program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x40}}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'macinuit'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = memfd_create(&(0x7f0000000500)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x2) ftruncate(r3, 0xffff) bpf$ITER_CREATE(0x21, &(0x7f0000000240), 0x8) syz_pidfd_open(0xffffffffffffffff, 0x0) fcntl$addseals(r2, 0x409, 0x3) r4 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x8000}) r5 = fcntl$dupfd(r4, 0x0, r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r5}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r6, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x2c, 0x0, 0xb, 0x201, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_NAME={0x8, 0x1, 'LED\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2}, 0x4004010) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2000, 0x12) getdents64(r7, &(0x7f0000000100)=""/154, 0x9a) unlinkat(r7, &(0x7f0000000000)='./file1\x00', 0x0) [ 85.684732][ T4704] Bluetooth: hci0: command tx timeout [ 85.772419][ T5360] loop0: detected capacity change from 0 to 1024 [ 85.873762][ T5360] hfsplus: invalid extended attribute record [ 85.887986][ T5360] [ 85.889083][ T5360] ============================================ [ 85.891809][ T5360] WARNING: possible recursive locking detected [ 85.894465][ T5360] syzkaller #0 Not tainted [ 85.896303][ T5360] -------------------------------------------- [ 85.898841][ T5360] syz.0.0/5360 is trying to acquire lock: [ 85.901296][ T5360] ffff888052d15548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.906118][ T5360] [ 85.906118][ T5360] but task is already holding lock: [ 85.909125][ T5360] ffff888052d16988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 85.913436][ T5360] [ 85.913436][ T5360] other info that might help us debug this: [ 85.916714][ T5360] Possible unsafe locking scenario: [ 85.916714][ T5360] [ 85.919839][ T5360] CPU0 [ 85.921228][ T5360] ---- [ 85.922589][ T5360] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.925090][ T5360] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.927669][ T5360] [ 85.927669][ T5360] *** DEADLOCK *** [ 85.927669][ T5360] [ 85.930896][ T5360] May be due to missing lock nesting notation [ 85.930896][ T5360] [ 85.934256][ T5360] 6 locks held by syz.0.0/5360: [ 85.936346][ T5360] #0: ffff888036156428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.940254][ T5360] #1: ffff888052d15df8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: do_unlinkat+0x1c7/0x560 [ 85.944642][ T5360] #2: ffff888052d16b78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_unlink+0xf2/0x650 [ 85.948822][ T5360] #3: ffff888052c93198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x160/0x730 [ 85.952660][ T5360] #4: ffff888052d16988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 85.957377][ T5360] #5: ffff888052c930f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 85.961735][ T5360] [ 85.961735][ T5360] stack backtrace: [ 85.964256][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.964274][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.964282][ T5360] Call Trace: [ 85.964289][ T5360] [ 85.964296][ T5360] dump_stack_lvl+0x189/0x250 [ 85.964317][ T5360] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.964331][ T5360] ? __pfx__printk+0x10/0x10 [ 85.964347][ T5360] ? print_lock_name+0xde/0x100 [ 85.964363][ T5360] print_deadlock_bug+0x28b/0x2a0 [ 85.964377][ T5360] validate_chain+0x1a3f/0x2140 [ 85.964389][ T5360] ? lock_release+0x4b/0x3e0 [ 85.964405][ T5360] ? look_up_lock_class+0x74/0x170 [ 85.964477][ T5360] ? register_lock_class+0x51/0x320 [ 85.964494][ T5360] __lock_acquire+0xab9/0xd20 [ 85.964511][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 85.964522][ T5360] lock_acquire+0x120/0x360 [ 85.964537][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 85.964549][ T5360] ? stack_trace_save+0x9c/0xe0 [ 85.964564][ T5360] ? __pfx_hlock_conflict+0x10/0x10 [ 85.964576][ T5360] __mutex_lock+0x187/0x1350 [ 85.964592][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 85.964605][ T5360] ? lockdep_unlock+0x89/0x120 [ 85.964619][ T5360] ? validate_chain+0x897/0x2140 [ 85.964629][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 85.964640][ T5360] ? __pfx___mutex_lock+0x10/0x10 [ 85.964658][ T5360] hfsplus_get_block+0x39e/0x1530 [ 85.964671][ T5360] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.964682][ T5360] ? do_raw_spin_unlock+0x4d/0x240 [ 85.964695][ T5360] ? _raw_spin_unlock+0x28/0x50 [ 85.964709][ T5360] block_read_full_folio+0x29f/0x830 [ 85.964720][ T5360] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.964731][ T5360] filemap_read_folio+0x114/0x380 [ 85.964748][ T5360] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.964758][ T5360] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.964774][ T5360] ? filemap_add_folio+0x1af/0x270 [ 85.964789][ T5360] do_read_cache_folio+0x350/0x590 [ 85.964799][ T5360] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.964810][ T5360] read_cache_page+0x5d/0x170 [ 85.964819][ T5360] hfsplus_block_free+0x121/0x550 [ 85.964837][ T5360] hfsplus_free_extents+0x10d/0xa60 [ 85.964850][ T5360] hfsplus_file_truncate+0x736/0xb40 [ 85.964865][ T5360] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 85.964877][ T5360] ? __pfx___mutex_lock+0x10/0x10 [ 85.964893][ T5360] ? __lock_acquire+0xab9/0xd20 [ 85.964908][ T5360] hfsplus_delete_inode+0x180/0x230 [ 85.964919][ T5360] hfsplus_unlink+0x4e3/0x730 [ 85.964931][ T5360] ? vfs_unlink+0xf2/0x650 [ 85.964944][ T5360] ? __pfx_hfsplus_unlink+0x10/0x10 [ 85.964957][ T5360] ? __pfx_down_write+0x10/0x10 [ 85.964967][ T5360] ? bpf_lsm_inode_unlink+0x9/0x20 [ 85.964984][ T5360] vfs_unlink+0x391/0x650 [ 85.965007][ T5360] do_unlinkat+0x345/0x560 [ 85.965023][ T5360] ? __pfx_do_unlinkat+0x10/0x10 [ 85.965037][ T5360] ? getname_flags+0x1e5/0x540 [ 85.965053][ T5360] __x64_sys_unlinkat+0xd3/0xf0 [ 85.965067][ T5360] do_syscall_64+0xfa/0x3b0 [ 85.965082][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.965096][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.965107][ T5360] ? clear_bhb_loop+0x60/0xb0 [ 85.965118][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.965130][ T5360] RIP: 0033:0x7f853c18ebe9 [ 85.965141][ T5360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.965150][ T5360] RSP: 002b:00007f853d010038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 85.965163][ T5360] RAX: ffffffffffffffda RBX: 00007f853c3b5fa0 RCX: 00007f853c18ebe9 [ 85.965172][ T5360] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 85.965180][ T5360] RBP: 00007f853c211e19 R08: 0000000000000000 R09: 0000000000000000 [ 85.965188][ T5360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.965194][ T5360] R13: 00007f853c3b6038 R14: 00007f853c3b5fa0 R15: 00007ffc4c29fc68 [ 85.965205][ T5360] [ 86.149535][ T5360] hfsplus: unable to mark blocks free: error -5 [ 86.152658][ T5360] hfsplus: can't free extent