program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0xff, 0x690, &(0x7f0000000180)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXL7F3ndhri88nmp3nmedlnuc3Mzu7s4oc4H/WtXNpPE4t1869uVzkVx7NdFYezdzpp5NMJKknjd4qtbtJ7aPkanpLPlNsrLqrPW0/HyzMvv3xpyufTJS5RrWU9evbtdvkSn2LjQ+rJWeSHKnWz2Bdf9c39Ncaubva6gyLgJ3tBw7GrZmku853T62V7Gj46xY4sGq9++amC3oqOZpksvoc0Lsr9u7Zh9rDcQ8AAAAA9sELvyy/wh8b9zgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgMKn+/n+tWur99JnU+n//v1VtS5U+1B6PewAAAAAAAAAAMLpv/v+GDZ97kidZzrF+vlsrf/N/tcycKF//L+/nXuazmPNZzlyWspTFXEwyVZY3y9fW8tzS0uLFIVpeWm2ZgZaXhpxBe/eTBwAAAAAAAIDDojF6kx/n2trv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBDUkiO9Vbmc6KenUm8kmUzSKuo9TP7aTx9Iv/7TYK77725pU7XH+zkmAAAAGJMXnuRJlnOsn+/Wyu/8p8rv/ZN5P3ezlIUspZP53CifBfS+9ddXHs10Vh7N3CmWzf1+9R8jDaPsMb1nD1vv+XRZo52bWSi3nM/1vJtObqRetiyc7o9n63H9qBhT7Y3KkCO7Ua2Lmf8qzZFmtRu1oWtOlREpRtSLyHTVtojG8e0jMeLR6e+pH/uLqa8++TnxPGO+3Fu9/tveupjPz0eKyV7bGIlLA2ffqe0jkXz+j7/7zq3O3dsTN++dOzhTGsHEwBO0jZGYGYjEy8NG4tZhjcSg6TISJ1fz1/KNfDvnciZvZTEL+V7mspT5nMnXM5cjmavO5+J1avtIXV2Xe2unkbTK49Ks3kWHH9NS5vJq2fZYFvKtvJsbmc+V8t+lXMzruZzLmR04wieHuOrro73Tnv3CwMPkXyRpD9duHxQDO756dxo866fL6+D4ui1rUXrx+d+PGp+tEsU+flKtD4aNkbg4EImXto/Eb8q3lXudu7cXb829N+T+XqvWxXX0swN1lyjOlxeLg1Xm1p8dRdlLG8sme/FqVb+49MrW33GLspOrZTtdqa3qM9zmni6VZS9vWTZTlp0eKFv3eetq7/MWAAfe0S8ebbX/3v5L+8P2T9u32m9Ofm3iyxOvtNL8c/Mrjekjr9Vfqf0hH+YHa9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3bt3/8HtuU5nfnFDotvt/vApRXuYaCfpb0l2atXMznX2JtFKUiYa/cRo/UwMVbm1dnTe+P2zjLk5aqvkuQSqUZ1k9x/c/me32933w7RFornNOb+W6FY2FXWHaj62xL+6WxcVcxm1wzG/MQF77sLSnfcu3Lv/4EsLd+bemX9n/u7s5cuz07OXr/ztws2Fzvx073XcowT2wtpNf9wjAQAAAAAAAAAAAIa1H/8t4Sm7/s8+TxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4pK6dm6hS56eL15VHM51i6adXK5bV6klq309qHyVX01syNdBd7Wn7+WBh9u2PP135pJdrVEtZv76uXXM3s3hYLTmT5Ei1HjT5DP1dr9a7GlmptjrDImBn+4GDcftvAAAA//+PkRPE") ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f0000000c00)={{'\x00', 0x2}, {0x1}, 0x100, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000840)="079611264584aab494721078b827d89e89f215d4367c173548124274af33afdb54617fbec7669489f9dbc1ca9e84123a8d752aaa50246116dd6e3aa88c23873211769729b32767fd31333e4216f1d3b5817c7f098105b99cbd87c3209ba1df4b1d9b4f2454d088ab022b40f52b64b633279ce0d2a5c56c2da21e3d108058a1e21b385288d1d85d568a35c348f098635c025940140612d0d2a9bf68c5d12aed048b4b38b49043df3aa36755513f0496d473a13a2374fa1d4c742608786f1976e84f695bbe1545eb69bb6eb2822b4b97ad05a230def896649537766700ef7849a983adaa4dc747a8411f5ea3e34c500e39f97794fd7947de14bf9bfcb266e3a8ae1085ce102dccdccfdd333aff5a3ab18b5b5fe4a18d54af805480c6c553789e27c261335df889fa13282e781f3316f6262c9b344bccd43fbc279304b3acb8425f4746bddd9ad6030306e62ed09693d6823d4d603148b291ebeaecbcfdabe8f83a6e3cc7e6a8ed142c792935988a25c284e6ac2333d79fc3a8a1224e34", 0x17c, 0x0, &(0x7f00000009c0)={0x2, 0x14d, {0x0, 0xc, 0x9a, "850f9e0a01341504f1a9b2ff4e563735b95b2399d5f409dc67eae08b5b7160a88d589d885729ea7d2efb24d6d63531afa5911ed3df9ab1685554915eb6aa791d9789033d33184ebc971aeb61cf31c1c6366799a9f3dbdfe4cbe93716ae0f66b5f4d2238a169ddce9a7e9d9c1ea03d3e1ccf95f502276f34c1df6c534bee1df68b9829b96980869261c2e2d53309a8dd22cb727d8e955a04d0e39", 0xa6, "e522adcc591e19bd1b39d52b15d38d8143ad4955b8dd085f48eb5dca646f875ae794e2d6cb986718fc2c5260312e9d72ee9ac3a084e3846ef72823dc0d896557dd194f74a5b5f367265dfb6575258487812d8410fd62bf235d3fbc9ee4cc3a0016e6666bea9a6b28bd8462edecb836ec2ff29706ebaa70b5e7706fbd901431e510c5ed61e9e0c321cb09334cf358bd950dd8f06a2992123a45deed0a19d0db6ff47185550476"}, 0xc9, "d60adaa693b90ac486538a4bc35df530df51555e3df0bccd7d08834a980ec4f033289e28d4644d9318084f7bbc06a3f533d506a2bbd1d7de4d353b877110d899f38acc458b228c99a7601c02dcb4a0e80bbf11e19636a416a39af54be772a291945708227859d043ab87538bc4ef83aef491a1d51b8d1d3605f157971dff864a7fa68f4017b47ec1545f29e04f12777bd8982804c714d64c837468d3cd51bf534c2a622236483bf0b33dfef101f96473bca623c0b8edc3ac49e361e108875dd24b8bb8dcd2fbc2602d"}, 0x222}) truncate(&(0x7f0000000040)='./file1\x00', 0x7fff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000002100)='./file0\x00', 0x42, 0x0) read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2020) sendfile(r1, r1, &(0x7f0000000080), 0xe0000000) [ 103.570069][ T5307] Bluetooth: hci0: command tx timeout [ 103.672649][ T5331] loop0: detected capacity change from 0 to 1024 [ 103.753945][ T5331] [ 103.755331][ T5331] ============================================ [ 103.758111][ T5331] WARNING: possible recursive locking detected [ 103.760661][ T5331] syzkaller #0 Not tainted [ 103.762729][ T5331] -------------------------------------------- [ 103.765485][ T5331] syz.0.0/5331 is trying to acquire lock: [ 103.769089][ T5331] ffff888042a9b708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 103.775373][ T5331] [ 103.775373][ T5331] but task is already holding lock: [ 103.778843][ T5331] ffff888042a9a2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 103.784504][ T5331] [ 103.784504][ T5331] other info that might help us debug this: [ 103.788302][ T5331] Possible unsafe locking scenario: [ 103.788302][ T5331] [ 103.791761][ T5331] CPU0 [ 103.793335][ T5331] ---- [ 103.795385][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 103.798993][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 103.801681][ T5331] [ 103.801681][ T5331] *** DEADLOCK *** [ 103.801681][ T5331] [ 103.804910][ T5331] May be due to missing lock nesting notation [ 103.804910][ T5331] [ 103.808624][ T5331] 4 locks held by syz.0.0/5331: [ 103.810551][ T5331] #0: ffff88803d070420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 103.814791][ T5331] #1: ffff888042a9a4b8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 103.819247][ T5331] #2: ffff888042a9a2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 103.823831][ T5331] #3: ffff888042b8a8f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 103.828394][ T5331] [ 103.828394][ T5331] stack backtrace: [ 103.831213][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 103.831233][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 103.831242][ T5331] Call Trace: [ 103.831250][ T5331] [ 103.831256][ T5331] dump_stack_lvl+0xe8/0x150 [ 103.831278][ T5331] print_deadlock_bug+0x279/0x290 [ 103.831292][ T5331] __lock_acquire+0x253f/0x2cf0 [ 103.831304][ T5331] ? lock_release+0x4b/0x3d0 [ 103.831316][ T5331] ? lock_release+0x4b/0x3d0 [ 103.831328][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 103.831340][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 103.831352][ T5331] lock_acquire+0xf0/0x2e0 [ 103.831364][ T5331] ? hfsplus_get_block+0x39e/0x1670 [ 103.831376][ T5331] __mutex_lock+0x19f/0x1300 [ 103.831436][ T5331] ? hfsplus_get_block+0x39e/0x1670 [ 103.831446][ T5331] ? stack_trace_save+0xa9/0x100 [ 103.831458][ T5331] ? __pfx_stack_trace_save+0x10/0x10 [ 103.831468][ T5331] ? check_path+0x21/0x40 [ 103.831482][ T5331] ? check_noncircular+0xda/0x150 [ 103.831496][ T5331] ? hfsplus_get_block+0x39e/0x1670 [ 103.831506][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 103.831519][ T5331] ? __lock_acquire+0x146e/0x2cf0 [ 103.831531][ T5331] hfsplus_get_block+0x39e/0x1670 [ 103.831539][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 103.831546][ T5331] ? block_read_full_folio+0x672/0x830 [ 103.831554][ T5331] block_read_full_folio+0x29f/0x830 [ 103.831565][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 103.831573][ T5331] filemap_read_folio+0x137/0x3b0 [ 103.831584][ T5331] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 103.831600][ T5331] ? __pfx_filemap_read_folio+0x10/0x10 [ 103.831610][ T5331] ? filemap_add_folio+0x356/0x530 [ 103.831626][ T5331] do_read_cache_folio+0x358/0x590 [ 103.831637][ T5331] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 103.831651][ T5331] read_cache_page+0x5d/0x170 [ 103.831658][ T5331] hfsplus_block_free+0x134/0x630 [ 103.831667][ T5331] ? __kmalloc_noprof+0x37d/0x760 [ 103.831675][ T5331] hfsplus_free_extents+0x121/0xa50 [ 103.831685][ T5331] hfsplus_file_truncate+0x762/0xc30 [ 103.831695][ T5331] ? __pfx___up_read+0x10/0x10 [ 103.831705][ T5331] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 103.831715][ T5331] ? unmap_mapping_range+0xe6/0x180 [ 103.831728][ T5331] ? __pfx_unmap_mapping_range+0x10/0x10 [ 103.831739][ T5331] ? setattr_prepare+0x232/0xb30 [ 103.831751][ T5331] ? truncate_setsize+0xcf/0xf0 [ 103.831764][ T5331] hfsplus_setattr+0x1c4/0x270 [ 103.831779][ T5331] ? __pfx_hfsplus_setattr+0x10/0x10 [ 103.831792][ T5331] notify_change+0xc1a/0xf40 [ 103.831805][ T5331] do_truncate+0x1c2/0x250 [ 103.831830][ T5331] ? __pfx_do_truncate+0x10/0x10 [ 103.831840][ T5331] ? apparmor_path_truncate+0x245/0x2e0 [ 103.831908][ T5331] vfs_truncate+0x4b4/0x540 [ 103.831919][ T5331] ? __pfx_vfs_truncate+0x10/0x10 [ 103.831929][ T5331] ? do_getname+0x151/0x250 [ 103.831942][ T5331] do_sys_truncate+0xf3/0x1c0 [ 103.831952][ T5331] ? __pfx_do_sys_truncate+0x10/0x10 [ 103.831964][ T5331] __x64_sys_truncate+0x5b/0x70 [ 103.831974][ T5331] do_syscall_64+0x14d/0xf80 [ 103.831987][ T5331] ? trace_irq_disable+0x3b/0x150 [ 103.831997][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.832007][ T5331] ? clear_bhb_loop+0x40/0x90 [ 103.832018][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.832029][ T5331] RIP: 0033:0x7f3253d9c819 [ 103.832042][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.832052][ T5331] RSP: 002b:00007f3254d15fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 103.832066][ T5331] RAX: ffffffffffffffda RBX: 00007f3254015fa0 RCX: 00007f3253d9c819 [ 103.832074][ T5331] RDX: 0000000000000000 RSI: 0000000000007fff RDI: 0000200000000040 [ 103.832081][ T5331] RBP: 00007f3253e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 103.832087][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.832093][ T5331] R13: 00007f3254016038 R14: 00007f3254015fa0 R15: 00007ffd9567a1c8 [ 103.832103][ T5331] [ 104.046285][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.051500][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.055715][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.061288][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.064536][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.068400][ T5331] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.071828][ T5331] hfsplus: unable to mark blocks free: error -5 [ 104.074799][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.080414][ T5331] hfsplus: can't free extent: start 134, count 1 [ 104.083641][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.087264][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.091328][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.094652][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.100441][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.104163][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.107415][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.111128][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.114920][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.118925][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree [ 104.122439][ T5332] hfsplus: request for non-existent node 16777216 in B*Tree