program: syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xa}, "028298544872ff3a9aca"}}, 0xd) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x20) syncfs(r0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./bus\x00', 0x2000010, &(0x7f0000000c00)=ANY=[@ANYRES8=0x0, @ANYBLOB="7cfd7523dc70ddab811dd7307b6ef0ee0dc772564c1fd9e443ffc41a4935d411ddad5b4990ef311bf9a009d24dcc96715a7953358be9051484bda51f7085a4d4f2511d4104", @ANYRES16=r0], 0x1, 0x6c9, &(0x7f0000000500)="$eJzs3c9vHGcZB/DvrNeuN1TBaRMaoSKiRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXe/6V2KvHfh8ovH7vvPOvPPss+/MeNdZbYD/W9fOp/kwRa6df+NB2V5bnWuvrc69UHe3k5T1RtLsFinuJMWjZL7sL/qW9JVDPl66+tZnj9c+77aa9ZIinT2HPOIYK/WSM0km6nLY5G4PsVKHlxeTXK/LQVO7HWtgwzJp5+oSDl1nyMpedt/yfAeOvt7dqejeN4fMJMeSTNe/B6S+OjTGF+HB2NNVDgAAAJ5Tn9497AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+VN//39RL426zJkUve//n+qtq+tH0Pyut3x4oHEAAAAAAAAAwHh8/Ume5EGO99qdovqb/9mqcTJfdJIv5f3cz2Lu5UIeZCHLWc69XEoy0zfQ1IOF5eV7l9b3LI3e8/LIPS+P6xEDAAAAAAAAwP+kX6a18fd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CopkoltUy8m6zEwazWz0ZSX5Z5Kpw453D4pRKx+OPw4AAAB4JtNPsc+Xn+RJHuR4r90pqtf8X6leL0/n/dzJcpaynHYWc6N+DV2+6m+src6111bnbpdL2R4c9/v/3lMYU/UIE1Vr1JFPV1u0cjNL1ZoLuV4FcyON7rHPJad78fTF1eejMqbie7VdRtas01oe7PdbvYuwLwbfimhss2VrI7hkPSOzdWzlnie6GSiqN2qSzZnY8dlpDrRmqlEn1490KY31d35OHkDOj9Vl+Xh+c6A536v1TDRSZeJyb/aV58z2mUi+8dc/vX2rfefdWzfvnz86D2kHE1us3zwn5voy8cpznYnmHrefrTJxar19LT/KT3I+Z/Jm7mUpP81ClrOYTt2/UM/n8ufM9pmaH2i9uVMkU/Xz0n3OdhPTmfywqi3kbLXv8SylyN3cyGJer/5dzqV8O1dyJVf7nuFTW8ZdPbbqrG9sPut7z/TfRgZ/7pt1pby6/XbjKje/3SPeanbul+61v8zrib68dmf94/WtTvSdB7N9WXqpl53JkYM/zbWx+dW6Uh7jVzvcJ8Zrps5EeQL17hK96F7uZqJZ3YuG5/kfOuV+ad/pdG4tvLfF+Cub2q/VZTmtVr+209Y9o5+K/VXOl5cyXV9JBmdH2ffy+lWmr6+zMZe7fYN33HK/U1VfUfTO1B/nbjUBhs/Uqfp3uOGRLld9r4zsm6v6Tvf1Dfy+lbtp58YY8gfA0/jH2+vVmRybav2r9Wnrk9avW7dab0z/4IXvvPDqVCb/Pvnd5uzEa41Xi7/kk/x84/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9O5/8OG7C+324r3RlcbWXQOVVjav2WnkTZWi/kKfve11dCvTSQbWVN9zNPYwWpvDGKp0fpGMPT+9LxEcvc3vykpzaEaNqswPrPnz8IAf7THCYnfnxQFWGhnvQScyegIc4kUJGIuLy7ffu3j/gw+/tXR74Z3FdxbvTF65cnX26pXX5y7eXGovznZ/HnaUwEHYuOkfdiQAAAAAAAAAAADAbo36YMDZF3f60MiuPuPhfxYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA++La+TQfpsil2QuzZXttda5dLr36xpbNJI1GUvwsKR4l8+kumekbrsgfH6Uz4jgfL11967PHa59vjNXsbp806nJr2/cmWamXnEkyUZfPYGC86888XvGf3mMoE/ZFp9OZf7b4YH/8NwAA//+lwvYM") syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, &(0x7f0000000040)=0x1, 0x0, 0x4) r1 = socket(0x2a, 0x2, 0x0) sched_rr_get_interval(0x0, &(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newtfilter={0x7c, 0x2c, 0x605, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_ACT={0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x10, 0x7ff, 0x6, 0x1, 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x7c}}, 0x20004084) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) r5 = socket(0x2a, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000004c0)='pimreg\x00', 0xfffffffffffffca4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) recvfrom$inet(r0, &(0x7f0000000d80)=""/167, 0xa7, 0x1, 0x0, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8954, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @remote}, 0x6, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 'syz_tun\x00'}) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "6bed0552d1c498016e5b1b5f2d5e6c262fafdedf0e6b75bd2a37cc221c779860"}) sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x78, 0x24, 0xc0b, 0x70bd2a, 0x2001, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xff, 0xec2, 0x5, 0x0, 0x400}, 0x10000, 0x1, 0x7ff, 0x6, 0xe, 0x14, 0x1f, 0x1b, 0x6, 0x2, {0x6, 0x1, 0xa9, 0x8, 0x7743, 0xfd1}}}}]}, 0x78}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) read$watch_queue(r0, &(0x7f0000000c80)=""/222, 0xde) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e40)=@newtfilter={0xa4, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0x8, 0xffff}}, [@filter_kind_options=@f_u32={{0x8}, {0x78, 0x2, [@TCA_U32_SEL={0x64, 0x5, {0x8, 0x7, 0x5, 0x3, 0x7, 0x0, 0x52, 0x3, [{0x2, 0x8001, 0x80000001, 0x1}, {0x3, 0x2, 0x4, 0x9}, {0x7, 0x8, 0x9b, 0x2}, {0xfffffff8, 0x1, 0x3a, 0x8}, {0x1, 0x1, 0xb, 0xad}]}}, @TCA_U32_MARK={0x10, 0xa, {0xa, 0x1}}]}}]}, 0xa4}}, 0x4000) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x74, r8, 0x2, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x73}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ad}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1d}]]}, 0x74}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000888) r9 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 85.142942][ T5339] Bluetooth: hci0: command tx timeout [ 85.244014][ T5364] loop0: detected capacity change from 0 to 1024 [ 85.297985][ T5364] [ 85.299188][ T5364] ============================================ [ 85.302000][ T5364] WARNING: possible recursive locking detected [ 85.304937][ T5364] syzkaller #0 Not tainted [ 85.306799][ T5364] -------------------------------------------- [ 85.309614][ T5364] syz.0.0/5364 is trying to acquire lock: [ 85.312571][ T5364] ffff888052cad548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.317298][ T5364] [ 85.317298][ T5364] but task is already holding lock: [ 85.320453][ T5364] ffff888052cac7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 85.325323][ T5364] [ 85.325323][ T5364] other info that might help us debug this: [ 85.329479][ T5364] Possible unsafe locking scenario: [ 85.329479][ T5364] [ 85.332659][ T5364] CPU0 [ 85.334183][ T5364] ---- [ 85.335384][ T5364] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.337863][ T5364] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.340471][ T5364] [ 85.340471][ T5364] *** DEADLOCK *** [ 85.340471][ T5364] [ 85.344734][ T5364] May be due to missing lock nesting notation [ 85.344734][ T5364] [ 85.349517][ T5364] 5 locks held by syz.0.0/5364: [ 85.351770][ T5364] #0: ffff888043ab80e0 (&type->s_umount_key#49/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 85.356067][ T5364] #1: ffff888052c97198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1278/0x1b50 [ 85.360343][ T5364] #2: ffff88803f65c0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 85.364433][ T5364] #3: ffff888052cac7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 85.369790][ T5364] #4: ffff888052c970f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 85.375839][ T5364] [ 85.375839][ T5364] stack backtrace: [ 85.378805][ T5364] CPU: 0 UID: 0 PID: 5364 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.378827][ T5364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.378837][ T5364] Call Trace: [ 85.378845][ T5364] [ 85.378853][ T5364] dump_stack_lvl+0x189/0x250 [ 85.378877][ T5364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.378890][ T5364] ? __pfx__printk+0x10/0x10 [ 85.378906][ T5364] ? print_lock_name+0xde/0x100 [ 85.378921][ T5364] print_deadlock_bug+0x28b/0x2a0 [ 85.378936][ T5364] validate_chain+0x1a3f/0x2140 [ 85.378948][ T5364] ? lock_release+0x4b/0x3e0 [ 85.378964][ T5364] ? look_up_lock_class+0x74/0x170 [ 85.379020][ T5364] ? register_lock_class+0x51/0x320 [ 85.379041][ T5364] __lock_acquire+0xab9/0xd20 [ 85.379061][ T5364] ? hfsplus_get_block+0x39e/0x1530 [ 85.379076][ T5364] lock_acquire+0x120/0x360 [ 85.379091][ T5364] ? hfsplus_get_block+0x39e/0x1530 [ 85.379102][ T5364] ? stack_trace_save+0x9c/0xe0 [ 85.379121][ T5364] ? __pfx_hlock_conflict+0x10/0x10 [ 85.379134][ T5364] __mutex_lock+0x187/0x1350 [ 85.379146][ T5364] ? hfsplus_get_block+0x39e/0x1530 [ 85.379160][ T5364] ? lockdep_unlock+0x89/0x120 [ 85.379176][ T5364] ? validate_chain+0x897/0x2140 [ 85.379188][ T5364] ? hfsplus_get_block+0x39e/0x1530 [ 85.379202][ T5364] ? __pfx___mutex_lock+0x10/0x10 [ 85.379216][ T5364] ? __lock_acquire+0xab9/0xd20 [ 85.379235][ T5364] hfsplus_get_block+0x39e/0x1530 [ 85.379251][ T5364] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.379262][ T5364] ? do_raw_spin_unlock+0x4d/0x240 [ 85.379276][ T5364] ? _raw_spin_unlock+0x28/0x50 [ 85.379292][ T5364] block_read_full_folio+0x29f/0x830 [ 85.379306][ T5364] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.379317][ T5364] filemap_read_folio+0x117/0x380 [ 85.379335][ T5364] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.379345][ T5364] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.379362][ T5364] ? filemap_add_folio+0x1af/0x270 [ 85.379376][ T5364] do_read_cache_folio+0x350/0x590 [ 85.379386][ T5364] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.379398][ T5364] read_cache_page+0x5d/0x170 [ 85.379408][ T5364] hfsplus_block_allocate+0xe4/0x9b0 [ 85.379433][ T5364] hfsplus_file_extend+0xae3/0x1990 [ 85.379451][ T5364] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.379464][ T5364] ? hfsplus_find_init+0x15a/0x1d0 [ 85.379481][ T5364] ? __pfx___mutex_lock+0x10/0x10 [ 85.379495][ T5364] hfsplus_bmap_reserve+0x122/0x500 [ 85.379511][ T5364] hfsplus_create_cat+0x183/0x1000 [ 85.379526][ T5364] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 85.379538][ T5364] ? do_raw_spin_unlock+0x4d/0x240 [ 85.379564][ T5364] ? do_raw_spin_unlock+0x4d/0x240 [ 85.379577][ T5364] ? _raw_spin_unlock+0x28/0x50 [ 85.379591][ T5364] ? hfsplus_new_inode+0x643/0x820 [ 85.379603][ T5364] hfsplus_fill_super+0x12f5/0x1b50 [ 85.379618][ T5364] ? __lock_acquire+0xab9/0xd20 [ 85.379636][ T5364] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.379651][ T5364] ? string+0x279/0x2b0 [ 85.379676][ T5364] ? snprintf+0xda/0x120 [ 85.379694][ T5364] ? sb_set_blocksize+0x104/0x180 [ 85.379710][ T5364] ? setup_bdev_super+0x4c1/0x5b0 [ 85.379724][ T5364] get_tree_bdev_flags+0x40e/0x4d0 [ 85.379737][ T5364] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.379754][ T5364] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 85.379769][ T5364] vfs_get_tree+0x92/0x2b0 [ 85.379782][ T5364] do_new_mount+0x2a2/0x9e0 [ 85.379797][ T5364] ? ns_capable+0x8a/0xf0 [ 85.379809][ T5364] ? __pfx_do_new_mount+0x10/0x10 [ 85.379821][ T5364] ? path_mount+0x61c/0xfe0 [ 85.379835][ T5364] ? user_path_at+0x44/0x60 [ 85.379846][ T5364] __se_sys_mount+0x317/0x410 [ 85.379863][ T5364] ? __pfx___se_sys_mount+0x10/0x10 [ 85.379882][ T5364] ? do_syscall_64+0xbe/0x3b0 [ 85.379892][ T5364] ? __x64_sys_mount+0x20/0xc0 [ 85.379907][ T5364] do_syscall_64+0xfa/0x3b0 [ 85.379918][ T5364] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.379927][ T5364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.379938][ T5364] ? clear_bhb_loop+0x60/0xb0 [ 85.379949][ T5364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.379962][ T5364] RIP: 0033:0x7fb77c9903ca [ 85.379975][ T5364] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.379985][ T5364] RSP: 002b:00007fb77d76ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.379999][ T5364] RAX: ffffffffffffffda RBX: 00007fb77d76eef0 RCX: 00007fb77c9903ca [ 85.380008][ T5364] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007fb77d76eeb0 [ 85.380017][ T5364] RBP: 0000200000000100 R08: 00007fb77d76eef0 R09: 0000000002000010 [ 85.380025][ T5364] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900 [ 85.380033][ T5364] R13: 00007fb77d76eeb0 R14: 00000000000006c9 R15: 0000200000000c00 [ 85.380045][ T5364] [ 85.649526][ T5364] Zero length message leads to an empty skb