program: r0 = io_uring_setup(0x58f2, &(0x7f0000000000)={0x0, 0xed81, 0x40, 0x1, 0x21a}) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000300)=ANY=[@ANYBLOB='nobarrier,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6465636f6d706f73652c666f7263652c666f7263652c756d61736b3d30303030303030303030303030303030303030303031302c6e6c733d64656661756c742c00d4023937168c6a03faba6a3338c76bbb2cc123a1966858d8147d2c8f6696a3afb73a4233a7d6d17cbf793d9f3d5dc088fadadfdb7688c6a99fb22e09bb9b1fbe01fd94fae1e35f93fdbc2d26ac49430c71a16ad073e2416238a4b5f8c9877c553b2690fd7148fad9a9579680000d1a5caad58758c05f80c742dfc96510890d6ab62c3d6bc97ea00353e76f0f436500c88ef1b3ec52d6d1b6189c2c09e76160176ee4c21e9bcebdcac3565569f673575a04183f4095c2743d1547baa170a07fb5b39c0af610bbf13953ecb5e354858f41aa5b7bf2fbde", @ANYRESDEC, @ANYRESDEC], 0x44, 0x70e, &(0x7f0000000480)="$eJzs3U9sW3cdAPDvcxw37qTM29ptIKRGq6hghTaJGS0SEmVCKIcJVeKyq2nTNYqTVUmG0gpRDxgc4YR64LAJhcNOaAckEAfEOCMhcUW9V+JeIYHRe37PsR3HiZsmabvPR3p+v/fe78/3fffez/bLKgfwmbXwdky2IomF829tptv3t+rN+1v1laIcESciohRR7qwiWY1IPo24Ep0lPpfuzLtLdhvnjQd//M25ex/XO1vlfEnrT+wz0vaIEVr5EjPR6XBm/xkolHfr71q8uaO/u2N1nXTjThN2tkgcHLf2Dq1xmu96vwNPj7sRE5ND9tciTkbEVP45IPLZoXTE4R3ER9NDdo41ywEAAMCTac+H6s8/jIexGcO+GgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7SDq/GZjkS6koz0RS/P5/Jd+XqlSOOd7RvrLH8Q9uHFEgAAAAAAAAAHAoPsn/cH/mYTyMzZgu9pc6q9ey11PZ63PxXqzHYqzFhdiMRmzERqzFXMTkdE+Hlc3Gxsba3M6Wv460Zbvdvpu3nI+I2o6W8498KlOP3BIAAAAAAAAAnh0/iYWYPu4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgVxIx0Vlly6miXItSOSKmIqKS1mtF/LkoP+mqI4795QjjAAAAgGNSfDWeTv7XKbST7Dv/y9n3/ql4L1ZjI5ZiI5qxGNezZwGdb/2lf7Tqzftb9ZV02dnxt/89VhxZjxExEe/vMvJsVuN0t8VCfDe+H+djJq7GWizFD6MRG7EYM1FNTyIakUSt2nl6USviHB7vlb6tq4OxnRnYfjWLpBo3YimL7UJcq0TnsUl2DumYr/aM9odKxMCI76fZSb6V22eOrvf89/pV/lwm135+n30cjlp25pPdjMymuc+z8cLo3I95nQyONBel7jOoU9ujpJuDIxU5/8E4OT+Zr9Nc/7w/54/bmI/SBjMxH6X86ot4uT/nt75478X+xl/+51+v3iytLt+8sX7+EE/pIGb2qjBZFAYzUe/JxCujr748E800E600E1P7im1ycMf+mh26Sp6NbCra52z5nazUiNd6LsFWXI/FuBSzMReXYza+EfNR715h6XK6L6/l+kp/TrJ7rbRzfhv1JPbsl3oq/WKPykcrzcsLPXntnelq2bF8z5VfxmzP1ffi6Ktv7HeBdPzP5+V0jJ9233GeBH2ZyOfmIrqXRmfio3b6ut5cXV672bi1z/HO5et0Avugf27+7c7a/92ll8F398chvV7SGbecbWU5qRbXS3rspW60/fmq5H9x6bQr7Th2unusFtOxFN+Ld3e5Uyv5Z7idPXWOvdJ77F/bM2cl/3xTHOv7lBPvRjP7FDJgz6kagCN28vWTleqD6t+rH1Z/Vr1ZfWvqzROXT3yhEpN/K/9p4vel35W+mbweH8aPY/q4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGfB+u07y41mc3GtW4ipwT0HLVR2HWt0IUp71tl6bn8dRi1i6BDdQpIXKo/33J/GQjUG9hS/sHTQnj+JiBF1KgcOPhn7Ghu7kObhsXRY/HBatqc9MUbzctFqeJ1yrE/FciMpD7njTmzfBVFbbjT/0+5rXo2eWwZ4xl3cWLl1cf32na8urTTeWXxncXX+8qXLl+pfn/vaxRtLzcXZzutxRwkchvXbdyaOOwYAAAAAAAAAAABgPPn//b/xyP+YodzdMzm0TmVtffjIZ476VAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICn1MLbMdmKJOZmL8ym2/e36s10KcrbNcsRUYqI5EcRyacRV6KzRK2nu2S3cd54EKVz9z6ub/dVLuqXRrUbZapbauVLzETERL7e24mB7dbQ/q719Nd6lDizs+ucYZqws0Xi4Lj9PwAA//8Bj/O0") openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x103a42, 0x0) [ 89.431992][ T5296] Bluetooth: hci0: command tx timeout [ 89.705627][ T5319] loop0: detected capacity change from 0 to 1024 [ 89.763423][ T5319] hfsplus: inconsistency in B*Tree (1,0,2,1,0) [ 89.773235][ T5319] hfsplus: xattr searching failed [ 89.784306][ T5319] hfsplus: inconsistency in B*Tree (1,0,2,1,0) [ 89.786959][ T5319] hfsplus: xattr searching failed [ 89.790221][ T5319] [ 89.791423][ T5319] ============================================ [ 89.794079][ T5319] WARNING: possible recursive locking detected [ 89.796412][ T5319] syzkaller #0 Not tainted [ 89.798091][ T5319] -------------------------------------------- [ 89.800584][ T5319] syz.0.0/5319 is trying to acquire lock: [ 89.802948][ T5319] ffff8880120bf708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 89.808508][ T5319] [ 89.808508][ T5319] but task is already holding lock: [ 89.811760][ T5319] ffff8880120be2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 89.816395][ T5319] [ 89.816395][ T5319] other info that might help us debug this: [ 89.819846][ T5319] Possible unsafe locking scenario: [ 89.819846][ T5319] [ 89.823170][ T5319] CPU0 [ 89.824419][ T5319] ---- [ 89.825779][ T5319] lock(&HFSPLUS_I(inode)->extents_lock); [ 89.828107][ T5319] lock(&HFSPLUS_I(inode)->extents_lock); [ 89.830323][ T5319] [ 89.830323][ T5319] *** DEADLOCK *** [ 89.830323][ T5319] [ 89.833682][ T5319] May be due to missing lock nesting notation [ 89.833682][ T5319] [ 89.837292][ T5319] 4 locks held by syz.0.0/5319: [ 89.839264][ T5319] #0: ffff888012364420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 89.844072][ T5319] #1: ffff8880120be4b8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 89.849206][ T5319] #2: ffff8880120be2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 89.853739][ T5319] #3: ffff8880374e28f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 89.857641][ T5319] [ 89.857641][ T5319] stack backtrace: [ 89.859803][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.859816][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 89.859823][ T5319] Call Trace: [ 89.859830][ T5319] [ 89.859835][ T5319] dump_stack_lvl+0xe8/0x150 [ 89.859851][ T5319] print_deadlock_bug+0x279/0x290 [ 89.859867][ T5319] __lock_acquire+0x253f/0x2cf0 [ 89.859880][ T5319] ? lock_release+0x4b/0x3d0 [ 89.859890][ T5319] ? lock_release+0x4b/0x3d0 [ 89.859901][ T5319] ? is_bpf_text_address+0x292/0x2b0 [ 89.859909][ T5319] ? is_bpf_text_address+0x26/0x2b0 [ 89.859918][ T5319] lock_acquire+0xf0/0x2e0 [ 89.859928][ T5319] ? hfsplus_get_block+0x39e/0x1670 [ 89.859941][ T5319] __mutex_lock+0x19f/0x1300 [ 89.860002][ T5319] ? hfsplus_get_block+0x39e/0x1670 [ 89.860015][ T5319] ? stack_trace_save+0xa9/0x100 [ 89.860026][ T5319] ? __pfx_stack_trace_save+0x10/0x10 [ 89.860035][ T5319] ? check_path+0x21/0x40 [ 89.860074][ T5319] ? check_noncircular+0xda/0x150 [ 89.860086][ T5319] ? hfsplus_get_block+0x39e/0x1670 [ 89.860099][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 89.860110][ T5319] ? __lock_acquire+0x146e/0x2cf0 [ 89.860123][ T5319] hfsplus_get_block+0x39e/0x1670 [ 89.860136][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 89.860147][ T5319] ? do_raw_spin_unlock+0x4d/0x210 [ 89.860155][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 89.860166][ T5319] block_read_full_folio+0x29f/0x830 [ 89.860175][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 89.860186][ T5319] filemap_read_folio+0x137/0x3b0 [ 89.860194][ T5319] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 89.860208][ T5319] ? __pfx_filemap_read_folio+0x10/0x10 [ 89.860215][ T5319] ? filemap_add_folio+0x356/0x530 [ 89.860226][ T5319] do_read_cache_folio+0x358/0x590 [ 89.860277][ T5319] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 89.860292][ T5319] read_cache_page+0x5d/0x170 [ 89.860303][ T5319] hfsplus_block_free+0x134/0x630 [ 89.860313][ T5319] ? __kmalloc_noprof+0x37d/0x760 [ 89.860326][ T5319] hfsplus_free_extents+0x121/0xa50 [ 89.860338][ T5319] hfsplus_file_truncate+0x762/0xc30 [ 89.860353][ T5319] ? __pfx___up_read+0x10/0x10 [ 89.860361][ T5319] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 89.860372][ T5319] ? unmap_mapping_range+0xe6/0x180 [ 89.860382][ T5319] ? __pfx_unmap_mapping_range+0x10/0x10 [ 89.860397][ T5319] ? setattr_prepare+0x232/0xb30 [ 89.860406][ T5319] ? truncate_setsize+0xcf/0xf0 [ 89.860417][ T5319] hfsplus_setattr+0x1c4/0x270 [ 89.860429][ T5319] ? __pfx_hfsplus_setattr+0x10/0x10 [ 89.860440][ T5319] notify_change+0xc1a/0xf40 [ 89.860449][ T5319] do_truncate+0x1c2/0x250 [ 89.860466][ T5319] ? __pfx_do_truncate+0x10/0x10 [ 89.860477][ T5319] ? apparmor_file_truncate+0x3b1/0x4a0 [ 89.860533][ T5319] path_openat+0x2f89/0x3860 [ 89.860553][ T5319] ? __pfx_path_openat+0x10/0x10 [ 89.860565][ T5319] ? __x64_sys_openat+0x138/0x170 [ 89.860577][ T5319] ? __lock_acquire+0x6b5/0x2cf0 [ 89.860588][ T5319] do_file_open+0x23e/0x4a0 [ 89.860601][ T5319] ? __pfx_do_file_open+0x10/0x10 [ 89.860620][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 89.860630][ T5319] ? alloc_fd+0x64b/0x6c0 [ 89.860642][ T5319] do_sys_openat2+0x113/0x200 [ 89.860652][ T5319] ? __se_sys_futex+0x3a8/0x450 [ 89.860662][ T5319] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.860673][ T5319] ? rcu_is_watching+0x15/0xb0 [ 89.860684][ T5319] __x64_sys_openat+0x138/0x170 [ 89.860695][ T5319] do_syscall_64+0x14d/0xf80 [ 89.860707][ T5319] ? trace_irq_disable+0x3b/0x150 [ 89.860719][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.860728][ T5319] ? clear_bhb_loop+0x40/0x90 [ 89.860737][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.860747][ T5319] RIP: 0033:0x7f40a099c629 [ 89.860757][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.860764][ T5319] RSP: 002b:00007f40a190b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 89.860774][ T5319] RAX: ffffffffffffffda RBX: 00007f40a0c15fa0 RCX: 00007f40a099c629 [ 89.860782][ T5319] RDX: 0000000000103a42 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 89.860789][ T5319] RBP: 00007f40a0a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 89.860794][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.860800][ T5319] R13: 00007f40a0c16038 R14: 00007f40a0c15fa0 R15: 00007ffe7909cab8 [ 89.860809][ T5319] [ 90.100684][ T5319] hfsplus: unable to mark blocks free: error -5 [ 90.103834][ T5319] hfsplus: can't free extent: start 134, count 1