program: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = open_tree(r0, &(0x7f0000000440)='\x00', 0x81000) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r1, &(0x7f0000000f80)='./file2\x00', 0x4) r2 = syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000080)='./bus\x00', 0x810084, &(0x7f0000000380)=ANY=[@ANYRES64=0x0, @ANYRES16=0x0, @ANYRES32=0x0, @ANYRES16, @ANYRES16=r0, @ANYRES64, @ANYRES64, @ANYRESDEC], 0x1, 0x681, &(0x7f0000000600)="$eJzs3U1sHGf9B/DvrNd2Nv/+UzdN2hRVStRIgIhI7JgUXAkREEI5VKhqD9yQrMRprGzS4rjIrRAN79cewhGpHHyCExL3SOXCBW494mMlRC+9YC4smtlZe2PvOnaJvU75fKLZ53nmeeZ5+e3szO5a0Qb4n3XlXJr3U+TKuZdXyvLa6mx7bXX2Vi+fZDJJI2lWSZHin51O54PkcrpbnktS1N0Vw8a5tzj36oefrH3UbVQ2a/baN3Y6bnfu1lvOJBmr0y1ufdr+rg7ub9ORh3VXbKywDNjZXuBg1MaTdCr/uNfd84M/P7FR06c16OiHnvnAY6Do3je3mUqO1i/08n1A967YvWc/1u6OegIAAABwAJ5cz3pWcmzU8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHSfGV1liZ1Fujlz+Tovf7/xP1vtT5w+X03prf3695AAAAAAAAAMABOr2e9azkWK/cKaq/+b9QFU5Uj/+Xt3InC1nK+axkPstZzlJmkkz1dTSxMr+8vDTTf+Tk4CMvDjzy4kMmOlmnrUe0cAAAAAAAAAD4bPlprmz+/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6DIhnrJtV2opefSqOZZLLX7m7y1yQTo53tf+/+qCcAAAAAB+DJ9axnJcd65U5RfeZ/pvrcfyRv5XaWs5jltLOQa9V3Ad1P/Y211dn22ursrbXV2cb2fr/58Z6mUfWY7ncPg0c+VbVo5XoWqz3nczVvpJ1raaQ3/ql6Phvbg4P8pJxT8Y3aLmd2rU7Llb9Xp9u8u6fFDrPHL1OmqoiMb0Rkup5bGY2ndo7EHp+drSPNpLEx2RNbRtqyiNMfJ+PZY8yP1mm5nl8Oi/lIbI3Exb6z75mdY5584Y+//96N9u2bN67fOXd4lrQ7Y3XaqR5b2yMx2xeJZ7sR+P5rn8VIbDNdReLkRvlKvpPXci5n8kqWspgfZj7LWciZfLvKzdfnc9H3feqQc+byA6VXtgy87XoxUZ+h3Sdrb3N6oTr2WBbz3byRa1nIi9W/i5nJV3MplzLX9wyf3MWVtjHkVd/5/4FhPPvFOtNK8qs6PRzKuD7VF9f+a+5UVde/ZzNKxx/9/aj5uTpTjvGzOj0ctkZipi8ST+8cid9Wl5U77ds3l27Mv7m74Y6/V2fK19EvDtVdojxfjpdPVlV68Owo654eWDdT1Z3YqGtsqzvZq/vbb379UtVm2Ct1on4P1/z63LY7Vln37MBRZqu6U311g95vAXDoHf3S0YnW31t/ab3f+nnrRuvlI9+a/Nrk8xMZ/9P4S83psc83ni/+kPfz483P/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKd35+13bs632wtLWzLNdN4dUrUvmX8PqSqSPMKxej9nNrTN+CNf4HNPJAcTw+2ZiSQHPujAzL86nU69pzgM89k50ylNprPvYzWTDKo6PfogjPjCBOy7C8u33rxw5+13vrx4a/71hdcXbs9dujQ3PXfpxdkL1xfbC9Pdx1HPEtgPmzf9Uc8EAAAAAAAAAAAA2K2D+O8Ew0c/cpBLBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5TV86leT9FZqbPT5fltdXZdrn18pstm0kaSYofJcUHyeV0t0z1dVcMG+fe4tyrH36y9tFmX81e+8ZOx+3O3XrLmSRjdfqo+ru6m/5+t1NlsbHCMmBne4GDUftPAAAA//8J4wUg") r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000200)=0xa0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r3, 0x7a9, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='./file0/file0\x00') r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) faccessat2(r2, &(0x7f0000000340)='./file0\x00', 0x100, 0x1200) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mkdir(&(0x7f0000002bc0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) rename(&(0x7f00000002c0)='./file7\x00', &(0x7f0000000280)='./file0/file0\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) write$cgroup_int(r5, &(0x7f0000000100)=0x2, 0x12) utimes(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)={{0x0, 0x2710}}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) [ 74.792118][ T4702] Bluetooth: hci0: command tx timeout [ 74.853095][ T5353] loop0: detected capacity change from 0 to 1024 [ 74.928372][ T5353] hfsplus: extend alloc file! (134219776,512,16777719) [ 74.944678][ T5353] [ 74.945916][ T5353] ============================================ [ 74.949031][ T5353] WARNING: possible recursive locking detected [ 74.951891][ T5353] syzkaller #0 Not tainted [ 74.953652][ T5353] -------------------------------------------- [ 74.956390][ T5353] syz.0.0/5353 is trying to acquire lock: [ 74.959355][ T5353] ffff888052e51548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 74.964478][ T5353] [ 74.964478][ T5353] but task is already holding lock: [ 74.967836][ T5353] ffff888052e5c108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 74.973004][ T5353] [ 74.973004][ T5353] other info that might help us debug this: [ 74.976489][ T5353] Possible unsafe locking scenario: [ 74.976489][ T5353] [ 74.979985][ T5353] CPU0 [ 74.981522][ T5353] ---- [ 74.982989][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.985513][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.987804][ T5353] [ 74.987804][ T5353] *** DEADLOCK *** [ 74.987804][ T5353] [ 74.991280][ T5353] May be due to missing lock nesting notation [ 74.991280][ T5353] [ 74.994583][ T5353] 9 locks held by syz.0.0/5353: [ 74.996611][ T5353] #0: ffff8880363b0428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.000233][ T5353] #1: ffff8880363b0738 (&type->s_vfs_rename_key){+.+.}-{4:4}, at: do_renameat2+0x364/0xa80 [ 75.004519][ T5353] #2: ffff888052e51df8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: lock_two_directories+0x141/0x220 [ 75.008987][ T5353] #3: ffff888052e53238 (&type->i_mutex_dir_key#9/5){+.+.}-{4:4}, at: lock_two_directories+0x16b/0x220 [ 75.013920][ T5353] #4: ffff888052e538f8 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: lock_two_nondirectories+0xe7/0x180 [ 75.018717][ T5353] #5: ffff888052e5c2f8 (&sb->s_type->i_mutex_key#20/4){+.+.}-{4:4}, at: vfs_rename+0x6d8/0xf00 [ 75.022951][ T5353] #6: ffff888052e40198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x160/0x730 [ 75.027140][ T5353] #7: ffff888052e5c108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 75.031894][ T5353] #8: ffff888052e400f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 75.036115][ T5353] [ 75.036115][ T5353] stack backtrace: [ 75.038361][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.038375][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.038382][ T5353] Call Trace: [ 75.038391][ T5353] [ 75.038397][ T5353] dump_stack_lvl+0x189/0x250 [ 75.038418][ T5353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.038432][ T5353] ? __pfx__printk+0x10/0x10 [ 75.038448][ T5353] ? print_lock_name+0xde/0x100 [ 75.038462][ T5353] print_deadlock_bug+0x28b/0x2a0 [ 75.038476][ T5353] validate_chain+0x1a3f/0x2140 [ 75.038487][ T5353] ? lock_release+0x4b/0x3e0 [ 75.038503][ T5353] ? look_up_lock_class+0x74/0x170 [ 75.038562][ T5353] ? register_lock_class+0x51/0x320 [ 75.038578][ T5353] __lock_acquire+0xab9/0xd20 [ 75.038595][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 75.038606][ T5353] lock_acquire+0x120/0x360 [ 75.038621][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 75.038633][ T5353] ? stack_trace_save+0x9c/0xe0 [ 75.038645][ T5353] ? __pfx_hlock_conflict+0x10/0x10 [ 75.038657][ T5353] __mutex_lock+0x187/0x1350 [ 75.038673][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 75.038685][ T5353] ? lockdep_unlock+0x89/0x120 [ 75.038700][ T5353] ? validate_chain+0x897/0x2140 [ 75.038712][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 75.038725][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 75.038739][ T5353] hfsplus_get_block+0x39e/0x1530 [ 75.038750][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.038761][ T5353] ? do_raw_spin_unlock+0x4d/0x240 [ 75.038775][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 75.038787][ T5353] block_read_full_folio+0x29f/0x830 [ 75.038799][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.038811][ T5353] filemap_read_folio+0x114/0x380 [ 75.038828][ T5353] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 75.038837][ T5353] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.038850][ T5353] ? filemap_add_folio+0x1af/0x270 [ 75.038859][ T5353] do_read_cache_folio+0x350/0x590 [ 75.038865][ T5353] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 75.038872][ T5353] read_cache_page+0x5d/0x170 [ 75.038878][ T5353] hfsplus_block_free+0x121/0x550 [ 75.038889][ T5353] hfsplus_free_extents+0x10d/0xa60 [ 75.038899][ T5353] hfsplus_file_truncate+0x736/0xb40 [ 75.038912][ T5353] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 75.038924][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 75.038941][ T5353] hfsplus_delete_inode+0x180/0x230 [ 75.038952][ T5353] hfsplus_unlink+0x4e3/0x730 [ 75.038965][ T5353] ? __pfx_hfsplus_unlink+0x10/0x10 [ 75.038979][ T5353] ? down_write_nested+0x169/0x200 [ 75.038993][ T5353] ? __pfx_down_write_nested+0x10/0x10 [ 75.039007][ T5353] hfsplus_rename+0xcb/0x1c0 [ 75.039026][ T5353] ? __pfx_hfsplus_rename+0x10/0x10 [ 75.039039][ T5353] vfs_rename+0xbd7/0xf00 [ 75.039055][ T5353] ? __pfx_vfs_rename+0x10/0x10 [ 75.039069][ T5353] ? bpf_lsm_path_rename+0x9/0x20 [ 75.039083][ T5353] ? security_path_rename+0x17d/0x490 [ 75.039101][ T5353] do_renameat2+0x6ce/0xa80 [ 75.039120][ T5353] ? __pfx_do_renameat2+0x10/0x10 [ 75.039135][ T5353] ? strncpy_from_user+0x150/0x290 [ 75.039148][ T5353] ? getname_flags+0x1e5/0x540 [ 75.039165][ T5353] __x64_sys_rename+0x82/0x90 [ 75.039179][ T5353] do_syscall_64+0xfa/0x3b0 [ 75.039196][ T5353] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.039210][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.039221][ T5353] ? clear_bhb_loop+0x60/0xb0 [ 75.039232][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.039246][ T5353] RIP: 0033:0x7f01e9f8ebe9 [ 75.039258][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.039266][ T5353] RSP: 002b:00007f01e63f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 75.039282][ T5353] RAX: ffffffffffffffda RBX: 00007f01ea1b5fa0 RCX: 00007f01e9f8ebe9 [ 75.039292][ T5353] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000040 [ 75.039299][ T5353] RBP: 00007f01ea011e19 R08: 0000000000000000 R09: 0000000000000000 [ 75.039306][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.039313][ T5353] R13: 00007f01ea1b6038 R14: 00007f01ea1b5fa0 R15: 00007ffd69abb088 [ 75.039325][ T5353] [ 75.245860][ T5353] hfsplus: unable to mark blocks free: error -5 [ 75.249550][ T5353] hfsplus: can't free extent [ 75.252864][ T5353] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.257075][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.260886][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.265751][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.269633][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.272846][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.276474][ T5354] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.281220][ T5353] hfsplus: extend alloc file! (134219776,512,16777719) [ 75.285392][ T5353] hfsplus: extend alloc file! (134219776,512,16777719)