program: r0 = syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='part=0x0000000000000040,nodecompose,part=0x0000000000000007,part=0x000000000000000c,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c63726561746f723dc85efb682c6e6c733d6d6163696e7569742c6769643d", @ANYRESHEX=0xee00, @ANYBLOB='\x00\x00'], 0x3, 0x5fe, &(0x7f0000000c40)="$eJzs3c9vHGcZB/DvrDdOHKR02yZtQSCs5ABqROL1tqkPSASEkA8VqsSllx6sZNNY2biVvUVuhZDDzyv/QYuQc+bEAXGIVM5cOVri0AMSd9+CZnbW3iSuYzfGuw6fj/Tu+86+M+8883jm9c6sLAf4v7X4bk49SJHFy2+vl8tbm53e1mbn7rCd5HSSRtIcVClWkuLz5HoGJV8v36yHK75sP+99+tbCF+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEK9sJ3trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4f//n67fS90+0R6MOwAAAAAAAAAAOALf3s521nNuuPywqL7zv1gtnK9ev5aPspZuVnMl61lKP/2spp2kNTLQ9PpSv7/afuqWRbLxaAiDLeeP4WABAAAAAAAA4Pn1qyzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+NmyfZA/GHQAAAAAcgxe2s531nBsuPyyqe/5Xqvv+M/koK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/ifQ4VRjZjBs4e99zxXrXFhZ4vF/CQ/y+XM5p2sZjk/z1L66WY2P65aSynSqp9etIZx7h3v9UeW3nlarK9VkczkVpar2K7kRj5ILzfTqI6hWmf/Pd4rs1P8oHbAHN2s6/KI/lDXk6FVZeTUTkbm6tyX2Xhx/0wc8jx5fE/tNHaeQZ3/59Hn/Gxdl7n+3UTnfH7k7Htl/5wnF//1rb/c7q3cuX1r7fLkHNJX9HgmOiOZePUQmZg5/tCP2HSdjcEserjZ8mK17bks56f5IDfTzZtZyJuZzxt5I3NZyLWRvF44wPzWONy1dum7daP8Ofy+ridDmdcXR/I6OtO1qr7RdwZZKi+rl47+t0DzG3Wj3Mev63oyPJ6J9sj58vL+mfjjw/J1rbdyZ/X20ocH3N936rrM9G8nam4uz5eXyh9WtfTo2VH2vbxnX7vqO7/T13ii78JO39Ou1On6M9yTI81Xfa/u2dep+l4b6dvrUw4AE2r3O+2zr5+dnvn3zD9mPpv5zcztmbfP/Oj0wulvTufU35t/nfpz437j+8Xr+Sy/3L3/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrq1jz+5s9Qb/huAXq+7OnjnOWv8KRMRhsZ+janJCOORRrO+MiYlnuNrjHFSAo7F1f7dD6+uffzJ95bvLr3ffb+70um0r80vXFuYv3b11nKvOzd4HXeYwP/A7i/9cUcCAAAAAAAAAAAAHNRx/DnBuI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONkW382pBynSnrsyVy5vbXZ6ZRm2d9dsJmkkKX6RFJ8n1zMoaY0MV3zZft779K2FL9r37+2O1Ryu39hvu4PZqEtmk0zV9VGNd+OZxyt2jrBM2KVh4mDc/hsAAP//f4cHWg==") openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2000, 0x12) creat(&(0x7f0000000080)='./file1\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000000)='./file1\x00') symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000800)='./file1\x00') r4 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[], 0x1, 0x14f, &(0x7f0000000900)="$eJzs2r9Kw1AUBvAzFCodHZ0KlSho/mtddRQ33yC0uWnwxpREkPYFxElwuA6+hOAT+AgZ3XQR9CUi197aNhXrUBuL32/pR05IT28ut8vRkziyWaoTbXevj19WkziqN929FrOZRwOHRFSXIcvzG4OmPH3Ws5yML274VZVZN6y/DT4bm4E4umQh950FtAUAAAAAAAAAAAAAAAAAAAAAAPOg1VSodUR0wULu22PVtNc/8Tj3k7Sk9kqn1dUMFzHBb+X6uBP1rVcibV+mUBwksm5N1KvDsNER/Lm4vuZZ1DXTXl8PIy/wA//UcdymtWNZu4758Syz+ETtTvVEWX5vTY+TaWPzZo8/mTdT77+yFoqr8+K3jd4/wvxCProit0fp/fzbsKK2+V/pZ4nCzHNlWQz//9pVt/Egzz+jFfO2uriI5SzxtwPAN94DAAD//zRDNTE=") setpgid(r4, r4) r5 = getpgid(r4) setpgid(0x0, r5) lstat(&(0x7f0000003180)='./file2\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000780)='./file2/file0\x00', &(0x7f0000000840), 0x4000) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r2) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000540), r6) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001940)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r8, @ANYBLOB="02002dbd7000ffdbdf253e000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c74696361734a000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0082f0726f757263655f6d61635f69735f6d756c7469636173740005008300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74000500830001000000080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830001000000000000000000000000000000005ba0bd1edae494c4a84388a24259d8edfa0d7a9404241f171550a248b3f3866a7d35d75706b1da642953dce375dde0d046395b86a20b88d4179575d2ca2a3ec88ed78e2b373b1f4054142179270d0b52c96190b43f2d8053cf1eb5a0d4e03a1c2c9315d6d0dade06479c29f45cacc07be5113a46e090a7143c278c17c50bcf3216a316f6aa8411be19cfe3a7c5c476cbeb8b571ba6600145cb1a310270ee28f7e55a348bd2da18f95872c5c29ee4cff0fabc54c1c136d1f3eb0383f403755315a77aab7809981dba96297ececafed75fc738217c97cf282f5a0e7b148ea489a58f0237122f5e096716065ca811d0f0ec0aa8d9d0af8e6dd0fa884d350d021b1da796239c8fbe2d56c5d45aab15015a646f86e918fd6004a50eb71f3f1c13f83a06a0aa42a0a69adaa99402e2d58dc9e8c0dc88af495af1cd44052d17e53743f47d71a27cd844a8c6574ab84a9e35cfea21e01268767d98d267c44493fbb70ea4b425a5da9aa02f15fd20401ecafde5f45b07d0a926a1e264f80521d08b8e9e7d3f5862438baf79804d0162488da1ec8e79acbf9d0ba60a279602a545300ab268725217b5088d56c8feaa6dea40e4e7b11523be788483a4eac0b4d34db35cfca96ec5f13796d6f6533c2806c1e9a83b793504bca447468db129377cc2b5752f33dd9018cf3fc43614e971685facddff4cfcc478787cc120f82e4e683620fe98e0807f84ffc5e00000000000", @ANYBLOB="be2800db2dbbc97648234e93b67f7a561775d1798b2919e62de1ed59e3516e0a5472e182e2d2fd89d0d99bd36469703c1a7f49dd97e167dfd00da2710c03489f03a23628c8be19228f839077e9ad51c4c014e08c109a597cae7aa3ccce9826fa154e84e0ea69f86f2ef2a21f49471ab5ab3f2b695abdfdee39e0233a07c51e4b21823b4d3bf8d74c101cb5fdba0b504f0d066dbd72c9f0f413620cbb43472a175ec47d072688775595e1330fa540efc32c26c7fd5820147750a8b359d45b384d88c8ace07abe64be8ad073e449bc2bd7c1d7"], 0x11c}, 0x1, 0x0, 0x0, 0x44}, 0x80) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000940), 0xffffffffffffffff) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000280)='./file2\x00', 0x0, 0x1c}, 0x18) sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010027bd7000fcdbdf254c0000ffed00a8007365636f6e646e616d6500000e0001006e657464657673696d0000000f0002006e657464657673696d300000c114771d6002ac77fef18c45af0ec8a7c12076660d"], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4014) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="0f0101000000f0", @ANYRESHEX=r6, @ANYBLOB=',cache=fscache,cachetag=/dev/ttyS3\x00,k']) getdents64(r0, &(0x7f0000000100)=""/154, 0x9a) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) [ 75.594014][ T4708] Bluetooth: hci0: command tx timeout [ 75.682458][ T5359] loop0: detected capacity change from 0 to 1024 [ 75.807786][ T5359] [ 75.808820][ T5359] ============================================ [ 75.811226][ T5359] WARNING: possible recursive locking detected [ 75.814209][ T5359] syzkaller #0 Not tainted [ 75.816564][ T5359] -------------------------------------------- [ 75.819810][ T5359] syz.0.0/5359 is trying to acquire lock: [ 75.822788][ T5359] ffff888053321548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 75.828301][ T5359] [ 75.828301][ T5359] but task is already holding lock: [ 75.831181][ T5359] ffff888053322988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 75.836116][ T5359] [ 75.836116][ T5359] other info that might help us debug this: [ 75.839844][ T5359] Possible unsafe locking scenario: [ 75.839844][ T5359] [ 75.842934][ T5359] CPU0 [ 75.844220][ T5359] ---- [ 75.845488][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 75.847661][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 75.850159][ T5359] [ 75.850159][ T5359] *** DEADLOCK *** [ 75.850159][ T5359] [ 75.853595][ T5359] May be due to missing lock nesting notation [ 75.853595][ T5359] [ 75.857084][ T5359] 4 locks held by syz.0.0/5359: [ 75.859146][ T5359] #0: ffff8880117c8428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.863081][ T5359] #1: ffff888053322b78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x171/0x220 [ 75.867406][ T5359] #2: ffff888053322988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 75.872031][ T5359] #3: ffff8880448b48f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xbe/0x550 [ 75.875857][ T5359] [ 75.875857][ T5359] stack backtrace: [ 75.878183][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.878198][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.878205][ T5359] Call Trace: [ 75.878213][ T5359] [ 75.878218][ T5359] dump_stack_lvl+0x189/0x250 [ 75.878237][ T5359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.878249][ T5359] ? __pfx__printk+0x10/0x10 [ 75.878263][ T5359] ? print_lock_name+0xde/0x100 [ 75.878276][ T5359] print_deadlock_bug+0x28b/0x2a0 [ 75.878289][ T5359] validate_chain+0x1a3f/0x2140 [ 75.878299][ T5359] ? lock_release+0x4b/0x3e0 [ 75.878315][ T5359] ? look_up_lock_class+0x74/0x170 [ 75.878369][ T5359] ? register_lock_class+0x51/0x320 [ 75.878386][ T5359] __lock_acquire+0xab9/0xd20 [ 75.878401][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 75.878413][ T5359] lock_acquire+0x120/0x360 [ 75.878427][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 75.878437][ T5359] ? stack_trace_save+0x9c/0xe0 [ 75.878449][ T5359] ? __pfx_hlock_conflict+0x10/0x10 [ 75.878461][ T5359] __mutex_lock+0x187/0x1350 [ 75.878471][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 75.878483][ T5359] ? lockdep_unlock+0x89/0x120 [ 75.878498][ T5359] ? validate_chain+0x897/0x2140 [ 75.878508][ T5359] ? hfsplus_get_block+0x39e/0x1530 [ 75.878520][ T5359] ? __pfx___mutex_lock+0x10/0x10 [ 75.878541][ T5359] hfsplus_get_block+0x39e/0x1530 [ 75.878556][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.878567][ T5359] ? do_raw_spin_unlock+0x4d/0x240 [ 75.878581][ T5359] ? _raw_spin_unlock+0x28/0x50 [ 75.878598][ T5359] block_read_full_folio+0x29f/0x830 [ 75.878610][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.878620][ T5359] filemap_read_folio+0x117/0x380 [ 75.878636][ T5359] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 75.878645][ T5359] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.878662][ T5359] ? filemap_add_folio+0x1af/0x270 [ 75.878675][ T5359] do_read_cache_folio+0x350/0x590 [ 75.878685][ T5359] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 75.878695][ T5359] read_cache_page+0x5d/0x170 [ 75.878704][ T5359] hfsplus_block_free+0x121/0x550 [ 75.878720][ T5359] hfsplus_free_extents+0x10d/0xa60 [ 75.878731][ T5359] hfsplus_file_truncate+0x736/0xb40 [ 75.878746][ T5359] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 75.878757][ T5359] ? unmap_mapping_range+0xde/0x170 [ 75.878768][ T5359] ? __pfx_unmap_mapping_range+0x10/0x10 [ 75.878779][ T5359] ? truncate_setsize+0xcf/0xf0 [ 75.878789][ T5359] hfsplus_setattr+0x1c4/0x270 [ 75.878799][ T5359] ? __pfx_hfsplus_setattr+0x10/0x10 [ 75.878808][ T5359] notify_change+0xb33/0xe40 [ 75.878821][ T5359] do_truncate+0x1a4/0x220 [ 75.878834][ T5359] ? __pfx_do_truncate+0x10/0x10 [ 75.878844][ T5359] ? apparmor_file_truncate+0x23e/0x2d0 [ 75.878863][ T5359] path_openat+0x306c/0x3830 [ 75.878884][ T5359] ? __pfx_path_openat+0x10/0x10 [ 75.878894][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.878907][ T5359] do_filp_open+0x1fa/0x410 [ 75.878913][ T5359] ? __lock_acquire+0xab9/0xd20 [ 75.878922][ T5359] ? __pfx_do_filp_open+0x10/0x10 [ 75.878931][ T5359] ? _raw_spin_unlock+0x28/0x50 [ 75.878941][ T5359] ? alloc_fd+0x64c/0x6c0 [ 75.878954][ T5359] do_sys_openat2+0x121/0x1c0 [ 75.878968][ T5359] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.878984][ T5359] ? rcu_is_watching+0x15/0xb0 [ 75.878995][ T5359] __x64_sys_creat+0x8f/0xc0 [ 75.879005][ T5359] do_syscall_64+0xfa/0x3b0 [ 75.879015][ T5359] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.879024][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.879032][ T5359] ? clear_bhb_loop+0x60/0xb0 [ 75.879042][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.879052][ T5359] RIP: 0033:0x7f125a18eec9 [ 75.879062][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.879071][ T5359] RSP: 002b:00007f125afe3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.879082][ T5359] RAX: ffffffffffffffda RBX: 00007f125a3e5fa0 RCX: 00007f125a18eec9 [ 75.879089][ T5359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 75.879096][ T5359] RBP: 00007f125a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.879102][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.879107][ T5359] R13: 00007f125a3e6038 R14: 00007f125a3e5fa0 R15: 00007ffd03e81228 [ 75.879114][ T5359] [ 76.078412][ T5359] hfsplus: unable to mark blocks free: error -5 [ 76.081168][ T5359] hfsplus: can't free extent [ 76.108245][ T5359] netlink: 48 bytes leftover after parsing attributes in process `syz.0.0'. [ 76.120579][ T5359] 9pnet_fd: Insufficient options for proto=fd