program: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x2c, r3, 0x18fe2a01ed25d92f, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x2c}}, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x40}}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'macinuit'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r4 = io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0xfffffffe, 0x183}) io_setup(0x1, &(0x7f00000004c0)=0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000340)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, 0x9, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x6}, [@IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x2f}}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040080}, 0x20004000) close_range(r4, r4, 0x0) r7 = socket(0x2b, 0x80801, 0x1) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) io_submit(r5, 0x1, &(0x7f0000000700)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}]) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000400)='./file2\x00', 0x200040, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRES64=r4, @ANYRES8], 0x1, 0x1c7, &(0x7f0000000c40)="$eJzs3UGLEmEYB/BnbFstiPYWRIeBLp2k+gQbsUE0EBUe6lSw22WNQC9Tl+xb9AH7ALGnvcREjmmKlo04U/b7XXzw/47v84CMJ995eePN6fHb4evP1z5Fp5NE6zAO4zyJg2jFD6MAAHbJeVHEl6LUdC8AQD3W+P3/WnNLAMCWPXv+4tG9LDt6mqadiLNR3st75WuZP3iYHd1Oxw5mV53lee/CNL9T5ul8fjEuT/K7S/P9uHVznH/8nt1/nC3k7Tje/vgAAAAAAAAAAAAAAAAAAAAAANCIbjq19HyfbndVXlY/nQ+0cH7PXlzfq20MAAAAAAAAAAAAAAAAAAAA+KcN370/fdXvnwxmRTsi5t+pVhRXV26xrEgjYvNN/7RoxQaXx6icsOae6yqSv6ONCkVay15PrvxuTVT75P2I+PWaS9v/1s3uEe1mbk0AAAAAAAAAAAAAAAAAAPDfmfzXNxkMm+4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJpTPv+/fzKoUnyIiDUWT7ZKGh4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHfYtAAD//46ZKGM=") link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') r10 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000280)={@broadcast, @dev, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @remote}, @source_quench={0x5, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x88, 0x1, @empty, @dev, {[@rr={0x7, 0x3}, @rr={0x7, 0x27, 0x0, [@remote, @empty, @multicast1, @multicast2, @empty, @loopback, @loopback, @local, @multicast2]}]}}}}}}}, 0x0) pwritev2(r10, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000009fc0)=ANY=[], 0x1c}}, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3f) ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece) r11 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2000, 0x12) getdents64(r11, &(0x7f0000000100)=""/154, 0x9a) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) [ 69.019951][ T5302] Bluetooth: hci0: command tx timeout [ 69.097605][ T5322] loop0: detected capacity change from 0 to 1024 [ 69.222031][ T5322] [ 69.223013][ T5322] ============================================ [ 69.225609][ T5322] WARNING: possible recursive locking detected [ 69.228636][ T5322] syzkaller #0 Not tainted [ 69.231034][ T5322] -------------------------------------------- [ 69.234274][ T5322] syz.0.0/5322 is trying to acquire lock: [ 69.236907][ T5322] ffff888000efd548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x15d0 [ 69.241618][ T5322] [ 69.241618][ T5322] but task is already holding lock: [ 69.244530][ T5322] ffff888000efe988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 69.248948][ T5322] [ 69.248948][ T5322] other info that might help us debug this: [ 69.252305][ T5322] Possible unsafe locking scenario: [ 69.252305][ T5322] [ 69.255647][ T5322] CPU0 [ 69.256963][ T5322] ---- [ 69.258303][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 69.260763][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 69.263549][ T5322] [ 69.263549][ T5322] *** DEADLOCK *** [ 69.263549][ T5322] [ 69.267226][ T5322] May be due to missing lock nesting notation [ 69.267226][ T5322] [ 69.270735][ T5322] 4 locks held by syz.0.0/5322: [ 69.272637][ T5322] #0: ffff888037f0c420 (sb_writers#12){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 69.276128][ T5322] #1: ffff888000efeb78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 69.280359][ T5322] #2: ffff888000efe988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 69.284936][ T5322] #3: ffff8880007160f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xc40 [ 69.289357][ T5322] [ 69.289357][ T5322] stack backtrace: [ 69.292255][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.292272][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.292280][ T5322] Call Trace: [ 69.292289][ T5322] [ 69.292295][ T5322] dump_stack_lvl+0x189/0x250 [ 69.292319][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.292334][ T5322] ? __pfx__printk+0x10/0x10 [ 69.292347][ T5322] ? print_lock_name+0xde/0x100 [ 69.292359][ T5322] print_deadlock_bug+0x28b/0x2a0 [ 69.292373][ T5322] validate_chain+0x1a3f/0x2140 [ 69.292385][ T5322] ? lock_release+0x4b/0x3e0 [ 69.292395][ T5322] ? look_up_lock_class+0x74/0x170 [ 69.293379][ T5322] ? register_lock_class+0x51/0x320 [ 69.293392][ T5322] __lock_acquire+0xab9/0xd20 [ 69.293405][ T5322] ? hfsplus_get_block+0x398/0x15d0 [ 69.293418][ T5322] lock_acquire+0x120/0x360 [ 69.293427][ T5322] ? hfsplus_get_block+0x398/0x15d0 [ 69.293439][ T5322] ? stack_trace_save+0x9c/0xe0 [ 69.293453][ T5322] ? __pfx_hlock_conflict+0x10/0x10 [ 69.293465][ T5322] __mutex_lock+0x187/0x1350 [ 69.293478][ T5322] ? hfsplus_get_block+0x398/0x15d0 [ 69.293491][ T5322] ? lockdep_unlock+0x89/0x120 [ 69.293506][ T5322] ? validate_chain+0x897/0x2140 [ 69.293518][ T5322] ? hfsplus_get_block+0x398/0x15d0 [ 69.293530][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 69.293546][ T5322] hfsplus_get_block+0x398/0x15d0 [ 69.293561][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.293573][ T5322] ? do_raw_spin_unlock+0x4d/0x240 [ 69.293587][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 69.293598][ T5322] block_read_full_folio+0x29f/0x830 [ 69.293611][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.293623][ T5322] filemap_read_folio+0x117/0x380 [ 69.293640][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 69.293653][ T5322] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.293667][ T5322] ? filemap_add_folio+0x35f/0x540 [ 69.293680][ T5322] do_read_cache_folio+0x350/0x590 [ 69.293695][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 69.293713][ T5322] read_cache_page+0x5d/0x170 [ 69.293730][ T5322] hfsplus_block_allocate+0xf3/0xc40 [ 69.293745][ T5322] hfsplus_file_extend+0xa9a/0x1ba0 [ 69.293759][ T5322] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 69.293772][ T5322] ? unwind_next_frame+0xa5/0x2390 [ 69.293784][ T5322] ? rcu_is_watching+0x15/0xb0 [ 69.293795][ T5322] ? __kasan_check_byte+0x12/0x40 [ 69.293808][ T5322] ? unwind_next_frame+0xa5/0x2390 [ 69.293819][ T5322] ? unwind_next_frame+0xa5/0x2390 [ 69.293830][ T5322] ? rcu_is_watching+0x15/0xb0 [ 69.293840][ T5322] ? __kasan_check_byte+0x12/0x40 [ 69.293854][ T5322] ? rcu_is_watching+0x15/0xb0 [ 69.293865][ T5322] ? __kasan_check_byte+0x12/0x40 [ 69.293879][ T5322] hfsplus_get_block+0x40a/0x15d0 [ 69.293893][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.293905][ T5322] ? folio_try_get+0x1c/0x340 [ 69.293920][ T5322] __block_write_begin_int+0x6b5/0x1900 [ 69.293934][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.293947][ T5322] ? __pfx___block_write_begin_int+0x10/0x10 [ 69.293959][ T5322] cont_write_begin+0x789/0xb50 [ 69.293972][ T5322] ? __pfx_cont_write_begin+0x10/0x10 [ 69.293983][ T5322] ? set_normalized_timespec64+0xf0/0x1a0 [ 69.293999][ T5322] ? __pfx_set_normalized_timespec64+0x10/0x10 [ 69.294015][ T5322] hfsplus_write_begin+0x66/0xb0 [ 69.294026][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.294038][ T5322] cont_write_begin+0x2fd/0xb50 [ 69.294052][ T5322] ? __pfx_cont_write_begin+0x10/0x10 [ 69.294062][ T5322] ? inode_set_ctime_current+0x277/0xb40 [ 69.294074][ T5322] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 69.294084][ T5322] hfsplus_write_begin+0x66/0xb0 [ 69.294095][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.294108][ T5322] generic_perform_write+0x2c5/0x900 [ 69.294119][ T5322] ? __pfx_generic_perform_write+0x10/0x10 [ 69.294128][ T5322] ? file_update_time+0x416/0x490 [ 69.294138][ T5322] ? __generic_file_write_iter+0xf9/0x230 [ 69.294147][ T5322] ? generic_file_write_iter+0x103/0x550 [ 69.294157][ T5322] generic_file_write_iter+0x117/0x550 [ 69.294167][ T5322] ? __pfx_generic_file_write_iter+0x10/0x10 [ 69.294178][ T5322] ? aa_file_perm+0x13a/0x1550 [ 69.294192][ T5322] ? aa_file_perm+0x13a/0x1550 [ 69.294203][ T5322] ? aa_file_perm+0x44d/0x1550 [ 69.294216][ T5322] ? preempt_schedule+0xae/0xc0 [ 69.294227][ T5322] ? __pfx_aa_file_perm+0x10/0x10 [ 69.294242][ T5322] do_iter_readv_writev+0x623/0x8c0 [ 69.294258][ T5322] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 69.294270][ T5322] ? rcu_read_lock_any_held+0xb3/0x120 [ 69.294286][ T5322] vfs_writev+0x31a/0x960 [ 69.294302][ T5322] ? __lock_acquire+0xab9/0xd20 [ 69.294311][ T5322] ? __pfx_vfs_writev+0x10/0x10 [ 69.294333][ T5322] ? __fget_files+0x2a/0x420 [ 69.294349][ T5322] ? __fget_files+0x3a0/0x420 [ 69.294363][ T5322] ? __fget_files+0x2a/0x420 [ 69.294378][ T5322] __se_sys_pwritev2+0x179/0x290 [ 69.294392][ T5322] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 69.294407][ T5322] ? do_syscall_64+0xbe/0xfa0 [ 69.294419][ T5322] ? __x64_sys_pwritev2+0x20/0xc0 [ 69.294431][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.294444][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.294454][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.294465][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 69.294479][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.294494][ T5322] RIP: 0033:0x7f6c00b8efc9 [ 69.294505][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.294514][ T5322] RSP: 002b:00007f6c019cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 69.294527][ T5322] RAX: ffffffffffffffda RBX: 00007f6c00de5fa0 RCX: 00007f6c00b8efc9 [ 69.294535][ T5322] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000009 [ 69.294541][ T5322] RBP: 00007f6c00c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 69.294547][ T5322] R10: 0000000000800001 R11: 0000000000000246 R12: 0000000000000000 [ 69.294554][ T5322] R13: 00007f6c00de6038 R14: 00007f6c00de5fa0 R15: 00007ffe6a4864c8 [ 69.294564][ T5322]