program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth1_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x67, 0x2, {{0x0, 0x101, 0x0, 0x0, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffff9, 0xfffffffc}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r4, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000300)=[{&(0x7f00000004c0)="8ee9", 0x2}], 0x1}}], 0x1, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x502}) syz_mount_image$hfsplus(&(0x7f0000000380), &(0x7f0000000240)='./file1\x00', 0x8008, &(0x7f00000003c0)=ANY=[], 0xfd, 0x652, &(0x7f0000000640)="$eJzs3c1vXFcZB+DfnUycTCipmyZtQJVqNRIgLBJ/yC1mQ0AIeVGhqixYW4nTWJmkxXaRWyFqvrdd9A8oC+9YIbGPVDZsYNetV6gSEptuMKtBc+fOeGKPXU+bzNjwPNGdc86ce899z3s/xjOjaAL831qaTv1hiixNv7rZbu9szzd3tufvd+tJziXZSupJakmKf7darY+Sm0nRG6bYVx7wweri6x9/uvNJp1WvlnL92lHbHc9WtWQqyZmqfFzj3frC4xW9Gd5Mcq0qYezOJmk94qd/farX06cxaOvzI4kReLKKzuvmAZPJhVpfe6tT1EYU1hOzNe4AAAAAYASe3s1uNouL444DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAToutvd//r6rl7/sXxVYyleJCkvNJJqq+VPWT5cXhVn/4pOIAAAAAAAAAgBF6cTe72czFbrtVlN/5v1Q2LpePX8rbWc9K1nI9m1nORjayltkkk30DTWwub2yszR5jy7mBW859RqDnqrLxeOYNAAAAAAAAAP9jfpWlve//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgJCiSM52iXC5365Op1ZOcTzLRXm8r+Xu3fpo9HHcAAAAAMAJP72Y3m7nYbbeK8j3/c+X7/vN5Ow+ykdVspJmV3C4/C+i866/tbM83d7bn77eXg+N+719DhVGOmM5nD4P3fLVco5E7WS2fuZ5beTPN3E6t3LLtahVPd9R9cf2yHVPx3coxI7tdle2Zv1+VB7w31GQHeWX4D1Mmy4yc7WVkpoqtnY1nukdm8BEa8ujs39Nsar1gL+/b075JDMp5UX58dIQL6a2Y3x2W87HYn4m5vrPvuaNznnz9z3/8yd3mg3t376xPl1P6x8jj/9zOVGWrfGwczMR8XyaeHzoTp9lMmYkrvfZSfpgfZzpTeS1rWc3PspyNrGQqPyhry9X5XPRd8vsz1ercUW4+sqPXPiuSieoM7Rys4WJ6qdz2Ylbzo7yZ21nJy+W/uczmlSxkIYt9R/jK0Ue4vOprh9xpW18eGPy1b1SVRpLfV+XJ0M7rM3157b/nTpZ9/c/sZenSMbI05OtR/atVpb2PX1flybA/E7N9mXj26Ez8obytrDcf3Fu7u/zW8XZ36f2q0r6OfnuiXiXa58ul9sEqW4+eHe2+Zwf2zZZ9l3t9tQN9V3p9nSt169ArdaL6G+7gSHNl3/MD++bLvqt9fYP+3gLgxLvwzQsTjX82/tb4sPGbxt3Gq+e/f+7b516YyNm/nP1OfebM12ovFH/Kh/nF3vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg81t/5917y83mytq+SqvVeu+QrtNc6f6c2Qh3+pWnkhMx97FW/tNqtapnipHvvZ4hD0GrciJSN6bKmG9MwBN3Y+P+WzfW33n3W6v3l99YeWPlweLCwuLM4sLL8zfurDZXZjqPAzetjzxY4LHae9Evm0P+FDUAAAAAAAAAAAAwDqP47wTjniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwui1Np/4wRWZnrs+02zvb88320q3vrVlPUktS/DwpPkpuprNksm+44rD9fLC6+PrHn+58sjdWvbt+7ajtjmerWjKV5ExVPq7xbn3h8YreDNsJu9ZNHIzbfwMAAP//MIMRUg==") lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000200), 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) pidfd_getfd(0xffffffffffffffff, r5, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301010009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_control_io(r10, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) r11 = syz_open_dev$evdev(&(0x7f0000005e80), 0x4, 0x42) ioctl$EVIOCSKEYCODE_V2(r11, 0x40284504, &(0x7f0000000080)={0x9, 0x14, 0x2002, 0x7, "a2196bf0ae9048ced3900813726203ea0337b065c6b388e3cdf73cb18bfd1b04"}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000001fc0)=ANY=[@ANYBLOB="45000000060000000000000000000000000000000000000000000000000000001c000000000000002f7379732f6b65726e65010000000000000073794e632f696e666f0000"], 0x45) [ 59.453094][ T4670] Bluetooth: hci0: command tx timeout [ 59.468942][ T5320] netlink: 40 bytes leftover after parsing attributes in process `syz.0.0'. [ 59.484262][ T5320] loop0: detected capacity change from 0 to 1024 [ 59.509318][ T5320] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 59.524287][ T5320] [ 59.525285][ T5320] ============================================ [ 59.527719][ T5320] WARNING: possible recursive locking detected [ 59.530025][ T5320] 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 Not tainted [ 59.532626][ T5320] -------------------------------------------- [ 59.534916][ T5320] syz.0.0/5320 is trying to acquire lock: [ 59.537109][ T5320] ffff88804ff9c108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 59.541196][ T5320] [ 59.541196][ T5320] but task is already holding lock: [ 59.544022][ T5320] ffff88804ff9ce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 59.548126][ T5320] [ 59.548126][ T5320] other info that might help us debug this: [ 59.550851][ T5320] Possible unsafe locking scenario: [ 59.550851][ T5320] [ 59.553441][ T5320] CPU0 [ 59.554596][ T5320] ---- [ 59.555739][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 59.557631][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 59.559654][ T5320] [ 59.559654][ T5320] *** DEADLOCK *** [ 59.559654][ T5320] [ 59.562354][ T5320] May be due to missing lock nesting notation [ 59.562354][ T5320] [ 59.565418][ T5320] 6 locks held by syz.0.0/5320: [ 59.567245][ T5320] #0: ffff8880438c0420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 59.570645][ T5320] #1: ffff88804ff9e4b8 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}, at: vfs_setxattr+0x1e1/0x430 [ 59.574573][ T5320] #2: ffff888042f8c0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.578283][ T5320] #3: ffff888042f8e0b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.582005][ T5320] #4: ffff88804ff9ce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 59.586058][ T5320] #5: ffff888042f8a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.589744][ T5320] [ 59.589744][ T5320] stack backtrace: [ 59.591876][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 59.595696][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.599616][ T5320] Call Trace: [ 59.600875][ T5320] [ 59.601932][ T5320] dump_stack_lvl+0x241/0x360 [ 59.603694][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.605682][ T5320] ? __pfx__printk+0x10/0x10 [ 59.607449][ T5320] ? lockdep_unlock+0x16a/0x300 [ 59.609259][ T5320] print_deadlock_bug+0x483/0x620 [ 59.611110][ T5320] validate_chain+0x15e2/0x5920 [ 59.612931][ T5320] ? 0xffffffffa0001adc [ 59.614482][ T5320] ? unwind_get_return_address+0x4d/0x90 [ 59.616418][ T5320] ? arch_stack_walk+0xfd/0x150 [ 59.618215][ T5320] ? __pfx_validate_chain+0x10/0x10 [ 59.620163][ T5320] ? stack_trace_save+0x118/0x1d0 [ 59.622136][ T5320] ? __pfx_stack_trace_save+0x10/0x10 [ 59.624228][ T5320] ? check_noncircular+0x259/0x4a0 [ 59.626129][ T5320] ? look_up_lock_class+0x77/0x170 [ 59.628101][ T5320] ? register_lock_class+0x102/0x980 [ 59.630097][ T5320] ? lockdep_unlock+0x16a/0x300 [ 59.631965][ T5320] ? __pfx_register_lock_class+0x10/0x10 [ 59.634051][ T5320] ? mark_lock+0x9a/0x360 [ 59.635657][ T5320] __lock_acquire+0x1384/0x2050 [ 59.637742][ T5320] lock_acquire+0x1ed/0x550 [ 59.639681][ T5320] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.641670][ T5320] ? __pfx_lock_acquire+0x10/0x10 [ 59.643629][ T5320] ? __pfx___might_resched+0x10/0x10 [ 59.645607][ T5320] __mutex_lock+0x136/0xd70 [ 59.647577][ T5320] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.649651][ T5320] ? mark_lock+0x2ae/0x360 [ 59.651361][ T5320] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.653557][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 59.655439][ T5320] hfsplus_file_extend+0x21b/0x1b70 [ 59.657315][ T5320] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 59.659296][ T5320] ? __mutex_trylock_common+0x183/0x2e0 [ 59.661313][ T5320] ? __pfx___might_resched+0x10/0x10 [ 59.663278][ T5320] ? __pfx___mutex_trylock_common+0x10/0x10 [ 59.665554][ T5320] ? rcu_is_watching+0x15/0xb0 [ 59.667397][ T5320] ? hfsplus_brec_find+0x19d/0x570 [ 59.669387][ T5320] ? __mutex_lock+0x2ef/0xd70 [ 59.671247][ T5320] hfsplus_bmap_reserve+0x105/0x4e0 [ 59.673212][ T5320] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 59.675309][ T5320] __hfsplus_ext_cache_extent+0x84/0xe10 [ 59.677412][ T5320] hfsplus_file_extend+0x48c/0x1b70 [ 59.679335][ T5320] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 59.681436][ T5320] ? rcu_is_watching+0x15/0xb0 [ 59.683200][ T5320] ? trace_contention_end+0x3c/0x120 [ 59.685111][ T5320] ? __mutex_lock+0x2ef/0xd70 [ 59.686883][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 59.688761][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 59.690754][ T5320] hfsplus_bmap_reserve+0x105/0x4e0 [ 59.692747][ T5320] hfsplus_create_attr+0x1c8/0x640 [ 59.694680][ T5320] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 59.696786][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 59.698646][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 59.700585][ T5320] __hfsplus_setxattr+0x6fe/0x22d0 [ 59.702522][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.704942][ T5320] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 59.707368][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 59.709380][ T5320] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 59.711589][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 59.713908][ T5320] ? stack_trace_save+0x118/0x1d0 [ 59.715791][ T5320] ? stack_depot_save_flags+0x6e4/0x830 [ 59.717807][ T5320] ? __kasan_kmalloc+0x98/0xb0 [ 59.719582][ T5320] ? hfsplus_setxattr+0x68/0xe0 [ 59.721364][ T5320] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 59.723392][ T5320] hfsplus_setxattr+0xb0/0xe0 [ 59.725137][ T5320] hfsplus_trusted_setxattr+0x40/0x60 [ 59.727093][ T5320] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 59.729281][ T5320] __vfs_setxattr+0x468/0x4a0 [ 59.731046][ T5320] __vfs_setxattr_noperm+0x12e/0x660 [ 59.732820][ T5320] vfs_setxattr+0x221/0x430 [ 59.734378][ T5320] ? __pfx_vfs_setxattr+0x10/0x10 [ 59.736073][ T5320] path_setxattr+0x37e/0x4d0 [ 59.737621][ T5320] ? __pfx_path_setxattr+0x10/0x10 [ 59.739521][ T5320] ? do_futex+0x392/0x560 [ 59.741106][ T5320] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.743344][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.745712][ T5320] ? do_syscall_64+0x100/0x230 [ 59.747519][ T5320] __x64_sys_lsetxattr+0xb8/0xd0 [ 59.749382][ T5320] do_syscall_64+0xf3/0x230 [ 59.751111][ T5320] ? clear_bhb_loop+0x35/0x90 [ 59.752893][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.755100][ T5320] RIP: 0033:0x7f12ea57e719 [ 59.756817][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.763913][ T5320] RSP: 002b:00007f12eb2d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 59.766848][ T5320] RAX: ffffffffffffffda RBX: 00007f12ea735f80 RCX: 00007f12ea57e719 [ 59.769934][ T5320] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000040 [ 59.772909][ T5320] RBP: 00007f12ea5f139e R08: 0000000000000000 R09: 0000000000000000 [ 59.775893][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.778891][ T5320] R13: 0000000000000000 R14: 00007f12ea735f80 R15: 00007ffc4ebb4af8 [ 59.781775][ T5320] [ 60.087206][ T785] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 60.238525][ T785] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.242656][ T785] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.246620][ T785] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 60.250393][ T785] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.259419][ T785] usb 5-1: config 0 descriptor?? [ 60.878677][ T785] usbhid 5-1:0.0: can't add hid device: -71 [ 60.880872][ T785] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 60.892048][ T785] usb 5-1: USB disconnect, device number 2