program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_IBSS(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x8000) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0) close(r4) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) r8 = socket$kcm(0x11, 0x3, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r11 = socket$unix(0x1, 0x1, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0xd8, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@TCA_STAB={0xb4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x17, 0x4, 0x6, 0xa, 0x2, 0x8, 0xaf8, 0x5}}, {0xe, 0x2, [0x7, 0x200, 0x8, 0x8800, 0x0]}}, {{0x1c, 0x1, {0x7, 0x0, 0xd6d, 0x9, 0x1, 0x1ff, 0x8, 0x3}}, {0xa, 0x2, [0xa, 0x1, 0x3ff]}}, {{0x1c, 0x1, {0xb, 0xb3, 0x1, 0x2, 0x0, 0x9543, 0x5, 0x5}}, {0xe, 0x2, [0x7, 0xfff9, 0x81, 0x7, 0x2]}}, {{0x1c, 0x1, {0x81, 0x9, 0x5, 0x7f, 0x1, 0x7, 0x2, 0x8}}, {0x14, 0x2, [0x7, 0x6, 0x9, 0x7, 0x880, 0x8, 0x9, 0x0]}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0x9, 0x8, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bind$alg(r6, &(0x7f0000000880)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l-generic\x00'}, 0x58) sendmsg$kcm(r8, &(0x7f0000000140)={&(0x7f0000000580)=@xdp={0x2c, 0x8, r13, 0x3e}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x40084) execve(&(0x7f0000000240)='./file1\x00', &(0x7f0000000640)={[&(0x7f0000000280)='hfsplus\x00', &(0x7f00000002c0)='/dev/net/tun\x00', &(0x7f0000000300)='!.\\\\\x00', &(0x7f0000000340)='\xbb\xbb\xbb\xbb\xbb\xbb', &(0x7f0000000380)='devlink\x00', &(0x7f00000003c0)='hfsplus\x00']}, &(0x7f0000000840)={[&(0x7f0000000680)='\x00', &(0x7f0000000740)='\xbb\xbb\xbb\xbb\xbb\xbb', &(0x7f0000000780)='syzkaller0\x00', &(0x7f00000007c0)='%(@]\x00', &(0x7f0000000800)='\x00']}) io_submit(r7, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0x70000}]) [ 85.343937][ T5306] Bluetooth: hci0: command tx timeout [ 85.435806][ T5331] loop0: detected capacity change from 0 to 1024 [ 85.526736][ T5331] syzkaller0: entered promiscuous mode [ 85.529355][ T5331] syzkaller0: entered allmulticast mode [ 85.615296][ T5331] [ 85.616536][ T5331] ====================================================== [ 85.619738][ T5331] WARNING: possible circular locking dependency detected [ 85.622635][ T5331] syzkaller #0 Not tainted [ 85.624660][ T5331] ------------------------------------------------------ [ 85.627575][ T5331] syz.0.0/5331 is trying to acquire lock: [ 85.630201][ T5331] ffff888040a8ce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.635504][ T5331] [ 85.635504][ T5331] but task is already holding lock: [ 85.638757][ T5331] ffff888040f240b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.643272][ T5331] [ 85.643272][ T5331] which lock already depends on the new lock. [ 85.643272][ T5331] [ 85.648868][ T5331] [ 85.648868][ T5331] the existing dependency chain (in reverse order) is: [ 85.652778][ T5331] [ 85.652778][ T5331] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 85.656165][ T5331] __mutex_lock+0x19f/0x1300 [ 85.658276][ T5331] hfsplus_find_init+0x168/0x2d0 [ 85.660645][ T5331] hfsplus_get_block+0x91e/0x1670 [ 85.662780][ T5331] block_read_full_folio+0x29f/0x830 [ 85.665241][ T5331] read_pages+0x373/0x5a0 [ 85.667399][ T5331] page_cache_ra_unbounded+0x79c/0xa50 [ 85.670444][ T5331] page_cache_ra_order+0xaf2/0xeb0 [ 85.673427][ T5331] filemap_get_pages+0x4c0/0x1f10 [ 85.676300][ T5331] filemap_read+0x447/0x1230 [ 85.678568][ T5331] __kernel_read+0x504/0x9b0 [ 85.680779][ T5331] bprm_execve+0x870/0x1460 [ 85.682968][ T5331] do_execveat_common+0x50d/0x690 [ 85.685487][ T5331] __x64_sys_execve+0x97/0xc0 [ 85.687817][ T5331] do_syscall_64+0x14d/0xf80 [ 85.690177][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.692998][ T5331] [ 85.692998][ T5331] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.697367][ T5331] __lock_acquire+0x15a5/0x2cf0 [ 85.700166][ T5331] lock_acquire+0xf0/0x2e0 [ 85.702366][ T5331] __mutex_lock+0x19f/0x1300 [ 85.706509][ T5331] hfsplus_file_extend+0x215/0x1d70 [ 85.709589][ T5331] hfsplus_bmap_reserve+0x125/0x510 [ 85.712365][ T5331] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.715214][ T5331] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.717872][ T5331] hfsplus_file_extend+0x4af/0x1d70 [ 85.720986][ T5331] hfsplus_get_block+0x42c/0x1670 [ 85.724098][ T5331] __block_write_begin_int+0x6c6/0x1910 [ 85.726907][ T5331] cont_write_begin+0x737/0xae0 [ 85.729563][ T5331] hfsplus_write_begin+0x66/0xb0 [ 85.732165][ T5331] generic_perform_write+0x2e2/0x8f0 [ 85.735132][ T5331] generic_file_write_iter+0x14a/0x680 [ 85.738212][ T5331] aio_write+0x5cd/0x870 [ 85.740370][ T5331] io_submit_one+0x7bb/0x14c0 [ 85.742664][ T5331] __se_sys_io_submit+0x195/0x340 [ 85.745181][ T5331] do_syscall_64+0x14d/0xf80 [ 85.747816][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.751519][ T5331] [ 85.751519][ T5331] other info that might help us debug this: [ 85.751519][ T5331] [ 85.756001][ T5331] Possible unsafe locking scenario: [ 85.756001][ T5331] [ 85.759217][ T5331] CPU0 CPU1 [ 85.762118][ T5331] ---- ---- [ 85.765107][ T5331] lock(&tree->tree_lock/1); [ 85.767305][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.771032][ T5331] lock(&tree->tree_lock/1); [ 85.775133][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.778458][ T5331] [ 85.778458][ T5331] *** DEADLOCK *** [ 85.778458][ T5331] [ 85.782195][ T5331] 3 locks held by syz.0.0/5331: [ 85.784451][ T5331] #0: ffff888040a8a4b8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.790334][ T5331] #1: ffff888040a8a2c8 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.795068][ T5331] #2: ffff888040f240b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.800067][ T5331] [ 85.800067][ T5331] stack backtrace: [ 85.802941][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.802968][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.802983][ T5331] Call Trace: [ 85.803016][ T5331] [ 85.803024][ T5331] dump_stack_lvl+0xe8/0x150 [ 85.803052][ T5331] print_circular_bug+0x2e1/0x300 [ 85.803076][ T5331] check_noncircular+0x12e/0x150 [ 85.803096][ T5331] __lock_acquire+0x15a5/0x2cf0 [ 85.803112][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.803127][ T5331] ? lock_release+0x4b/0x3d0 [ 85.803137][ T5331] ? lock_release+0x4b/0x3d0 [ 85.803152][ T5331] lock_acquire+0xf0/0x2e0 [ 85.803166][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 85.803187][ T5331] __mutex_lock+0x19f/0x1300 [ 85.803271][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 85.803296][ T5331] ? stack_trace_save+0xa9/0x100 [ 85.803311][ T5331] ? __pfx_stack_trace_save+0x10/0x10 [ 85.803324][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 85.803341][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 85.803353][ T5331] ? lockdep_unlock+0x5d/0xd0 [ 85.803366][ T5331] ? __lock_acquire+0x146e/0x2cf0 [ 85.803381][ T5331] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.803399][ T5331] hfsplus_file_extend+0x215/0x1d70 [ 85.803418][ T5331] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.803434][ T5331] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.803451][ T5331] ? rcu_is_watching+0x15/0xb0 [ 85.803466][ T5331] ? trace_contention_end+0x3d/0x150 [ 85.803477][ T5331] ? __asan_memset+0x22/0x50 [ 85.803493][ T5331] ? hfsplus_brec_find+0x19d/0x520 [ 85.803509][ T5331] hfsplus_bmap_reserve+0x125/0x510 [ 85.803525][ T5331] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.803537][ T5331] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.803550][ T5331] hfsplus_file_extend+0x4af/0x1d70 [ 85.803567][ T5331] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.803584][ T5331] ? clean_bdev_aliases+0x62e/0x750 [ 85.803598][ T5331] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 85.803610][ T5331] hfsplus_get_block+0x42c/0x1670 [ 85.803626][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.803641][ T5331] ? do_raw_spin_unlock+0x4d/0x210 [ 85.803653][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 85.803670][ T5331] __block_write_begin_int+0x6c6/0x1910 [ 85.803686][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.803702][ T5331] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.803715][ T5331] cont_write_begin+0x737/0xae0 [ 85.803730][ T5331] ? __pfx_cont_write_begin+0x10/0x10 [ 85.803743][ T5331] hfsplus_write_begin+0x66/0xb0 [ 85.803759][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.803776][ T5331] generic_perform_write+0x2e2/0x8f0 [ 85.803791][ T5331] ? __pfx_generic_perform_write+0x10/0x10 [ 85.803816][ T5331] ? file_update_time_flags+0x400/0x4a0 [ 85.803839][ T5331] ? __generic_file_write_iter+0xf9/0x230 [ 85.803854][ T5331] ? generic_file_write_iter+0x136/0x680 [ 85.803868][ T5331] generic_file_write_iter+0x14a/0x680 [ 85.803881][ T5331] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.803895][ T5331] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.803908][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 85.803922][ T5331] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.803933][ T5331] ? kasan_save_track+0x4f/0x80 [ 85.803953][ T5331] ? aio_write+0x547/0x870 [ 85.804003][ T5331] aio_write+0x5cd/0x870 [ 85.804016][ T5331] ? __pfx_aio_write+0x10/0x10 [ 85.804036][ T5331] io_submit_one+0x7bb/0x14c0 [ 85.804047][ T5331] ? irqentry_exit+0x59e/0x620 [ 85.804062][ T5331] ? trace_irq_disable+0x3b/0x150 [ 85.804074][ T5331] ? __pfx_io_submit_one+0x10/0x10 [ 85.804085][ T5331] ? __might_fault+0xaf/0x130 [ 85.804097][ T5331] __se_sys_io_submit+0x195/0x340 [ 85.804111][ T5331] ? __pfx___se_sys_io_submit+0x10/0x10 [ 85.804130][ T5331] do_syscall_64+0x14d/0xf80 [ 85.804141][ T5331] ? trace_irq_disable+0x3b/0x150 [ 85.804149][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.804159][ T5331] ? clear_bhb_loop+0x40/0x90 [ 85.804172][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.804186][ T5331] RIP: 0033:0x7f24ef79c799 [ 85.804305][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.804318][ T5331] RSP: 002b:00007f24f0624fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 85.804333][ T5331] RAX: ffffffffffffffda RBX: 00007f24efa15fa0 RCX: 00007f24ef79c799 [ 85.804347][ T5331] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f24f05db000 [ 85.804357][ T5331] RBP: 00007f24ef832c99 R08: 0000000000000000 R09: 0000000000000000 [ 85.804365][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.804374][ T5331] R13: 00007f24efa16038 R14: 00007f24efa15fa0 R15: 00007ffd2455de68 [ 85.804385][ T5331] [ 87.353021][ T5306] Bluetooth: hci0: command tx timeout