program: syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./bus\x00', 0x4490, &(0x7f0000000000)=ANY=[], 0x7f, 0x28b, &(0x7f00000000c0)="$eJzs3U9rE0EYx/HfbLY12lLXtiKIp2rBk7T1Il4K0nfgxZOoTYRiqKIV1FP1LL4A774FX4BHT+JZ8CYIvoDeIvMnZjfJZpPQuNv0+4HEZHee2WeyM+5MQlkBOLXu7Pz8dPOXfRipppqk21IkqS7Fki7qUv3l/sHeQavZGFZRzUXYh5GPNH1ldvebg0JtnIsIEvsu1mJ6G6aj/kOHZeeA8rnRrzN92yO/MfYjPIzVGXDaO7050pFeaansPAAA5fLXfzfxt/8uhvl7FEnr4bKfvf5X9AI66pLhaMp5lO1Lwf7U9d99ZG1jz+95t6u73nNLOLs/6qwSJ8llXr5n1TIJFK0qXS7R2cd7reaN3aetRqR32g7musVW3XPDd92OdLZv+6teG7A2HWLyti+4NszZNmyl808VWTneIxYzX803c98k+qjGv/lf3Db2NLkzlfScKZ//Rn6NrpXzcqVyWnnBHeRyOEIwtJU19aSRNh/qzIz2pChPF7XcE+Vbt1kQtTIwaqsgarU3qtub8yOnzXww98ya/uizdlLz/8h+2usaZWTaMq5k6BlD2xO7kom7noRRd3hlYMlo0hZhDJ0O+V6PdEtLL16/efKw1Wo+n9kXdiRWII1Kveh0hikd4lmovgItLfmF/RRKOXo85in4rd4t//1/JpSge9LHDOS3mVlh513Gr/9S65UNN1mzT0l2np75jaBdVHmqxs2ctcGyez6Xv4LLMO6rh4X8Fdyoa66r16VroxzRS0Ke1bM9SZDZ0Xc94Pt/AAAAAAAAAAAAAAAAAACAk+b4/uSgrrxdZbcRAAAAAAAAAAAAAAAAAAAAAICTrnL3/70r/27g/X9n5e6jQDX8DQAA///8xHPy") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r1, 0x2007ffc) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)={0xff, 0x4, 0x5, 0xb, 0x8001}) syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./bus\x00', 0x4490, &(0x7f0000000000)=ANY=[], 0x7f, 0x28b, &(0x7f00000000c0)="$eJzs3U9rE0EYx/HfbLY12lLXtiKIp2rBk7T1Il4K0nfgxZOoTYRiqKIV1FP1LL4A774FX4BHT+JZ8CYIvoDeIvMnZjfJZpPQuNv0+4HEZHee2WeyM+5MQlkBOLXu7Pz8dPOXfRipppqk21IkqS7Fki7qUv3l/sHeQavZGFZRzUXYh5GPNH1ldvebg0JtnIsIEvsu1mJ6G6aj/kOHZeeA8rnRrzN92yO/MfYjPIzVGXDaO7050pFeaansPAAA5fLXfzfxt/8uhvl7FEnr4bKfvf5X9AI66pLhaMp5lO1Lwf7U9d99ZG1jz+95t6u73nNLOLs/6qwSJ8llXr5n1TIJFK0qXS7R2cd7reaN3aetRqR32g7musVW3XPDd92OdLZv+6teG7A2HWLyti+4NszZNmyl808VWTneIxYzX803c98k+qjGv/lf3Db2NLkzlfScKZ//Rn6NrpXzcqVyWnnBHeRyOEIwtJU19aSRNh/qzIz2pChPF7XcE+Vbt1kQtTIwaqsgarU3qtub8yOnzXww98ya/uizdlLz/8h+2usaZWTaMq5k6BlD2xO7kom7noRRd3hlYMlo0hZhDJ0O+V6PdEtLL16/efKw1Wo+n9kXdiRWII1Kveh0hikd4lmovgItLfmF/RRKOXo85in4rd4t//1/JpSge9LHDOS3mVlh513Gr/9S65UNN1mzT0l2np75jaBdVHmqxs2ctcGyez6Xv4LLMO6rh4X8Fdyoa66r16VroxzRS0Ke1bM9SZDZ0Xc94Pt/AAAAAAAAAAAAAAAAAACAk+b4/uSgrrxdZbcRAAAAAAAAAAAAAAAAAAAAAICTrnL3/70r/27g/X9n5e6jQDX8DQAA///8xHPy") (async) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async) syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) (async) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) (async) ftruncate(r1, 0x2007ffc) (async) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)={0xff, 0x4, 0x5, 0xb, 0x8001}) (async) [ 69.500485][ T5297] Bluetooth: hci0: command tx timeout [ 69.522271][ T5310] loop0: detected capacity change from 0 to 64 [ 69.635840][ T25] audit: type=1800 audit(1746477590.524:2): pid=5310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 69.648235][ T5310] [ 69.649362][ T5310] ============================================ [ 69.651936][ T5310] WARNING: possible recursive locking detected [ 69.654575][ T5310] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Not tainted [ 69.657637][ T5310] -------------------------------------------- [ 69.660277][ T5310] syz.0.0/5310 is trying to acquire lock: [ 69.662746][ T5310] ffff88803e1fa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 69.666822][ T5310] [ 69.666822][ T5310] but task is already holding lock: [ 69.669933][ T5310] ffff88803e1fa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 69.673937][ T5310] [ 69.673937][ T5310] other info that might help us debug this: [ 69.677274][ T5310] Possible unsafe locking scenario: [ 69.677274][ T5310] [ 69.680445][ T5310] CPU0 [ 69.681916][ T5310] ---- [ 69.683339][ T5310] lock(&tree->tree_lock/1); [ 69.685401][ T5310] lock(&tree->tree_lock/1); [ 69.687410][ T5310] [ 69.687410][ T5310] *** DEADLOCK *** [ 69.687410][ T5310] [ 69.690854][ T5310] May be due to missing lock nesting notation [ 69.690854][ T5310] [ 69.694313][ T5310] 5 locks held by syz.0.0/5310: [ 69.696421][ T5310] #0: ffff8880339a6420 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x42a/0x540 [ 69.700350][ T5310] #1: ffff888044739ca0 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x186/0x220 [ 69.704643][ T5310] #2: ffff888044739af8 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 69.708849][ T5310] #3: ffff88803e1fa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 69.712945][ T5310] #4: ffff8880447380f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 69.717494][ T5310] [ 69.717494][ T5310] stack backtrace: [ 69.719913][ T5310] CPU: 0 UID: 0 PID: 5310 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 69.719926][ T5310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.719933][ T5310] Call Trace: [ 69.719940][ T5310] [ 69.719946][ T5310] dump_stack_lvl+0x189/0x250 [ 69.719962][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.719975][ T5310] ? __pfx__printk+0x10/0x10 [ 69.719985][ T5310] ? print_lock_name+0xde/0x100 [ 69.720000][ T5310] print_deadlock_bug+0x28b/0x2a0 [ 69.720011][ T5310] validate_chain+0x1a3f/0x2140 [ 69.720020][ T5310] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 69.720077][ T5310] __lock_acquire+0xaac/0xd20 [ 69.720093][ T5310] ? hfs_find_init+0x165/0x1e0 [ 69.720105][ T5310] lock_acquire+0x120/0x360 [ 69.720116][ T5310] ? hfs_find_init+0x165/0x1e0 [ 69.720128][ T5310] ? notify_change+0xb33/0xe40 [ 69.720137][ T5310] ? do_ftruncate+0x489/0x540 [ 69.720148][ T5310] ? do_syscall_64+0xf6/0x210 [ 69.720161][ T5310] __mutex_lock+0x182/0xe80 [ 69.720173][ T5310] ? hfs_find_init+0x165/0x1e0 [ 69.720185][ T5310] ? hfs_find_init+0x165/0x1e0 [ 69.720198][ T5310] ? __pfx___mutex_lock+0x10/0x10 [ 69.720210][ T5310] ? rcu_is_watching+0x15/0xb0 [ 69.720225][ T5310] ? __kmalloc_noprof+0x29b/0x4f0 [ 69.720237][ T5310] ? hfs_find_init+0x8b/0x1e0 [ 69.720248][ T5310] hfs_find_init+0x165/0x1e0 [ 69.720261][ T5310] hfs_extend_file+0x2ee/0x1230 [ 69.720273][ T5310] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.720281][ T5310] ? __mutex_trylock_common+0x153/0x260 [ 69.720291][ T5310] ? __pfx___mutex_trylock_common+0x10/0x10 [ 69.720300][ T5310] ? do_syscall_64+0xf6/0x210 [ 69.720311][ T5310] ? trace_contention_end+0x39/0x120 [ 69.720321][ T5310] ? __mutex_lock+0x330/0xe80 [ 69.720331][ T5310] ? hfs_brec_find+0x18e/0x500 [ 69.720343][ T5310] hfs_bmap_reserve+0x107/0x430 [ 69.720359][ T5310] __hfs_ext_write_extent+0x1fa/0x470 [ 69.720369][ T5310] __hfs_ext_cache_extent+0x6b/0x9b0 [ 69.720378][ T5310] ? hfs_find_init+0x165/0x1e0 [ 69.720389][ T5310] hfs_extend_file+0x316/0x1230 [ 69.720399][ T5310] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.720409][ T5310] ? percpu_ref_get_many+0x19/0x140 [ 69.720421][ T5310] ? percpu_ref_get_many+0x19/0x140 [ 69.720433][ T5310] ? __memcg_slab_post_alloc_hook+0x211/0x820 [ 69.720446][ T5310] hfs_get_block+0x3d7/0xbd0 [ 69.720457][ T5310] ? __pfx_hfs_get_block+0x10/0x10 [ 69.720466][ T5310] ? do_raw_spin_unlock+0x4d/0x240 [ 69.720476][ T5310] ? _raw_spin_unlock+0x28/0x50 [ 69.720487][ T5310] __block_write_begin_int+0x6b2/0x1900 [ 69.720502][ T5310] ? folio_add_lru+0x1b3/0x3d0 [ 69.720511][ T5310] ? __pfx_hfs_get_block+0x10/0x10 [ 69.720521][ T5310] ? __pfx___block_write_begin_int+0x10/0x10 [ 69.720535][ T5310] cont_write_begin+0x789/0xb50 [ 69.720550][ T5310] ? __pfx_cont_write_begin+0x10/0x10 [ 69.720565][ T5310] ? folio_unlock+0x101/0x160 [ 69.720579][ T5310] hfs_write_begin+0x66/0xb0 [ 69.720588][ T5310] ? __pfx_hfs_get_block+0x10/0x10 [ 69.720597][ T5310] cont_write_begin+0x2fa/0xb50 [ 69.720612][ T5310] ? __pfx_cont_write_begin+0x10/0x10 [ 69.720627][ T5310] hfs_write_begin+0x66/0xb0 [ 69.720635][ T5310] ? __pfx_hfs_get_block+0x10/0x10 [ 69.720644][ T5310] hfs_file_truncate+0x190/0x9c0 [ 69.720661][ T5310] ? __up_read+0x280/0x680 [ 69.720670][ T5310] ? __pfx___up_read+0x10/0x10 [ 69.720679][ T5310] ? __pfx_hfs_file_truncate+0x10/0x10 [ 69.720689][ T5310] ? unmap_mapping_range+0xde/0x170 [ 69.720699][ T5310] ? __pfx_unmap_mapping_range+0x10/0x10 [ 69.720708][ T5310] ? pagecache_isize_extended+0x165/0x4f0 [ 69.720721][ T5310] ? truncate_setsize+0xcf/0xf0 [ 69.720732][ T5310] hfs_inode_setattr+0x4a9/0x670 [ 69.720742][ T5310] ? try_break_deleg+0x79/0x130 [ 69.720751][ T5310] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 69.720761][ T5310] notify_change+0xb33/0xe40 [ 69.720772][ T5310] do_truncate+0x19a/0x220 [ 69.720783][ T5310] ? __pfx_do_truncate+0x10/0x10 [ 69.720796][ T5310] do_ftruncate+0x489/0x540 [ 69.720806][ T5310] ? __fget_files+0x2a/0x420 [ 69.720819][ T5310] ? __pfx_do_ftruncate+0x10/0x10 [ 69.720831][ T5310] __x64_sys_ftruncate+0x92/0xf0 [ 69.720842][ T5310] do_syscall_64+0xf6/0x210 [ 69.720852][ T5310] ? clear_bhb_loop+0x45/0xa0 [ 69.720863][ T5310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.720873][ T5310] RIP: 0033:0x7f2ebb78e969 [ 69.720884][ T5310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.720891][ T5310] RSP: 002b:00007f2ebc603038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 69.720902][ T5310] RAX: ffffffffffffffda RBX: 00007f2ebb9b5fa0 RCX: 00007f2ebb78e969 [ 69.720908][ T5310] RDX: 0000000000000000 RSI: 0000000002007ffc RDI: 0000000000000005 [ 69.720913][ T5310] RBP: 00007f2ebb810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 69.720919][ T5310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.720924][ T5310] R13: 0000000000000000 R14: 00007f2ebb9b5fa0 R15: 00007ffea4cc2f48 [ 69.720933][ T5310] [ 71.530514][ T5297] Bluetooth: hci0: command tx timeout [ 73.610954][ T5297] Bluetooth: hci0: command tx timeout [ 75.690443][ T5297] Bluetooth: hci0: command tx timeout [ 76.251937][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.254796][ T1312] ieee802154 phy1 wpan1: encryption failed: -22