program: sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000140)="f1a0fa9090d465b080d9209c8845fdcaef275aaa15abcd5cd1153a72ef30f13819e7e8929f54ba0f61cab747ec572e7721478ce702eaa7b41015c3215e1643c7ec", 0x41}], 0x1}}], 0x1, 0x4000) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) unlinkat(r1, &(0x7f0000000240)='./file0\x00', 0x0) setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0) listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="20003300d0000000080211000001080211000000505050505050000008ff"], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0) socket(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan0\x00'}) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a010200000000000000000100"], 0xcc}}, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f00000003c0)='./mnt\x00', 0x0, &(0x7f0000000400), 0x0, 0x237, &(0x7f0000000740)="$eJzs3TFoO1UcB/DvXRJr2yBVF0FQQUS0UOomuNRFoSCliAgqVERclFaoLW6tk4MOOqt0ciniZnWULsVFEZyqdqiLoMXB4qBDJLlWqo0opub+/O/zgUvukvfu946777ssRwI01kyShSStJLNJOkmKiw3uqpaZs82dyYOVpNd7/Kdi0K7arpz3m06yneTBJPtlkRfbyebe08e/HD5675sbnXve33tqcqwHeebk+Oix0/eWXv9o8YHNL776YanIQrp/Oq6rVwz5rF0kt/wfxa4RRbvuEfBvLL/64df93N+a5O5B/jspU528t9Zv2O/k/nf/ru/bP355+zjHCly9Xq/Tvwdu94DGKZN0U5RzSar1spybq37Df9OaKl9aW39l9oW1jdXn656pgKvSTY4e+WTi4+m/5P/7VpV/4PrVzRtHTyzvfttfP23VPRpgnPr3/9lnt+6L/EPjyD80l/xDc8k/NJf8Q3PJPzSX/ENzyT80l/xDc8k/NNfF/AMAzdKbqPsJZKAudc8/AAAAAAAAAAAAAAAAAADAZTuTByvny7hqfvZOcvJwkvaw+q3B/xEnNw5ep34u+s3+UFTdRvLMnSPuYEQf1Pz09U3f1Vv/8zvqrb+1mmy/lmS+3b58/RVn199/d/M/fN95bsQCI3royXrr/7Zbb/3Fw+TT/vwzP2z+KXPb4H34/NPtn78R67/864g7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGx+DwAA///MmG20") r6 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) r7 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000240)=ANY=[@ANYBLOB="01"], 0x29, 0xfffffffffffffffd) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r6, 0xc0506617, &(0x7f00000002c0)={@desc={0x1, 0x0, @desc1}, 0x0, r7}) r8 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0), 0x8001, 0x0) write$sequencer(r8, 0x0, 0x40) [ 84.838624][ T4707] Bluetooth: hci0: command tx timeout [ 84.881797][ T5368] loop0: detected capacity change from 0 to 1024 [ 84.974373][ T5368] [ 84.975520][ T5368] ============================================ [ 84.978121][ T5368] WARNING: possible recursive locking detected [ 84.980690][ T5368] syzkaller #0 Not tainted [ 84.982601][ T5368] -------------------------------------------- [ 84.985185][ T5368] syz.0.0/5368 is trying to acquire lock: [ 84.987585][ T5368] ffff88805330d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 84.992152][ T5368] [ 84.992152][ T5368] but task is already holding lock: [ 84.995268][ T5368] ffff88805330f708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 85.000038][ T5368] [ 85.000038][ T5368] other info that might help us debug this: [ 85.003364][ T5368] Possible unsafe locking scenario: [ 85.003364][ T5368] [ 85.006529][ T5368] CPU0 [ 85.008001][ T5368] ---- [ 85.009409][ T5368] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.011850][ T5368] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.014367][ T5368] [ 85.014367][ T5368] *** DEADLOCK *** [ 85.014367][ T5368] [ 85.017819][ T5368] May be due to missing lock nesting notation [ 85.017819][ T5368] [ 85.021197][ T5368] 6 locks held by syz.0.0/5368: [ 85.023320][ T5368] #0: ffff88803175c428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.027319][ T5368] #1: ffff88805330f238 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: do_unlinkat+0x1c7/0x560 [ 85.031917][ T5368] #2: ffff88805330f8f8 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_unlink+0xf2/0x650 [ 85.036351][ T5368] #3: ffff8880532dd198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x160/0x730 [ 85.040174][ T5368] #4: ffff88805330f708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 85.044807][ T5368] #5: ffff8880532dd0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 85.049041][ T5368] [ 85.049041][ T5368] stack backtrace: [ 85.051532][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.051547][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.051553][ T5368] Call Trace: [ 85.051560][ T5368] [ 85.051567][ T5368] dump_stack_lvl+0x189/0x250 [ 85.051585][ T5368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.051595][ T5368] ? __pfx__printk+0x10/0x10 [ 85.051610][ T5368] ? print_lock_name+0xde/0x100 [ 85.051625][ T5368] print_deadlock_bug+0x28b/0x2a0 [ 85.051636][ T5368] validate_chain+0x1a3f/0x2140 [ 85.051649][ T5368] ? lock_release+0x4b/0x3e0 [ 85.051668][ T5368] ? look_up_lock_class+0x74/0x170 [ 85.051726][ T5368] ? register_lock_class+0x51/0x320 [ 85.051741][ T5368] __lock_acquire+0xab9/0xd20 [ 85.051755][ T5368] ? hfsplus_get_block+0x39e/0x1530 [ 85.051765][ T5368] lock_acquire+0x120/0x360 [ 85.051783][ T5368] ? hfsplus_get_block+0x39e/0x1530 [ 85.051793][ T5368] ? stack_trace_save+0x9c/0xe0 [ 85.051805][ T5368] ? __pfx_hlock_conflict+0x10/0x10 [ 85.051816][ T5368] __mutex_lock+0x187/0x1350 [ 85.051832][ T5368] ? hfsplus_get_block+0x39e/0x1530 [ 85.051843][ T5368] ? lockdep_unlock+0x89/0x120 [ 85.051856][ T5368] ? validate_chain+0x897/0x2140 [ 85.051866][ T5368] ? hfsplus_get_block+0x39e/0x1530 [ 85.051877][ T5368] ? __pfx___mutex_lock+0x10/0x10 [ 85.051890][ T5368] hfsplus_get_block+0x39e/0x1530 [ 85.051902][ T5368] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.051916][ T5368] ? do_raw_spin_unlock+0x4d/0x240 [ 85.051930][ T5368] ? _raw_spin_unlock+0x28/0x50 [ 85.051946][ T5368] block_read_full_folio+0x29f/0x830 [ 85.051958][ T5368] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.051968][ T5368] filemap_read_folio+0x117/0x380 [ 85.051979][ T5368] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.051988][ T5368] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.052001][ T5368] ? filemap_add_folio+0x1af/0x270 [ 85.052014][ T5368] do_read_cache_folio+0x350/0x590 [ 85.052023][ T5368] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.052032][ T5368] read_cache_page+0x5d/0x170 [ 85.052041][ T5368] hfsplus_block_free+0x121/0x550 [ 85.052055][ T5368] hfsplus_free_extents+0x10d/0xa60 [ 85.052067][ T5368] hfsplus_file_truncate+0x736/0xb40 [ 85.052081][ T5368] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 85.052100][ T5368] ? __pfx___mutex_lock+0x10/0x10 [ 85.052111][ T5368] ? __lock_acquire+0xab9/0xd20 [ 85.052127][ T5368] hfsplus_delete_inode+0x180/0x230 [ 85.052137][ T5368] hfsplus_unlink+0x4e3/0x730 [ 85.052148][ T5368] ? vfs_unlink+0xf2/0x650 [ 85.052160][ T5368] ? __pfx_hfsplus_unlink+0x10/0x10 [ 85.052173][ T5368] ? __pfx_down_write+0x10/0x10 [ 85.052187][ T5368] ? bpf_lsm_inode_unlink+0x9/0x20 [ 85.052201][ T5368] vfs_unlink+0x391/0x650 [ 85.052217][ T5368] do_unlinkat+0x345/0x560 [ 85.052229][ T5368] ? __pfx_do_unlinkat+0x10/0x10 [ 85.052244][ T5368] ? getname_flags+0x1e5/0x540 [ 85.052257][ T5368] __x64_sys_unlinkat+0xd3/0xf0 [ 85.052268][ T5368] do_syscall_64+0xfa/0x3b0 [ 85.052279][ T5368] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.052289][ T5368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.052298][ T5368] ? clear_bhb_loop+0x60/0xb0 [ 85.052310][ T5368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.052320][ T5368] RIP: 0033:0x7ff0ced8eec9 [ 85.052331][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.052338][ T5368] RSP: 002b:00007ff0cfc3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 85.052346][ T5368] RAX: ffffffffffffffda RBX: 00007ff0cefe5fa0 RCX: 00007ff0ced8eec9 [ 85.052351][ T5368] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006 [ 85.052358][ T5368] RBP: 00007ff0cee11f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.052362][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.052366][ T5368] R13: 00007ff0cefe6038 R14: 00007ff0cefe5fa0 R15: 00007ffd1e45c018 [ 85.052372][ T5368] [ 85.232790][ T5368] hfsplus: unable to mark blocks free: error -5 [ 85.234989][ T5368] hfsplus: can't free extent