program: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89a2, &(0x7f0000000080)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0xffffffff}]}, 0x24}}, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000140)="f1a0fa9090d465b080d9209c8845fdcaef275aaa15abcd5cd1153a72ef30f13819e7e8929f54ba0f61cab747ec572e7721478ce702eaa7b4", 0x38}], 0x1}}], 0x1, 0x4000) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080), 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000180), 0x9, 0x2) clock_gettime(0x0, &(0x7f00000001c0)) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r5, 0x0, 0x0, 0x9, 0x2081) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000002c0)={0x0, 0xb, 0x4, 0xe000, 0xfffffff9, {r6, r7/1000+60000}, {0x1, 0x1, 0x9, 0x8, 0x8, 0x1, "54975b0f"}, 0x7ff, 0x4, {}, 0x6}) ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f00000003c0)=@multiplanar_overlay={0x8, 0x3, 0x4, 0x100000, 0xfffffffc, {0x77359400}, {0x5, 0x2, 0x80, 0xc, 0xd6, 0x7, "afaa0f87"}, 0x8, 0x3, {&(0x7f00000004c0)=[{0xfffffffe, 0x6, {0x6}, 0x5}, {0x1000, 0x3, {0x8f7200}, 0xffffff01}]}, 0x3fd}) write(r3, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000000c0)={r0}) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x108) open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r8 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r8, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) unlink(&(0x7f0000000100)='./file1\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c00000042a3e42d7ffca7e5d66cbd49c1bd"], 0x0, 0x26, 0x6, 0x1}, 0x28) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x89a2, &(0x7f0000000080)) [ 105.549821][ T4670] Bluetooth: hci0: command tx timeout [ 105.605559][ T5335] loop0: detected capacity change from 0 to 1024 [ 105.719615][ T5335] loop0: detected capacity change from 1024 to 64 [ 105.749398][ T5334] hfsplus: invalid extended attribute record [ 105.753333][ T5334] [ 105.754626][ T5334] ============================================ [ 105.758019][ T5334] WARNING: possible recursive locking detected [ 105.761557][ T5334] syzkaller #0 Not tainted [ 105.763840][ T5334] -------------------------------------------- [ 105.766521][ T5334] syz.0.0/5334 is trying to acquire lock: [ 105.769089][ T5334] ffff888036ac3708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 105.774309][ T5334] [ 105.774309][ T5334] but task is already holding lock: [ 105.778153][ T5334] ffff888036ac1c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 105.783690][ T5334] [ 105.783690][ T5334] other info that might help us debug this: [ 105.787272][ T5334] Possible unsafe locking scenario: [ 105.787272][ T5334] [ 105.790755][ T5334] CPU0 [ 105.792615][ T5334] ---- [ 105.794853][ T5334] lock(&HFSPLUS_I(inode)->extents_lock); [ 105.797980][ T5334] lock(&HFSPLUS_I(inode)->extents_lock); [ 105.800402][ T5334] [ 105.800402][ T5334] *** DEADLOCK *** [ 105.800402][ T5334] [ 105.803430][ T5334] May be due to missing lock nesting notation [ 105.803430][ T5334] [ 105.806879][ T5334] 3 locks held by syz.0.0/5334: [ 105.809460][ T5334] #0: ffff888036ac1df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: hfsplus_file_release+0xe2/0x3e0 [ 105.815530][ T5334] #1: ffff888036ac1c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 105.820561][ T5334] #2: ffff8880373d40f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 105.824998][ T5334] [ 105.824998][ T5334] stack backtrace: [ 105.828364][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 105.828385][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.828394][ T5334] Call Trace: [ 105.828404][ T5334] [ 105.828412][ T5334] dump_stack_lvl+0xe8/0x150 [ 105.828472][ T5334] print_deadlock_bug+0x279/0x290 [ 105.828524][ T5334] __lock_acquire+0x253f/0x2cf0 [ 105.828542][ T5334] ? lock_release+0x4b/0x3d0 [ 105.828559][ T5334] ? lock_release+0x4b/0x3d0 [ 105.828576][ T5334] ? is_bpf_text_address+0x292/0x2b0 [ 105.828592][ T5334] ? is_bpf_text_address+0x26/0x2b0 [ 105.828608][ T5334] lock_acquire+0xf0/0x2e0 [ 105.828625][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 105.828647][ T5334] __mutex_lock+0x19f/0x1300 [ 105.828709][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 105.828729][ T5334] ? stack_trace_save+0xa9/0x100 [ 105.828744][ T5334] ? __pfx_stack_trace_save+0x10/0x10 [ 105.828758][ T5334] ? check_path+0x21/0x40 [ 105.828775][ T5334] ? check_noncircular+0xda/0x150 [ 105.828794][ T5334] ? hfsplus_get_block+0x39e/0x1670 [ 105.828814][ T5334] ? __pfx___mutex_lock+0x10/0x10 [ 105.828828][ T5334] ? __lock_acquire+0x146e/0x2cf0 [ 105.828850][ T5334] hfsplus_get_block+0x39e/0x1670 [ 105.828871][ T5334] ? __pfx_hfsplus_get_block+0x10/0x10 [ 105.828894][ T5334] ? block_read_full_folio+0x672/0x830 [ 105.828932][ T5334] block_read_full_folio+0x29f/0x830 [ 105.828948][ T5334] ? __pfx_hfsplus_get_block+0x10/0x10 [ 105.828969][ T5334] filemap_read_folio+0x137/0x3b0 [ 105.828984][ T5334] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 105.829010][ T5334] ? __pfx_filemap_read_folio+0x10/0x10 [ 105.829023][ T5334] ? filemap_add_folio+0x356/0x530 [ 105.829044][ T5334] do_read_cache_folio+0x358/0x590 [ 105.829090][ T5334] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 105.829110][ T5334] read_cache_page+0x5d/0x170 [ 105.829124][ T5334] hfsplus_block_free+0x134/0x630 [ 105.829142][ T5334] ? __kmalloc_noprof+0x37d/0x760 [ 105.829167][ T5334] hfsplus_free_extents+0x121/0xa50 [ 105.829188][ T5334] hfsplus_file_truncate+0x762/0xc30 [ 105.829211][ T5334] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 105.829226][ T5334] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 105.829250][ T5334] ? down_write+0x16d/0x200 [ 105.829265][ T5334] ? __pfx_down_write+0x10/0x10 [ 105.829281][ T5334] hfsplus_file_release+0x303/0x3e0 [ 105.829301][ T5334] ? __pfx_hfsplus_file_release+0x10/0x10 [ 105.829321][ T5334] __fput+0x44f/0xa70 [ 105.829342][ T5334] task_work_run+0x1d9/0x270 [ 105.829359][ T5334] ? __pfx_task_work_run+0x10/0x10 [ 105.829375][ T5334] exit_to_user_mode_loop+0xed/0x480 [ 105.829391][ T5334] ? rcu_is_watching+0x15/0xb0 [ 105.829412][ T5334] do_syscall_64+0x32d/0xf80 [ 105.829426][ T5334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.829461][ T5334] ? clear_bhb_loop+0x40/0x90 [ 105.829476][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.829491][ T5334] RIP: 0033:0x7f5742d9c799 [ 105.829522][ T5334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.829534][ T5334] RSP: 002b:00007ffd2194a948 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 105.829550][ T5334] RAX: 0000000000000000 RBX: 00007ffd2194aa30 RCX: 00007f5742d9c799 [ 105.829560][ T5334] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 105.829568][ T5334] RBP: 0000000000019bbd R08: 0000000000000001 R09: 0000000000000000 [ 105.829577][ T5334] R10: 00007f5742bff030 R11: 0000000000000246 R12: 00007ffd2194aa70 [ 105.829585][ T5334] R13: 00007f5743015fac R14: 0000000000019c8f R15: 00007f5743015fa0 [ 105.829599][ T5334] [ 106.003328][ T5334] hfsplus: unable to mark blocks free: error -5 [ 106.006322][ T5334] hfsplus: can't free extent: start 134, count 1