program:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x1d, &(0x7f00000000c0), 0x4)
r2 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f00000007c0)={'syz', 0x1}, 0x0, 0x0, r0)
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==")
r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x70000}])
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000d80), r6)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000dc0)={'wpan0\x00', <r8=>0x0})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r9)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r6, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000008000000080030800400018008000300", @ANYRES32=r8], 0x24}}, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)={0x28, r10, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x20004040)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r12, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000100)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000044)
keyctl$read(0xb, r2, &(0x7f0000000800)=""/148, 0x94)
r14 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r14, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r15 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r15, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xbfff, 0x0, "ec28a144f13d7607"})
write$binfmt_aout(r15, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r15, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r16 = syz_open_pts(r15, 0x0)
dup3(r16, r15, 0x0)

[   92.734108][    T9] cfg80211: failed to load regulatory.db
[   92.737336][ T5317] Bluetooth: hci0: command tx timeout
[   92.867918][ T5339] loop0: detected capacity change from 0 to 1024
[   93.061671][   T25] audit: type=1800 audit(1754077935.877:2): pid=5339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0
[   93.078189][ T5338] 
[   93.079316][ T5338] ======================================================
[   93.082427][ T5338] WARNING: possible circular locking dependency detected
[   93.085453][ T5338] 6.16.0-syzkaller-10499-g89748acdf226 #0 Not tainted
[   93.088753][ T5338] ------------------------------------------------------
[   93.091946][ T5338] syz.0.0/5338 is trying to acquire lock:
[   93.094414][ T5338] ffff888032ff20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0
[   93.098711][ T5338] 
[   93.098711][ T5338] but task is already holding lock:
[   93.101783][ T5338] ffff888052ef3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530
[   93.106588][ T5338] 
[   93.106588][ T5338] which lock already depends on the new lock.
[   93.106588][ T5338] 
[   93.111244][ T5338] 
[   93.111244][ T5338] the existing dependency chain (in reverse order) is:
[   93.115189][ T5338] 
[   93.115189][ T5338] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}:
[   93.119024][ T5338]        lock_acquire+0x120/0x360
[   93.121234][ T5338]        __mutex_lock+0x187/0x1340
[   93.123481][ T5338]        hfsplus_file_extend+0x1fc/0x1990
[   93.126124][ T5338]        hfsplus_bmap_reserve+0x122/0x500
[   93.129819][ T5338]        __hfsplus_ext_write_extent+0x28d/0x5b0
[   93.132755][ T5338]        __hfsplus_ext_cache_extent+0x89/0xe30
[   93.135454][ T5338]        hfsplus_file_extend+0x444/0x1990
[   93.138107][ T5338]        hfsplus_get_block+0x411/0x1530
[   93.140642][ T5338]        __block_write_begin_int+0x6b5/0x1900
[   93.143381][ T5338]        cont_write_begin+0x789/0xb50
[   93.146095][ T5338]        hfsplus_write_begin+0x66/0xb0
[   93.148706][ T5338]        generic_perform_write+0x2c5/0x900
[   93.151430][ T5338]        generic_file_write_iter+0x117/0x550
[   93.154162][ T5338]        aio_write+0x532/0x7a0
[   93.156365][ T5338]        io_submit_one+0x78b/0x1310
[   93.158635][ T5338]        __se_sys_io_submit+0x185/0x2f0
[   93.160975][ T5338]        do_syscall_64+0xfa/0x3b0
[   93.163382][ T5338]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.166946][ T5338] 
[   93.166946][ T5338] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   93.170684][ T5338]        validate_chain+0xb9b/0x2140
[   93.173043][ T5338]        __lock_acquire+0xab9/0xd20
[   93.175389][ T5338]        lock_acquire+0x120/0x360
[   93.177675][ T5338]        __mutex_lock+0x187/0x1340
[   93.180001][ T5338]        hfsplus_find_init+0x15a/0x1d0
[   93.182638][ T5338]        hfsplus_get_block+0x8dd/0x1530
[   93.185607][ T5338]        block_read_full_folio+0x29c/0x830
[   93.188667][ T5338]        read_pages+0x35d/0x580
[   93.190926][ T5338]        page_cache_ra_unbounded+0x6b0/0x7b0
[   93.193553][ T5338]        do_sync_mmap_readahead+0x25e/0x7a0
[   93.196149][ T5338]        filemap_fault+0x62c/0x1200
[   93.198345][ T5338]        __do_fault+0x138/0x390
[   93.200355][ T5338]        __handle_mm_fault+0x1847/0x5440
[   93.202686][ T5338]        handle_mm_fault+0x40a/0x8e0
[   93.205029][ T5338]        do_user_addr_fault+0xa81/0x1390
[   93.207669][ T5338]        exc_page_fault+0x76/0xf0
[   93.209859][ T5338]        asm_exc_page_fault+0x26/0x30
[   93.212267][ T5338] 
[   93.212267][ T5338] other info that might help us debug this:
[   93.212267][ T5338] 
[   93.217175][ T5338]  Possible unsafe locking scenario:
[   93.217175][ T5338] 
[   93.220969][ T5338]        CPU0                    CPU1
[   93.223551][ T5338]        ----                    ----
[   93.225910][ T5338]   lock(&HFSPLUS_I(inode)->extents_lock);
[   93.228470][ T5338]                                lock(&tree->tree_lock/1);
[   93.231456][ T5338]                                lock(&HFSPLUS_I(inode)->extents_lock);
[   93.234780][ T5338]   lock(&tree->tree_lock/1);
[   93.236662][ T5338] 
[   93.236662][ T5338]  *** DEADLOCK ***
[   93.236662][ T5338] 
[   93.239840][ T5338] 2 locks held by syz.0.0/5338:
[   93.241914][ T5338]  #0: ffff888052ef33d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x129/0x7b0
[   93.247084][ T5338]  #1: ffff888052ef3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530
[   93.252419][ T5338] 
[   93.252419][ T5338] stack backtrace:
[   93.254922][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) 
[   93.254937][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.254944][ T5338] Call Trace:
[   93.254950][ T5338]  <TASK>
[   93.254956][ T5338]  dump_stack_lvl+0x189/0x250
[   93.254972][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.254981][ T5338]  ? __pfx__printk+0x10/0x10
[   93.254993][ T5338]  ? print_lock_name+0xde/0x100
[   93.255004][ T5338]  print_circular_bug+0x2ee/0x310
[   93.255014][ T5338]  check_noncircular+0x134/0x160
[   93.255024][ T5338]  validate_chain+0xb9b/0x2140
[   93.255038][ T5338]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.255054][ T5338]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.255068][ T5338]  __lock_acquire+0xab9/0xd20
[   93.255081][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   93.255092][ T5338]  lock_acquire+0x120/0x360
[   93.255102][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   93.255112][ T5338]  ? do_user_addr_fault+0xa81/0x1390
[   93.255125][ T5338]  ? asm_exc_page_fault+0x26/0x30
[   93.255137][ T5338]  __mutex_lock+0x187/0x1340
[   93.255147][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   93.255161][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   93.255173][ T5338]  ? __pfx___mutex_lock+0x10/0x10
[   93.255185][ T5338]  ? rcu_is_watching+0x15/0xb0
[   93.255202][ T5338]  ? __kmalloc_noprof+0x29b/0x4f0
[   93.255213][ T5338]  ? hfsplus_find_init+0x8c/0x1d0
[   93.255226][ T5338]  hfsplus_find_init+0x15a/0x1d0
[   93.255239][ T5338]  hfsplus_get_block+0x8dd/0x1530
[   93.255259][ T5338]  ? __pfx_hfsplus_get_block+0x10/0x10
[   93.255276][ T5338]  ? _raw_spin_unlock+0x28/0x50
[   93.255291][ T5338]  block_read_full_folio+0x29c/0x830
[   93.255306][ T5338]  ? __pfx_hfsplus_get_block+0x10/0x10
[   93.255320][ T5338]  ? __pfx_hfsplus_read_folio+0x10/0x10
[   93.255333][ T5338]  read_pages+0x35d/0x580
[   93.255345][ T5338]  ? __pfx_read_pages+0x10/0x10
[   93.255356][ T5338]  ? filemap_add_folio+0x1af/0x270
[   93.255368][ T5338]  page_cache_ra_unbounded+0x6b0/0x7b0
[   93.255384][ T5338]  do_sync_mmap_readahead+0x25e/0x7a0
[   93.255400][ T5338]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[   93.255414][ T5338]  ? count_memcg_event_mm+0x1d/0x250
[   93.255427][ T5338]  ? count_memcg_event_mm+0x1d/0x250
[   93.255451][ T5338]  filemap_fault+0x62c/0x1200
[   93.255466][ T5338]  ? __pfx_filemap_fault+0x10/0x10
[   93.255482][ T5338]  __do_fault+0x138/0x390
[   93.255494][ T5338]  __handle_mm_fault+0x1847/0x5440
[   93.255503][ T5338]  ? __lock_acquire+0xab9/0xd20
[   93.255520][ T5338]  ? __pfx___handle_mm_fault+0x10/0x10
[   93.255533][ T5338]  ? lock_vma_under_rcu+0xe0/0x410
[   93.255544][ T5338]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[   93.255555][ T5338]  ? rcu_is_watching+0x15/0xb0
[   93.255570][ T5338]  handle_mm_fault+0x40a/0x8e0
[   93.255582][ T5338]  do_user_addr_fault+0xa81/0x1390
[   93.255599][ T5338]  ? rcu_is_watching+0x15/0xb0
[   93.255613][ T5338]  ? trace_page_fault_user+0x84/0x1e0
[   93.255626][ T5338]  exc_page_fault+0x76/0xf0
[   93.255638][ T5338]  asm_exc_page_fault+0x26/0x30
[   93.255646][ T5338] RIP: 0033:0x7fc78f158048
[   93.255657][ T5338] Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
[   93.255665][ T5338] RSP: 002b:00007ffc07cdb938 EFLAGS: 00010202
[   93.255675][ T5338] RAX: 0000200000000040 RBX: 0000000000000004 RCX: 00786d74702f7665
[   93.255682][ T5338] RDX: 000000000000000a RSI: 6d74702f7665642f RDI: 0000200000000040
[   93.255688][ T5338] RBP: 00007fc78f3b7ba0 R08: 00007fc78efff02c R09: 0000000000000001
[   93.255693][ T5338] R10: 0000000000000001 R11: 0000000000000009 R12: 00007fc78f3b5fac
[   93.255699][ T5338] R13: 00007fc78f3b5fa0 R14: fffffffffffffffe R15: 00007ffc07cdba50
[   93.255708][ T5338]  </TASK>
[   93.423334][   T25] audit: type=1800 audit(1754077935.897:3): pid=5339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0