program: sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000140)="f1a0fa9090d465b080d9209c8845fdcaef275aaa15abcd5cd1153a72ef30f13819e7e8929f54ba0f61cab747ec572e7721478ce702eaa7b41015c3215e1643c7ec", 0x41}], 0x1}}], 0x1, 0x4000) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0) listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x731d6000) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x5, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f00000001c0)={0x40, 0x7, 0x1, 0x73f, 0x200, 0x36}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x509, 0x70bd25, 0x25dfdbfd, {0x2, 0x1, 0x0, 0xcb, r4}, [@IFA_ADDRESS={0x8, 0x1, @local}, @IFA_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3e}}]}, 0x28}}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x2c, 0x13, 0x821, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r5}, @typed={0x6, 0x0, 0x0, 0x0, @str='!\xa5'}, @typed={0xc, 0x1, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) [ 74.202526][ T4670] Bluetooth: hci0: command tx timeout [ 74.293108][ T5322] loop0: detected capacity change from 0 to 1024 [ 74.876343][ T5322] [ 74.877460][ T5322] ============================================ [ 74.880222][ T5322] WARNING: possible recursive locking detected [ 74.882987][ T5322] syzkaller #0 Not tainted [ 74.884960][ T5322] -------------------------------------------- [ 74.887460][ T5322] syz.0.0/5322 is trying to acquire lock: [ 74.889698][ T5322] ffff888012c9d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 74.894013][ T5322] [ 74.894013][ T5322] but task is already holding lock: [ 74.896878][ T5322] ffff888012c9f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 74.901450][ T5322] [ 74.901450][ T5322] other info that might help us debug this: [ 74.904919][ T5322] Possible unsafe locking scenario: [ 74.904919][ T5322] [ 74.908067][ T5322] CPU0 [ 74.909486][ T5322] ---- [ 74.910933][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.913410][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.915865][ T5322] [ 74.915865][ T5322] *** DEADLOCK *** [ 74.915865][ T5322] [ 74.919298][ T5322] May be due to missing lock nesting notation [ 74.919298][ T5322] [ 74.922923][ T5322] 4 locks held by syz.0.0/5322: [ 74.924982][ T5322] #0: ffff888043e5e420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 74.928866][ T5322] #1: ffff888012c9f238 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 74.933251][ T5322] #2: ffff888012c9f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 74.938221][ T5322] #3: ffff888012c8d8f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 74.942592][ T5322] [ 74.942592][ T5322] stack backtrace: [ 74.945085][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.945099][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.945107][ T5322] Call Trace: [ 74.945113][ T5322] [ 74.945119][ T5322] dump_stack_lvl+0xe8/0x150 [ 74.945138][ T5322] print_deadlock_bug+0x279/0x290 [ 74.945149][ T5322] __lock_acquire+0x253f/0x2cf0 [ 74.945163][ T5322] ? lock_release+0x4b/0x3a0 [ 74.945178][ T5322] ? is_bpf_text_address+0x292/0x2b0 [ 74.945190][ T5322] ? is_bpf_text_address+0x26/0x2b0 [ 74.945201][ T5322] ? kernel_text_address+0xa5/0xe0 [ 74.945214][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 74.945229][ T5322] lock_acquire+0x106/0x330 [ 74.945241][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 74.945257][ T5322] __mutex_lock+0x19f/0x1300 [ 74.946753][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 74.946773][ T5322] ? check_path+0x21/0x40 [ 74.946792][ T5322] ? hfsplus_get_block+0x39e/0x1670 [ 74.946808][ T5322] ? add_lock_to_list+0xc7/0x100 [ 74.946818][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 74.946834][ T5322] hfsplus_get_block+0x39e/0x1670 [ 74.946854][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.946870][ T5322] ? block_read_full_folio+0x672/0x830 [ 74.946887][ T5322] block_read_full_folio+0x29f/0x830 [ 74.946900][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.946916][ T5322] filemap_read_folio+0x137/0x3b0 [ 74.946927][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.946943][ T5322] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.946952][ T5322] ? filemap_add_folio+0x356/0x530 [ 74.946967][ T5322] do_read_cache_folio+0x358/0x590 [ 74.946978][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.946992][ T5322] read_cache_page+0x5d/0x170 [ 74.947001][ T5322] hfsplus_block_free+0x134/0x630 [ 74.947018][ T5322] ? trace_kmalloc+0x1f/0xb0 [ 74.947035][ T5322] hfsplus_free_extents+0x121/0xa50 [ 74.947053][ T5322] hfsplus_file_truncate+0x762/0xc30 [ 74.947073][ T5322] ? __pfx___up_read+0x10/0x10 [ 74.947086][ T5322] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 74.947106][ T5322] ? unmap_mapping_range+0xe6/0x180 [ 74.947122][ T5322] ? __pfx_unmap_mapping_range+0x10/0x10 [ 74.947135][ T5322] ? truncate_setsize+0xcf/0xf0 [ 74.947149][ T5322] hfsplus_setattr+0x1c4/0x270 [ 74.947166][ T5322] ? __pfx_hfsplus_setattr+0x10/0x10 [ 74.947183][ T5322] notify_change+0xc1a/0xf40 [ 74.947200][ T5322] do_truncate+0x1c2/0x250 [ 74.947214][ T5322] ? __pfx_do_truncate+0x10/0x10 [ 74.947228][ T5322] ? apparmor_file_truncate+0x3b1/0x4a0 [ 74.947281][ T5322] path_openat+0x360c/0x3e20 [ 74.947306][ T5322] ? __pfx_path_openat+0x10/0x10 [ 74.947323][ T5322] do_filp_open+0x22d/0x490 [ 74.947338][ T5322] ? __pfx_do_filp_open+0x10/0x10 [ 74.947356][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 74.947372][ T5322] ? alloc_fd+0x64b/0x6c0 [ 74.947390][ T5322] do_sys_openat2+0x12f/0x220 [ 74.947402][ T5322] ? __se_sys_futex+0x3a8/0x450 [ 74.947419][ T5322] ? __pfx_do_sys_openat2+0x10/0x10 [ 74.947432][ T5322] ? rcu_is_watching+0x15/0xb0 [ 74.947444][ T5322] __x64_sys_openat+0x138/0x170 [ 74.947457][ T5322] do_syscall_64+0xe2/0xf80 [ 74.947469][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.947482][ T5322] ? trace_irq_disable+0x37/0x100 [ 74.947493][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 74.947505][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.947518][ T5322] RIP: 0033:0x7f3d6bf9aeb9 [ 74.947531][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.947542][ T5322] RSP: 002b:00007f3d6ce0e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 74.947557][ T5322] RAX: ffffffffffffffda RBX: 00007f3d6c215fa0 RCX: 00007f3d6bf9aeb9 [ 74.947567][ T5322] RDX: 0000000000101740 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 74.947574][ T5322] RBP: 00007f3d6c008c1f R08: 0000000000000000 R09: 0000000000000000 [ 74.947583][ T5322] R10: 0000000000000179 R11: 0000000000000246 R12: 0000000000000000 [ 74.947591][ T5322] R13: 00007f3d6c216038 R14: 00007f3d6c215fa0 R15: 00007ffde5a6d278 [ 74.947604][ T5322] [ 75.144682][ T5322] hfsplus: unable to mark blocks free: error -5 [ 75.148041][ T5322] hfsplus: can't free extent: start 134, count 1