program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x200041a, &(0x7f0000000040), 0x1, 0x5cd, &(0x7f0000000cc0)="$eJzs3c9rHOcZB/DvrH5YcsFREjtJ3UJECsXExNauTNpCoWoxRYdgAr3kKup1LLx2grQpmxyKWvyHpAf1lEMvJVB6yMHnHvIPCHosFHoUvbjM7OxqY8uylEjaVf354HfnHb0zzzzzeOZFMxIowAtr9YPMbKXI6tX3euX6zvZyZ2d7+f6gn+Rckkb1L9Nl95/J1MNkMf2W7ycp6nDFs47zZeuLy1/f6l1JZvrhqlZtP3XQfoezVbes1EmuHGO8R985XjE8wzLozUHwSfD4+f5zgoefOsHYHEHxjP+LheR8krl6HhhcuI3Tze74TcwNCAAAACfopd3sppcL484DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzpL67/8XdWsM+ospBn//f7b+Wur+mfbVuBMAAAAAAAAAgGPw5m5208uFwfrjovqZ/1vVysXq83v5JJtpZyPX0stauulmI80kCyOBZntr3e5G8xB7tvbds3U65wsAAAAAAAAA/6f+mNW9n/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAkKJKp/qJqFwf9hTSmk8wlmS2320r+PuifZV+NOwEAAAA4BS/tZje9XBisPy6qZ/7Xquf+uXySB+lmPd100s7t6l1A/6m/sbO93NnZXr5ftqfj/vLfR0qjipj+u4f9j7xUbXFpuMdqfp3f5GoW8342sp7fZS3dtLOYm1VvLUUW6rcXC4M898935Rtr7z8v1zeqTOZzJ+tVbtfy23yUTm6nUZ1Dtc3BR/xDWZ3iF7VD1uh2vSyS4gf1mU2GhaoiM8OKLNW1L6vx8sGVOOJ18uSRmmkM30FdPIGan6+XZc3nJrrmrZGr77WDK5G80/3rm3c7D+7dvbN5dXJO6Vt6shLLI5V4/YWqxGxdjf4serTZ8q1q3wtZz618lNtp5yd5N62qLVfL0bpeOsS91jjavfajK3XnlaSY7y8nRFnXl0fqOjrTLVRjo1/Zq9Irxz8jTV+uO1NJMT3MaRI8WYnmSCVePbgSf3pcfm52HtzbuLv28SGP9+N6Wc7N5yZqbp6tr97pau2bV0c59uq+Y81q7OJwrPHU2KXh2PPu1Nn6e7inI7Wqsdf3GUu93xsjY/t9lwPAxDv/9vnZ+X/N/2P+8/mH83fn35v71bmfnvvhbGYeTf9t6i+NPzd+Xrydz/P7ved/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg29v89LN7a51Oe0NHR0dn2Bn3zMRpuN69//H1zU8/e2f9/tqH7Q/bD24stZrv3mj+7Mb1O+ud9lL/c9xZclL2bvpxZwIAAAAAAAAAAMBRnMavk477HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7Vj/IzFaKNJeuLZXrO9vLnbIN+ntbNpJMl8v/JlMPk8X0WxZGwhXPOs6XrS8uf32rd2UvVmOw/dRB+x3OVt2yUie5cozxHn3neMXwDMugNwfBYdz+FwAA///Glx4G") r0 = open(&(0x7f00000000c0)='.\x00', 0x45176a24d3971224, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.bfq.dequeue\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00'}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r0) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f0000000680)={&(0x7f0000000300), 0xc, &(0x7f00000005c0)={&(0x7f0000000380)={0x238, r5, 0x2, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xb}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7ff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK={0xa8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x800}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xc3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2d}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER={0x74, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x533}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff8000}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffe}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}]}]}]}, 0x238}, 0x1, 0x0, 0x0, 0x10}, 0x0) getsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000240)={@initdev, 0x0}, &(0x7f0000000280)=0x14) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x2004c010) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) unlink(&(0x7f0000000200)='./file1\x00') ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f00000006c0)) [ 84.292823][ T5334] loop0: detected capacity change from 0 to 1024 [ 84.303483][ T5291] Bluetooth: hci0: command tx timeout [ 84.466409][ T5334] [ 84.467532][ T5334] ============================================ [ 84.470187][ T5334] WARNING: possible recursive locking detected [ 84.472809][ T5334] syzkaller #0 Not tainted [ 84.474895][ T5334] -------------------------------------------- [ 84.477912][ T5334] syz.0.0/5334 is trying to acquire lock: [ 84.480194][ T5334] ffff8880422e3500 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 84.484713][ T5334] [ 84.484713][ T5334] but task is already holding lock: [ 84.487740][ T5334] ffff8880422e2180 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2c6/0xcd0 [ 84.492446][ T5334] [ 84.492446][ T5334] other info that might help us debug this: [ 84.495859][ T5334] Possible unsafe locking scenario: [ 84.495859][ T5334] [ 84.499124][ T5334] CPU0 [ 84.500615][ T5334] ---- [ 84.502051][ T5334] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.504557][ T5334] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.507104][ T5334] [ 84.507104][ T5334] *** DEADLOCK *** [ 84.507104][ T5334] [ 84.510633][ T5334] May be due to missing lock nesting notation [ 84.510633][ T5334] [ 84.514187][ T5334] 6 locks held by syz.0.0/5334: [ 84.516355][ T5334] #0: ffff88803fcee410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 84.520432][ T5334] #1: ffff8880422e3068 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_unlinkat+0x2a7/0x610 [ 84.524986][ T5334] #2: ffff8880422e2368 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: vfs_unlink+0xed/0x6c0 [ 84.529614][ T5334] #3: ffff888042808988 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x182/0x930 [ 84.533722][ T5334] #4: ffff8880422e2180 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2c6/0xcd0 [ 84.538712][ T5334] #5: ffff8880428088f0 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 84.543203][ T5334] [ 84.543203][ T5334] stack backtrace: [ 84.545875][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.545893][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.545901][ T5334] Call Trace: [ 84.545909][ T5334] [ 84.545914][ T5334] dump_stack_lvl+0xe8/0x150 [ 84.545933][ T5334] print_deadlock_bug+0x279/0x290 [ 84.545949][ T5334] __lock_acquire+0x253f/0x2cf0 [ 84.545962][ T5334] ? lock_release+0x4b/0x3c0 [ 84.545976][ T5334] ? is_bpf_text_address+0x292/0x2b0 [ 84.545986][ T5334] ? is_bpf_text_address+0x26/0x2b0 [ 84.545996][ T5334] ? kernel_text_address+0xa5/0xe0 [ 84.546012][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 84.546025][ T5334] lock_acquire+0x106/0x350 [ 84.546047][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 84.546065][ T5334] __mutex_lock+0x1a3/0x1550 [ 84.546121][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 84.546137][ T5334] ? check_path+0x21/0x40 [ 84.546150][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 84.546167][ T5334] ? __pfx___mutex_lock+0x10/0x10 [ 84.546183][ T5334] hfsplus_get_block+0x39e/0x1670 [ 84.546200][ T5334] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.546216][ T5334] ? block_read_full_folio+0x672/0x830 [ 84.546231][ T5334] block_read_full_folio+0x29f/0x830 [ 84.546247][ T5334] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.546261][ T5334] filemap_read_folio+0x137/0x3b0 [ 84.546275][ T5334] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 84.546287][ T5334] ? __pfx_filemap_read_folio+0x10/0x10 [ 84.546300][ T5334] ? filemap_add_folio+0x356/0x530 [ 84.546311][ T5334] do_read_cache_folio+0x358/0x590 [ 84.546325][ T5334] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 84.546337][ T5334] read_cache_page+0x5d/0x170 [ 84.546351][ T5334] hfsplus_block_free+0x134/0x630 [ 84.546362][ T5334] ? __kmalloc_noprof+0x37d/0x760 [ 84.546381][ T5334] hfsplus_free_extents+0x121/0xa50 [ 84.546396][ T5334] hfsplus_file_truncate+0x7aa/0xcd0 [ 84.546411][ T5334] ? do_raw_spin_unlock+0x4d/0x210 [ 84.546427][ T5334] ? hfsplus_delete_cat+0x863/0xee0 [ 84.546442][ T5334] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 84.546457][ T5334] ? __pfx___mutex_lock+0x10/0x10 [ 84.546470][ T5334] hfsplus_delete_inode+0x180/0x230 [ 84.546484][ T5334] hfsplus_unlink+0x4ee/0x930 [ 84.546499][ T5334] ? __pfx_hfsplus_unlink+0x10/0x10 [ 84.546514][ T5334] ? __pfx_down_write+0x10/0x10 [ 84.546526][ T5334] ? try_break_deleg+0x5b/0x180 [ 84.546539][ T5334] vfs_unlink+0x272/0x6c0 [ 84.546554][ T5334] filename_unlinkat+0x3cd/0x610 [ 84.546570][ T5334] ? __pfx_filename_unlinkat+0x10/0x10 [ 84.546592][ T5334] ? do_getname+0x151/0x250 [ 84.546609][ T5334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.546622][ T5334] __se_sys_unlink+0x2e/0x140 [ 84.546641][ T5334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.546651][ T5334] do_syscall_64+0x174/0x580 [ 84.546662][ T5334] ? clear_bhb_loop+0x40/0x90 [ 84.546676][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.546686][ T5334] RIP: 0033:0x7f9304f9ce59 [ 84.546699][ T5334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.546707][ T5334] RSP: 002b:00007f9305e5cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 84.546722][ T5334] RAX: ffffffffffffffda RBX: 00007f9305215fa0 RCX: 00007f9304f9ce59 [ 84.546729][ T5334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 84.546736][ T5334] RBP: 00007f9305032d6f R08: 0000000000000000 R09: 0000000000000000 [ 84.546744][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.546751][ T5334] R13: 00007f9305216038 R14: 00007f9305215fa0 R15: 00007fff438c8168 [ 84.546763][ T5334] [ 84.712978][ T5334] hfsplus: unable to mark blocks free: error -5 [ 84.715664][ T5334] hfsplus: can't free extent: start 264, count 1