program: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1800}}, &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1800}}, &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc4f, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r1, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[], 0xff, 0x5ff, &(0x7f0000000780)="$eJzs3U1vG8cdB+DfUrRkuYCjJHbiFgEqxGhaVKitFyiteqlbFIUOQRGkh54FW44J00ogMYUSFIX7fu0hHyA96NZTgd4NpOixveWqQw8BAvSSk24qdrmUGJOWGcsRpeR5hNmZ2dmdmf2T3OVSIBjgK2t1Ls0HKbI699p2Wd/dWWrv7izd65WTTCVpJM1ulmIjKT5MbqSb8vVyZd1d8ahx3m+tvPHRp7sfd2vNOlXbN45/FPfrlNkkE3X+tPq7eez+ioPIlAG72gscjNv+gPuj7PbY1ztwdhTd6+aAmeRCkvP1+4DUZ4encM0er5HOcgAAAHDGPbOXvWzn4rjnAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdJ/fv/RZ0avfJsit7v/0/W61KXz6iJavlg3NMAAAAAAAAAgKfgm3vZy3Yu9ur7RfU//5eryqVq+bW8k62sZzPXsp21dNLJZhaSzPR1NLm91ulsLoyw5+LQPRdP5ngBAAAAAAAA4Evqd1k9/P8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcBkUy0c2qdKlXnkmjmeR8kslyu/vJf3rls+zBuCcAAAAAJ+CZvexlOxd79f2iuud/obrvP593spFOWumknfXcqj4L6N71N3Z3ltq7O0v3yjTY74//N/oc9ve7Pab72cPwka9UW0zndlrVmmu5mbfSzq00qj1LV3rzGT6v35ZzKn5UGzqVqYE1t+q8PPK/1PmY/fdbVTZTReTcQUTm67mV0Xj26Eh8nkdnyEgLaRx88nPpODF/RDAv9DX/6XTEvPZwJBb7nn0vHB2J5Nv/+Nsv77Q37t65vTV3eg7pCT0ciaW+SLz4lYrEfBWJywf11fwsv8hcZvN6NtPKr7KWTtYzm59WpbX6+VwuZ46O1I3P1F5/3Ewm68elexb9fHN6udr3Ylr5ed7Krazn1epvMQv5fpaznJW+R/jyCK/6xpFn2gFXv1MXppP8uc5PhzKuz/bFtf+cO1O19a85jNJzx74eDWh+oy6UY/y+zk+HhyOx0BeJ54+OxF/3y+VWe+Pu5p21t0cc75U6L19HfzxVV4ny+fJc+WBVtc8+O8q254e2LVRtlw7aGgNtlw/aHvdKnazfww32tFi1vTi0balqu9LXNuz9FgCn3oXvXpic/mT639MfTP9h+s70a+d/MvWDqZcmc+6f537YnJ94pfFS8fd8kN8c3v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPbuvd9+6utdvrmwrHLkwlOdlB/1X/buH4j13hRAqTJzfWuM9MwBfteufe29e33n3ve617a2+uv7m+sbK8vDK/svzq0vXbrfb6fHc57lkCX4TDi/64ZwIAAAAAAAAAAACM6vHfByi3qtd88mRfJxj3MQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABn2+pcmg9SZGH+2nxZ391ZapepVz7cspmkkaT4dVJ8mNxIN2Wmr7viUeO831p546NPdz8+7KvZ275x1H6juV+nzCaZqPOn1d/NY/dXHBxhGbCrvcDBuP0/AAD//23dDI4=") mknodat(0xffffffffffffff9c, &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x21c0, 0x103) (async) mknodat(0xffffffffffffff9c, &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x21c0, 0x103) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x127042, 0x1ff) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) [ 201.805304][ T5329] Bluetooth: hci0: command tx timeout [ 201.861846][ T5348] loop0: detected capacity change from 0 to 1024 [ 201.968907][ T24] audit: type=1800 audit(1775917187.350:2): pid=5349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file7" dev="loop0" ino=26 res=0 errno=0 [ 201.988266][ T5348] [ 201.989686][ T5348] ============================================ [ 201.992818][ T5348] WARNING: possible recursive locking detected [ 201.995599][ T5348] syzkaller #0 Not tainted [ 201.997366][ T5348] -------------------------------------------- [ 202.000332][ T5348] syz.0.0/5348 is trying to acquire lock: [ 202.002956][ T5348] ffff88801cdbf708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 202.007252][ T5348] [ 202.007252][ T5348] but task is already holding lock: [ 202.010502][ T5348] ffff88801cdbd548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 202.015460][ T5348] [ 202.015460][ T5348] other info that might help us debug this: [ 202.018773][ T5348] Possible unsafe locking scenario: [ 202.018773][ T5348] [ 202.022801][ T5348] CPU0 [ 202.024625][ T5348] ---- [ 202.026142][ T5348] lock(&HFSPLUS_I(inode)->extents_lock); [ 202.028808][ T5348] lock(&HFSPLUS_I(inode)->extents_lock); [ 202.031636][ T5348] [ 202.031636][ T5348] *** DEADLOCK *** [ 202.031636][ T5348] [ 202.035349][ T5348] May be due to missing lock nesting notation [ 202.035349][ T5348] [ 202.039048][ T5348] 4 locks held by syz.0.0/5348: [ 202.041207][ T5348] #0: ffff888011818420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 202.045252][ T5348] #1: ffff88801cdbd738 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 202.049380][ T5348] #2: ffff88801cdbd548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 202.054235][ T5348] #3: ffff88801fc9e0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 202.058716][ T5348] [ 202.058716][ T5348] stack backtrace: [ 202.061430][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 202.061445][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.061453][ T5348] Call Trace: [ 202.061463][ T5348] [ 202.061471][ T5348] dump_stack_lvl+0xe8/0x150 [ 202.061502][ T5348] print_deadlock_bug+0x279/0x290 [ 202.061524][ T5348] __lock_acquire+0x253f/0x2cf0 [ 202.061539][ T5348] ? lock_release+0x4b/0x3d0 [ 202.061552][ T5348] ? lock_release+0x4b/0x3d0 [ 202.061567][ T5348] ? is_bpf_text_address+0x292/0x2b0 [ 202.061579][ T5348] ? is_bpf_text_address+0x26/0x2b0 [ 202.061592][ T5348] lock_acquire+0xf0/0x2e0 [ 202.061605][ T5348] ? hfsplus_get_block+0x39e/0x1670 [ 202.061618][ T5348] __mutex_lock+0x19f/0x1300 [ 202.061689][ T5348] ? hfsplus_get_block+0x39e/0x1670 [ 202.061699][ T5348] ? stack_trace_save+0xa9/0x100 [ 202.061711][ T5348] ? __pfx_stack_trace_save+0x10/0x10 [ 202.061723][ T5348] ? check_path+0x21/0x40 [ 202.061736][ T5348] ? check_noncircular+0xda/0x150 [ 202.061751][ T5348] ? hfsplus_get_block+0x39e/0x1670 [ 202.061762][ T5348] ? __pfx___mutex_lock+0x10/0x10 [ 202.061777][ T5348] ? __lock_acquire+0x146e/0x2cf0 [ 202.061795][ T5348] hfsplus_get_block+0x39e/0x1670 [ 202.061808][ T5348] ? __pfx_hfsplus_get_block+0x10/0x10 [ 202.061819][ T5348] ? do_raw_spin_unlock+0x4d/0x210 [ 202.061832][ T5348] ? _raw_spin_unlock+0x28/0x50 [ 202.061847][ T5348] block_read_full_folio+0x29f/0x830 [ 202.061865][ T5348] ? __pfx_hfsplus_get_block+0x10/0x10 [ 202.061875][ T5348] filemap_read_folio+0x137/0x3b0 [ 202.061889][ T5348] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 202.061906][ T5348] ? __pfx_filemap_read_folio+0x10/0x10 [ 202.061918][ T5348] ? filemap_add_folio+0x356/0x530 [ 202.061936][ T5348] do_read_cache_folio+0x358/0x590 [ 202.061950][ T5348] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 202.061967][ T5348] read_cache_page+0x5d/0x170 [ 202.061979][ T5348] hfsplus_block_free+0x134/0x630 [ 202.061996][ T5348] ? __kmalloc_noprof+0x37d/0x760 [ 202.062008][ T5348] hfsplus_free_extents+0x121/0xa50 [ 202.062020][ T5348] hfsplus_file_truncate+0x762/0xc30 [ 202.062033][ T5348] ? __pfx___up_read+0x10/0x10 [ 202.062044][ T5348] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 202.062056][ T5348] ? unmap_mapping_range+0xe6/0x180 [ 202.062071][ T5348] ? __pfx_unmap_mapping_range+0x10/0x10 [ 202.062085][ T5348] ? setattr_prepare+0x232/0xb30 [ 202.062097][ T5348] ? truncate_setsize+0xcf/0xf0 [ 202.062113][ T5348] hfsplus_setattr+0x1c4/0x270 [ 202.062128][ T5348] ? __pfx_hfsplus_setattr+0x10/0x10 [ 202.062143][ T5348] notify_change+0xc1a/0xf40 [ 202.062160][ T5348] do_truncate+0x1c2/0x250 [ 202.062173][ T5348] ? __pfx_do_truncate+0x10/0x10 [ 202.062182][ T5348] ? apparmor_file_truncate+0x39f/0x470 [ 202.062236][ T5348] path_openat+0x2f89/0x3860 [ 202.062255][ T5348] ? __pfx_path_openat+0x10/0x10 [ 202.062263][ T5348] ? __x64_sys_openat+0x138/0x170 [ 202.062280][ T5348] ? __lock_acquire+0x6b5/0x2cf0 [ 202.062295][ T5348] do_file_open+0x23e/0x4a0 [ 202.062306][ T5348] ? __pfx_do_file_open+0x10/0x10 [ 202.062320][ T5348] ? _raw_spin_unlock+0x28/0x50 [ 202.062331][ T5348] ? alloc_fd+0x64b/0x6c0 [ 202.062348][ T5348] do_sys_openat2+0x113/0x200 [ 202.062361][ T5348] ? __se_sys_futex+0x3a8/0x450 [ 202.062376][ T5348] ? __pfx_do_sys_openat2+0x10/0x10 [ 202.062389][ T5348] ? rcu_is_watching+0x15/0xb0 [ 202.062405][ T5348] __x64_sys_openat+0x138/0x170 [ 202.062423][ T5348] do_syscall_64+0x14d/0xf80 [ 202.062436][ T5348] ? trace_irq_disable+0x3b/0x150 [ 202.062447][ T5348] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.062458][ T5348] ? clear_bhb_loop+0x40/0x90 [ 202.062471][ T5348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.062489][ T5348] RIP: 0033:0x7fb427b9c819 [ 202.062504][ T5348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.062511][ T5348] RSP: 002b:00007fb42897efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 202.062521][ T5348] RAX: ffffffffffffffda RBX: 00007fb427e15fa0 RCX: 00007fb427b9c819 [ 202.062526][ T5348] RDX: 0000000000101740 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 202.062531][ T5348] RBP: 00007fb427c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 202.062535][ T5348] R10: 0000000000000179 R11: 0000000000000246 R12: 0000000000000000 [ 202.062540][ T5348] R13: 00007fb427e16038 R14: 00007fb427e15fa0 R15: 00007ffdb5b3f5b8 [ 202.062547][ T5348] [ 202.298730][ T5348] hfsplus: unable to mark blocks free: error -5 [ 202.302093][ T5348] hfsplus: can't free extent: start 134, count 1