program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000040), 0xe) listen(r1, 0x0) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000200000a20000000000a01030000000000000000010000000900010020f373797a30000000006c000000030a01080000000000000000010000073800048008000240586e19901400080000000000000070616e30000000000000080002400000000414000480080002404d3b8c39080002400eafa9e60900010073ff7a300000c7001400000011000100"/164], 0xb4}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x800001000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) r3 = open(0x0, 0x80243, 0x1df2a23c5997fa5f) unshare(0x28000600) execveat(r3, &(0x7f0000000080)='./file0\x00', &(0x7f0000000340)={[&(0x7f00000001c0)='syz2\x00', &(0x7f0000000200)='[@\x00', &(0x7f0000000240)='syz0\x00', &(0x7f0000000280)='state\x00', &(0x7f00000002c0)='match\x00']}, &(0x7f0000000440)={[&(0x7f0000000380)='syz2\x00', &(0x7f00000003c0)=':{\\)+*\x00', &(0x7f0000000400)='\x00']}, 0x800) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYBLOB="2b86cc0866f043ae112177e8d069d03a337454fddb71ccf58cf87c0c9166ec375c1658949bd54b1b401001d954", @ANYRES16, @ANYRESHEX], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r5 = fspick(0xffffffffffffff9c, &(0x7f0000000a00)='./file2\x00', 0x0) r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x2210, 0x2}, 0x10, 0x0) landlock_restrict_self(r6, 0xb) fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0) write$cgroup_subtree(r4, 0x0, 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x12, r4, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000b00)={[{@resuid}, {@journal_checksum}, {@nobarrier}]}, 0x21, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000280)={0x3, 0xd2, 0x6, 0x8, 0x8, 0x8, 0x0, 0xf64, 0x3}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r7, &(0x7f0000000140)='2', 0x1, 0x8000c61) ioctl$EXT4_IOC_MOVE_EXT(r7, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x86c7e, 0x100000002, 0x81, 0x4}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_clone(0x2d088000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 84.570003][ T5332] loop0: detected capacity change from 0 to 64 [ 85.344324][ T5332] [ 85.345430][ T5332] ============================================ [ 85.347905][ T5332] WARNING: possible recursive locking detected [ 85.350485][ T5332] syzkaller #0 Not tainted [ 85.352382][ T5332] -------------------------------------------- [ 85.354948][ T5332] syz.0.0/5332 is trying to acquire lock: [ 85.357121][ T5332] ffff8880121160a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.360851][ T5332] [ 85.360851][ T5332] but task is already holding lock: [ 85.363579][ T5332] ffff8880121160a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.366968][ T5332] [ 85.366968][ T5332] other info that might help us debug this: [ 85.370121][ T5332] Possible unsafe locking scenario: [ 85.370121][ T5332] [ 85.373079][ T5332] CPU0 [ 85.374505][ T5332] ---- [ 85.375842][ T5332] lock(&tree->tree_lock/1); [ 85.377778][ T5332] lock(&tree->tree_lock/1); [ 85.379864][ T5332] [ 85.379864][ T5332] *** DEADLOCK *** [ 85.379864][ T5332] [ 85.383034][ T5332] May be due to missing lock nesting notation [ 85.383034][ T5332] [ 85.386421][ T5332] 5 locks held by syz.0.0/5332: [ 85.388372][ T5332] #0: ffff88801254c410 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.391966][ T5332] #1: ffff8880348f7490 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.396657][ T5332] #2: ffff8880348f72f0 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.401363][ T5332] #3: ffff8880121160a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.405230][ T5332] #4: ffff888044ddc730 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.409587][ T5332] [ 85.409587][ T5332] stack backtrace: [ 85.411965][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.411979][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.411986][ T5332] Call Trace: [ 85.411993][ T5332] [ 85.411998][ T5332] dump_stack_lvl+0xe8/0x150 [ 85.412014][ T5332] print_deadlock_bug+0x279/0x290 [ 85.412029][ T5332] __lock_acquire+0x253f/0x2cf0 [ 85.412039][ T5332] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 85.412103][ T5332] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.412116][ T5332] ? stack_depot_save_flags+0x3f3/0x810 [ 85.412169][ T5332] ? kasan_save_track+0x4f/0x80 [ 85.412181][ T5332] ? kasan_save_track+0x3e/0x80 [ 85.412193][ T5332] ? hfs_find_init+0x18e/0x300 [ 85.412207][ T5332] lock_acquire+0x106/0x350 [ 85.412217][ T5332] ? hfs_find_init+0x18e/0x300 [ 85.412232][ T5332] __mutex_lock+0x1a3/0x1550 [ 85.412243][ T5332] ? hfs_find_init+0x18e/0x300 [ 85.412258][ T5332] ? hfs_find_init+0x18e/0x300 [ 85.412271][ T5332] ? __pfx___mutex_lock+0x10/0x10 [ 85.412282][ T5332] ? rcu_is_watching+0x15/0xb0 [ 85.412296][ T5332] ? __kmalloc_noprof+0x37d/0x760 [ 85.412309][ T5332] ? hfs_find_init+0xaa/0x300 [ 85.412321][ T5332] ? __kmalloc_noprof+0x1b8/0x760 [ 85.412333][ T5332] hfs_find_init+0x18e/0x300 [ 85.412345][ T5332] hfs_extend_file+0x35c/0x15e0 [ 85.412356][ T5332] ? hfs_ext_keycmp+0x1c7/0x320 [ 85.412368][ T5332] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.412380][ T5332] ? __pfx___hfs_brec_find+0x10/0x10 [ 85.412396][ T5332] ? hfs_brec_find+0x3cc/0x510 [ 85.412410][ T5332] hfs_bmap_reserve+0x107/0x430 [ 85.412422][ T5332] __hfs_ext_write_extent+0x1fa/0x470 [ 85.412434][ T5332] __hfs_ext_cache_extent+0x6b/0x9b0 [ 85.412445][ T5332] ? hfs_find_init+0x18e/0x300 [ 85.412458][ T5332] hfs_extend_file+0x39b/0x15e0 [ 85.412469][ T5332] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 85.412484][ T5332] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.412496][ T5332] ? clean_bdev_aliases+0x62e/0x750 [ 85.412509][ T5332] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 85.412519][ T5332] hfs_get_block+0x412/0xc50 [ 85.412531][ T5332] ? __pfx_hfs_get_block+0x10/0x10 [ 85.412540][ T5332] ? do_raw_spin_unlock+0x4d/0x210 [ 85.412555][ T5332] ? _raw_spin_unlock+0x28/0x50 [ 85.412570][ T5332] __block_write_begin_int+0x6c6/0x1910 [ 85.412587][ T5332] ? __pfx_hfs_get_block+0x10/0x10 [ 85.412597][ T5332] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.412614][ T5332] cont_write_begin+0x737/0xae0 [ 85.412632][ T5332] ? __pfx_cont_write_begin+0x10/0x10 [ 85.412646][ T5332] ? folio_unlock+0x101/0x160 [ 85.412658][ T5332] hfs_write_begin+0x66/0xb0 [ 85.412668][ T5332] ? __pfx_hfs_get_block+0x10/0x10 [ 85.412680][ T5332] cont_write_begin+0x2e7/0xae0 [ 85.412696][ T5332] ? __pfx_cont_write_begin+0x10/0x10 [ 85.412711][ T5332] ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0 [ 85.412724][ T5332] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.412734][ T5332] hfs_write_begin+0x66/0xb0 [ 85.412745][ T5332] ? __pfx_hfs_get_block+0x10/0x10 [ 85.412756][ T5332] generic_perform_write+0x2e2/0x8f0 [ 85.412773][ T5332] ? __pfx_generic_perform_write+0x10/0x10 [ 85.412786][ T5332] ? file_update_time_flags+0x219/0x4a0 [ 85.412799][ T5332] ? __generic_file_write_iter+0xf9/0x230 [ 85.412812][ T5332] ? generic_file_write_iter+0x136/0x680 [ 85.412826][ T5332] generic_file_write_iter+0x14a/0x680 [ 85.412840][ T5332] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.412853][ T5332] ? __lock_acquire+0x6b5/0x2cf0 [ 85.412864][ T5332] ? __pfx_aa_file_perm+0x10/0x10 [ 85.412879][ T5332] ? __pfx_futex_wake_mark+0x10/0x10 [ 85.412896][ T5332] ? vfs_write+0x227/0xb90 [ 85.412909][ T5332] ? vfs_write+0x227/0xb90 [ 85.412924][ T5332] vfs_write+0x61d/0xb90 [ 85.412938][ T5332] ? __pfx_vfs_write+0x10/0x10 [ 85.412951][ T5332] ? __pfx_do_futex+0x10/0x10 [ 85.412961][ T5332] ? kmem_cache_free+0x182/0x650 [ 85.412977][ T5332] __x64_sys_pwrite64+0x199/0x230 [ 85.412990][ T5332] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 85.413004][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.413015][ T5332] do_syscall_64+0x174/0x580 [ 85.413025][ T5332] ? trace_irq_disable+0x3b/0x140 [ 85.413041][ T5332] ? clear_bhb_loop+0x40/0x90 [ 85.413052][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.413063][ T5332] RIP: 0033:0x7f04ae79ce59 [ 85.413073][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.413079][ T5332] RSP: 002b:00007f04aabf4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 85.413087][ T5332] RAX: ffffffffffffffda RBX: 00007f04aea15fa0 RCX: 00007f04ae79ce59 [ 85.413092][ T5332] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000007 [ 85.413096][ T5332] RBP: 00007f04ae832d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.413100][ T5332] R10: 0000000008000c61 R11: 0000000000000246 R12: 0000000000000000 [ 85.413104][ T5332] R13: 00007f04aea16038 R14: 00007f04aea15fa0 R15: 00007ffdabeae848 [ 85.413111][ T5332] [ 85.635781][ T5293] Bluetooth: hci0: command tx timeout [ 87.670906][ T5293] Bluetooth: hci0: command tx timeout [ 89.590796][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.590796][ T339] loop0: rw=1048577, sector=65, nr_sectors = 1 limit=64 [ 89.598642][ T339] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 89.602472][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.602472][ T339] loop0: rw=1048577, sector=66, nr_sectors = 1 limit=64 [ 89.608391][ T339] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 89.612164][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.612164][ T339] loop0: rw=1048577, sector=67, nr_sectors = 1 limit=64 [ 89.617557][ T339] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 89.622239][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.622239][ T339] loop0: rw=1048577, sector=68, nr_sectors = 1 limit=64 [ 89.628328][ T339] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 89.633142][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.633142][ T339] loop0: rw=1048577, sector=72, nr_sectors = 1 limit=64 [ 89.639189][ T339] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 89.643359][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.643359][ T339] loop0: rw=1048577, sector=73, nr_sectors = 1 limit=64 [ 89.649030][ T339] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 89.653068][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.653068][ T339] loop0: rw=1048577, sector=76, nr_sectors = 1 limit=64 [ 89.658818][ T339] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 89.662898][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.662898][ T339] loop0: rw=1048577, sector=77, nr_sectors = 1 limit=64 [ 89.668650][ T339] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 89.675265][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.675265][ T339] loop0: rw=1048577, sector=78, nr_sectors = 4088 limit=64 [ 89.683173][ T339] kworker/u4:6: attempt to access beyond end of device [ 89.683173][ T339] loop0: rw=1048577, sector=4166, nr_sectors = 1 limit=64 [ 89.689050][ T339] Buffer I/O error on dev loop0, logical block 4166, lost async page write [ 89.693245][ T339] Buffer I/O error on dev loop0, logical block 4167, lost async page write [ 89.753081][ T5293] Bluetooth: hci0: command tx timeout