program: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@remote, 0x0, 0x1, 0x4e21, 0xfffe, 0xa}, {0x0, 0x4}, {}, 0x0, 0xfffffffc, 0x0, 0x0, 0x2}, [@tmpl={0xc4, 0x5, [{{@in=@multicast1, 0x0, 0x3c}, 0x0, @in=@multicast1, 0x0, 0x0, 0x3, 0x0, 0x804, 0x0, 0x1}, {{@in6=@mcast2, 0x4, 0x3c}, 0x0, @in6=@private0={0xfc, 0x0, '\x00', 0x1}}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@local, 0x3502, 0x5}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000025c0), 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x70000}]) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_procfs$userns(0x0, &(0x7f0000000040)) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000080)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbf8, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000006}, 0x800) syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000140)={[{@minixdf}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nodelalloc}, {@commit={'commit', 0x3d, 0x401}}, {@abort}]}, 0x23, 0x44d, &(0x7f0000000980)="$eJzs28tvG0UYAPBv7SR9k1CVRx9AoCDKK2nSUnpAQiCQOICEBIdyDElalboNaoJEq4oWhMoRVeLEBXFE4i/gBBcEnJC4wh1VqlAvLZyM1t5NbMd2HnXsUP9+0jozu2PPfN6d9exONoC+NZq+JBE7I+KPiBiuZusLjFb/3L55afqfm5emkyiX3/47qZS7dfPSdF40f9+OPDMQUfgsif1N6p2/cPHMVKk0ez7Ljy+c/WB8/sLF506fnTo1e2r23OTx40ePTLxwbPL5jsSZxnVr38dzB/a+/u61N6dPXHvvl++SPP6GODpktN3GJ8rlDlfXW7tq0slADxvCmhSr3TQGK/1/OIqxtPOG47VPe9o4YEOVy+Xy/a03XykDd7Gkcg4ovxS9bgjQZfkPfXr9my9dGnpsCjderl4ApXHfzpbqloEoZGUGG65vO2k0Ik5c+ffrdImNuQ8BAFDnh3T882yz8V8hau8L3ZPNoYxExL0RsTsijkXEnoi4L6JS9oGIeHCN9TdOkiwf/xSuryuwVUrHfy9mc1v147989BcjxSy3qxL/YHLydGn2cPadHIrBLWl+ok0dP776+xetttWO/9IlrT8fC2btuD6wpf49M1MLU3cSc60bn0TsG2gWf7I4E5BExN6I2LfOOk4//e2BVttWjr+NDswzlb+JeLK6/69EQ/y5pP385PjWKM0eHs+PiuV+/e3qW63qv6P4OyDd/9ubHv+L8Y8ktfO182v59K+eSl+v/vl5y2ua9R7/Q8k7des+mlpYOD8RMZS8UW107frJhnKTS+XT+A8dbN7/d8fSN7E/ItKD+KGIeDgiHsna/mhEPBYRB9t8Cz+/8vj7649/Y6Xxz6xp/y8lhqJxTfNE8cxP39dVOrL04avb/0crqUPZmtWc/1bTrrUezQAAAPB/VYiInZEUxhbThcLYWPV/+PfE9kJpbn7hmZNzH56bqT4jMBKDhfxO13DN/dCJ7J5Lnp9syB/J7ht/WdxWyY9Nz5Vmeh089LkdLfp/6q9ir1sHbDjPa0H/0v+hf+n/0L/0f+hfTfr/tl60A+i+Zr//l1d+29aNaAvQXQ3937Qf9BHX/9C/1tP/nTPg7tC2Lw91rx1AV81vi5UfkpeQWJaIwqZoxiZKXN4czehQotdnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//8cB+YG") r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FITRIM(r7, 0xc0185879, &(0x7f0000000100)={0x0, 0x8e45}) inotify_init1(0x0) syz_80211_inject_frame(0x0, &(0x7f00000000c0)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x54e}}, 0x0, @default, 0x1, @void, @val, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @void}, 0x29) r8 = creat(&(0x7f0000000240)='./file1\x00', 0xd) write$P9_RUNLINKAT(r8, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0xfff2) r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r9, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ff4000/0x3000)=nil, &(0x7f0000003000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff4000/0x9000)=nil, &(0x7f0000004000/0x2000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000003000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, 0x0}, 0x68) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@updpolicy={0x108, 0x19, 0xfd3649826d894c67, 0x70bd28, 0x0, {{@in6=@mcast1, @in=@multicast1, 0xfffe, 0x0, 0xfffd, 0x0, 0xa}}, [@tmpl={0x44, 0x5, [{{@in=@multicast1, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x2}]}, @policy_type={0xa, 0x10, {0x1}}]}, 0x108}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv6={0x86dd, @generic={0xa, 0x6, "7abd6a", 0x0, 0x67, 0x1, @private0, @mcast2}}}}, 0x0) [ 83.592636][ T5302] Bluetooth: hci0: command tx timeout [ 83.744224][ T5328] loop0: detected capacity change from 0 to 1024 [ 83.862557][ T5328] [ 83.863845][ T5328] ============================================ [ 83.867447][ T5328] WARNING: possible recursive locking detected [ 83.870834][ T5328] syzkaller #0 Not tainted [ 83.872648][ T5328] -------------------------------------------- [ 83.875163][ T5328] syz.0.0/5328 is trying to acquire lock: [ 83.877497][ T5328] ffff88801edcce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 83.882412][ T5328] [ 83.882412][ T5328] but task is already holding lock: [ 83.886777][ T5328] ffff88801ed2dc08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 83.891911][ T5328] [ 83.891911][ T5328] other info that might help us debug this: [ 83.895589][ T5328] Possible unsafe locking scenario: [ 83.895589][ T5328] [ 83.898951][ T5328] CPU0 [ 83.900414][ T5328] ---- [ 83.901864][ T5328] lock(&HFSPLUS_I(inode)->extents_lock); [ 83.904577][ T5328] lock(&HFSPLUS_I(inode)->extents_lock); [ 83.907334][ T5328] [ 83.907334][ T5328] *** DEADLOCK *** [ 83.907334][ T5328] [ 83.911290][ T5328] May be due to missing lock nesting notation [ 83.911290][ T5328] [ 83.914913][ T5328] 4 locks held by syz.0.0/5328: [ 83.917334][ T5328] #0: ffff88801f3d2420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 83.922330][ T5328] #1: ffff88801ed2ddf8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 83.927071][ T5328] #2: ffff88801ed2dc08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 83.933148][ T5328] #3: ffff88801f5280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 83.938012][ T5328] [ 83.938012][ T5328] stack backtrace: [ 83.940315][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 83.940337][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 83.940346][ T5328] Call Trace: [ 83.940352][ T5328] [ 83.940358][ T5328] dump_stack_lvl+0xe8/0x150 [ 83.940375][ T5328] print_deadlock_bug+0x279/0x290 [ 83.940392][ T5328] __lock_acquire+0x253f/0x2cf0 [ 83.940405][ T5328] ? unwind_next_frame+0xa5/0x23c0 [ 83.940425][ T5328] lock_acquire+0xf0/0x2e0 [ 83.940437][ T5328] ? hfsplus_file_extend+0x215/0x1d70 [ 83.940458][ T5328] __mutex_lock+0x19f/0x1300 [ 83.940523][ T5328] ? hfsplus_file_extend+0x215/0x1d70 [ 83.940543][ T5328] ? is_bpf_text_address+0x26/0x2b0 [ 83.940559][ T5328] ? kernel_text_address+0xa5/0xe0 [ 83.940571][ T5328] ? __kernel_text_address+0xd/0x30 [ 83.940582][ T5328] ? unwind_get_return_address+0x4d/0x90 [ 83.940600][ T5328] ? hfsplus_file_extend+0x215/0x1d70 [ 83.940617][ T5328] ? __pfx___mutex_lock+0x10/0x10 [ 83.940629][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 83.940642][ T5328] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 83.940659][ T5328] hfsplus_file_extend+0x215/0x1d70 [ 83.940678][ T5328] ? kasan_save_track+0x3e/0x80 [ 83.940695][ T5328] ? __kmalloc_noprof+0x35c/0x760 [ 83.940714][ T5328] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 83.940731][ T5328] ? __pfx___mutex_trylock_common+0x10/0x10 [ 83.940750][ T5328] ? rcu_is_watching+0x15/0xb0 [ 83.940764][ T5328] ? trace_contention_end+0x3d/0x150 [ 83.940781][ T5328] ? __asan_memset+0x22/0x50 [ 83.940796][ T5328] ? hfsplus_brec_find+0x19d/0x520 [ 83.940811][ T5328] hfsplus_bmap_reserve+0x125/0x510 [ 83.940827][ T5328] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 83.940838][ T5328] __hfsplus_ext_cache_extent+0x89/0xe30 [ 83.940855][ T5328] hfsplus_file_extend+0x4af/0x1d70 [ 83.940891][ T5328] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 83.940912][ T5328] ? clean_bdev_aliases+0x62e/0x750 [ 83.940925][ T5328] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 83.940934][ T5328] hfsplus_get_block+0x42c/0x1670 [ 83.940949][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 83.940963][ T5328] ? do_raw_spin_unlock+0x4d/0x210 [ 83.940974][ T5328] ? _raw_spin_unlock+0x28/0x50 [ 83.940990][ T5328] __block_write_begin_int+0x6c6/0x1910 [ 83.941005][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 83.941021][ T5328] ? __pfx___block_write_begin_int+0x10/0x10 [ 83.941034][ T5328] cont_write_begin+0x737/0xae0 [ 83.941046][ T5328] ? irqentry_exit+0x59e/0x620 [ 83.941058][ T5328] ? __pfx_cont_write_begin+0x10/0x10 [ 83.941071][ T5328] hfsplus_write_begin+0x66/0xb0 [ 83.941085][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 83.941101][ T5328] generic_perform_write+0x2e2/0x8f0 [ 83.941117][ T5328] ? __pfx_generic_perform_write+0x10/0x10 [ 83.941129][ T5328] ? file_update_time_flags+0x219/0x4a0 [ 83.941145][ T5328] ? __generic_file_write_iter+0xf9/0x230 [ 83.941154][ T5328] ? generic_file_write_iter+0x136/0x680 [ 83.941165][ T5328] generic_file_write_iter+0x14a/0x680 [ 83.941176][ T5328] ? __pfx_generic_file_write_iter+0x10/0x10 [ 83.941188][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 83.941211][ T5328] vfs_write+0x61d/0xb90 [ 83.941231][ T5328] ? __pfx_vfs_write+0x10/0x10 [ 83.941244][ T5328] ? __pfx_do_futex+0x10/0x10 [ 83.941253][ T5328] ? kmem_cache_free+0x187/0x630 [ 83.941260][ T5328] ? do_sys_openat2+0x14c/0x200 [ 83.941271][ T5328] ksys_write+0x150/0x270 [ 83.941282][ T5328] ? __pfx_ksys_write+0x10/0x10 [ 83.941293][ T5328] do_syscall_64+0x14d/0xf80 [ 83.941302][ T5328] ? trace_irq_disable+0x3b/0x150 [ 83.941319][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.941331][ T5328] ? clear_bhb_loop+0x40/0x90 [ 83.941344][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.941355][ T5328] RIP: 0033:0x7ff09fb9c799 [ 83.941369][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 83.941380][ T5328] RSP: 002b:00007ff0a09dafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 83.941395][ T5328] RAX: ffffffffffffffda RBX: 00007ff09fe15fa0 RCX: 00007ff09fb9c799 [ 83.941405][ T5328] RDX: 000000000000fff2 RSI: 00002000000000c0 RDI: 000000000000000c [ 83.941413][ T5328] RBP: 00007ff09fc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 83.941421][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.941428][ T5328] R13: 00007ff09fe16038 R14: 00007ff09fe15fa0 R15: 00007ffdb14ac968 [ 83.941441][ T5328] [ 84.178401][ T25] audit: type=1800 audit(1773454843.983:2): pid=5329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 84.192395][ T5329] Zero length message leads to an empty skb [ 84.195205][ T25] audit: type=1800 audit(1773454844.003:3): pid=5329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 84.719348][ T5328] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium