program: syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYRES64=0x0], 0x3, 0x6b4, &(0x7f0000000b40)="$eJzs3U+IHFkdB/BvdTo96QjZ2X/ZKMIOG1h0g8lMmjURhI0ikkOQoJe9DslkM6STXSazkl3EdNRV8ORJ9uBhReJhTyIirCdxPQuCF0+5B7wp5KCOVHV1T09PZzJjMtPJ7ucD1fWqXr33fvVL/emuztABPrXOvp79vRQ5e+zcjXL5zu1O987tztVBOclMkkbS7M9StJPi4+RM+lM+W66suyvuN86rdz8qmu9/2OkvNf/Vrvqrtm9s1e7W+IqJW/aSA8OFfUnm+sV/bzMLE/qrpqqfC+v9/Z+KYdxlwo4OEgfTtrZJb72y8cDm9z1vgSfHzf59c5PZ5GD6d9fyfUDqq8ODrwzTt+W1qbd3cQAAAMBumfhZftRT93IvN3Job8IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4ai/5uBRT01BuW5FIPf/2+N/KZ+a8rhPqT3LlWzbz817UAAAAAAAAAA4KG8eC/3ciOHBstrRfWd/0vVwnPV62fydq5nKSs5nhtZzGpWs5KFJLMjHbVuLK6urixsbvnzlC3X1tZu1i1PTmx5cmNcvfFAJ/1Pg00bAQAAAAAAAMCn1g9ydv37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBwUyb7+rJqeG5Rn02gmOZCkVcwNN29NNdhH4I/TDgAAAAB2X7ueHyr+2y+sFdVn/sPV5/4DeTvXsprlrKabpVysngX0P/U3/trrdO/c7lwtp80df+0fO4qj6jH9Zw+TR56vtnh+2OJsvpnv5Fjmcj4rWc53s5jVLGUu36hKiykyWz+9mL1zu51BrJvjPbNh6fx4bC+OlMv4jlSRtHMpy1Vsx3OhNQi9UW93ZGS037eSsRFvldkpXqttmZm1YeliPS/36Gf1fE+duV/FbLXn+4cZma9zX2bj6dG8b879Do+T8ZEW0hg+g3pufZRycXykHeR83cF6Xub6x7ub8x0+StuYid5Py6XB0Xd465wnX/zbn85fbly7cvnS9WN7fhg9auPHRGckEy9sKxPdMhO9h8jEgYeJ/9Fp1dnoX0V3drV8qWp7KMv5Vt7MxSzlVOazkNOZz1dyMp2cHMnr81vntTrXGjs7145+oS6U96SfjNyb9szM/SrKvD49ktfRK91sVTe6Zj1Lz2wjS0Urk7P094mhND9XF8oxfjhyx5m+8UwsjGTi2a0z8cv/lLe5691rV1YuL761zfFeruflafvexmvzrx7JDu1cvbvl8fJM+Y+V/m1j9Ogo654d1I3lq1V/49KsO9tQ10p1PvfrHnSmlj0dvjWpp37dCxNH6VR1R0bqNrzLyZvpDt+FAPAYO/jKwVb7bvsv7Q/aP2pfbp878PWZ0zOfb2X/n5t/2Pebxq8bXy1eyQf5fg5NO1IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgkuP7Ou1cWu92llcewkMYj7vDWxKpBKvprWo/Hvj+phZmtjqjfJtmieWsaMbeT7OYQRXObJ1qae7DLM5lQdW64pp00hvEkufKY/MAdsBtOrF5968T1d9790vLVxTeW3li6dvL0qddOdb68cPPEpeXu0nz/ddpRArth/W3AtCMBAAAAAAAAAAAAtmsv/spiwrBFbwr7CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyZzr6e/b0UWZg/Pl8u37nd6ZbToLy+ZTNJI0nxvaT4ODmT/pTZke6K+43z6t2PfvHy+x921vtqDrZvjLX73T/X1na4F716ylySffX8wWa21d+Fkf56OwysrxjuYZmwo4PEwbT9LwAA//9PRQcj") r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) clock_gettime(0x0, &(0x7f0000003bc0)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000003b00)=[{{&(0x7f0000000340)=@tipc=@name, 0x80, &(0x7f0000001200)=[{&(0x7f00000003c0)=""/122, 0x7a}, {&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000440)=""/83, 0x53}, {&(0x7f00000006c0)=""/148, 0x94}, {&(0x7f0000000780)=""/253, 0xfd}, {&(0x7f00000004c0)=""/57, 0x39}, {&(0x7f0000000880)=""/127, 0x7f}, {&(0x7f0000000500)=""/19, 0x13}, {&(0x7f0000000a40)=""/152, 0x98}], 0x9}}, {{&(0x7f0000000900)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000003440)=[{&(0x7f0000000b00)=""/32, 0x20}, {&(0x7f00000012c0)=""/4096, 0x1000}, {&(0x7f00000022c0)=""/4096, 0x1000}, {&(0x7f0000004000)=""/4096, 0x1000}, {&(0x7f00000032c0)=""/22, 0x16}, {&(0x7f0000003300)=""/95, 0x5f}, {&(0x7f0000003380)=""/160, 0xa0}], 0x7}, 0x4}, {{&(0x7f00000034c0)=@phonet, 0x80, &(0x7f00000039c0)=[{&(0x7f0000003540)=""/160, 0xa0}, {&(0x7f0000003600)=""/111, 0x6f}, {&(0x7f0000003680)=""/56, 0x38}, {&(0x7f00000036c0)=""/26, 0x1a}, {&(0x7f0000003700)=""/194, 0xc2}, {&(0x7f0000003800)=""/230, 0xe6}, {&(0x7f0000003900)=""/137, 0x89}], 0x7, &(0x7f0000003a40)=""/141, 0x8d}}], 0x3, 0x40010003, &(0x7f0000003c00)={r2, r3+60000000}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="4500000004000000040000001200000000200000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r6 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r6, &(0x7f0000002c00)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @private2}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=[@tclass={{0x18}}], 0x18}}], 0x2, 0x0) fcntl$getownex(r5, 0x10, &(0x7f00000002c0)={0x0, 0x0}) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000300)={r4, r5, 0x4, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000200)=[0x1, 0x8, 0xec], &(0x7f0000000240)=[0x5, 0x4, 0x5, 0x2], 0x400, 0x3, 0x1, r7}}, 0x40) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) r11 = socket(0x2a, 0x2, 0x2) getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=@gettclass={0x24, 0x2a, 0x20, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x7ff8, 0xe}, {0xd, 0xb}, {0xb, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r12, {0xe}, {}, {0x8, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x15e16}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}}, 0x4000) r13 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r13, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r14 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r14, &(0x7f00000002c0), 0x40000000000009f, 0x0) unlinkat(r0, &(0x7f0000000280)='./file1\x00', 0x0) io_setup(0x2, &(0x7f0000000000)) [ 93.719003][ T5307] Bluetooth: hci0: command tx timeout [ 93.763553][ T10] cfg80211: failed to load regulatory.db [ 93.973516][ T5327] loop0: detected capacity change from 0 to 1024 [ 94.112503][ T5327] Zero length message leads to an empty skb [ 94.133633][ T5327] hfsplus: trying to free free bnode 0(1) [ 94.137746][ T5327] [ 94.139131][ T5327] ============================================ [ 94.142703][ T5327] WARNING: possible recursive locking detected [ 94.145424][ T5327] 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 Not tainted [ 94.148702][ T5327] -------------------------------------------- [ 94.152419][ T5327] syz.0.0/5327 is trying to acquire lock: [ 94.155290][ T5327] ffff888052f7d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 94.161081][ T5327] [ 94.161081][ T5327] but task is already holding lock: [ 94.164423][ T5327] ffff888052f7e988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 94.169229][ T5327] [ 94.169229][ T5327] other info that might help us debug this: [ 94.173523][ T5327] Possible unsafe locking scenario: [ 94.173523][ T5327] [ 94.177329][ T5327] CPU0 [ 94.178835][ T5327] ---- [ 94.180391][ T5327] lock(&HFSPLUS_I(inode)->extents_lock); [ 94.183346][ T5327] lock(&HFSPLUS_I(inode)->extents_lock); [ 94.186231][ T5327] [ 94.186231][ T5327] *** DEADLOCK *** [ 94.186231][ T5327] [ 94.190092][ T5327] May be due to missing lock nesting notation [ 94.190092][ T5327] [ 94.193777][ T5327] 6 locks held by syz.0.0/5327: [ 94.195978][ T5327] #0: ffff888011a58428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 94.200817][ T5327] #1: ffff888052f7ddf8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: do_unlinkat+0x1bf/0x560 [ 94.205096][ T5327] #2: ffff888052f7eb78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_unlink+0xf2/0x650 [ 94.209642][ T5327] #3: ffff88803cfc5998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x160/0x730 [ 94.214285][ T5327] #4: ffff888052f7e988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 94.219440][ T5327] #5: ffff88803cfc58f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 94.224586][ T5327] [ 94.224586][ T5327] stack backtrace: [ 94.227702][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) [ 94.227724][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.227732][ T5327] Call Trace: [ 94.227741][ T5327] [ 94.227747][ T5327] dump_stack_lvl+0x189/0x250 [ 94.227767][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.227781][ T5327] ? __pfx__printk+0x10/0x10 [ 94.227795][ T5327] ? __kasan_check_byte+0x12/0x40 [ 94.227810][ T5327] ? print_lock_name+0xde/0x100 [ 94.227824][ T5327] print_deadlock_bug+0x28b/0x2a0 [ 94.227864][ T5327] validate_chain+0x1a3f/0x2140 [ 94.227879][ T5327] ? is_bpf_text_address+0x292/0x2b0 [ 94.227899][ T5327] ? is_bpf_text_address+0x26/0x2b0 [ 94.227915][ T5327] ? look_up_lock_class+0x74/0x170 [ 94.227996][ T5327] ? register_lock_class+0x51/0x320 [ 94.228017][ T5327] __lock_acquire+0xab9/0xd20 [ 94.228038][ T5327] ? hfsplus_get_block+0x39e/0x1530 [ 94.228052][ T5327] lock_acquire+0x120/0x360 [ 94.228067][ T5327] ? hfsplus_get_block+0x39e/0x1530 [ 94.228082][ T5327] ? __pfx_hlock_conflict+0x10/0x10 [ 94.228093][ T5327] __mutex_lock+0x182/0xe80 [ 94.228106][ T5327] ? hfsplus_get_block+0x39e/0x1530 [ 94.228122][ T5327] ? lockdep_unlock+0x89/0x120 [ 94.228138][ T5327] ? validate_chain+0x897/0x2140 [ 94.228150][ T5327] ? hfsplus_get_block+0x39e/0x1530 [ 94.228166][ T5327] ? __pfx___mutex_lock+0x10/0x10 [ 94.228181][ T5327] hfsplus_get_block+0x39e/0x1530 [ 94.228198][ T5327] ? __pfx_hfsplus_get_block+0x10/0x10 [ 94.228210][ T5327] ? do_raw_spin_unlock+0x4d/0x240 [ 94.228222][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 94.228238][ T5327] block_read_full_folio+0x29f/0x830 [ 94.228255][ T5327] ? __pfx_hfsplus_get_block+0x10/0x10 [ 94.228267][ T5327] filemap_read_folio+0x114/0x380 [ 94.228283][ T5327] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 94.228295][ T5327] ? __pfx_filemap_read_folio+0x10/0x10 [ 94.228308][ T5327] ? filemap_add_folio+0x1af/0x270 [ 94.228321][ T5327] do_read_cache_folio+0x350/0x590 [ 94.228334][ T5327] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 94.228347][ T5327] read_cache_page+0x5d/0x170 [ 94.228361][ T5327] hfsplus_block_free+0x121/0x550 [ 94.228374][ T5327] hfsplus_free_extents+0x176/0xae0 [ 94.228388][ T5327] hfsplus_file_truncate+0x736/0xb40 [ 94.228402][ T5327] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 94.228416][ T5327] ? __pfx___mutex_lock+0x10/0x10 [ 94.228429][ T5327] ? __lock_acquire+0xab9/0xd20 [ 94.228444][ T5327] hfsplus_delete_inode+0x180/0x230 [ 94.228458][ T5327] hfsplus_unlink+0x4e3/0x730 [ 94.228471][ T5327] ? vfs_unlink+0xf2/0x650 [ 94.228482][ T5327] ? __pfx_hfsplus_unlink+0x10/0x10 [ 94.228497][ T5327] ? __pfx_down_write+0x10/0x10 [ 94.228508][ T5327] ? bpf_lsm_inode_unlink+0x9/0x20 [ 94.228522][ T5327] vfs_unlink+0x394/0x650 [ 94.228533][ T5327] do_unlinkat+0x350/0x560 [ 94.228545][ T5327] ? __pfx_do_unlinkat+0x10/0x10 [ 94.228555][ T5327] ? getname_flags+0x1e5/0x540 [ 94.228568][ T5327] __x64_sys_unlinkat+0xd3/0xf0 [ 94.228578][ T5327] do_syscall_64+0xfa/0x3b0 [ 94.228589][ T5327] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.228601][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.228612][ T5327] ? clear_bhb_loop+0x60/0xb0 [ 94.228627][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.228639][ T5327] RIP: 0033:0x7fbaa538e929 [ 94.228652][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.228661][ T5327] RSP: 002b:00007fbaa6198038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 94.228678][ T5327] RAX: ffffffffffffffda RBX: 00007fbaa55b5fa0 RCX: 00007fbaa538e929 [ 94.228686][ T5327] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 94.228694][ T5327] RBP: 00007fbaa5410b39 R08: 0000000000000000 R09: 0000000000000000 [ 94.228702][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.228708][ T5327] R13: 0000000000000000 R14: 00007fbaa55b5fa0 R15: 00007fffb413bdd8 [ 94.228721][ T5327] [ 94.412937][ T5327] hfsplus: unable to mark blocks free: error -5 [ 94.416400][ T5327] hfsplus: can't free extent