program: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video4linux(0x0, 0x400, 0x141003) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000000)='./file2\x00', 0x3000812, &(0x7f00000001c0)=ANY=[@ANYBLOB="71756965742c636f6465706167653d63703836302c696f636861727365743d63703836312c00808fead042bd35dc78f7f06333a5e7165b8271e41aee85e59cbb6c2df3d4e5c16b06c73f2e3b348a7fba46e286378a15ee516bac8d4813c9c3d9cee1ddb95d1bbcf504e065b3749a1cbd841e685a558598cf0db10b55885946e678d0a71877037a090000000700848879ef1604cadc1faca3aa22a576750d559c4e124d4cb7293e7393b77286fa8c6dc449eda0a03d342382e84d6d3c29ab95cc923fbe25e134d1c421320a3bffaa17fcd6b5178e322cc47133b3811e3d3bc34998dc7ed029834ad591d9d56c41063d8de2d50a2398e73ff2913a9fe8e954a4e4ca99ceb5737e57193c5f47fd63b16c8b34f256dbac0e5ebd009078df2cb1ca1051ad091adbfee5126d8a59fa5438734bc3e8cc7b7edc10716a0a9b711952cdf96586e06fbace21dc04bdb4a1a2072ce5f72cf0", @ANYRESOCT, @ANYRESDEC, @ANYRES64, @ANYRES8, @ANYRESOCT=0x0], 0x11, 0x2f0, &(0x7f00000019c0)="$eJzs3c1qE18Yx/HfmaRN+m/+NX0RwWW1oBvRuhE3EcktCOJCtG2EYqioFdSNqbgS0b17b8GLcKN4A7pyIV5Auxo5Z16SSSYzaWkyDX4/oE5m5pnznMzbcwJyBOCfdbP549PVX/aPkUoqSW+vS56kqlSWdFpnqs92drd3262trAOVXIQOfBkFkWZgn82dlvt3L7naxrmIUN1+KqvWuw7j4fv+jZ996357BSWDwri7P4UnVcK7022vTjyzbHtHjOsccx7TxuxrX8+1UHQeAIBi2ff/XlD42/d8LazfPU9aC1/7J/L9f1T7RScwdn7m1p73vxtl+cae31NuU3e854ZwdrsXjRJHaXmm7/OsgkIyUWCavFGly8Wbe7Ddbl3afNTe8vRajVDPbitxCyF7heZku5oyNs0wQt9NakUZpOXN2D6sD8l/+YgtZhgYviVOiPlivpm7pq6P2orrv7JvbLYu4XrfmQryvzy8vXkXZfdS+NhoNBqeO1Bk0TVyNnmmcnpZTR+RKPpiF5X8gaCel6eLWuqLCnp3JTWgEkctp0atR5+GtLWSiLK9ia/m4VmOm3lvbptV/dFnNXvqf8/mt6bMO7N715i14EZz33jQn9n05srumPWBN0dHd2rJNfG3WBmW+kH2Mw0jiM7hO23omhaevnj5sNRut57YhfspC49r8ZqZN1LqPgUvqNNdU5HvDOwcPQMnmdjFYz2gfX7k7mzvsol0cKxXgrwTcmkNWWh+HdeF5FdOQgf/L/ABhUnqnvSiM0FBbN1lgvGfq+TDet8VCvavW5XhdXpUkKWVbK56D4/o2xo7HgFVE/FLbum/ZBmdMzaYD+uYlHFcR6ONuc5dkM6P3mI9zHM6+K9ydjBNfdc9fv8HAAAAAAAAAAAAAAAAAACYNof/HwJzh44quo8AAAAAAAAAAAAAAAAAAAAAAEy7eP5fRfP/arT5f/unYgnn/60qZ/7fjcEcBub//bAj05GY/xcYr78BAAD//xzCgK4=") r1 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2) open(&(0x7f0000000080)='./file1\x00', 0x1cf542, 0x60) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50}, 0xffd3) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r2, 0x4000000) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSGCAUSE(r10, 0x89e0, &(0x7f0000000080)) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x30, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3e}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) [ 86.221984][ T5346] loop0: detected capacity change from 0 to 64 [ 86.266994][ T47] Bluetooth: hci0: command tx timeout [ 86.368109][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.368109][ T3766] loop0: rw=1, sector=161, nr_sectors = 1 limit=64 [ 86.374083][ T3766] Buffer I/O error on dev loop0, logical block 161, lost async page write [ 86.410575][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.410575][ T3766] loop0: rw=1, sector=162, nr_sectors = 1 limit=64 [ 86.416229][ T3766] Buffer I/O error on dev loop0, logical block 162, lost async page write [ 86.438634][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.438634][ T3766] loop0: rw=1, sector=167, nr_sectors = 1 limit=64 [ 86.444220][ T3766] Buffer I/O error on dev loop0, logical block 167, lost async page write [ 86.476495][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.476495][ T3766] loop0: rw=1, sector=169, nr_sectors = 1 limit=64 [ 86.490388][ T3766] Buffer I/O error on dev loop0, logical block 169, lost async page write [ 86.504889][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.504889][ T3766] loop0: rw=1, sector=171, nr_sectors = 1 limit=64 [ 86.513930][ T3766] Buffer I/O error on dev loop0, logical block 171, lost async page write [ 86.519059][ T5347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 86.522434][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.522434][ T3766] loop0: rw=1, sector=172, nr_sectors = 1 limit=64 [ 86.536495][ T3766] Buffer I/O error on dev loop0, logical block 172, lost async page write [ 86.540012][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.540012][ T3766] loop0: rw=1, sector=173, nr_sectors = 1 limit=64 [ 86.545518][ T3766] Buffer I/O error on dev loop0, logical block 173, lost async page write [ 86.559428][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.559428][ T3766] loop0: rw=1, sector=174, nr_sectors = 1 limit=64 [ 86.564852][ T3766] Buffer I/O error on dev loop0, logical block 174, lost async page write [ 86.573207][ T5342] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 86.587034][ T5342] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 86.591193][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.591193][ T3766] loop0: rw=1, sector=175, nr_sectors = 1 limit=64 [ 86.601402][ T5347] wlan1: aborting authentication with 08:02:11:00:00:00 by local choice (Reason: 62=MESH_PATH_NOFORWARD) [ 86.606631][ T3766] Buffer I/O error on dev loop0, logical block 175, lost async page write [ 86.612600][ T3766] kworker/u4:22: attempt to access beyond end of device [ 86.612600][ T3766] loop0: rw=1, sector=176, nr_sectors = 1 limit=64 [ 86.622847][ T3766] Buffer I/O error on dev loop0, logical block 176, lost async page write [ 87.407694][ T5346] [ 87.408739][ T5346] ============================================ [ 87.411225][ T5346] WARNING: possible recursive locking detected [ 87.413764][ T5346] syzkaller #0 Not tainted [ 87.415703][ T5346] -------------------------------------------- [ 87.418078][ T5346] syz.0.0/5346 is trying to acquire lock: [ 87.420395][ T5346] ffff88804228a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 87.424627][ T5346] [ 87.424627][ T5346] but task is already holding lock: [ 87.427800][ T5346] ffff88804228a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 87.431685][ T5346] [ 87.431685][ T5346] other info that might help us debug this: [ 87.435066][ T5346] Possible unsafe locking scenario: [ 87.435066][ T5346] [ 87.438033][ T5346] CPU0 [ 87.439538][ T5346] ---- [ 87.441053][ T5346] lock(&tree->tree_lock/1); [ 87.443161][ T5346] lock(&tree->tree_lock/1); [ 87.445243][ T5346] [ 87.445243][ T5346] *** DEADLOCK *** [ 87.445243][ T5346] [ 87.448889][ T5346] May be due to missing lock nesting notation [ 87.448889][ T5346] [ 87.452448][ T5346] 5 locks held by syz.0.0/5346: [ 87.454574][ T5346] #0: ffff8880116d6420 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x446/0x560 [ 87.458440][ T5346] #1: ffff888040041620 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x171/0x220 [ 87.462681][ T5346] #2: ffff888040041478 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540 [ 87.467075][ T5346] #3: ffff88804228a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 87.471189][ T5346] #4: ffff8880400400f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540 [ 87.475823][ T5346] [ 87.475823][ T5346] stack backtrace: [ 87.478274][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.478290][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.478298][ T5346] Call Trace: [ 87.478306][ T5346] [ 87.478312][ T5346] dump_stack_lvl+0x189/0x250 [ 87.478331][ T5346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.478342][ T5346] ? __pfx__printk+0x10/0x10 [ 87.478357][ T5346] ? do_raw_spin_lock+0x121/0x290 [ 87.478372][ T5346] ? print_lock_name+0xde/0x100 [ 87.478386][ T5346] print_deadlock_bug+0x279/0x290 [ 87.478399][ T5346] __lock_acquire+0x2540/0x2cf0 [ 87.478413][ T5346] ? hfs_find_init+0x18e/0x300 [ 87.478423][ T5346] lock_acquire+0x117/0x340 [ 87.478434][ T5346] ? hfs_find_init+0x18e/0x300 [ 87.478445][ T5346] ? hfs_file_truncate+0x19c/0xb30 [ 87.478459][ T5346] ? notify_change+0xc1a/0xf40 [ 87.478474][ T5346] ? do_ftruncate+0x4a5/0x560 [ 87.478490][ T5346] __mutex_lock+0x187/0x1350 [ 87.478549][ T5346] ? hfs_find_init+0x18e/0x300 [ 87.478563][ T5346] ? hfs_find_init+0x18e/0x300 [ 87.478574][ T5346] ? __pfx___mutex_lock+0x10/0x10 [ 87.478589][ T5346] ? rcu_is_watching+0x15/0xb0 [ 87.478602][ T5346] ? trace_kmalloc+0x1f/0xb0 [ 87.478612][ T5346] ? __kmalloc_noprof+0x43e/0x800 [ 87.478621][ T5346] ? hfs_find_init+0xaa/0x300 [ 87.478627][ T5346] ? hfs_bnode_read_u8+0x85/0xd0 [ 87.478634][ T5346] hfs_find_init+0x18e/0x300 [ 87.478642][ T5346] hfs_extend_file+0x2f6/0x1540 [ 87.478652][ T5346] ? hfs_ext_keycmp+0x1c7/0x320 [ 87.478661][ T5346] ? __pfx_hfs_extend_file+0x10/0x10 [ 87.478670][ T5346] ? __pfx___hfs_brec_find+0x10/0x10 [ 87.478679][ T5346] ? hfs_brec_find+0x3d9/0x510 [ 87.478686][ T5346] hfs_bmap_reserve+0x107/0x430 [ 87.478696][ T5346] __hfs_ext_write_extent+0x1fa/0x470 [ 87.478706][ T5346] __hfs_ext_cache_extent+0x6b/0x9b0 [ 87.478715][ T5346] ? hfs_find_init+0x18e/0x300 [ 87.478722][ T5346] hfs_extend_file+0x31e/0x1540 [ 87.478734][ T5346] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 87.478749][ T5346] ? __pfx_hfs_extend_file+0x10/0x10 [ 87.478764][ T5346] ? clean_bdev_aliases+0x5c9/0x6b0 [ 87.478782][ T5346] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 87.478797][ T5346] hfs_get_block+0x3d7/0xbd0 [ 87.478813][ T5346] ? __pfx_hfs_get_block+0x10/0x10 [ 87.478827][ T5346] ? do_raw_spin_unlock+0x4d/0x240 [ 87.478841][ T5346] ? _raw_spin_unlock+0x28/0x50 [ 87.478855][ T5346] __block_write_begin_int+0x6b5/0x1900 [ 87.478869][ T5346] ? __pfx_workingset_update_node+0x10/0x10 [ 87.478882][ T5346] ? __pfx_hfs_get_block+0x10/0x10 [ 87.478897][ T5346] ? __pfx___block_write_begin_int+0x10/0x10 [ 87.478913][ T5346] cont_write_begin+0x78c/0xb50 [ 87.478930][ T5346] ? __pfx_cont_write_begin+0x10/0x10 [ 87.478946][ T5346] ? folio_unlock+0x101/0x160 [ 87.478959][ T5346] hfs_write_begin+0x66/0xb0 [ 87.478973][ T5346] ? __pfx_hfs_get_block+0x10/0x10 [ 87.478988][ T5346] cont_write_begin+0x2fd/0xb50 [ 87.479005][ T5346] ? __pfx_cont_write_begin+0x10/0x10 [ 87.479022][ T5346] hfs_write_begin+0x66/0xb0 [ 87.479042][ T5346] ? __pfx_hfs_get_block+0x10/0x10 [ 87.479056][ T5346] hfs_file_truncate+0x19c/0xb30 [ 87.479071][ T5346] ? __up_read+0x25d/0x670 [ 87.479087][ T5346] ? __pfx_hfs_file_truncate+0x10/0x10 [ 87.479101][ T5346] ? unmap_mapping_range+0xde/0x170 [ 87.479113][ T5346] ? __pfx_unmap_mapping_range+0x10/0x10 [ 87.479123][ T5346] ? setattr_prepare+0x1e7/0xac0 [ 87.479139][ T5346] ? truncate_setsize+0xcf/0xf0 [ 87.479152][ T5346] hfs_inode_setattr+0x4a9/0x670 [ 87.479167][ T5346] ? try_break_deleg+0x79/0x120 [ 87.479181][ T5346] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 87.479196][ T5346] notify_change+0xc1a/0xf40 [ 87.479212][ T5346] do_truncate+0x1a4/0x220 [ 87.479227][ T5346] ? __pfx_do_truncate+0x10/0x10 [ 87.479243][ T5346] do_ftruncate+0x4a5/0x560 [ 87.479257][ T5346] ? __fget_files+0x2a/0x420 [ 87.479269][ T5346] ? __pfx_do_ftruncate+0x10/0x10 [ 87.479286][ T5346] __x64_sys_ftruncate+0x92/0xf0 [ 87.479301][ T5346] do_syscall_64+0xfa/0xf80 [ 87.479315][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.479327][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 87.479339][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.479349][ T5346] RIP: 0033:0x7f82d3b8f7c9 [ 87.479361][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.479370][ T5346] RSP: 002b:00007f82d4a46038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 87.479381][ T5346] RAX: ffffffffffffffda RBX: 00007f82d3de5fa0 RCX: 00007f82d3b8f7c9 [ 87.479388][ T5346] RDX: 0000000000000000 RSI: 0000000004000000 RDI: 0000000000000007 [ 87.479394][ T5346] RBP: 00007f82d3c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.479400][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.479407][ T5346] R13: 00007f82d3de6038 R14: 00007f82d3de5fa0 R15: 00007fff400b5b18 [ 87.479418][ T5346] [ 88.347017][ T47] Bluetooth: hci0: command tx timeout [ 90.426751][ T47] Bluetooth: hci0: command tx timeout [ 91.873725][ T9] cfg80211: failed to load regulatory.db