program: r0 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1ea8, 0x4) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x807, 0x4) connect$inet6(r3, &(0x7f0000000380)={0xa, 0xfffc, 0xa, @mcast1, 0x7}, 0x1c) io_setup(0x8, &(0x7f0000000600)=0x0) io_submit(r4, 0x1, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}]) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0xff, 0x2, 0x0, 0x2}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000) syz_mount_image$msdos(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)={[{@fat=@flush}]}, 0x1, 0x204, &(0x7f0000000300)="$eJzs3D1rU1EYB/BjW/sS6csk6OJBF10uWifHIC2IAaU2og7CLU01JCYlN2IiDp2d/BzF0U0Qv0C/hVsRpFMnI236btXFNkp+PwjnCX8Cz+Fww3MDueuP3r2oLGXJUtoMA6MxDIWwEjZDmAoDYTB0ndlZB7br4XDQSrh26+XG2wePn9zNFwozczHO5udvTscYJy59evXm/eXPzXMPP0x8HAlrU0/Xv01/WTu/dmH9+/zzchbLWazVmzGNC/V6M12oluJiOaskMd6vltKsFMu1rNQ4lC9V68vL7ZjWFsdzy41SlsW01o6VUjs267HZaMf0WVquxSRJ4ngu8CfF1bm5NN/rLjhZjUY+3bqWx35Kiqs9aQgA6Cnzfz8z//eDrfk/t3P9Hmb+BwAAAAAAAAAAAACA/8FmpzPZ6XQmd9fd10gIYTSEsPu+131yMpx/f3P+/c3597cDf9wdDeHrSqvYKnbXbj57pzBzPW6b2v/URqtVHNzLb3TzeDg/G3I7+fSx+XC4eqWbb2W37xWO5GNh8eS3DwAAAH0hiXuOvb9Pkl/l3erA7wNH7t+HwsWhU9sGAAAA8BtZ+3UlrVZLDYVCodgrev3NBAAA/G37Q3+vOwEAAAAAAAAAAAAAAAAAAID+dRqPE+v1HgEAAAAAAAAAAAAAAAAAAAAA4F/zIwAA//9H0gGX") unlink(&(0x7f0000000000)='./file0/file0\x00') r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0) mkdirat(r8, &(0x7f0000000180)='./bus\x00', 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r9, &(0x7f0000000280)='./bus/file0\x00', 0x0) renameat2(r8, &(0x7f0000000240)='./bus/file0\x00', r9, &(0x7f00000001c0)='./file0\x00', 0x0) sendmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0x0) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x2200050, &(0x7f00000000c0)=ANY=[], 0xfe, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=") truncate(&(0x7f0000000000)='./file1\x00', 0x80007) [ 84.752935][ T45] Bluetooth: hci0: command tx timeout [ 84.940697][ T5320] loop0: detected capacity change from 0 to 1024 [ 85.063507][ T5320] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.092187][ T5320] [ 85.093527][ T5320] ====================================================== [ 85.097593][ T5320] WARNING: possible circular locking dependency detected [ 85.100995][ T5320] syzkaller #0 Not tainted [ 85.102936][ T5320] ------------------------------------------------------ [ 85.105651][ T5320] syz.0.0/5320 is trying to acquire lock: [ 85.107997][ T5320] ffff888042d7f0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630 [ 85.112264][ T5320] [ 85.112264][ T5320] but task is already holding lock: [ 85.116030][ T5320] ffff8880120a9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 85.121335][ T5320] [ 85.121335][ T5320] which lock already depends on the new lock. [ 85.121335][ T5320] [ 85.125918][ T5320] [ 85.125918][ T5320] the existing dependency chain (in reverse order) is: [ 85.130100][ T5320] [ 85.130100][ T5320] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.134258][ T5320] __mutex_lock+0x19f/0x1300 [ 85.137071][ T5320] hfsplus_get_block+0x39e/0x1670 [ 85.139395][ T5320] block_read_full_folio+0x29f/0x830 [ 85.142070][ T5320] filemap_read_folio+0x137/0x3b0 [ 85.144593][ T5320] do_read_cache_folio+0x358/0x590 [ 85.147111][ T5320] read_cache_page+0x5d/0x170 [ 85.149986][ T5320] hfsplus_block_allocate+0xf3/0xce0 [ 85.153306][ T5320] hfsplus_file_extend+0xb2d/0x1d70 [ 85.156735][ T5320] hfsplus_get_block+0x42c/0x1670 [ 85.159351][ T5320] __block_write_begin_int+0x6c6/0x1910 [ 85.161946][ T5320] cont_write_begin+0x737/0xae0 [ 85.164344][ T5320] hfsplus_write_begin+0x66/0xb0 [ 85.166755][ T5320] cont_write_begin+0x7cc/0xae0 [ 85.168968][ T5320] hfsplus_write_begin+0x66/0xb0 [ 85.171042][ T5320] generic_perform_write+0x2e2/0x8f0 [ 85.173255][ T5320] generic_file_write_iter+0x14a/0x680 [ 85.175804][ T5320] aio_write+0x5cd/0x870 [ 85.177968][ T5320] io_submit_one+0x7bb/0x14c0 [ 85.180005][ T5320] __se_sys_io_submit+0x195/0x340 [ 85.182134][ T5320] do_syscall_64+0x14d/0xf80 [ 85.184251][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.187074][ T5320] [ 85.187074][ T5320] -> #0 (&sbi->alloc_mutex){+.+.}-{4:4}: [ 85.190343][ T5320] __lock_acquire+0x15a5/0x2cf0 [ 85.192780][ T5320] lock_acquire+0xf0/0x2e0 [ 85.195533][ T5320] __mutex_lock+0x19f/0x1300 [ 85.197869][ T5320] hfsplus_block_free+0xc7/0x630 [ 85.200775][ T5320] hfsplus_free_extents+0x121/0xa50 [ 85.203248][ T5320] hfsplus_file_truncate+0x762/0xc30 [ 85.205852][ T5320] hfsplus_delete_inode+0x180/0x230 [ 85.208588][ T5320] hfsplus_unlink+0x4ee/0x930 [ 85.210775][ T5320] vfs_unlink+0x272/0x6c0 [ 85.212825][ T5320] filename_unlinkat+0x3cd/0x610 [ 85.215133][ T5320] __se_sys_unlink+0x2e/0x140 [ 85.217951][ T5320] do_syscall_64+0x14d/0xf80 [ 85.220819][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.223753][ T5320] [ 85.223753][ T5320] other info that might help us debug this: [ 85.223753][ T5320] [ 85.227889][ T5320] Possible unsafe locking scenario: [ 85.227889][ T5320] [ 85.230768][ T5320] CPU0 CPU1 [ 85.232965][ T5320] ---- ---- [ 85.235746][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.239549][ T5320] lock(&sbi->alloc_mutex); [ 85.242915][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.246282][ T5320] lock(&sbi->alloc_mutex); [ 85.248168][ T5320] [ 85.248168][ T5320] *** DEADLOCK *** [ 85.248168][ T5320] [ 85.251306][ T5320] 5 locks held by syz.0.0/5320: [ 85.253303][ T5320] #0: ffff8880126c0420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 85.257401][ T5320] #1: ffff8880120a9df8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_unlinkat+0x2a7/0x610 [ 85.262372][ T5320] #2: ffff8880120a9738 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: vfs_unlink+0xed/0x6c0 [ 85.267050][ T5320] #3: ffff888042d7f198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x182/0x930 [ 85.271128][ T5320] #4: ffff8880120a9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 85.276573][ T5320] [ 85.276573][ T5320] stack backtrace: [ 85.279825][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.279848][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.279856][ T5320] Call Trace: [ 85.279864][ T5320] [ 85.279895][ T5320] dump_stack_lvl+0xe8/0x150 [ 85.279937][ T5320] print_circular_bug+0x2e1/0x300 [ 85.279958][ T5320] check_noncircular+0x12e/0x150 [ 85.279979][ T5320] __lock_acquire+0x15a5/0x2cf0 [ 85.279994][ T5320] ? lockdep_unlock+0x5d/0xd0 [ 85.280031][ T5320] ? __lock_acquire+0x146e/0x2cf0 [ 85.280046][ T5320] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.280068][ T5320] lock_acquire+0xf0/0x2e0 [ 85.280080][ T5320] ? hfsplus_block_free+0xc7/0x630 [ 85.280101][ T5320] __mutex_lock+0x19f/0x1300 [ 85.280112][ T5320] ? hfsplus_block_free+0xc7/0x630 [ 85.280129][ T5320] ? rcu_is_watching+0x15/0xb0 [ 85.280143][ T5320] ? trace_contention_end+0x3d/0x150 [ 85.280162][ T5320] ? __mutex_lock+0x319/0x1300 [ 85.280171][ T5320] ? hfsplus_block_free+0xc7/0x630 [ 85.280186][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 85.280202][ T5320] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 85.280220][ T5320] hfsplus_block_free+0xc7/0x630 [ 85.280237][ T5320] ? __kmalloc_noprof+0x37d/0x760 [ 85.280257][ T5320] ? hfsplus_free_extents+0x2a/0xa50 [ 85.280277][ T5320] hfsplus_free_extents+0x121/0xa50 [ 85.280293][ T5320] hfsplus_file_truncate+0x762/0xc30 [ 85.280310][ T5320] ? hfsplus_delete_cat+0x860/0xe80 [ 85.280320][ T5320] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 85.280337][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 85.280349][ T5320] hfsplus_delete_inode+0x180/0x230 [ 85.280365][ T5320] hfsplus_unlink+0x4ee/0x930 [ 85.280376][ T5320] ? __pfx_hfsplus_unlink+0x10/0x10 [ 85.280387][ T5320] ? __pfx_down_write+0x10/0x10 [ 85.280397][ T5320] ? try_break_deleg+0x5b/0x180 [ 85.280415][ T5320] vfs_unlink+0x272/0x6c0 [ 85.280426][ T5320] filename_unlinkat+0x3cd/0x610 [ 85.280437][ T5320] ? __pfx_filename_unlinkat+0x10/0x10 [ 85.280451][ T5320] ? do_getname+0x151/0x250 [ 85.280462][ T5320] __se_sys_unlink+0x2e/0x140 [ 85.280473][ T5320] do_syscall_64+0x14d/0xf80 [ 85.280491][ T5320] ? trace_irq_disable+0x3b/0x150 [ 85.280507][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.280518][ T5320] ? clear_bhb_loop+0x40/0x90 [ 85.280532][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.280543][ T5320] RIP: 0033:0x7f151739c799 [ 85.280611][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.280623][ T5320] RSP: 002b:00007f1518227fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 85.280642][ T5320] RAX: ffffffffffffffda RBX: 00007f1517615fa0 RCX: 00007f151739c799 [ 85.280651][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 85.280658][ T5320] RBP: 00007f1517432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 85.280668][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.280678][ T5320] R13: 00007f1517616038 R14: 00007f1517615fa0 R15: 00007ffe77b8a588 [ 85.280688][ T5320] [ 85.444441][ T5320] hfsplus: unable to mark blocks free: error -5 [ 85.447070][ T5320] hfsplus: can't free extent: start 131, count 2