program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp869'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") semget$private(0x0, 0x6, 0x0) semtimedop(0x0, &(0x7f0000000140)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x4}, {0x0, 0xfffc}], 0x2, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x25ae]) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x8000}, 0xc) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=@delchain={0x34, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9}, {0x10, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000000e060500000000000000000000020900020073397a310000ba000005000100070000ffd6576a0526dc2f6c5c1dbee69e28be1ecd2c83266091030372e6e7c400041a3aa1c1abac7b02000000e39805a74ed8a119e8ad754b0de1d4d6be2c49662d58e793b134aaa260f4d01a400a0e1d3fc11f1e5e18f78e0db60f03635f91fbde0200"/146], 0x28}, 0x1, 0x0, 0x0, 0x1044}, 0x4800) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2000, 0x12) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='personality\x00') syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000cc0)='./bus\x00', 0x21081e, &(0x7f0000000280)={[{@mb_optimize_scan}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x9}}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9PXFsdAPDvDAwMlPfgPd9Cjb5X36tW03SAaUuaLrSujDFNjF1q0iJMCWGGIcxQC3ZB125NbOJKl/4Brrty78bozk1dmPiDaIqJi3m5dwY60JlCCswQ5vNJbu8599zM95zSe07nC8wJYGBdjojtiBiJiIcRMdnWlkn+uNs8kvte7Txd2N15upCJRuP+vzJpe3LtwP0Rcan1mvmI+NH3In6aeTNubXNrZb5cLq236tP1ytp0bXPr+nJlfqm0VFotFudm52Zu37hVPLWxflIZaZW++vKP29/6edKtidaV9nGcpubQc/txEsMR8YOzCNYHQ63xjPS7I7yTbER8GBGfps//ZAylX00A4CJrNCajMdleBwAuumyaA8tkC61cwERks4VCM4f3UYxny9Va/dqj6sbqYjNXNhW57KPlcmmmlSucilwmqc+m5df14qH6jYj4ICJ+OTqW1gsL1fJiP//jAwAD7NKh9f+/o831HwC44PL97gAA0HPWfwAYPNZ/ABg81n8AGDzN9X+s390AAHrI+38AGDzWfwAYKD+8dy85Grutz79efLy5sVJ9fH2xVFspVDYWCgvV9bXCUrW6lH5mT+Wo1ytXq2uzN2PjydS312r16drm1oNKdWO1/iD9XO8HpVx613YPRgYAdPPBJy/+kklW5Dtj6RFteznk+toz4Kxl+90BoG+G+t0BoG/s9gWD6wTv8aUH4ILosEXvAflOvyDUaDQaZ9cl4Ixd/ZL8Pwyqtvy/nwKGASP/D4NL/h8GV6OROe6e/3HcGwGA802OH+jy/f8PW+fftb458JPFw3c8P8teAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPm2t/9vobUX+ERks4VCxHsRMRW5zKPlcmkmIt6PiD+P5kaT+myf+wwAnFT275nW/l9XJ69MHGj6+NJ+cSQifvbr+796Ml+vr/8pYiTz79G96/XnrevF3vceADja3jqdntveyL/aebqwd/SyP//4bkTkm/F3d0Zidz/+cAyn53zkImL8P5lWvSnTlrs4ie1nEfHFTuPPxESaA2nufHo4fhL7vZ7Gzx6In03bmufk7+ILp9AXGDQvkvnnbqfnLxuX03Pn5z+fzlAn15r/kpda2E3nwNfx9+a/oS7z3+Xjxrj5h+83S2Nvtj2L+PJwxF7s3bb5Zy9+pkv8K8eM/9evfPxpt7bGbyKuRuf47bGm65W16drm1vXlyvxSaam0WizOzc7N3L5xqzid5qinu68G/7xz7f1ubcn4x7vEzx8x/q8fc/y//f/DH3/tLfG/+Vmn+Nn46C3xkzXxG8eMPz/++3y3tiT+YpfxH/X1v3bM+C//tvXGtuEAQP/UNrdW5svl0rqCwvkvJP9kz0E3Oha+06tYI9G56RefNZ/pQ02NxjvF6jZjnEbWDTgP9h/6iPhfvzsDAAAAAAAAAAAAAAB01IvfWOr3GAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi4Pg8AAP//Y03PIg==") mkdir(&(0x7f0000000240)='./file2\x00', 0xfb) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x1, 0x1, 0x0, r6}, @call={0x85, 0x0, 0x0, 0x25}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x80) mount(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x2000000, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) unlink(&(0x7f0000000040)='./file1\x00') pread64(r5, &(0x7f0000000100)=""/87, 0x57, 0x5) r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x35a]}, 0x8, 0x0) signalfd4(r7, &(0x7f00000003c0)={[0xe7e]}, 0x8, 0x80800) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x3, 0x0, 0x0, 0x8, 0x3}]}, {0x0, [0x61, 0x5f]}}, 0x0, 0x28, 0x0, 0x1, 0xffffffff}, 0x20) [ 93.322440][ T55] cfg80211: failed to load regulatory.db [ 93.326352][ T4701] Bluetooth: hci0: command tx timeout [ 93.537929][ T5355] loop0: detected capacity change from 0 to 1024 [ 93.744877][ T5356] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 93.766201][ T25] audit: type=1800 audit(1756144850.030:2): pid=5356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 94.298211][ T5354] hfsplus: invalid extended attribute record [ 94.301703][ T5354] [ 94.302779][ T5354] ============================================ [ 94.305505][ T5354] WARNING: possible recursive locking detected [ 94.308313][ T5354] syzkaller #0 Not tainted [ 94.310580][ T5354] -------------------------------------------- [ 94.313504][ T5354] syz.0.0/5354 is trying to acquire lock: [ 94.315847][ T5354] ffff8880533fd548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 94.320726][ T5354] [ 94.320726][ T5354] but task is already holding lock: [ 94.324688][ T5354] ffff8880533ff048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 94.330167][ T5354] [ 94.330167][ T5354] other info that might help us debug this: [ 94.333568][ T5354] Possible unsafe locking scenario: [ 94.333568][ T5354] [ 94.336817][ T5354] CPU0 [ 94.338281][ T5354] ---- [ 94.339683][ T5354] lock(&HFSPLUS_I(inode)->extents_lock); [ 94.342311][ T5354] lock(&HFSPLUS_I(inode)->extents_lock); [ 94.344928][ T5354] [ 94.344928][ T5354] *** DEADLOCK *** [ 94.344928][ T5354] [ 94.349260][ T5354] May be due to missing lock nesting notation [ 94.349260][ T5354] [ 94.353434][ T5354] 3 locks held by syz.0.0/5354: [ 94.355220][ T5354] #0: ffff8880533ff238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: hfsplus_file_release+0xe2/0x3e0 [ 94.359906][ T5354] #1: ffff8880533ff048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 94.364898][ T5354] #2: ffff8880533f80f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 94.369087][ T5354] [ 94.369087][ T5354] stack backtrace: [ 94.371651][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 94.371664][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.371671][ T5354] Call Trace: [ 94.371679][ T5354] [ 94.371686][ T5354] dump_stack_lvl+0x189/0x250 [ 94.371706][ T5354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.371719][ T5354] ? __pfx__printk+0x10/0x10 [ 94.371735][ T5354] ? print_lock_name+0xde/0x100 [ 94.371750][ T5354] print_deadlock_bug+0x28b/0x2a0 [ 94.371764][ T5354] validate_chain+0x1a3f/0x2140 [ 94.371776][ T5354] ? lock_release+0x4b/0x3e0 [ 94.371792][ T5354] ? look_up_lock_class+0x74/0x170 [ 94.371866][ T5354] ? register_lock_class+0x51/0x320 [ 94.371884][ T5354] __lock_acquire+0xab9/0xd20 [ 94.371899][ T5354] ? hfsplus_get_block+0x39e/0x1530 [ 94.371908][ T5354] lock_acquire+0x120/0x360 [ 94.371919][ T5354] ? hfsplus_get_block+0x39e/0x1530 [ 94.371931][ T5354] ? stack_trace_save+0x9c/0xe0 [ 94.371944][ T5354] ? __pfx_hlock_conflict+0x10/0x10 [ 94.371956][ T5354] __mutex_lock+0x187/0x1350 [ 94.371973][ T5354] ? hfsplus_get_block+0x39e/0x1530 [ 94.371985][ T5354] ? lockdep_unlock+0x89/0x120 [ 94.372000][ T5354] ? validate_chain+0x897/0x2140 [ 94.372011][ T5354] ? hfsplus_get_block+0x39e/0x1530 [ 94.372024][ T5354] ? __pfx___mutex_lock+0x10/0x10 [ 94.372045][ T5354] hfsplus_get_block+0x39e/0x1530 [ 94.372056][ T5354] ? __pfx_hfsplus_get_block+0x10/0x10 [ 94.372064][ T5354] ? do_raw_spin_unlock+0x4d/0x240 [ 94.372074][ T5354] ? _raw_spin_unlock+0x28/0x50 [ 94.372084][ T5354] block_read_full_folio+0x29f/0x830 [ 94.372097][ T5354] ? __pfx_hfsplus_get_block+0x10/0x10 [ 94.372107][ T5354] filemap_read_folio+0x114/0x380 [ 94.372129][ T5354] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 94.372139][ T5354] ? __pfx_filemap_read_folio+0x10/0x10 [ 94.372156][ T5354] ? filemap_add_folio+0x1af/0x270 [ 94.372186][ T5354] do_read_cache_folio+0x350/0x590 [ 94.372198][ T5354] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 94.372212][ T5354] read_cache_page+0x5d/0x170 [ 94.372223][ T5354] hfsplus_block_free+0x121/0x550 [ 94.372243][ T5354] hfsplus_free_extents+0x10d/0xa60 [ 94.372260][ T5354] hfsplus_file_truncate+0x736/0xb40 [ 94.372276][ T5354] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 94.372293][ T5354] ? down_write+0x162/0x1f0 [ 94.372311][ T5354] ? __pfx_down_write+0x10/0x10 [ 94.372329][ T5354] hfsplus_file_release+0x303/0x3e0 [ 94.372343][ T5354] ? __pfx_hfsplus_file_release+0x10/0x10 [ 94.372355][ T5354] __fput+0x44c/0xa70 [ 94.372379][ T5354] task_work_run+0x1d4/0x260 [ 94.372398][ T5354] ? __pfx_task_work_run+0x10/0x10 [ 94.372417][ T5354] ? exit_to_user_mode_loop+0x40/0x110 [ 94.372436][ T5354] exit_to_user_mode_loop+0xec/0x110 [ 94.372452][ T5354] do_syscall_64+0x2bd/0x3b0 [ 94.372470][ T5354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.372481][ T5354] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 94.372492][ T5354] ? clear_bhb_loop+0x60/0xb0 [ 94.372505][ T5354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.372516][ T5354] RIP: 0033:0x7ff59e38ebe9 [ 94.372529][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.372539][ T5354] RSP: 002b:00007ffd70bcd408 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 94.372553][ T5354] RAX: 0000000000000000 RBX: 00007ff59e5b7da0 RCX: 00007ff59e38ebe9 [ 94.372560][ T5354] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 94.372567][ T5354] RBP: 00007ff59e5b7da0 R08: 000000000001fd34 R09: 0000001e70bcd6ff [ 94.372575][ T5354] R10: 00007ff59e5b7cb0 R11: 0000000000000246 R12: 0000000000016fab [ 94.372583][ T5354] R13: 00007ff59e5b6090 R14: ffffffffffffffff R15: 00007ffd70bcd520 [ 94.372594][ T5354] [ 94.556250][ T5354] hfsplus: unable to mark blocks free: error -5 [ 94.559443][ T5354] hfsplus: can't free extent