program: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x70000}]) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) sendfile(r3, r0, &(0x7f0000000240)=0x8b, 0x100000500) execve(&(0x7f0000000140)='./file1\x00', &(0x7f0000000480)={[&(0x7f0000000180)=':$@}+A(\x00', &(0x7f00000002c0)='/proc/timer_list\x00', &(0x7f0000000300)='&-}#\\\',\x00', &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_timestamps\x00', &(0x7f0000000380)='hfsplus\x00', &(0x7f00000003c0)='\xaa\xaa\xaa\xaa\xaa', &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_timestamps\x00', &(0x7f0000000440)='.\x00']}, &(0x7f0000000680)={[&(0x7f0000000500)='-[:-/\x00', &(0x7f00000005c0)='\xaa\xaa\xaa\xaa\xaa', &(0x7f0000000600)='\xaa\xaa\xaa\xaa\xaa', &(0x7f0000000640)='\x00']}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0xfff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x44, r10, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r8}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r11 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r11, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x18, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}]}, 0x18}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) syz_emit_ethernet(0x56, &(0x7f0000006340)=ANY=[@ANYBLOB="aaaaaaaaaaaa01800000008086dd608a35f200200600fe80000000000000000000000000000000008c008d50b6b300000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8000000090780000080a00000000000000040000"], 0x0) [ 84.669649][ T5300] Bluetooth: hci0: command tx timeout [ 84.764318][ T5323] loop0: detected capacity change from 0 to 1024 [ 84.865102][ T5323] [ 84.866373][ T5323] ====================================================== [ 84.869543][ T5323] WARNING: possible circular locking dependency detected [ 84.872507][ T5323] syzkaller #0 Not tainted [ 84.874423][ T5323] ------------------------------------------------------ [ 84.878015][ T5323] syz.0.0/5323 is trying to acquire lock: [ 84.881326][ T5323] ffff88801bba80b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.885581][ T5323] [ 84.885581][ T5323] but task is already holding lock: [ 84.888795][ T5323] ffff88801f739c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 84.893720][ T5323] [ 84.893720][ T5323] which lock already depends on the new lock. [ 84.893720][ T5323] [ 84.898014][ T5323] [ 84.898014][ T5323] the existing dependency chain (in reverse order) is: [ 84.902641][ T5323] [ 84.902641][ T5323] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 84.906456][ T5323] __mutex_lock+0x19f/0x1300 [ 84.908543][ T5323] hfsplus_file_extend+0x215/0x1d70 [ 84.910688][ T5323] hfsplus_bmap_reserve+0x125/0x510 [ 84.912815][ T5323] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 84.915738][ T5323] __hfsplus_ext_cache_extent+0x89/0xe30 [ 84.918718][ T5323] hfsplus_file_extend+0x4af/0x1d70 [ 84.921035][ T5323] hfsplus_get_block+0x42c/0x1670 [ 84.923273][ T5323] __block_write_begin_int+0x6c6/0x1910 [ 84.925658][ T5323] cont_write_begin+0x737/0xae0 [ 84.927764][ T5323] hfsplus_write_begin+0x66/0xb0 [ 84.929835][ T5323] generic_perform_write+0x2e2/0x8f0 [ 84.932355][ T5323] generic_file_write_iter+0x14a/0x680 [ 84.935018][ T5323] aio_write+0x5cd/0x870 [ 84.937203][ T5323] io_submit_one+0x7bb/0x14c0 [ 84.940571][ T5323] __se_sys_io_submit+0x195/0x340 [ 84.943701][ T5323] do_syscall_64+0x14d/0xf80 [ 84.946230][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.949158][ T5323] [ 84.949158][ T5323] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 84.952884][ T5323] __lock_acquire+0x15a5/0x2cf0 [ 84.955541][ T5323] lock_acquire+0xf0/0x2e0 [ 84.957897][ T5323] __mutex_lock+0x19f/0x1300 [ 84.960198][ T5323] hfsplus_find_init+0x168/0x2d0 [ 84.962352][ T5323] hfsplus_get_block+0x91e/0x1670 [ 84.964333][ T5323] block_read_full_folio+0x29f/0x830 [ 84.966677][ T5323] read_pages+0x373/0x5a0 [ 84.968759][ T5323] page_cache_ra_unbounded+0x79c/0xa50 [ 84.971289][ T5323] page_cache_ra_order+0xaf2/0xeb0 [ 84.973623][ T5323] filemap_get_pages+0x4c0/0x1f10 [ 84.975859][ T5323] filemap_read+0x447/0x1230 [ 84.978105][ T5323] __kernel_read+0x504/0x9b0 [ 84.980212][ T5323] bprm_execve+0x870/0x1460 [ 84.982347][ T5323] do_execveat_common+0x50d/0x690 [ 84.984462][ T5323] __x64_sys_execve+0x97/0xc0 [ 84.986451][ T5323] do_syscall_64+0x14d/0xf80 [ 84.988665][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.992551][ T5323] [ 84.992551][ T5323] other info that might help us debug this: [ 84.992551][ T5323] [ 84.996888][ T5323] Possible unsafe locking scenario: [ 84.996888][ T5323] [ 85.000213][ T5323] CPU0 CPU1 [ 85.002842][ T5323] ---- ---- [ 85.005516][ T5323] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.008062][ T5323] lock(&tree->tree_lock/1); [ 85.010979][ T5323] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.014481][ T5323] lock(&tree->tree_lock/1); [ 85.016512][ T5323] [ 85.016512][ T5323] *** DEADLOCK *** [ 85.016512][ T5323] [ 85.020455][ T5323] 3 locks held by syz.0.0/5323: [ 85.022576][ T5323] #0: ffff888000906420 (&sig->cred_guard_mutex){+.+.}-{4:4}, at: bprm_execve+0xb7/0x1460 [ 85.026876][ T5323] #1: ffff88801f739f98 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0xae2/0xeb0 [ 85.031627][ T5323] #2: ffff88801f739c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 85.036750][ T5323] [ 85.036750][ T5323] stack backtrace: [ 85.039512][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.039535][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.039567][ T5323] Call Trace: [ 85.039655][ T5323] [ 85.039687][ T5323] dump_stack_lvl+0xe8/0x150 [ 85.039715][ T5323] print_circular_bug+0x2e1/0x300 [ 85.039737][ T5323] check_noncircular+0x12e/0x150 [ 85.039761][ T5323] __lock_acquire+0x15a5/0x2cf0 [ 85.039778][ T5323] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.039812][ T5323] ? kasan_save_track+0x4f/0x80 [ 85.039835][ T5323] ? kasan_save_track+0x3e/0x80 [ 85.039854][ T5323] ? __kasan_kmalloc+0x93/0xb0 [ 85.039865][ T5323] ? __kmalloc_noprof+0x35c/0x760 [ 85.039883][ T5323] ? hfsplus_find_init+0x8c/0x2d0 [ 85.039898][ T5323] ? hfsplus_get_block+0x91e/0x1670 [ 85.039917][ T5323] ? block_read_full_folio+0x29f/0x830 [ 85.039932][ T5323] lock_acquire+0xf0/0x2e0 [ 85.039948][ T5323] ? hfsplus_find_init+0x168/0x2d0 [ 85.039966][ T5323] __mutex_lock+0x19f/0x1300 [ 85.039997][ T5323] ? hfsplus_find_init+0x168/0x2d0 [ 85.040017][ T5323] ? hfsplus_find_init+0x168/0x2d0 [ 85.040036][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 85.040048][ T5323] ? rcu_is_watching+0x15/0xb0 [ 85.040067][ T5323] ? __kmalloc_noprof+0x37d/0x760 [ 85.040085][ T5323] ? hfsplus_find_init+0x8c/0x2d0 [ 85.040096][ T5323] ? __kmalloc_noprof+0x1b8/0x760 [ 85.040111][ T5323] hfsplus_find_init+0x168/0x2d0 [ 85.040124][ T5323] hfsplus_get_block+0x91e/0x1670 [ 85.040141][ T5323] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.040159][ T5323] ? block_read_full_folio+0x672/0x830 [ 85.040171][ T5323] block_read_full_folio+0x29f/0x830 [ 85.040185][ T5323] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.040200][ T5323] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.040212][ T5323] read_pages+0x373/0x5a0 [ 85.040224][ T5323] ? __pfx_read_pages+0x10/0x10 [ 85.040234][ T5323] ? filemap_add_folio+0x356/0x530 [ 85.040255][ T5323] page_cache_ra_unbounded+0x79c/0xa50 [ 85.040270][ T5323] page_cache_ra_order+0xaf2/0xeb0 [ 85.040285][ T5323] filemap_get_pages+0x4c0/0x1f10 [ 85.040293][ T5323] ? find_attach+0xd2/0x1280 [ 85.040315][ T5323] ? aa_get_newest_label+0xfc/0x5b0 [ 85.040326][ T5323] ? __pfx_find_attach+0x10/0x10 [ 85.040340][ T5323] ? __lock_acquire+0x6b5/0x2cf0 [ 85.040353][ T5323] ? __pfx_filemap_get_pages+0x10/0x10 [ 85.040367][ T5323] filemap_read+0x447/0x1230 [ 85.040377][ T5323] ? __pfx_filemap_read+0x10/0x10 [ 85.040394][ T5323] ? generic_file_read_iter+0x8f/0x510 [ 85.040402][ T5323] ? __asan_memset+0x22/0x50 [ 85.040415][ T5323] ? iov_iter_kvec+0xb8/0x180 [ 85.040429][ T5323] __kernel_read+0x504/0x9b0 [ 85.040446][ T5323] ? __pfx___kernel_read+0x10/0x10 [ 85.040464][ T5323] ? rw_verify_area+0x2a6/0x4d0 [ 85.040477][ T5323] bprm_execve+0x870/0x1460 [ 85.040495][ T5323] ? __pfx_bprm_execve+0x10/0x10 [ 85.040512][ T5323] ? count+0x1e0/0x230 [ 85.040528][ T5323] do_execveat_common+0x50d/0x690 [ 85.040546][ T5323] __x64_sys_execve+0x97/0xc0 [ 85.040563][ T5323] do_syscall_64+0x14d/0xf80 [ 85.040574][ T5323] ? trace_irq_disable+0x3b/0x150 [ 85.040591][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.040604][ T5323] ? clear_bhb_loop+0x40/0x90 [ 85.040616][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.040629][ T5323] RIP: 0033:0x7f91a2b9c799 [ 85.040667][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.040679][ T5323] RSP: 002b:00007f91a3a32fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 85.040695][ T5323] RAX: ffffffffffffffda RBX: 00007f91a2e15fa0 RCX: 00007f91a2b9c799 [ 85.040704][ T5323] RDX: 0000200000000680 RSI: 0000200000000480 RDI: 0000200000000140 [ 85.040712][ T5323] RBP: 00007f91a2c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 85.040719][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.040726][ T5323] R13: 00007f91a2e16038 R14: 00007f91a2e15fa0 R15: 00007fffc6fb7f58 [ 85.040758][ T5323] [ 85.254337][ T5324] batman_adv: batadv0: Adding interface: dummy0 [ 85.257121][ T5324] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.269978][ T5324] batman_adv: batadv0: Interface activated: dummy0 [ 85.276268][ T5324] batadv0: mtu less than device minimum [ 85.279643][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.285392][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.290376][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.295464][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.301603][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.306894][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.311603][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.316556][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 85.321704][ T5324] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)