program: r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000040)={0x6, [0x6, 0x4, 0xfd, 0x0, 0x7, 0x8, 0x4, 0x400, 0x1000, 0x8, 0x7f, 0x19, 0x3, 0x43, 0x8, 0x7b, 0x4, 0x5, 0x7, 0x9, 0x5400, 0x6, 0x1, 0xf, 0xffff, 0x5de, 0x4, 0x9ea8, 0x4000, 0x957d, 0x3, 0xffff, 0x5, 0x3, 0x8001, 0x7, 0x42, 0xd, 0xc, 0x2, 0x7, 0x8, 0x9, 0x3, 0x94, 0x2, 0x1007, 0x5], 0x5}) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./bus\x00', 0x400, &(0x7f0000000100)=ANY=[], 0x1, 0x69f, &(0x7f0000000580)="$eJzs3U+IHFkdB/Bvd7p7puOSnewm2SgLhg2sYjCZZEjW8bJRRAIusqyIeBySyWZIJ7tMZmUSRLP+PXjxsHdXMDcvCt4j61k9eZ2jIHjxFBVsqerqmZ5/ne5sMj3Dfj6hut6r96fe+1VVV3c1YQJ8Yl05k8bD1HLlzBurRX7twVxn7cHcrX46yVSSetLorVK7ndQ+Si6nt+TTxcaqu9pu+/lgaf6tv/1r7e+9XKNayvr17e3e333Al+o7bLxfLTmV5FC1HqI7Nbx8U39Xt/TXGt52B7X1GRYBO90PHExas7gaNvnuiY2Sx9r1egcOjlp539x+zc8kh5NMV58DenfF3j37QLs/6QEAAADAHnj+F+VX+COTHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcJL2//1+syqXeT59Krf/3/1vVtlTpA+3hpAcAAAAAAAAAAOP7xnNbNnz2UR5lNUf6+W6t/M3/lTJzrHz9VN7LnSxmOWezmoWsZCXLOZ9kpixvlq+t1YWVleXzI7S8sN4yAy0vjDiD9pNPHgAAAAAAAAAOisb4TX6UKxu//wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH5QSw71VuVyrJ+eSb2RZDpJq6h3P/lLP70v/eqPg7nuf7ulbdUe7uWYAAAAYEKef5RHWc2Rfr5bK7/znyi/90/nvdzOSpaykk4Wc618FtD71l9fezDXWXswd6tYtvf7lX+ONYyyx/SePey855NljXauZ6nccjZX8046uZZ62bJwsj+encf1fjGm2uuVEUd2rVoXM/9lmmPN6knURq45U0akGFEvIrNV2yIaR4dHYsyj099TP/bnU19/8nPsacZ8tbd67Te9dTGfn40Vk2dtayQuDJx9J9ZSGxKJ5HN/+O13bnRu35y6fufM/pnSGKYGnqBtjcTcQCReGn5OpJkqEjcOaiQGzZaROL6ev5Kv51s5k1N5M8tZyveykJUs5lS+loUcykJ1PhevM8MjdXlT7s3HjaRVHpdm9S46+phWspBXyrZHspRv5p1cy2Iulf8u5Hxeq3rM+hE+PsJVXx/vnfb05wceJv88SXu0dnugGNjR9bvT4Fk/W14HRzdt2bgOXnj696PGZ6pEsY8fDxyRydsaifMDkXhxeCR+Xb6t3Oncvrl8Y+HdEff3arUurqOf7qu7RHG+vFAcrDK3+ewoyl7cWjbdi1er+sWlV7b5jluUHS8/n2XolXoxFzNf1j6xY08XyrKXdiybK8tODpRt+rx1ufd5C4B97/AXDrfa/2j/uf1h+yftG+03pr869aWpl1tp/qn55cbsoVfrL9d+nw/zg43v/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJO7c/fezYVOZ3F5S6Lb7f5wl6JnmGgn6W9JHteqmcfXeTaJVpIy0egnxutnaqTKrY2j8/rvPs6Ym+O2Sp5KoBrVSXb33s1/d7vdPT9M2xPffm7IOb+R6Fa2FXVHaj6xxH+6T6/DIW8aM3v05gQ8U+dWbr177s7de19curXw9uLbi7fnL16cn52/eOmv564vdRZne6+THiXwLGzc9Cc9EgAAAAAAAAAAAGBUe/HfEnbZ9f/2eKoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAXXlzFSVOjtbvK49mOsUSz+9XrGsVk9S+35S+yi5nN6SmYHuarvt54Ol+bdyv59rVEtZv76pXfNJZnG/WnIqyaFqPWj6Y/R3tVo/0chKtfUZFgE73Q8cTNr/AwAA///cTQ+C") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x5, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newtaction={0x78, 0x30, 0x4, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x0, 0x60000000}}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x78}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000002c0)=[{0xa62, 0x22, 0x7, 0x1}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @broadcast}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x42, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r3, 0x800) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) lseek(r3, 0x200, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x80000, 0x0) sendfile(r3, r4, 0x0, 0xf800) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='vegas', 0x7a) sendmmsg$inet(r1, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)='\'', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000014c0)="44b896818dd13e040b09e9ff5327615afa549fe545b6e79585e067af4328bcc41f778fcecf104cf2318418907de2bda01878a558af061d15e45bfcba7610e1717120c4cd89550ca5069f6a023247437795a1028586291e3ff5ae2d9cd5d53032ac1d8e3f03fda211e4e8b45b57f046dcfde576d968f876c7f903e2fa43dca292ba5c8b339bb8d32875e723f56bf3f8c656c5c528a5b6976144b187c3d58e6bcb45d0236937b54f453e4f6db1a782473b11431baad933e77f6f394fcbec25197f80c65b92d44f127521fcbb98834bb63497275e62728c2cbdc74c00fe08a87b6b289b57110406423a213e83d1fc90e352b7ebdf6a7de4dfca1639d411be33644cafb5342e5653b5c01fce094b85f2af40d7feb1798e5cb1d29daa5def62e1aebf349a8801ab83566259fdb9b404f3d53ddb2ebdf1f25336da5560b6264253327846a1735ef6d24fcfc8dbe6ed7f05dee713c26b5912fbf3ef8fbdcea57709fd9840cd1e93c6397528fffeadc580a1758834f7266a7dd63f9b3f15185a9373beb9bef45bf0ce359f523be49540d1f6cc546e55d0997e7ac631a60bc084f1ab2d51d666a6ae1210ee05d21a2be362e2d4143f765317921bd355f58363b83a93adacd2a3a55da508c627adc43e2f812b1d639b5f210e9f57cf112cc502f9f8ee41569f3b485d95adfcd3dd078b7aababc5a604751bcebd2e703065485474410bf05de82509eea11a76173967b825ef781dc5fa072c10760136f921275805d2a7c4695fec", 0x222}], 0x1}}], 0x2, 0x0) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r5) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@fallback=r5, 0x24, 0x0, 0xd8, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) creat(&(0x7f0000000480)='./file0\x00', 0x75031020e6f51cb9) io_setup(0x202, &(0x7f0000000200)) socket$inet6_mptcp(0xa, 0x1, 0x106) [ 74.778051][ T4664] Bluetooth: hci0: command tx timeout [ 74.856116][ T5315] loop0: detected capacity change from 0 to 1024 [ 74.952854][ T25] audit: type=1804 audit(1771096498.286:2): pid=5315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/bus/bus" dev="loop0" ino=27 res=1 errno=0 [ 74.970731][ T5315] [ 74.971750][ T5315] ============================================ [ 74.974197][ T5315] WARNING: possible recursive locking detected [ 74.976563][ T5315] syzkaller #0 Not tainted [ 74.978377][ T5315] -------------------------------------------- [ 74.980817][ T5315] syz.0.0/5315 is trying to acquire lock: [ 74.983322][ T5315] ffff8880357940b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 74.987883][ T5315] [ 74.987883][ T5315] but task is already holding lock: [ 74.991029][ T5315] ffff8880357940b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 74.994997][ T5315] [ 74.994997][ T5315] other info that might help us debug this: [ 74.998275][ T5315] Possible unsafe locking scenario: [ 74.998275][ T5315] [ 75.001355][ T5315] CPU0 [ 75.002809][ T5315] ---- [ 75.004311][ T5315] lock(&tree->tree_lock/1); [ 75.006818][ T5315] lock(&tree->tree_lock/1); [ 75.008836][ T5315] [ 75.008836][ T5315] *** DEADLOCK *** [ 75.008836][ T5315] [ 75.012253][ T5315] May be due to missing lock nesting notation [ 75.012253][ T5315] [ 75.015749][ T5315] 5 locks held by syz.0.0/5315: [ 75.017873][ T5315] #0: ffff888012acc420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 75.021978][ T5315] #1: ffff88803e849df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 75.026654][ T5315] #2: ffff88803e849c08 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 75.030719][ T5315] #3: ffff8880357940b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 75.034693][ T5315] #4: ffff8880408f0e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 75.040469][ T5315] [ 75.040469][ T5315] stack backtrace: [ 75.043151][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.043167][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.043175][ T5315] Call Trace: [ 75.043185][ T5315] [ 75.043215][ T5315] dump_stack_lvl+0xe8/0x150 [ 75.043258][ T5315] print_deadlock_bug+0x279/0x290 [ 75.043316][ T5315] __lock_acquire+0x253f/0x2cf0 [ 75.043331][ T5315] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.043475][ T5315] ? stack_depot_save_flags+0x3f3/0x810 [ 75.043631][ T5315] ? kasan_save_track+0x4f/0x80 [ 75.043648][ T5315] ? kasan_save_track+0x3e/0x80 [ 75.043661][ T5315] ? __kasan_kmalloc+0x93/0xb0 [ 75.043674][ T5315] ? __kmalloc_noprof+0x35c/0x760 [ 75.043686][ T5315] ? hfsplus_find_init+0x8c/0x2d0 [ 75.043700][ T5315] ? hfsplus_file_extend+0x46d/0x1d70 [ 75.043711][ T5315] ? hfsplus_bmap_reserve+0x125/0x510 [ 75.043724][ T5315] lock_acquire+0xf0/0x2e0 [ 75.043736][ T5315] ? hfsplus_find_init+0x168/0x2d0 [ 75.043751][ T5315] __mutex_lock+0x19f/0x1300 [ 75.043762][ T5315] ? hfsplus_find_init+0x168/0x2d0 [ 75.043784][ T5315] ? hfsplus_find_init+0x168/0x2d0 [ 75.043800][ T5315] ? __pfx___mutex_lock+0x10/0x10 [ 75.043810][ T5315] ? rcu_is_watching+0x15/0xb0 [ 75.043828][ T5315] ? __kmalloc_noprof+0x37d/0x760 [ 75.043840][ T5315] ? hfsplus_find_init+0x8c/0x2d0 [ 75.043853][ T5315] ? __kmalloc_noprof+0x1b8/0x760 [ 75.043867][ T5315] hfsplus_find_init+0x168/0x2d0 [ 75.043881][ T5315] hfsplus_file_extend+0x46d/0x1d70 [ 75.043894][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.043905][ T5315] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.043922][ T5315] ? rcu_is_watching+0x15/0xb0 [ 75.043936][ T5315] ? __asan_memset+0x22/0x50 [ 75.043948][ T5315] ? hfsplus_brec_find+0x19d/0x520 [ 75.043962][ T5315] hfsplus_bmap_reserve+0x125/0x510 [ 75.043977][ T5315] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 75.043990][ T5315] __hfsplus_ext_cache_extent+0x89/0xe30 [ 75.044003][ T5315] hfsplus_file_extend+0x4af/0x1d70 [ 75.044016][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.044028][ T5315] ? clean_bdev_aliases+0x62e/0x750 [ 75.044043][ T5315] ? __lock_acquire+0x6b5/0x2cf0 [ 75.044055][ T5315] hfsplus_get_block+0x42c/0x1670 [ 75.044069][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.044078][ T5315] ? folio_try_get+0x1c/0x340 [ 75.044093][ T5315] ? filemap_get_entry+0xca/0x320 [ 75.044107][ T5315] __block_write_begin_int+0x6c6/0x1910 [ 75.044125][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.044135][ T5315] ? __pfx___block_write_begin_int+0x10/0x10 [ 75.044150][ T5315] cont_write_begin+0x737/0xae0 [ 75.044167][ T5315] ? __pfx_cont_write_begin+0x10/0x10 [ 75.044181][ T5315] ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0 [ 75.044195][ T5315] ? lockdep_hardirqs_on+0x7a/0x110 [ 75.044210][ T5315] hfsplus_write_begin+0x66/0xb0 [ 75.044219][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.044230][ T5315] generic_perform_write+0x2e2/0x8f0 [ 75.044247][ T5315] ? __pfx_generic_perform_write+0x10/0x10 [ 75.044262][ T5315] ? file_update_time_flags+0x219/0x4a0 [ 75.044277][ T5315] ? __generic_file_write_iter+0xf9/0x230 [ 75.044291][ T5315] ? generic_file_write_iter+0x136/0x680 [ 75.044301][ T5315] generic_file_write_iter+0x14a/0x680 [ 75.044311][ T5315] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.044331][ T5315] ? splice_from_pipe_next+0x61c/0x670 [ 75.044344][ T5315] ? __asan_memset+0x22/0x50 [ 75.044357][ T5315] iter_file_splice_write+0x99b/0x1100 [ 75.044372][ T5315] ? __pfx_iter_file_splice_write+0x10/0x10 [ 75.044386][ T5315] ? __pfx_iter_file_splice_write+0x10/0x10 [ 75.044405][ T5315] direct_splice_actor+0x101/0x160 [ 75.044418][ T5315] splice_direct_to_actor+0x53a/0xc70 [ 75.044433][ T5315] ? __pfx_direct_splice_actor+0x10/0x10 [ 75.044446][ T5315] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 75.044459][ T5315] do_splice_direct+0x195/0x290 [ 75.044470][ T5315] ? __pfx_do_splice_direct+0x10/0x10 [ 75.044479][ T5315] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 75.044491][ T5315] ? rw_verify_area+0x255/0x4d0 [ 75.044504][ T5315] do_sendfile+0x535/0x7d0 [ 75.044514][ T5315] ? lockdep_hardirqs_on+0x7a/0x110 [ 75.044529][ T5315] ? __pfx_do_sendfile+0x10/0x10 [ 75.044541][ T5315] ? __se_sys_futex+0x3a8/0x450 [ 75.044555][ T5315] __se_sys_sendfile64+0x144/0x1a0 [ 75.044566][ T5315] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 75.044578][ T5315] do_syscall_64+0x14d/0xf80 [ 75.044588][ T5315] ? trace_irq_disable+0x3b/0x150 [ 75.044602][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.044639][ T5315] ? clear_bhb_loop+0x40/0x90 [ 75.044653][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.044664][ T5315] RIP: 0033:0x7fac0119bf79 [ 75.044677][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.044687][ T5315] RSP: 002b:00007fac0211f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 75.044721][ T5315] RAX: ffffffffffffffda RBX: 00007fac01415fa0 RCX: 00007fac0119bf79 [ 75.044730][ T5315] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000008 [ 75.044737][ T5315] RBP: 00007fac012327e0 R08: 0000000000000000 R09: 0000000000000000 [ 75.044744][ T5315] R10: 000000000000f800 R11: 0000000000000246 R12: 0000000000000000 [ 75.044751][ T5315] R13: 00007fac01416038 R14: 00007fac01415fa0 R15: 00007ffec7146d18 [ 75.044761][ T5315] [ 76.807513][ T4664] Bluetooth: hci0: command tx timeout [ 78.887546][ T4664] Bluetooth: hci0: command tx timeout [ 80.967063][ T4664] Bluetooth: hci0: command tx timeout [ 81.529731][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.532393][ T1312] ieee802154 phy1 wpan1: encryption failed: -22