program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x800, &(0x7f0000000200)=ANY=[], 0x81, 0x600, &(0x7f00000012c0)="$eJzs3U1vG8cdB+Df0rJsOYDDJHaSFi0q2IcWMWqLYuLoUKBuURQ6BEWAXnLJQbDpWDCtBBJTKEFR2H299hs0PcjnnnooejCQnvsVBPSQQ4HedVOxyyXFRLJMK1ZIJc8DDGeGszsz+/fu8EUmNsA31vI7Of0oRZavvLVZ1re32t3trfa9QTnJmSSNZKafpVhLik+TG+mnfKt8su6ueNw47868ufRZ6+GDnCtrM3Wqtm8ctt947tcp80lO1fmz6u/maH+No3RXDI+wDNjlQeBg0nb3uf80u3/J6xaYBkX/dXOfZqpX7LP1+4DUq8ORXganyVOtcgAAAHBCPb+TnWzm/KTnAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdJff//ok6NQXk+xeD+/7P1c6nLJ9qjSU8AAAAAAAAAAJ6B7+1kJ5s5P6jvFtXf/C9VlQvV43P5MBvpZD1Xs5mV9NLLelpJmiMdzW6u9HrrrTH2XDxwz8UnzfTE/1cDAAAAAAAAADhOv83y3t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgGhTJqX5WpQuDcjONmSRnk8yW291P/jkon2SPJj0BAAAA+Ao8v5OdbOb8oL5bVJ/5X64+95/Nh1lLL6vppZtOblXfBfQ/9Te2t9rd7a32vTLt7/cn/3uqaVQ9pv/dw8EjL1RbXBzusZyf55e5kvm8nfWs5ldZSS+dzOdnVWklRZr1txfNwTwPnu+Nz9XeftJcX61mMpfbWa3mdjU38366uZVGdQzVNoeP+KCMTvHj2pgxulXn5RH9uc6nQ7OKyOlhRBbq2JfReOHwSAzPkwdHGqmVxvA7qAvHEPNzdV7G+o9THfPFkbPv5cMjkVz6z3f/fqe7dvfO7Y0r03NIR/TFSLRHIvHKYZEYbPS1icRsHY3+Kvp0q+Wlat/zWc0v8n5upZM3spQ3spjX83oWspTrI3G9OMa11njMtfbcwZO//IO6MJfkT3U+Hcq4vjAS19GVrlm1jT6zF6UXn/2KNPPtulCO8buRk3jyvhiJ1kgkXjo8En/dLR83umt31++sfDDmeN+v8/Ky/cNUrc3l+fJi+Y9V1T5/dpRtLx3Y1qraLgzbGvvaLg7bnnSlztbv4fb3tFi1vXJgW7tqe3Wk7aB3OQBMvXOvnZud++/cv+c+mfv93J25t87+9MzSme/M5vS/Zv5x6m+Nh40fFa/lk/xm7/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdBsffXx3pdvtrCsoHENhcJO+4xlit7730zQc6detMMlVCfgqXOvd++Daxkcf/3D13sp7nfc6a+126/ri0vWlxevXbq92Owv9x0lPEzgGey/6k54JAAAAAAAAAAAAMK4xfg+Q+kcWR/45waSPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjZlt/J6Ucp0lq4ulDWt7fa3TINyntbziRpJCl+nRSfJjfST2mOdFc8bpx3//Lm0methw/2+poZbN84bL/x3K9T5pOcqvNn1d/NL91fMTzCMmCXB4GDSft/AAAA//+d2QMr") unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) link(&(0x7f00000000c0)='./file2\x00', &(0x7f0000000100)='./file1\x00') openat2$dir(0xffffff9c, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000000)={0x201, 0x4c, 0x1}, 0x18) write$RDMA_USER_CM_CMD_GET_EVENT(0xffffffffffffffff, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000680)}}, 0x10) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x3, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x80c0, &(0x7f0000000040)=ANY=[@ANYBLOB="6461783d616c77617961227671d809ec6c310740e8c2896fee8f2f3cbc249373eb80ae538014734763616268655f0102726174"], 0x5, 0x17c, &(0x7f0000000380)="$eJzsmL9OwlAUxr/bYonEwRkHTSQRjZRS1LiYSOIDmOCfsEGkErSIQgdh80mML+DibnwUZXJhdK65f6A3BMVBDcbzG879LpyennuafE0KgiD+Lb2Xt+erXmPNBDCHFOLq91czyjG0/PVMsblwu5t4KN+X9pKP/dF6DEAYcmV96f4xAE8FE4Hah6G8ekBKrQcwhvoQBlaVPgaDrXQZBo6U9sBQUvpM002eb9undd+zT5p+lQuHhxwPLg/50f76NwxVrT+m/d/udM8rvu+1flBMml+/YGBH609/XoPZOHJ+w9Zzas2Doaj0NuKD2ciRaOdPxqL65i+f/48IczraIEFiGkTkT+Edw4rmTzHNP7JB4zLb7nQz9Ual5tW8C9fNbzkbjrPpZoURyfiJ/80Kf0po9Wc+yLWYhetKELRyMg73rozjHNcS/mcgvSz3bMybTZjqPFviS9rUTJYgCIIgCIIgCIIgCIIgCOJbWQQTX0En4O6L7PcAAAD//9O2dUQ=") [ 85.987741][ T5348] Bluetooth: hci0: command tx timeout [ 86.058339][ T5370] loop0: detected capacity change from 0 to 1024 [ 86.122736][ T5370] [ 86.123827][ T5370] ============================================ [ 86.126540][ T5370] WARNING: possible recursive locking detected [ 86.129167][ T5370] syzkaller #0 Not tainted [ 86.131148][ T5370] -------------------------------------------- [ 86.133800][ T5370] syz.0.0/5370 is trying to acquire lock: [ 86.136243][ T5370] ffff888052de9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 86.142029][ T5370] [ 86.142029][ T5370] but task is already holding lock: [ 86.145166][ T5370] ffff888052dea988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 86.149771][ T5370] [ 86.149771][ T5370] other info that might help us debug this: [ 86.153346][ T5370] Possible unsafe locking scenario: [ 86.153346][ T5370] [ 86.156577][ T5370] CPU0 [ 86.158031][ T5370] ---- [ 86.159516][ T5370] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.162068][ T5370] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.164556][ T5370] [ 86.164556][ T5370] *** DEADLOCK *** [ 86.164556][ T5370] [ 86.167840][ T5370] May be due to missing lock nesting notation [ 86.167840][ T5370] [ 86.171127][ T5370] 6 locks held by syz.0.0/5370: [ 86.173256][ T5370] #0: ffff8880121d8428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.177052][ T5370] #1: ffff888052de9df8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: do_unlinkat+0x1c7/0x560 [ 86.181477][ T5370] #2: ffff888052deab78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_unlink+0xf2/0x650 [ 86.185925][ T5370] #3: ffff888052de2998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x160/0x730 [ 86.189860][ T5370] #4: ffff888052dea988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 86.194592][ T5370] #5: ffff888052de28f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 86.198693][ T5370] [ 86.198693][ T5370] stack backtrace: [ 86.201250][ T5370] CPU: 0 UID: 0 PID: 5370 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.201268][ T5370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.201276][ T5370] Call Trace: [ 86.201284][ T5370] [ 86.201290][ T5370] dump_stack_lvl+0x189/0x250 [ 86.201308][ T5370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.201323][ T5370] ? __pfx__printk+0x10/0x10 [ 86.201339][ T5370] ? print_lock_name+0xde/0x100 [ 86.201353][ T5370] print_deadlock_bug+0x28b/0x2a0 [ 86.201365][ T5370] validate_chain+0x1a3f/0x2140 [ 86.201377][ T5370] ? lock_release+0x4b/0x3e0 [ 86.201392][ T5370] ? look_up_lock_class+0x74/0x170 [ 86.201449][ T5370] ? register_lock_class+0x51/0x320 [ 86.201466][ T5370] __lock_acquire+0xab9/0xd20 [ 86.201490][ T5370] ? hfsplus_get_block+0x39e/0x1530 [ 86.201502][ T5370] lock_acquire+0x120/0x360 [ 86.201519][ T5370] ? hfsplus_get_block+0x39e/0x1530 [ 86.201531][ T5370] ? stack_trace_save+0x9c/0xe0 [ 86.201546][ T5370] ? __pfx_hlock_conflict+0x10/0x10 [ 86.201559][ T5370] __mutex_lock+0x187/0x1350 [ 86.201570][ T5370] ? hfsplus_get_block+0x39e/0x1530 [ 86.201582][ T5370] ? lockdep_unlock+0x89/0x120 [ 86.201596][ T5370] ? validate_chain+0x897/0x2140 [ 86.201606][ T5370] ? hfsplus_get_block+0x39e/0x1530 [ 86.201617][ T5370] ? __pfx___mutex_lock+0x10/0x10 [ 86.201632][ T5370] hfsplus_get_block+0x39e/0x1530 [ 86.201646][ T5370] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.201657][ T5370] ? do_raw_spin_unlock+0x4d/0x240 [ 86.201669][ T5370] ? _raw_spin_unlock+0x28/0x50 [ 86.201684][ T5370] block_read_full_folio+0x29c/0x830 [ 86.201697][ T5370] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.201707][ T5370] filemap_read_folio+0x114/0x380 [ 86.201723][ T5370] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.201733][ T5370] ? __pfx_filemap_read_folio+0x10/0x10 [ 86.201749][ T5370] ? filemap_add_folio+0x1af/0x270 [ 86.201763][ T5370] do_read_cache_folio+0x350/0x590 [ 86.201773][ T5370] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.201784][ T5370] read_cache_page+0x5d/0x170 [ 86.201794][ T5370] hfsplus_block_free+0x121/0x550 [ 86.201811][ T5370] hfsplus_free_extents+0x10d/0xa60 [ 86.201824][ T5370] hfsplus_file_truncate+0x736/0xb40 [ 86.201838][ T5370] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 86.201850][ T5370] ? __pfx___mutex_lock+0x10/0x10 [ 86.201863][ T5370] ? __lock_acquire+0xab9/0xd20 [ 86.201879][ T5370] hfsplus_delete_inode+0x180/0x230 [ 86.201890][ T5370] hfsplus_unlink+0x4e3/0x730 [ 86.201902][ T5370] ? vfs_unlink+0xf2/0x650 [ 86.201916][ T5370] ? __pfx_hfsplus_unlink+0x10/0x10 [ 86.201930][ T5370] ? __pfx_down_write+0x10/0x10 [ 86.201942][ T5370] ? bpf_lsm_inode_unlink+0x9/0x20 [ 86.201959][ T5370] vfs_unlink+0x394/0x650 [ 86.201974][ T5370] do_unlinkat+0x345/0x560 [ 86.201987][ T5370] ? __pfx_do_unlinkat+0x10/0x10 [ 86.202000][ T5370] ? getname_flags+0x1e5/0x540 [ 86.202017][ T5370] __x64_sys_unlinkat+0xd3/0xf0 [ 86.202029][ T5370] do_syscall_64+0xfa/0x3b0 [ 86.202072][ T5370] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.202087][ T5370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.202098][ T5370] ? clear_bhb_loop+0x60/0xb0 [ 86.202111][ T5370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.202123][ T5370] RIP: 0033:0x7fdfa2d8eec9 [ 86.202134][ T5370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.202149][ T5370] RSP: 002b:00007fdfa3cfd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 86.202163][ T5370] RAX: ffffffffffffffda RBX: 00007fdfa2fe5fa0 RCX: 00007fdfa2d8eec9 [ 86.202172][ T5370] RDX: 0000000000000000 RSI: 0000200000000c40 RDI: ffffffffffffff9c [ 86.202180][ T5370] RBP: 00007fdfa2e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.202188][ T5370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.202195][ T5370] R13: 00007fdfa2fe6038 R14: 00007fdfa2fe5fa0 R15: 00007ffd254cc668 [ 86.202209][ T5370] [ 86.376505][ T5370] hfsplus: unable to mark blocks free: error -5 [ 86.379128][ T5370] hfsplus: can't free extent