program: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x4, 0x0, 0x100000, 0x1000, &(0x7f0000004000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000002c0), &(0x7f0000000180)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x6ab, &(0x7f0000000700)="$eJzs3U1sHFcdAPD/rHfX3oBcp03TgCphNVJBWCT+kFPMpQYhZIkKVeWAOK4Sp7GycSt7i5wI0fB94IJE7xSEb1xA4h5UzsCFXn2shMSlpwASi+Zj17vrjbPrxF5b/f2imXlv3se895+Znd21og3gE2ttLsoPIom1udd20vze7lJjb3fpTjsdEZMRUYoo55tINiOSDyJWI1/iM+nOorvkUcd5b2PljQ8/3vsoz01H3l9Wv3RYuwOulQbsvF8sMRsRE8X2CfT0d72vv+rI3SWdGaYBu9wOHIxbJSJaPb57Mb/cK8M0H/6+BU6tJH9uHrihZyLORcRU8T4gfyrmz+wz7f64BwAAAAAn4JlfZB/hp8c9DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhLit//T4ql1E7PRtL+/f9qsS+K9Jn2YNwDAAAAAAAAAIDRffPTfTs+9zAexk5Mt/OtJPub/0tZ5kK2/lS8E9uxHltxJXaiHs1oxlYsRMRMVl7J1tWderO5tTBEy8VOy+hquTjkDGpHnzwAAAAAAAAAnBXlYSqt9uR+FGv7f/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTIImYyDfZcqGdnolSOSKmIqKa1rsf8bd2+lT69Z+7c63/tjIHqj04yTEBAADAmDzzMB7GTky3860k+8x/MfvcPxXvxGY0YyOa0Yj1uJF9F5B/6i/t7S419naX7qTLwX6/+q+RhpH1GPl3D4OPfCmrUYubsZHtuRLX461oxI0oZS1Tl9rjGTyuH6ZjSl4t9IbhkSO7UWzTmf8yKiPN6iiSoWvOZBFJR5RHZL5om0bj/OGRGPHstI/Ujv1ClDrf/Fw4cswH2Mk3r/wu36bz+dlIMTlu/ZFY7Lr6Lh4eiYjP/+n337nV2Lw9eXN77vRMaQSTXd+g9UdiqSsSLwwbiVtnNRLd5rNIPN/Jr8U34tsxF7PxemzFRnwv6tGM9ZiNr0c9JqJeXM/peubwSK325F4fcPBad6aanZdK8So6/JiaUY+XsrbTsRHfirfiRqzHtezfYizEK7Ecy7FSnOF/FH0+7q4vDXvX5y5/oevL5J/3Ty273sYlHdj5ztOp+6qfz8Z1vmfP/n3w7NN8bcyVP1sk0mP8uNieDv2RWOiKxHOHR+I32cvKdmPz9tat+ttDHu/lYpveRz89VU+J9Hp5Nj1ZWa736kjLnusvm8rjVS3+4pKX9T5x07LnO2WPu1OrxXu4gz0tZmUvDCxbysoudZX1vN9azd9vAXDqnfviuWrtn7W/1t6v/aR2q/ba1Ncmvzz5YjUqf6l8pTw/8XLpxeSP8X78YP/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHTbd+/drjca61t9iVar9e4jio4xUYuI9p6Ix7WqxOPrHEPiV7/NIpftKbcTo/UzOVTl6v7ZefUPTzLmyqitIp5KxMrFRXb33u1/t1qtkz1NgxOVQ675/USrcKCoNVTzsSX+03p6HQ56tSif5EsTcMyuNu+8fXX77r0vbdypv7n+5vrmyvLyyvzK8rW/X7250Vifz9fjHiVwHNJnfbqdHefvrAIAAAAAAAAAAAAjGfk/Bhzhf7wcPOq76ep/Y5guAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAatzU0WqSvz6Xpvd6mRLu10p2JWrRQRyfcjkg8iViNfYqaru+RRx3lvY+WNDz/e+yjPlYslq1/qaVc5yizuF0vMRsREse029QT9XS+2RxpZJunMMA3Y5XbgYNz+HwAA///BVw2b") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) creat(&(0x7f0000000080)='./file1\x00', 0x9) syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) pipe(&(0x7f0000002480)={0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0xf) socket$netlink(0x10, 0x3, 0xf) socket$igmp(0x2, 0x3, 0x2) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r5 = dup(r4) dup(r5) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000071121d000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYRES32=r6], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x541c, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x7fffffffffffffff, 0x80240) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000100)={0x0, 0x0, 0x0}) r12 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r12, 0xc04064aa, &(0x7f00000003c0)={0x0, 0x0, r13}) ioctl$DRM_IOCTL_MODE_SETPLANE(r9, 0xc03064b7, &(0x7f0000000140)={r10, r11, r13, 0xfffffff8, 0x8, 0x1, 0x3, 0xa774, 0xff, 0x6, 0x6, 0x23}) [ 75.880143][ T5334] Bluetooth: hci0: command tx timeout [ 76.016782][ T5353] loop0: detected capacity change from 0 to 1024 [ 76.064102][ T5353] [ 76.065460][ T5353] ============================================ [ 76.068313][ T5353] WARNING: possible recursive locking detected [ 76.071142][ T5353] syzkaller #0 Not tainted [ 76.073212][ T5353] -------------------------------------------- [ 76.075948][ T5353] syz.0.0/5353 is trying to acquire lock: [ 76.078446][ T5353] ffff888052ea1548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 76.083323][ T5353] [ 76.083323][ T5353] but task is already holding lock: [ 76.086570][ T5353] ffff888052ea3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 76.091320][ T5353] [ 76.091320][ T5353] other info that might help us debug this: [ 76.094989][ T5353] Possible unsafe locking scenario: [ 76.094989][ T5353] [ 76.098394][ T5353] CPU0 [ 76.099960][ T5353] ---- [ 76.101470][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 76.104104][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 76.106583][ T5353] [ 76.106583][ T5353] *** DEADLOCK *** [ 76.106583][ T5353] [ 76.109959][ T5353] May be due to missing lock nesting notation [ 76.109959][ T5353] [ 76.113571][ T5353] 4 locks held by syz.0.0/5353: [ 76.115739][ T5353] #0: ffff8880008a8428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 76.119766][ T5353] #1: ffff888052ea3238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x171/0x220 [ 76.124249][ T5353] #2: ffff888052ea3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 76.129393][ T5353] #3: ffff888052e9f0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 76.133690][ T5353] [ 76.133690][ T5353] stack backtrace: [ 76.136293][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.136309][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.136318][ T5353] Call Trace: [ 76.136326][ T5353] [ 76.136332][ T5353] dump_stack_lvl+0x189/0x250 [ 76.136354][ T5353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.136370][ T5353] ? __pfx__printk+0x10/0x10 [ 76.136388][ T5353] ? print_lock_name+0xde/0x100 [ 76.136406][ T5353] print_deadlock_bug+0x28b/0x2a0 [ 76.136420][ T5353] validate_chain+0x1a3f/0x2140 [ 76.136434][ T5353] ? lock_release+0x4b/0x3e0 [ 76.136454][ T5353] ? look_up_lock_class+0x74/0x170 [ 76.136516][ T5353] ? register_lock_class+0x51/0x320 [ 76.136535][ T5353] __lock_acquire+0xab9/0xd20 [ 76.136556][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 76.136568][ T5353] lock_acquire+0x120/0x360 [ 76.136587][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 76.136600][ T5353] ? stack_trace_save+0x9c/0xe0 [ 76.136616][ T5353] ? __pfx_hlock_conflict+0x10/0x10 [ 76.136630][ T5353] __mutex_lock+0x187/0x1350 [ 76.136648][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 76.136661][ T5353] ? lockdep_unlock+0x89/0x120 [ 76.136676][ T5353] ? validate_chain+0x897/0x2140 [ 76.136688][ T5353] ? hfsplus_get_block+0x39e/0x1530 [ 76.136700][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 76.136721][ T5353] hfsplus_get_block+0x39e/0x1530 [ 76.136736][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.136749][ T5353] ? do_raw_spin_unlock+0x4d/0x240 [ 76.136763][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 76.136778][ T5353] block_read_full_folio+0x29c/0x830 [ 76.136792][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 76.136805][ T5353] filemap_read_folio+0x117/0x380 [ 76.136823][ T5353] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 76.136834][ T5353] ? __pfx_filemap_read_folio+0x10/0x10 [ 76.136851][ T5353] ? filemap_add_folio+0x1af/0x270 [ 76.136867][ T5353] do_read_cache_folio+0x350/0x590 [ 76.136879][ T5353] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 76.136891][ T5353] read_cache_page+0x5d/0x170 [ 76.136902][ T5353] hfsplus_block_free+0x121/0x550 [ 76.136921][ T5353] hfsplus_free_extents+0x10d/0xa60 [ 76.136934][ T5353] hfsplus_file_truncate+0x736/0xb40 [ 76.136951][ T5353] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 76.136964][ T5353] ? unmap_mapping_range+0xde/0x170 [ 76.136977][ T5353] ? __pfx_unmap_mapping_range+0x10/0x10 [ 76.136989][ T5353] ? truncate_setsize+0xcf/0xf0 [ 76.137003][ T5353] hfsplus_setattr+0x1c4/0x270 [ 76.137014][ T5353] ? __pfx_hfsplus_setattr+0x10/0x10 [ 76.137026][ T5353] notify_change+0xb33/0xe40 [ 76.137042][ T5353] do_truncate+0x1a4/0x220 [ 76.137056][ T5353] ? __pfx_do_truncate+0x10/0x10 [ 76.137069][ T5353] ? apparmor_file_truncate+0x23e/0x2d0 [ 76.137093][ T5353] path_openat+0x306c/0x3830 [ 76.137114][ T5353] ? __pfx_path_openat+0x10/0x10 [ 76.137126][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.137145][ T5353] do_filp_open+0x1fa/0x410 [ 76.137156][ T5353] ? __lock_acquire+0xab9/0xd20 [ 76.137174][ T5353] ? __pfx_do_filp_open+0x10/0x10 [ 76.137191][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 76.137205][ T5353] ? alloc_fd+0x64c/0x6c0 [ 76.137224][ T5353] do_sys_openat2+0x121/0x1c0 [ 76.137244][ T5353] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.137264][ T5353] ? rcu_is_watching+0x15/0xb0 [ 76.137277][ T5353] __x64_sys_creat+0x8f/0xc0 [ 76.137289][ T5353] do_syscall_64+0xfa/0x3b0 [ 76.137306][ T5353] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.137320][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.137331][ T5353] ? clear_bhb_loop+0x60/0xb0 [ 76.137344][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.137356][ T5353] RIP: 0033:0x7f602a38ebe9 [ 76.137369][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.137379][ T5353] RSP: 002b:00007f602b182038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 76.137393][ T5353] RAX: ffffffffffffffda RBX: 00007f602a5b5fa0 RCX: 00007f602a38ebe9 [ 76.137402][ T5353] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000080 [ 76.137409][ T5353] RBP: 00007f602a411e19 R08: 0000000000000000 R09: 0000000000000000 [ 76.137416][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.137424][ T5353] R13: 00007f602a5b6038 R14: 00007f602a5b5fa0 R15: 00007fff6fd6be58 [ 76.137436][ T5353] [ 76.340634][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.343988][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.347335][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.351379][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.354594][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.358089][ T5353] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.362701][ T5353] hfsplus: unable to mark blocks free: error -5 [ 76.365580][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.368837][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.372615][ T5353] hfsplus: can't free extent [ 76.374797][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.378123][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.393064][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.395998][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.406467][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.409908][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.413119][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.416599][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.428384][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.432116][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.435650][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree [ 76.440558][ T5354] hfsplus: request for non-existent node 16777216 in B*Tree