ? hfsplus_get_block+0x398/0x15d0 [ 76.359368][ T5321] ? lockdep_unlock+0x89/0x120 [ 76.359378][ T5321] ? validate_chain+0x897/0x2140 [ 76.359385][ T5321] ? hfsplus_get_block+0x398/0x15d0 [ 76.359393][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 76.359405][ T5321] hfsplus_get_block+0x398/0x15d0 [ 76.359417][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.359429][ T5321] ? do_raw_spin_unlock+0x4d/0x240 [ 76.359444][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 76.359463][ T5321] block_read_full_folio+0x29f/0x830 [ 76.359479][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.359494][ T5321] filemap_read_folio+0x117/0x380 [ 76.359513][ T5321] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 76.359525][ T5321] ? __pfx_filemap_read_folio+0x10/0x10 [ 76.359541][ T5321] ? filemap_add_folio+0x35f/0x540 [ 76.359555][ T5321] do_read_cache_folio+0x350/0x590 [ 76.359571][ T5321] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 76.359584][ T5321] read_cache_page+0x5d/0x170 [ 76.359600][ T5321] hfsplus_block_allocate+0xf3/0xc40 [ 76.359615][ T5321] hfsplus_file_extend+0xa9a/0x1ba0 [ 76.359631][ T5321] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 76.359647][ T5321] ? unwind_next_frame+0xa5/0x2390 [ 76.359660][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.359672][ T5321] ? __kasan_check_byte+0x12/0x40 [ 76.359685][ T5321] ? unwind_next_frame+0xa5/0x2390 [ 76.359727][ T5321] ? unwind_next_frame+0xa5/0x2390 [ 76.359740][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.359751][ T5321] ? __kasan_check_byte+0x12/0x40 [ 76.359767][ T5321] ? rcu_is_watching+0x15/0xb0 [ 76.359778][ T5321] ? __kasan_check_byte+0x12/0x40 [ 76.359793][ T5321] hfsplus_get_block+0x40a/0x15d0 [ 76.359808][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.359826][ T5321] ? folio_try_get+0x1c/0x340 [ 76.359845][ T5321] __block_write_begin_int+0x6b5/0x1900 [ 76.359866][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.359881][ T5321] ? __pfx___block_write_begin_int+0x10/0x10 [ 76.359897][ T5321] cont_write_begin+0x789/0xb50 [ 76.359912][ T5321] ? __pfx_cont_write_begin+0x10/0x10 [ 76.359924][ T5321] ? set_normalized_timespec64+0xf0/0x1a0 [ 76.359941][ T5321] ? __pfx_set_normalized_timespec64+0x10/0x10 [ 76.359957][ T5321] hfsplus_write_begin+0x66/0xb0 [ 76.359968][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.359982][ T5321] cont_write_begin+0x2fd/0xb50 [ 76.359995][ T5321] ? __pfx_cont_write_begin+0x10/0x10 [ 76.360005][ T5321] ? inode_set_ctime_current+0x277/0xb40 [ 76.360017][ T5321] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 76.360029][ T5321] hfsplus_write_begin+0x66/0xb0 [ 76.360039][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.360052][ T5321] generic_perform_write+0x2c5/0x900 [ 76.360066][ T5321] ? __pfx_generic_perform_write+0x10/0x10 [ 76.360074][ T5321] ? file_update_time+0x416/0x490 [ 76.360084][ T5321] ? __generic_file_write_iter+0xf9/0x230 [ 76.360093][ T5321] ? generic_file_write_iter+0x103/0x550 [ 76.360104][ T5321] generic_file_write_iter+0x117/0x550 [ 76.360115][ T5321] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.360127][ T5321] ? __pfx_aa_file_perm+0x10/0x10 [ 76.360145][ T5321] ? __lock_acquire+0xab9/0xd20 [ 76.360158][ T5321] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.360171][ T5321] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.360187][ T5321] vfs_write+0x5c9/0xb30 [ 76.360202][ T5321] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.360212][ T5321] ? __pfx_vfs_write+0x10/0x10 [ 76.360227][ T5321] ? __fget_files+0x2a/0x420 [ 76.360243][ T5321] __x64_sys_pwrite64+0x193/0x220 [ 76.360258][ T5321] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 76.360272][ T5321] ? do_syscall_64+0xbe/0xfa0 [ 76.360287][ T5321] do_syscall_64+0xfa/0xfa0 [ 76.360300][ T5321] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.360315][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.360326][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 76.360338][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.360349][ T5321] RIP: 0033:0x7f8ad958efc9 [ 76.360361][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.360370][ T5321] RSP: 002b:00007f8ada378038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 76.360382][ T5321] RAX: ffffffffffffffda RBX: 00007f8ad97e5fa0 RCX: 00007f8ad958efc9 [ 76.360391][ T5321] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000007 [ 76.360398][ T5321] RBP: 00007f8ad9611f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.360406][ T5321] R10: 0000000008080c61 R11: 0000000000000246 R12: 0000000000000000 [ 76.360419][ T5321] R13: 00007f8ad97e6038 R14: 00007f8ad97e5fa0 R15: 00007ffc7c219538 [ 76.360431][ T5321] [ 76.608395][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.611267][ T1313] ieee802154 phy1 wpan1: encryption failed: -22