program: r0 = syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='part=0x000000000000500f,nodecompose,decompose,part=0x000000000000000c,uid=', @ANYRESHEX=0x0, @ANYBLOB=',barrier,nls=cp949,gid=', @ANYRESHEX=0xee00, @ANYBLOB="0000ec6d32fc9bea83cd78f29755429a40837815c5148eea5bd60b700139f3728b42a822e55f00693cc8e82de58ca5247eb49c98717a0169e3ab18feed6f6ebc1df4e58bd3a19582aa4e56e7df29527dbb309b7f"], 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r1 = gettid() syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000001, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0], 0x2, 0x580, &(0x7f0000000c40)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwmJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhSLnJNzv5Joojc3yZ38ftDec8957nvec6CF5/0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDiq6/eHL2SDroWAAAAQD99/fbro2PyfwAAAPhIu6P/HwAAAAAAAAAGXYosvh8p1k6tp5PF9w3VWwuLb63NTE5t/7ORVPzyWBGf/6leGbt67aXx619ofv733++1C/Ha7Ts3668sPXy0PL+yMj9Xn1lcuLc0N7/rEnr9/WYvFi+g/vDNt+bu31+pj12+2nV5rfaX48+cq0188dWzt5qxM5NTU7c7YoYq//fdtzDCAwAA4GgbjiyuRYo7F3+aTkVEFr3nwju0HfTbSNTy/Lt4iJnJqeJBGguzi6v5xelmIlzrzomHmznyPuTiPalFnM7rOiyjBwAAYPcqkcWnIsWFp+vp2Yg41syDP1csDLhzAbV9qOQ2hiLiTERcigHI2QEAAOCAHY8sXo8Uv2rU4rkyry7y/69ETBx05QAAAIA9MRRZXI8UH0ysp1oxHiAiXpyZnKrfulv/2uL9pY7Y6VT2qA/6/ID9ZGwCAAAAh0A1sjhV9Pivp+cPujIAAABAX4xEFv+IFJ99+dvFunJRrEv/3MSXTt6Y6lxh7vwO5eSxlyPi4i7n5FfKtQan03RK2ZbSnuzJwwEAAACFasriz5Hiwz9Wi++Xytw8DR10zQAAAIA9k7L4XqT48vR6Spv2pT/Wsb9/y6DP/e9v/Ueqryw9ery88OCN1W2vn6je/NbK6vLsve0vb+xd2DUcYqd9DAEAAGAXKimLv0eK3zbea+Wd5R4A5QiAdqL57o12blpNm64W7QbPFu0GrTkEz4yNdR5vm7L+D+vj1cr7Huv9sQEAAOBISSmL4Ujxmd98vNz7/0Rs6YMu434XKW4svVDGZcN5XHOaQK34u3p/oTE/msdORoqfN5qxUcQeL2PPtGOv5LG/zsud7Y6tlrFn27FjeezTSPHG8vaxH2vHXs1jlyPFT35Ub8aeyGNPlrHn2rGX7y015vr2ggEAAOAQqKQsfhEpfvjPemvKf3f/f7u3/d132v39Wxbo+w99/r32/9c6zj0p2yGOl+0VQzu0V7wWKS48/0LzeYq2guawgo29DtrtFX+LFMvf6I4dLmNPt2Ov7PrFAgAAwCHSHP//+7u/bA25L3Pg8uv2+f8nNq8P2Kf8v3NPwvyeK4/ffnO20ZhfHqSD70ZE15l0SCrm4OgelP+onhyW+vR60Nv/gwAAcBTk+f/dSLH2wfut/u4y/y+Hyrfz/w+/087/JzYX1Kf8/3THuYlyvYHKUER19eGjyvmI6srjtz+/8HD2wfyD+cWr4y+Nj46PX782Vhludu63j3p+VwAAADCo8vx/NFL89Qc/bs3P303//4nNBfUp/z/TcS6/Z7vTLz/zp14fHwAAAI6EPP//WaT4w8X3Wuvodef/Hev/v9OeZ3/p0xujBVqtA33K/892nKsV940Y2aNnBwAAAAAAAAAAAAAAAAAAgMOikrL4V6R4vzqUygX/d7X+39zmgvo0//9cx7m52J/9/3p+qQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCgsshiIVJ88vx6ejk/8c2Ik52fAAAAwMD7dwAAAP//GBMbFQ==") r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) unlink(&(0x7f0000000000)='./file1\x00') setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x4e21, @broadcast}}, 0x0, 0x0, 0x25, 0x0, "5a3f72e567fd056717e04f0359bf4c681b118dc5ae4dd09dd497b083b99e9509bcd61d214e7595b7b947baf86e714fd524f357db3a18a4416c8c45158a993909f756d734584b3665eefb0ee8d22b8aac"}, 0xd8) ptrace$ARCH_GET_FS(0x1e, r1, &(0x7f0000000000), 0x1003) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x82, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40081271, &(0x7f00000002c0)=0x1000) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x3, 0xf5, 0x1, 0x200}, {0x6, 0x4, 0x3, 0x9}]}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x18, r6, {0x1}}, './file1\x00'}) mkdirat(r3, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) [ 189.790348][ T45] Bluetooth: hci0: command tx timeout [ 189.877314][ T5342] loop0: detected capacity change from 0 to 1024 [ 189.987260][ T5342] hfsplus: invalid extended attribute record [ 190.001353][ T5342] [ 190.002631][ T5342] ============================================ [ 190.005681][ T5342] WARNING: possible recursive locking detected [ 190.009002][ T5342] syzkaller #0 Not tainted [ 190.011356][ T5342] -------------------------------------------- [ 190.014202][ T5342] syz.0.0/5342 is trying to acquire lock: [ 190.016658][ T5342] ffff8880392b3708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 190.021259][ T5342] [ 190.021259][ T5342] but task is already holding lock: [ 190.024800][ T5342] ffff8880392b1c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 190.030507][ T5342] [ 190.030507][ T5342] other info that might help us debug this: [ 190.033754][ T5342] Possible unsafe locking scenario: [ 190.033754][ T5342] [ 190.036745][ T5342] CPU0 [ 190.037940][ T5342] ---- [ 190.039162][ T5342] lock(&HFSPLUS_I(inode)->extents_lock); [ 190.041376][ T5342] lock(&HFSPLUS_I(inode)->extents_lock); [ 190.044158][ T5342] [ 190.044158][ T5342] *** DEADLOCK *** [ 190.044158][ T5342] [ 190.048166][ T5342] May be due to missing lock nesting notation [ 190.048166][ T5342] [ 190.052102][ T5342] 6 locks held by syz.0.0/5342: [ 190.054229][ T5342] #0: ffff888041ea2420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 190.058253][ T5342] #1: ffff8880392b3238 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_unlinkat+0x2a7/0x610 [ 190.062907][ T5342] #2: ffff8880392b1df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: vfs_unlink+0xed/0x6c0 [ 190.068114][ T5342] #3: ffff888033da2998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x182/0x930 [ 190.072783][ T5342] #4: ffff8880392b1c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 190.077750][ T5342] #5: ffff888033da28f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 190.081748][ T5342] [ 190.081748][ T5342] stack backtrace: [ 190.083927][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 190.083950][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 190.083959][ T5342] Call Trace: [ 190.083971][ T5342] [ 190.083977][ T5342] dump_stack_lvl+0xe8/0x150 [ 190.084000][ T5342] print_deadlock_bug+0x279/0x290 [ 190.084026][ T5342] __lock_acquire+0x253f/0x2cf0 [ 190.084041][ T5342] ? lock_release+0x4b/0x3d0 [ 190.084049][ T5342] ? lock_release+0x4b/0x3d0 [ 190.084058][ T5342] ? is_bpf_text_address+0x292/0x2b0 [ 190.084068][ T5342] ? is_bpf_text_address+0x26/0x2b0 [ 190.084077][ T5342] lock_acquire+0xf0/0x2e0 [ 190.084086][ T5342] ? hfsplus_get_block+0x39e/0x1670 [ 190.084095][ T5342] __mutex_lock+0x19f/0x1300 [ 190.084140][ T5342] ? hfsplus_get_block+0x39e/0x1670 [ 190.084148][ T5342] ? stack_trace_save+0xa9/0x100 [ 190.084158][ T5342] ? __pfx_stack_trace_save+0x10/0x10 [ 190.084166][ T5342] ? check_path+0x21/0x40 [ 190.084176][ T5342] ? check_noncircular+0xda/0x150 [ 190.084192][ T5342] ? hfsplus_get_block+0x39e/0x1670 [ 190.084202][ T5342] ? __pfx___mutex_lock+0x10/0x10 [ 190.084215][ T5342] ? __lock_acquire+0x146e/0x2cf0 [ 190.084230][ T5342] hfsplus_get_block+0x39e/0x1670 [ 190.084238][ T5342] ? __pfx_hfsplus_get_block+0x10/0x10 [ 190.084245][ T5342] ? block_read_full_folio+0x672/0x830 [ 190.084254][ T5342] block_read_full_folio+0x29f/0x830 [ 190.084263][ T5342] ? __pfx_hfsplus_get_block+0x10/0x10 [ 190.084269][ T5342] filemap_read_folio+0x137/0x3b0 [ 190.084279][ T5342] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 190.084294][ T5342] ? __pfx_filemap_read_folio+0x10/0x10 [ 190.084304][ T5342] ? filemap_add_folio+0x356/0x530 [ 190.084320][ T5342] do_read_cache_folio+0x358/0x590 [ 190.084332][ T5342] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 190.084347][ T5342] read_cache_page+0x5d/0x170 [ 190.084364][ T5342] hfsplus_block_free+0x134/0x630 [ 190.084380][ T5342] ? __kmalloc_noprof+0x37d/0x760 [ 190.084393][ T5342] hfsplus_free_extents+0x121/0xa50 [ 190.084405][ T5342] hfsplus_file_truncate+0x762/0xc30 [ 190.084415][ T5342] ? hfsplus_delete_cat+0x860/0xe80 [ 190.084424][ T5342] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 190.084432][ T5342] ? __pfx___mutex_lock+0x10/0x10 [ 190.084444][ T5342] hfsplus_delete_inode+0x180/0x230 [ 190.084458][ T5342] hfsplus_unlink+0x4ee/0x930 [ 190.084467][ T5342] ? __pfx_hfsplus_unlink+0x10/0x10 [ 190.084475][ T5342] ? __pfx_down_write+0x10/0x10 [ 190.084485][ T5342] ? try_break_deleg+0x5b/0x180 [ 190.084492][ T5342] vfs_unlink+0x272/0x6c0 [ 190.084500][ T5342] filename_unlinkat+0x3cd/0x610 [ 190.084509][ T5342] ? __pfx_filename_unlinkat+0x10/0x10 [ 190.084517][ T5342] ? do_getname+0x151/0x250 [ 190.084526][ T5342] __se_sys_unlink+0x2e/0x140 [ 190.084534][ T5342] do_syscall_64+0x14d/0xf80 [ 190.084543][ T5342] ? trace_irq_disable+0x3b/0x150 [ 190.084550][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.084557][ T5342] ? clear_bhb_loop+0x40/0x90 [ 190.084565][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.084572][ T5342] RIP: 0033:0x7f3fac79c819 [ 190.084582][ T5342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 190.084588][ T5342] RSP: 002b:00007f3fad5e2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 190.084601][ T5342] RAX: ffffffffffffffda RBX: 00007f3faca15fa0 RCX: 00007f3fac79c819 [ 190.084609][ T5342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 190.084615][ T5342] RBP: 00007f3fac832c91 R08: 0000000000000000 R09: 0000000000000000 [ 190.084621][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 190.084627][ T5342] R13: 00007f3faca16038 R14: 00007f3faca15fa0 R15: 00007ffc56296ab8 [ 190.084637][ T5342] [ 190.290899][ T5342] hfsplus: unable to mark blocks free: error -5 [ 190.295292][ T5342] hfsplus: can't free extent: start 134, count 1