program: syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./bus\x00', 0x4490, &(0x7f0000000000)=ANY=[], 0xff, 0x28b, &(0x7f00000000c0)="$eJzs3U9rE0EYx/HfbLY12lLXtiKIp2rBk7T1Il4K0nfgxZOoTYRiqKIV1FP1LL4A774FX4BHT+JZ8CYIvoDeIvMnZjfJZpPQuNv0+4HEZHee2WeyM+5MQlkBOLXu7Pz8dPOXfRipppqk21IkqS7Fki7qUv3l/sHeQavZGFZRzUXYh5GPNH1ldvebg0JtnIsIEvsu1mJ6G6aj/kOHZeeA8rnRrzN92yO/MfYjPIzVGXDaO7050pFeaansPAAA5fLXfzfxt/8uhvl7FEnr4bKfvf5X9AI66pLhaMp5lO1Lwf7U9d99ZG1jz+95t6u73nNLOLs/6qwSJ8llXr5n1TIJFK0qXS7R2cd7reaN3aetRqR32g7musVW3XPDd92OdLZv+6teG7A2HWLyti+4NszZNmyl808VWTneIxYzX803c98k+qjGv/lf3Db2NLkzlfScKZ//Rn6NrpXzcqVyWnnBHeRyOEIwtJU19aSRNh/qzIz2pChPF7XcE+Vbt1kQtTIwaqsgarU3qtub8yOnzXww98ya/uizdlLz/8h+2usaZWTaMq5k6BlD2xO7kom7noRRd3hlYMlo0hZhDJ0O+V6PdEtLL16/efKw1Wo+n9kXdiRWII1Kveh0hikd4lmovgItLfmF/RRKOXo85in4rd4t//1/JpSge9LHDOS3mVlh513Gr/9S65UNN1mzT0l2np75jaBdVHmqxs2ctcGyez6Xv4LLMO6rh4X8Fdyoa66r16VroxzRS0Ke1bM9SZDZ0Xc94Pt/AAAAAAAAAAAAAAAAAACAk+b4/uSgrrxdZbcRAAAAAAAAAAAAAAAAAAAAAICTrnL3/70r/27g/X9n5e6jQDX8DQAA///8xHPy") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0xff7c, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x8f) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x1, 0x0, @val=@perf_event}, 0x40) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_udp(0xa, 0x2, 0x0) dup2(r3, r2) connect$inet6(r2, &(0x7f0000002f80)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) r4 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83) fchown(r4, 0xffffffffffffffff, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x442080, 0x0) renameat2(r4, &(0x7f0000000000)='./file1\x00', r5, &(0x7f0000000380)='./file1\x00', 0x4) sendmsg$inet(r3, &(0x7f00000024c0)={0x0, 0x0, 0x0}, 0x24040000) r6 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r6, 0x2007ffc) [ 75.749415][ T5304] Bluetooth: hci0: command tx timeout [ 75.774455][ T5318] loop0: detected capacity change from 0 to 64 [ 75.853669][ T25] audit: type=1800 audit(1746677573.292:2): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 75.870062][ T5318] [ 75.871126][ T5318] ============================================ [ 75.873762][ T5318] WARNING: possible recursive locking detected [ 75.876364][ T5318] 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 Not tainted [ 75.879301][ T5318] -------------------------------------------- [ 75.881774][ T5318] syz.0.0/5318 is trying to acquire lock: [ 75.884033][ T5318] ffff888034f4a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 75.887937][ T5318] [ 75.887937][ T5318] but task is already holding lock: [ 75.890946][ T5318] ffff888034f4a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 75.894717][ T5318] [ 75.894717][ T5318] other info that might help us debug this: [ 75.898072][ T5318] Possible unsafe locking scenario: [ 75.898072][ T5318] [ 75.901186][ T5318] CPU0 [ 75.902570][ T5318] ---- [ 75.903989][ T5318] lock(&tree->tree_lock/1); [ 75.905955][ T5318] lock(&tree->tree_lock/1); [ 75.907953][ T5318] [ 75.907953][ T5318] *** DEADLOCK *** [ 75.907953][ T5318] [ 75.911354][ T5318] May be due to missing lock nesting notation [ 75.911354][ T5318] [ 75.914771][ T5318] 5 locks held by syz.0.0/5318: [ 75.916836][ T5318] #0: ffff88803f40a420 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x42a/0x540 [ 75.920680][ T5318] #1: ffff888052a59ca0 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x186/0x220 [ 75.924867][ T5318] #2: ffff888052a59af8 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 75.929198][ T5318] #3: ffff888034f4a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 75.933397][ T5318] #4: ffff888052a580f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 75.937967][ T5318] [ 75.937967][ T5318] stack backtrace: [ 75.940578][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 75.940593][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.940600][ T5318] Call Trace: [ 75.940608][ T5318] [ 75.940615][ T5318] dump_stack_lvl+0x189/0x250 [ 75.940637][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.940652][ T5318] ? __pfx__printk+0x10/0x10 [ 75.940666][ T5318] ? print_lock_name+0xde/0x100 [ 75.940682][ T5318] print_deadlock_bug+0x28b/0x2a0 [ 75.940693][ T5318] validate_chain+0x1a3f/0x2140 [ 75.940702][ T5318] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.940769][ T5318] __lock_acquire+0xaac/0xd20 [ 75.940786][ T5318] ? hfs_find_init+0x165/0x1e0 [ 75.940799][ T5318] lock_acquire+0x120/0x360 [ 75.940812][ T5318] ? hfs_find_init+0x165/0x1e0 [ 75.940824][ T5318] ? notify_change+0xb33/0xe40 [ 75.940834][ T5318] ? do_ftruncate+0x489/0x540 [ 75.940844][ T5318] ? do_syscall_64+0xf6/0x210 [ 75.940869][ T5318] __mutex_lock+0x182/0xe80 [ 75.940883][ T5318] ? hfs_find_init+0x165/0x1e0 [ 75.940897][ T5318] ? hfs_find_init+0x165/0x1e0 [ 75.940909][ T5318] ? __pfx___mutex_lock+0x10/0x10 [ 75.940922][ T5318] ? rcu_is_watching+0x15/0xb0 [ 75.940937][ T5318] ? __kmalloc_noprof+0x29b/0x4f0 [ 75.940949][ T5318] ? hfs_find_init+0x8b/0x1e0 [ 75.940961][ T5318] hfs_find_init+0x165/0x1e0 [ 75.940973][ T5318] hfs_extend_file+0x2ee/0x1230 [ 75.940985][ T5318] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.940993][ T5318] ? __mutex_trylock_common+0x153/0x260 [ 75.941004][ T5318] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.941013][ T5318] ? do_syscall_64+0xf6/0x210 [ 75.941027][ T5318] ? trace_contention_end+0x39/0x120 [ 75.941038][ T5318] ? __mutex_lock+0x330/0xe80 [ 75.941048][ T5318] ? hfs_brec_find+0x18e/0x500 [ 75.941062][ T5318] hfs_bmap_reserve+0x107/0x430 [ 75.941077][ T5318] __hfs_ext_write_extent+0x1fa/0x470 [ 75.941088][ T5318] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.941098][ T5318] ? hfs_find_init+0x165/0x1e0 [ 75.941110][ T5318] hfs_extend_file+0x316/0x1230 [ 75.941122][ T5318] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.941132][ T5318] ? percpu_ref_get_many+0x19/0x140 [ 75.941143][ T5318] ? percpu_ref_get_many+0x19/0x140 [ 75.941152][ T5318] ? __memcg_slab_post_alloc_hook+0x211/0x820 [ 75.941160][ T5318] hfs_get_block+0x3d7/0xbd0 [ 75.941167][ T5318] ? __pfx_hfs_get_block+0x10/0x10 [ 75.941173][ T5318] ? do_raw_spin_unlock+0x4d/0x240 [ 75.941180][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 75.941186][ T5318] __block_write_begin_int+0x6b2/0x1900 [ 75.941197][ T5318] ? folio_add_lru+0x1b3/0x3d0 [ 75.941203][ T5318] ? __pfx_hfs_get_block+0x10/0x10 [ 75.941209][ T5318] ? __pfx___block_write_begin_int+0x10/0x10 [ 75.941218][ T5318] cont_write_begin+0x789/0xb50 [ 75.941230][ T5318] ? __pfx_cont_write_begin+0x10/0x10 [ 75.941243][ T5318] ? folio_unlock+0x101/0x160 [ 75.941255][ T5318] hfs_write_begin+0x66/0xb0 [ 75.941264][ T5318] ? __pfx_hfs_get_block+0x10/0x10 [ 75.941273][ T5318] cont_write_begin+0x2fa/0xb50 [ 75.941288][ T5318] ? __pfx_cont_write_begin+0x10/0x10 [ 75.941301][ T5318] hfs_write_begin+0x66/0xb0 [ 75.941310][ T5318] ? __pfx_hfs_get_block+0x10/0x10 [ 75.941319][ T5318] hfs_file_truncate+0x190/0x9c0 [ 75.941330][ T5318] ? __up_read+0x280/0x680 [ 75.941340][ T5318] ? __pfx___up_read+0x10/0x10 [ 75.941350][ T5318] ? __pfx_hfs_file_truncate+0x10/0x10 [ 75.941359][ T5318] ? unmap_mapping_range+0xde/0x170 [ 75.941369][ T5318] ? __pfx_unmap_mapping_range+0x10/0x10 [ 75.941378][ T5318] ? pagecache_isize_extended+0x165/0x4f0 [ 75.941392][ T5318] ? truncate_setsize+0xcf/0xf0 [ 75.941404][ T5318] hfs_inode_setattr+0x4a9/0x670 [ 75.941415][ T5318] ? try_break_deleg+0x79/0x130 [ 75.941425][ T5318] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 75.941432][ T5318] notify_change+0xb33/0xe40 [ 75.941439][ T5318] do_truncate+0x19a/0x220 [ 75.941447][ T5318] ? __pfx_do_truncate+0x10/0x10 [ 75.941455][ T5318] do_ftruncate+0x489/0x540 [ 75.941462][ T5318] ? __fget_files+0x2a/0x420 [ 75.941469][ T5318] ? __pfx_do_ftruncate+0x10/0x10 [ 75.941477][ T5318] __x64_sys_ftruncate+0x92/0xf0 [ 75.941487][ T5318] do_syscall_64+0xf6/0x210 [ 75.941497][ T5318] ? clear_bhb_loop+0x45/0xa0 [ 75.941509][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.941519][ T5318] RIP: 0033:0x7ff7b958e969 [ 75.941530][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.941540][ T5318] RSP: 002b:00007ff7ba3d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 75.941553][ T5318] RAX: ffffffffffffffda RBX: 00007ff7b97b5fa0 RCX: 00007ff7b958e969 [ 75.941561][ T5318] RDX: 0000000000000000 RSI: 0000000002007ffc RDI: 0000000000000008 [ 75.941567][ T5318] RBP: 00007ff7b9610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 75.941573][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.941579][ T5318] R13: 0000000000000000 R14: 00007ff7b97b5fa0 R15: 00007ffedd2ed218 [ 75.941587][ T5318] [ 76.340820][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.343544][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.779511][ T5304] Bluetooth: hci0: command tx timeout [ 79.859491][ T5304] Bluetooth: hci0: command tx timeout [ 81.939328][ T5304] Bluetooth: hci0: command tx timeout