program: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) r2 = dup(r1) pread64(r2, 0x0, 0x32, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x40}}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'macinuit'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2000, 0x12) getdents64(r3, &(0x7f0000000100)=""/154, 0x9a) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) timer_settime(0x0, 0x0, &(0x7f00000008c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f00000007c0)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$binfmt_elf64(r4, &(0x7f0000000140)=ANY=[], 0xfd14) r5 = open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) sendfile(r5, r5, 0x0, 0x100000000) rename(&(0x7f0000000180)='./bus\x00', &(0x7f0000000240)='./file1\x00') timer_create(0x0, &(0x7f00000000c0)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r6, 0x0, &(0x7f0000000180)={{0x0, 0x3938700}, {0x0, 0x1c9c380}}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(r7, 0xffffffffffffffff, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x200) ioctl$LOOP_GET_STATUS64(r9, 0x4c05, &(0x7f0000000100)) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES8=0x0, @ANYBLOB="01002dbd7000fcdbdf250b00000008000300", @ANYRESDEC=r4, @ANYBLOB="2800508011000100c2b922ef5b4736022d4cdf9c9300000008000305000200058e218d0000000000"], 0x44}, 0x1, 0x0, 0x0, 0x24040090}, 0x4008051) [ 68.517041][ T4676] Bluetooth: hci0: command tx timeout [ 68.647208][ T5331] loop0: detected capacity change from 0 to 1024 [ 68.711536][ T24] audit: type=1800 audit(1730851780.463:2): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=25 res=0 errno=0 [ 68.721706][ T5331] hfsplus: invalid extended attribute record [ 68.724380][ T5331] [ 68.725333][ T5331] ====================================================== [ 68.727982][ T5331] WARNING: possible circular locking dependency detected [ 68.730488][ T5331] 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 Not tainted [ 68.733202][ T5331] ------------------------------------------------------ [ 68.735746][ T5331] syz.0.0/5331 is trying to acquire lock: [ 68.737848][ T5331] ffff88804fd6d0f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4e0 [ 68.741595][ T5331] [ 68.741595][ T5331] but task is already holding lock: [ 68.744211][ T5331] ffff888040d2b708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x30a/0xc70 [ 68.748351][ T5331] [ 68.748351][ T5331] which lock already depends on the new lock. [ 68.748351][ T5331] [ 68.752155][ T5331] [ 68.752155][ T5331] the existing dependency chain (in reverse order) is: [ 68.755389][ T5331] [ 68.755389][ T5331] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 68.758654][ T5331] lock_acquire+0x1ed/0x550 [ 68.760505][ T5331] __mutex_lock+0x136/0xd70 [ 68.762381][ T5331] hfsplus_get_block+0x383/0x14f0 [ 68.764271][ T5331] block_read_full_folio+0x418/0xcd0 [ 68.766499][ T5331] filemap_read_folio+0x14b/0x630 [ 68.768586][ T5331] do_read_cache_folio+0x3f5/0x850 [ 68.770790][ T5331] do_read_cache_page+0x30/0x200 [ 68.772812][ T5331] hfsplus_block_allocate+0xee/0x8c0 [ 68.774951][ T5331] hfsplus_file_extend+0xade/0x1b70 [ 68.777048][ T5331] hfsplus_get_block+0x406/0x14f0 [ 68.779139][ T5331] __block_write_begin_int+0x50c/0x1a70 [ 68.781422][ T5331] cont_write_begin+0x6e2/0x9d0 [ 68.783303][ T5331] hfsplus_write_begin+0x68/0xb0 [ 68.785193][ T5331] generic_perform_write+0x344/0x6d0 [ 68.787331][ T5331] generic_file_write_iter+0xae/0x310 [ 68.789578][ T5331] vfs_write+0xaeb/0xd30 [ 68.791632][ T5331] ksys_write+0x183/0x2b0 [ 68.793588][ T5331] do_syscall_64+0xf3/0x230 [ 68.795520][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.797912][ T5331] [ 68.797912][ T5331] -> #0 (&sbi->alloc_mutex){+.+.}-{3:3}: [ 68.800904][ T5331] validate_chain+0x18ef/0x5920 [ 68.802928][ T5331] __lock_acquire+0x1384/0x2050 [ 68.804898][ T5331] lock_acquire+0x1ed/0x550 [ 68.806658][ T5331] __mutex_lock+0x136/0xd70 [ 68.808572][ T5331] hfsplus_block_free+0xbb/0x4e0 [ 68.810578][ T5331] hfsplus_free_extents+0x17a/0xae0 [ 68.812720][ T5331] hfsplus_file_truncate+0x86c/0xc70 [ 68.815011][ T5331] hfsplus_delete_inode+0x174/0x220 [ 68.817221][ T5331] hfsplus_unlink+0x512/0x790 [ 68.819166][ T5331] hfsplus_rename+0xc8/0x1c0 [ 68.820996][ T5331] vfs_rename+0xbdb/0xf00 [ 68.822889][ T5331] do_renameat2+0xd94/0x13f0 [ 68.824859][ T5331] __x64_sys_rename+0x82/0x90 [ 68.826894][ T5331] do_syscall_64+0xf3/0x230 [ 68.828797][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.831137][ T5331] [ 68.831137][ T5331] other info that might help us debug this: [ 68.831137][ T5331] [ 68.834828][ T5331] Possible unsafe locking scenario: [ 68.834828][ T5331] [ 68.837443][ T5331] CPU0 CPU1 [ 68.839357][ T5331] ---- ---- [ 68.841392][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 68.843572][ T5331] lock(&sbi->alloc_mutex); [ 68.846196][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 68.849415][ T5331] lock(&sbi->alloc_mutex); [ 68.851201][ T5331] [ 68.851201][ T5331] *** DEADLOCK *** [ 68.851201][ T5331] [ 68.854311][ T5331] 6 locks held by syz.0.0/5331: [ 68.856133][ T5331] #0: ffff88804fde6420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 68.859497][ T5331] #1: ffff888040d29df8 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 [ 68.863277][ T5331] #2: ffff888040d2b238 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}, at: lock_two_nondirectories+0xe1/0x170 [ 68.867431][ T5331] #3: ffff888040d2b8f8 (&sb->s_type->i_mutex_key#19/4){+.+.}-{3:3}, at: vfs_rename+0x6a2/0xf00 [ 68.871499][ T5331] #4: ffff88804fd6d198 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 [ 68.874925][ T5331] #5: ffff888040d2b708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x30a/0xc70 [ 68.879041][ T5331] [ 68.879041][ T5331] stack backtrace: [ 68.881210][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 68.884985][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.888872][ T5331] Call Trace: [ 68.890171][ T5331] [ 68.891245][ T5331] dump_stack_lvl+0x241/0x360 [ 68.892887][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.894782][ T5331] ? __pfx__printk+0x10/0x10 [ 68.896460][ T5331] print_circular_bug+0x13a/0x1b0 [ 68.898224][ T5331] check_noncircular+0x36a/0x4a0 [ 68.900099][ T5331] ? __pfx_check_noncircular+0x10/0x10 [ 68.902164][ T5331] ? lockdep_lock+0x123/0x2b0 [ 68.903944][ T5331] ? __pfx_check_noncircular+0x10/0x10 [ 68.905799][ T5331] validate_chain+0x18ef/0x5920 [ 68.907581][ T5331] ? __pfx_validate_chain+0x10/0x10 [ 68.909448][ T5331] ? __pfx_validate_chain+0x10/0x10 [ 68.911368][ T5331] ? mark_lock+0x9a/0x360 [ 68.912952][ T5331] __lock_acquire+0x1384/0x2050 [ 68.914727][ T5331] lock_acquire+0x1ed/0x550 [ 68.916475][ T5331] ? hfsplus_block_free+0xbb/0x4e0 [ 68.918395][ T5331] ? __pfx_lock_acquire+0x10/0x10 [ 68.920271][ T5331] ? __pfx___might_resched+0x10/0x10 [ 68.922124][ T5331] __mutex_lock+0x136/0xd70 [ 68.923781][ T5331] ? hfsplus_block_free+0xbb/0x4e0 [ 68.925736][ T5331] ? __pfx_lock_release+0x10/0x10 [ 68.927608][ T5331] ? rcu_is_watching+0x15/0xb0 [ 68.929273][ T5331] ? trace_contention_end+0x3c/0x120 [ 68.931317][ T5331] ? hfsplus_block_free+0xbb/0x4e0 [ 68.933369][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 68.935256][ T5331] ? __mutex_unlock_slowpath+0x21d/0x750 [ 68.937399][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 68.939236][ T5331] hfsplus_block_free+0xbb/0x4e0 [ 68.941187][ T5331] ? hfsplus_find_init+0x85/0x1c0 [ 68.943158][ T5331] ? hfsplus_find_init+0x85/0x1c0 [ 68.945108][ T5331] ? rcu_is_watching+0x15/0xb0 [ 68.946955][ T5331] hfsplus_free_extents+0x17a/0xae0 [ 68.948984][ T5331] hfsplus_file_truncate+0x86c/0xc70 [ 68.950985][ T5331] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 68.953305][ T5331] ? hfsplus_unlink+0x161/0x790 [ 68.955168][ T5331] hfsplus_delete_inode+0x174/0x220 [ 68.957108][ T5331] hfsplus_unlink+0x512/0x790 [ 68.958957][ T5331] ? __pfx___might_resched+0x10/0x10 [ 68.960872][ T5331] ? __pfx_hfsplus_unlink+0x10/0x10 [ 68.962648][ T5331] ? do_raw_spin_lock+0x14f/0x370 [ 68.964323][ T5331] ? down_write_nested+0x195/0x220 [ 68.966154][ T5331] ? __pfx_down_write_nested+0x10/0x10 [ 68.967908][ T5331] ? do_raw_spin_unlock+0x58/0x8b0 [ 68.969794][ T5331] hfsplus_rename+0xc8/0x1c0 [ 68.971578][ T5331] ? __pfx_hfsplus_rename+0x10/0x10 [ 68.973716][ T5331] vfs_rename+0xbdb/0xf00 [ 68.975420][ T5331] ? __pfx_vfs_rename+0x10/0x10 [ 68.977336][ T5331] ? bpf_lsm_path_rename+0x9/0x10 [ 68.978993][ T5331] do_renameat2+0xd94/0x13f0 [ 68.980599][ T5331] ? __pfx_do_renameat2+0x10/0x10 [ 68.982298][ T5331] ? strncpy_from_user+0x13a/0x260 [ 68.984261][ T5331] ? getname_flags+0x1e3/0x540 [ 68.986140][ T5331] __x64_sys_rename+0x82/0x90 [ 68.987963][ T5331] do_syscall_64+0xf3/0x230 [ 68.989777][ T5331] ? clear_bhb_loop+0x35/0x90 [ 68.991639][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.993897][ T5331] RIP: 0033:0x7fb425b7e719 [ 68.995487][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.002754][ T5331] RSP: 002b:00007fb426a3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 69.005825][ T5331] RAX: ffffffffffffffda RBX: 00007fb425d36058 RCX: 00007fb425b7e719 [ 69.008908][ T5331] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000020000180 [ 69.011976][ T5331] RBP: 00007fb425bf139e R08: 0000000000000000 R09: 0000000000000000 [ 69.014903][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.017991][ T5331] R13: 0000000000000000 R14: 00007fb425d36058 R15: 00007ffd3198bd38 [ 69.021085][ T5331] [ 69.029836][ T24] audit: type=1326 audit(1730851780.783:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5329 comm="syz.0.0" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb425b7e719 code=0x0 [ 69.042552][ T5331] hfsplus: unable to mark blocks free: error -5 [ 69.044890][ T5331] hfsplus: can't free extent