program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth1_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x67, 0x2, {{0x0, 0x101, 0x0, 0x0, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffff9, 0xfffffffc}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r4, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000300)=[{&(0x7f00000004c0)="8ee9", 0x2}], 0x1}}], 0x1, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x502}) syz_mount_image$hfsplus(&(0x7f0000000380), &(0x7f0000000240)='./file1\x00', 0x8008, &(0x7f00000003c0)=ANY=[], 0xfd, 0x652, &(0x7f0000000640)="$eJzs3c1vXFcZB+DfnUycTCipmyZtQJVqNRIgLBJ/yC1mQ0AIeVGhqixYW4nTWJmkxXaRWyFqvrdd9A8oC+9YIbGPVDZsYNetV6gSEptuMKtBc+fOeGKPXU+bzNjwPNGdc86ce899z3s/xjOjaAL831qaTv1hiixNv7rZbu9szzd3tufvd+tJziXZSupJakmKf7darY+Sm0nRG6bYVx7wweri6x9/uvNJp1WvlnL92lHbHc9WtWQqyZmqfFzj3frC4xW9Gd5Mcq0qYezOJmk94qd/farX06cxaOvzI4kReLKKzuvmAZPJhVpfe6tT1EYU1hOzNe4AAAAAYASe3s1uNouL444DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAToutvd//r6rl7/sXxVYyleJCkvNJJqq+VPWT5cXhVn/4pOIAAAAAAAAAgBF6cTe72czFbrtVlN/5v1Q2LpePX8rbWc9K1nI9m1nORjayltkkk30DTWwub2yszR5jy7mBW859RqDnqrLxeOYNAAAAAAAAAP9jfpWlve//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgJCiSM52iXC5365Op1ZOcTzLRXm8r+Xu3fpo9HHcAAAAAMAJP72Y3m7nYbbeK8j3/c+X7/vN5Ow+ykdVspJmV3C4/C+i866/tbM83d7bn77eXg+N+719DhVGOmM5nD4P3fLVco5E7WS2fuZ5beTPN3E6t3LLtahVPd9R9cf2yHVPx3coxI7tdle2Zv1+VB7w31GQHeWX4D1Mmy4yc7WVkpoqtnY1nukdm8BEa8ujs39Nsar1gL+/b075JDMp5UX58dIQL6a2Y3x2W87HYn4m5vrPvuaNznnz9z3/8yd3mg3t376xPl1P6x8jj/9zOVGWrfGwczMR8XyaeHzoTp9lMmYkrvfZSfpgfZzpTeS1rWc3PspyNrGQqPyhry9X5XPRd8vsz1ercUW4+sqPXPiuSieoM7Rys4WJ6qdz2Ylbzo7yZ21nJy+W/uczmlSxkIYt9R/jK0Ue4vOprh9xpW18eGPy1b1SVRpLfV+XJ0M7rM3157b/nTpZ9/c/sZenSMbI05OtR/atVpb2PX1flybA/E7N9mXj26Ez8obytrDcf3Fu7u/zW8XZ36f2q0r6OfnuiXiXa58ul9sEqW4+eHe2+Zwf2zZZ9l3t9tQN9V3p9nSt169ArdaL6G+7gSHNl3/MD++bLvqt9fYP+3gLgxLvwzQsTjX82/tb4sPGbxt3Gq+e/f+7b516YyNm/nP1OfebM12ovFH/Kh/nF3vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg81t/5917y83mytq+SqvVeu+QrtNc6f6c2Qh3+pWnkhMx97FW/tNqtapnipHvvZ4hD0GrciJSN6bKmG9MwBN3Y+P+WzfW33n3W6v3l99YeWPlweLCwuLM4sLL8zfurDZXZjqPAzetjzxY4LHae9Evm0P+FDUAAAAAAAAAAAAwDqP47wTjniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwui1Np/4wRWZnrs+02zvb88320q3vrVlPUktS/DwpPkpuprNksm+44rD9fLC6+PrHn+58sjdWvbt+7ajtjmerWjKV5ExVPq7xbn3h8YreDNsJu9ZNHIzbfwMAAP//MIMRUg==") lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000200), 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) pidfd_getfd(0xffffffffffffffff, r5, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301010009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_control_io(r10, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) r11 = syz_open_dev$evdev(&(0x7f0000005e80), 0x4, 0x42) ioctl$EVIOCSKEYCODE_V2(r11, 0x40284504, &(0x7f0000000080)={0x9, 0x14, 0x2002, 0x7, "a2196bf0ae9048ced3900813726203ea0337b065c6b388e3cdf73cb18bfd1b04"}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000001fc0)=ANY=[@ANYBLOB="45000000060000000000000000000000000000000000000000000000000000001c000000000000002f7379732f6b65726e65010000000000000073794e632f696e666f0000"], 0x45) [ 73.652363][ T4674] Bluetooth: hci0: command tx timeout [ 73.743533][ T5322] netlink: 40 bytes leftover after parsing attributes in process `syz.0.0'. [ 73.756461][ T5322] loop0: detected capacity change from 0 to 1024 [ 73.795653][ T5322] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 73.802481][ T5322] [ 73.803568][ T5322] ============================================ [ 73.806023][ T5322] WARNING: possible recursive locking detected [ 73.808534][ T5322] 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 Not tainted [ 73.811288][ T5322] -------------------------------------------- [ 73.813723][ T5322] syz.0.0/5322 is trying to acquire lock: [ 73.815932][ T5322] ffff888050100108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 73.820163][ T5322] [ 73.820163][ T5322] but task is already holding lock: [ 73.823117][ T5322] ffff888050100e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 73.827032][ T5322] [ 73.827032][ T5322] other info that might help us debug this: [ 73.830171][ T5322] Possible unsafe locking scenario: [ 73.830171][ T5322] [ 73.833508][ T5322] CPU0 [ 73.834960][ T5322] ---- [ 73.836402][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 73.839112][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 73.841746][ T5322] [ 73.841746][ T5322] *** DEADLOCK *** [ 73.841746][ T5322] [ 73.845077][ T5322] May be due to missing lock nesting notation [ 73.845077][ T5322] [ 73.848266][ T5322] 6 locks held by syz.0.0/5322: [ 73.850047][ T5322] #0: ffff8880347ce420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 73.853594][ T5322] #1: ffff8880501024b8 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}, at: vfs_setxattr+0x1e1/0x430 [ 73.857379][ T5322] #2: ffff888043b320b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.860991][ T5322] #3: ffff888043b360b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.864707][ T5322] #4: ffff888050100e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 73.868943][ T5322] #5: ffff8880427fe0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.872684][ T5322] [ 73.872684][ T5322] stack backtrace: [ 73.874987][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 73.878903][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.882980][ T5322] Call Trace: [ 73.884323][ T5322] [ 73.885504][ T5322] dump_stack_lvl+0x241/0x360 [ 73.887353][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.889409][ T5322] ? __pfx__printk+0x10/0x10 [ 73.891176][ T5322] ? lockdep_unlock+0x16a/0x300 [ 73.893081][ T5322] print_deadlock_bug+0x483/0x620 [ 73.895066][ T5322] validate_chain+0x15e2/0x5920 [ 73.896988][ T5322] ? 0xffffffffa00007e0 [ 73.898590][ T5322] ? unwind_get_return_address+0x4d/0x90 [ 73.900568][ T5322] ? arch_stack_walk+0xfd/0x150 [ 73.902392][ T5322] ? __pfx_validate_chain+0x10/0x10 [ 73.904403][ T5322] ? stack_trace_save+0x118/0x1d0 [ 73.906290][ T5322] ? __pfx_stack_trace_save+0x10/0x10 [ 73.908293][ T5322] ? check_noncircular+0x259/0x4a0 [ 73.910321][ T5322] ? look_up_lock_class+0x77/0x170 [ 73.912227][ T5322] ? register_lock_class+0x102/0x980 [ 73.914194][ T5322] ? lockdep_unlock+0x16a/0x300 [ 73.916003][ T5322] ? __pfx_register_lock_class+0x10/0x10 [ 73.918145][ T5322] ? mark_lock+0x9a/0x360 [ 73.919777][ T5322] __lock_acquire+0x1384/0x2050 [ 73.921668][ T5322] lock_acquire+0x1ed/0x550 [ 73.923399][ T5322] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.925401][ T5322] ? __pfx_lock_acquire+0x10/0x10 [ 73.927179][ T5322] ? __pfx___might_resched+0x10/0x10 [ 73.929224][ T5322] __mutex_lock+0x136/0xd70 [ 73.931060][ T5322] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.933141][ T5322] ? mark_lock+0x2ae/0x360 [ 73.934864][ T5322] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.936875][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 73.938766][ T5322] hfsplus_file_extend+0x21b/0x1b70 [ 73.940517][ T5322] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 73.942612][ T5322] ? __mutex_trylock_common+0x183/0x2e0 [ 73.944756][ T5322] ? __pfx___might_resched+0x10/0x10 [ 73.946745][ T5322] ? __pfx___mutex_trylock_common+0x10/0x10 [ 73.948974][ T5322] ? rcu_is_watching+0x15/0xb0 [ 73.950900][ T5322] ? hfsplus_brec_find+0x19d/0x570 [ 73.952842][ T5322] ? __mutex_lock+0x2ef/0xd70 [ 73.954606][ T5322] hfsplus_bmap_reserve+0x105/0x4e0 [ 73.956600][ T5322] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 73.958777][ T5322] __hfsplus_ext_cache_extent+0x84/0xe10 [ 73.961039][ T5322] hfsplus_file_extend+0x48c/0x1b70 [ 73.962890][ T5322] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 73.964884][ T5322] ? rcu_is_watching+0x15/0xb0 [ 73.966581][ T5322] ? trace_contention_end+0x3c/0x120 [ 73.968491][ T5322] ? __mutex_lock+0x2ef/0xd70 [ 73.970289][ T5322] ? hfsplus_find_init+0x14a/0x1c0 [ 73.972218][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 73.974132][ T5322] hfsplus_bmap_reserve+0x105/0x4e0 [ 73.976111][ T5322] hfsplus_create_attr+0x1c8/0x640 [ 73.978023][ T5322] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 73.980035][ T5322] ? hfsplus_find_init+0x85/0x1c0 [ 73.981969][ T5322] ? hfsplus_find_init+0x14a/0x1c0 [ 73.983869][ T5322] __hfsplus_setxattr+0x6fe/0x22d0 [ 73.985768][ T5322] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 73.987987][ T5322] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 73.990075][ T5322] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 73.992220][ T5322] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 73.994463][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 73.996846][ T5322] ? stack_trace_save+0x118/0x1d0 [ 73.998795][ T5322] ? stack_depot_save_flags+0x6e4/0x830 [ 74.000846][ T5322] ? __kasan_kmalloc+0x98/0xb0 [ 74.002702][ T5322] ? hfsplus_setxattr+0x68/0xe0 [ 74.004562][ T5322] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 74.006635][ T5322] hfsplus_setxattr+0xb0/0xe0 [ 74.008330][ T5322] hfsplus_trusted_setxattr+0x40/0x60 [ 74.010340][ T5322] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 74.012521][ T5322] __vfs_setxattr+0x468/0x4a0 [ 74.014260][ T5322] __vfs_setxattr_noperm+0x12e/0x660 [ 74.016127][ T5322] vfs_setxattr+0x221/0x430 [ 74.017818][ T5322] ? __pfx_vfs_setxattr+0x10/0x10 [ 74.019657][ T5322] path_setxattr+0x37e/0x4d0 [ 74.021453][ T5322] ? __pfx_path_setxattr+0x10/0x10 [ 74.023442][ T5322] ? do_futex+0x392/0x560 [ 74.025091][ T5322] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.027421][ T5322] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.029801][ T5322] ? do_syscall_64+0x100/0x230 [ 74.031663][ T5322] __x64_sys_lsetxattr+0xb8/0xd0 [ 74.033625][ T5322] do_syscall_64+0xf3/0x230 [ 74.035318][ T5322] ? clear_bhb_loop+0x35/0x90 [ 74.037090][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.039301][ T5322] RIP: 0033:0x7f1972d7e719 [ 74.040976][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.048006][ T5322] RSP: 002b:00007f1973c2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 74.050980][ T5322] RAX: ffffffffffffffda RBX: 00007f1972f35f80 RCX: 00007f1972d7e719 [ 74.053816][ T5322] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000040 [ 74.056677][ T5322] RBP: 00007f1972df139e R08: 0000000000000000 R09: 0000000000000000 [ 74.059673][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.062721][ T5322] R13: 0000000000000000 R14: 00007f1972f35f80 R15: 00007fffff174668 [ 74.065615][ T5322] [ 74.347878][ T785] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.499194][ T785] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.503136][ T785] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.506223][ T785] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 74.510315][ T785] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.514412][ T785] usb 5-1: config 0 descriptor?? [ 75.127281][ T785] usbhid 5-1:0.0: can't add hid device: -71 [ 75.129592][ T785] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 75.132888][ T785] usb 5-1: USB disconnect, device number 2