program: shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ff8000/0x4000)=nil) r0 = shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r2 = syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r4 = creat(&(0x7f0000000600)='./bus\x00', 0x6) write$P9_RSETATTR(r3, &(0x7f00000000c0)={0x7, 0x1b, 0x2}, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0xee86}}, './bus\x00'}) ioctl$UDMABUF_CREATE_LIST(r5, 0x40087543, &(0x7f0000000240)={0x1, 0x4, [{r3, 0x0, 0x8000, 0xfffff000}, {r3, 0x0, 0x1000000000000, 0x100000000}, {r4, 0x0, 0x8000, 0xfffffffff0000000}, {r3, 0x0, 0x4000, 0x100000000}]}) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x5, 0xeb1, &(0x7f0000001e40)="$eJzs3U9sHFcZAPA3639J7MbrNlC3pUloCWkDOMHJodxSKQKpqqpeuKdK4yTCDREph1aJ4nIKEoeiqJciDkXNDSkckGiFhCIkJP70wJlTBRcQClKkXIgUG9l5b71+ybDrsT0b7/5+0rdv37zZ+b7xRs7MePZtAAZWY+Xx2LHpIoQPPr124jtXFn+zvGxfa439K49F7DVDCCNt/SLb3udxwb3bl04tt4tZW4TZlcc0Hl671XrteAhhIewPN0Mz7DvUvHN16NW56x9+dvDyhVfObtHuAwDAQLnx5/m/vfjPP3196u6NvcfDWGt5Oj5vxv54PO4/Eo/v03F/I6ztF23RbjRbbyhGI1tvKFtvOMszXJJvJNvOSMl6ox3yDbUte9h+AgAAwHaUzmuboWjMrOk3GjMz98/7l30+OVrMnD83P3exR4UCAAAAld25snLTrRBCCCGEEEIIIfo4liZ7fQUCAAAAGDRp3oHW/GC5hXxmgY1pba3ZXf5bLzce/nrYBHX/+5d/e+X/+D2/cQAAqK5fjybTfqXj6DSPQT6P4FD2uvUe/zey7Qyvs86yeQW3y3yDZXXmP9dHVVn9630fe6Ws/nw+zEdVWf35PJ2PqrL6x2quo6qy+nfUXEdVZfXvrLmOqsrq31VzHVWV1T9ecx1VldU/UXMdVZXV/1jNdVRVVv/umuuoqqz+7XJbbVn9zZrrqKqs/qma66iqrP7Ha66jqrL6n6i5jqrK6t9Tcx298mxs089hbzbefv6cn9Ntl3M8AAAAGHT/Nf+fEEIIIYQQQgjR93Gl1xcgAAAAgJ5LnwtIn3pfitL4UIfx4Q7jIx3GRzuMj3UYBwAAAEL47dW5p94vVj/nv9H58NK8UWn+pfXOY5TPR7je/Bud92yj+bfLvGUAAAAMluLbNxcPnfjo7am7N/Yebzv7XYznu2ke0OF4beCT2E/3BUxk/SKdQx9fm6dRsl5+feCxsu29vsEdBQAAgAGWzt+boWjMtJ13N0OjMTOzej4+HUaKuXPzp4/Efvp+lj9OjowtL/9mzXUDAAAA3Vs933/4+X/6Ht/pMFrMnD83P3fxfn+itXyk0X5dYHJ1edF+XaCZLZ8tWX409tP3d56d3LmyfObU9+ff3OydBwAAgAFx8Z13v/fG/PzpH3jiiSeetJ70+jcTAACw2a7/49pffnh04nf3P/+/Ov9d+vz//thvxrn9/hpXSPcJpM8BPPB5/ZNr80yWrXdh7XrNbL2hGGNZ3TvathPa5htMr5sqy9dcu53RknzjWb6JLF8+T8Fwtn7Ktztbns9PmNabzJbn8zAOZzmKLP9zAQAAAModfvutC4cvvvPuN8699caZ02dOnz96ZPZbsy/Nzh6bPbxyX//h9rv7AQAAgO1o9abfXlcCAAAAAAAAAAAAAAAAAAAAg6uOrxPr9T4CAADAoPvPlRDCghBCCCGEEEIIIfo5lpbyb5oHAAAA2Fr3bl861d4+YKHY1HytrTXvN4sxb2r/cODnB5YjrXbr5bXXS3ZtajUMurr//cu/vfJ//N7m5t+RnnT9+6+xdgPHq+X96k//9UJ7/qeHu8yf7//r1fIfzPIfDN3lX/ooy3+yWv4Xsvy7usz/wP5fqJb/xZh/OtXzfLf5177/Y7FN+7Gzy/yHsv1/M3SbP9v/ZpcJM1+L+QFgEDV6XcAWSUcJ6Th6PPbT/sbDzZDf/bDe4/9Gtp3hDVe+drvpOOjJ2E/HSxNZ3mS99Y9n23usYp257XJXSVn9m/U+brWy+kdqrqOqsvpHa66jqrL6x2quo6qy+nfUXEdVZfV3ex7aa2X1b5frymX1j9dcR1Vl9U/UXEdVZfWv9//xXimrf3fNdVRVVv9kzXVUVVZ/xctqtSurf6rmOqoqq//xmuuoqqz+J2quo6qy+vfUXEevPBPbsvPhdP45GcdSv5n1xx7ys+zXawsAAACw3fzb/H9CCCGEEEIIIUTfx9JSr69A0Etb+2lmAB5Vfv8PNu//YPP+DzbvP/9Puoe/yPrJUIfx4Q7jIx3GR7Px/N/rWIfxJ7LtLkVpfE+H8S90GN/dYfzJDuPTHcaf6jD+dIfxZzqMAwAAMBi+GFvnhwAAANC/Lv/yk5/8+uDJ21N3b+w9HkYfmHf+SOyPxb+tX439fN77ZCT+zf9Hsf+L2P4+tn/P1nf/CQAAAGy99D0x/v4PAAAA/St9T6nzfwAAAOhfU7F1/g8AAAD96/HYOv8HAACAPlbsePji2KbrAs/Fttt5/QCAR9+XYvtsbPfGdl9svxzbdBzwfGy/UlN9AMDm+dl3f/zS+8XqfP9Hs/F7cXlqH7Bw/0pB0Vg7k//O2O6K7YEu68m/D6Db/MnuLvNsVf7JDeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPpHY+Xx2LHpIoQPPr12YvLyiTPLy/a11ti/8ljEXjOEMNJ6XRpd7f8qrnjv9qVTy+1ibJdiW4TZUISiNR5eu9XKNB5CWAj7w83QDPsONe9cHXp17vqHnx28fOGVs1v4IwAAAIC+978AAAD//8YJKhE=") r6 = open(&(0x7f0000000000)='./bus\x00', 0x14d27e, 0x0) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) ioctl$EXT4_IOC_GET_ES_CACHE(r6, 0xc020660b, &(0x7f00000001c0)={0x1, 0xb5c, 0x0, 0x401}) pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8080c61) creat(&(0x7f0000000300)='./bus\x00', 0x4) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x200) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) write$tun(r8, &(0x7f0000000140)=ANY=[@ANYBLOB="000008000100000000001400000045008043e0882a187e3f68780a010100ac1414aa040090780000009c673a3517d7c79f90e43e49c90045000000000000"], 0xfdef) shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000001000/0x2000)=nil) shmdt(r0) [ 91.094016][ T45] Bluetooth: hci0: command tx timeout [ 91.281306][ T24] audit: type=1800 audit(1771693185.449:2): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 91.296011][ T5321] loop0: detected capacity change from 0 to 64 [ 91.311974][ T5321] ======================================================= [ 91.311974][ T5321] WARNING: The mand mount option has been deprecated and [ 91.311974][ T5321] and is ignored by this kernel. Remove the mand [ 91.311974][ T5321] option from the mount to silence this warning. [ 91.311974][ T5321] ======================================================= [ 92.189864][ T5321] hfs: request for non-existent node 8 in B*Tree [ 92.192878][ T5321] hfs: request for non-existent node 8 in B*Tree [ 92.203554][ T10] cfg80211: failed to load regulatory.db [ 92.240748][ T5321] [ 92.241824][ T5321] ====================================================== [ 92.244591][ T5321] WARNING: possible circular locking dependency detected [ 92.247283][ T5321] syzkaller #0 Not tainted [ 92.249193][ T5321] ------------------------------------------------------ [ 92.252325][ T5321] syz.0.0/5321 is trying to acquire lock: [ 92.254778][ T5321] ffff888041b900b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 92.258936][ T5321] [ 92.258936][ T5321] but task is already holding lock: [ 92.262225][ T5321] ffff8880428c41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 92.266827][ T5321] [ 92.266827][ T5321] which lock already depends on the new lock. [ 92.266827][ T5321] [ 92.271311][ T5321] [ 92.271311][ T5321] the existing dependency chain (in reverse order) is: [ 92.275138][ T5321] [ 92.275138][ T5321] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 92.279141][ T5321] __mutex_lock+0x19f/0x1300 [ 92.281440][ T5321] hfs_extend_file+0xf2/0x15e0 [ 92.283782][ T5321] hfs_bmap_reserve+0x107/0x430 [ 92.292252][ T5321] __hfs_ext_write_extent+0x1fa/0x470 [ 92.294959][ T5321] __hfs_ext_cache_extent+0x6b/0x9b0 [ 92.297125][ T5321] hfs_extend_file+0x39b/0x15e0 [ 92.299108][ T5321] hfs_get_block+0x412/0xc50 [ 92.301146][ T5321] __block_write_begin_int+0x6c6/0x1910 [ 92.303690][ T5321] cont_write_begin+0x737/0xae0 [ 92.306309][ T5321] hfs_write_begin+0x66/0xb0 [ 92.308967][ T5321] cont_write_begin+0x2e7/0xae0 [ 92.311436][ T5321] hfs_write_begin+0x66/0xb0 [ 92.313682][ T5321] generic_perform_write+0x2e2/0x8f0 [ 92.316178][ T5321] generic_file_write_iter+0x14a/0x680 [ 92.318558][ T5321] vfs_write+0x61d/0xb90 [ 92.320516][ T5321] __x64_sys_pwrite64+0x199/0x230 [ 92.322768][ T5321] do_syscall_64+0x14d/0xf80 [ 92.324902][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.327451][ T5321] [ 92.327451][ T5321] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 92.330826][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 92.332997][ T5321] lock_acquire+0xf0/0x2e0 [ 92.334833][ T5321] __mutex_lock+0x19f/0x1300 [ 92.336820][ T5321] hfs_find_init+0x18e/0x300 [ 92.338864][ T5321] hfs_extend_file+0x35c/0x15e0 [ 92.341132][ T5321] hfs_bmap_reserve+0x107/0x430 [ 92.343285][ T5321] hfs_cat_create+0x20f/0x800 [ 92.345356][ T5321] hfs_create+0x75/0xe0 [ 92.347319][ T5321] path_openat+0x1395/0x3860 [ 92.349628][ T5321] do_file_open+0x23e/0x4a0 [ 92.351872][ T5321] do_sys_openat2+0x113/0x200 [ 92.354051][ T5321] __x64_sys_creat+0x8f/0xc0 [ 92.356087][ T5321] do_syscall_64+0x14d/0xf80 [ 92.358419][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.361102][ T5321] [ 92.361102][ T5321] other info that might help us debug this: [ 92.361102][ T5321] [ 92.365229][ T5321] Possible unsafe locking scenario: [ 92.365229][ T5321] [ 92.368416][ T5321] CPU0 CPU1 [ 92.370806][ T5321] ---- ---- [ 92.373229][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 92.375644][ T5321] lock(&tree->tree_lock/1); [ 92.378745][ T5321] lock(&HFS_I(tree->inode)->extents_lock); [ 92.382546][ T5321] lock(&tree->tree_lock/1); [ 92.384585][ T5321] [ 92.384585][ T5321] *** DEADLOCK *** [ 92.384585][ T5321] [ 92.387933][ T5321] 4 locks held by syz.0.0/5321: [ 92.389940][ T5321] #0: ffff888032eee420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 92.393710][ T5321] #1: ffff8880428c3d20 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 92.397662][ T5321] #2: ffff88801221c0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 92.401749][ T5321] #3: ffff8880428c41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 92.406288][ T5321] [ 92.406288][ T5321] stack backtrace: [ 92.408757][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.408770][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.408829][ T5321] Call Trace: [ 92.408948][ T5321] [ 92.408955][ T5321] dump_stack_lvl+0xe8/0x150 [ 92.409017][ T5321] print_circular_bug+0x2e1/0x300 [ 92.409054][ T5321] check_noncircular+0x12e/0x150 [ 92.409075][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 92.409092][ T5321] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 92.409113][ T5321] ? kasan_save_track+0x4f/0x80 [ 92.409131][ T5321] ? kasan_save_track+0x3e/0x80 [ 92.409146][ T5321] ? __kasan_kmalloc+0x93/0xb0 [ 92.409161][ T5321] ? __kmalloc_noprof+0x35c/0x760 [ 92.409176][ T5321] ? hfs_find_init+0xaa/0x300 [ 92.409191][ T5321] ? hfs_extend_file+0x35c/0x15e0 [ 92.409202][ T5321] ? hfs_bmap_reserve+0x107/0x430 [ 92.409213][ T5321] lock_acquire+0xf0/0x2e0 [ 92.409226][ T5321] ? hfs_find_init+0x18e/0x300 [ 92.409242][ T5321] __mutex_lock+0x19f/0x1300 [ 92.409276][ T5321] ? hfs_find_init+0x18e/0x300 [ 92.409294][ T5321] ? hfs_find_init+0x18e/0x300 [ 92.409310][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 92.409328][ T5321] ? rcu_is_watching+0x15/0xb0 [ 92.409347][ T5321] ? __kmalloc_noprof+0x37d/0x760 [ 92.409364][ T5321] ? kasan_save_track+0x4f/0x80 [ 92.409381][ T5321] ? hfs_find_init+0xaa/0x300 [ 92.409393][ T5321] ? __kmalloc_noprof+0x1b8/0x760 [ 92.409409][ T5321] hfs_find_init+0x18e/0x300 [ 92.409454][ T5321] hfs_extend_file+0x35c/0x15e0 [ 92.409469][ T5321] ? __pfx_hfs_extend_file+0x10/0x10 [ 92.409482][ T5321] ? __mutex_lock+0x319/0x1300 [ 92.409501][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 92.409517][ T5321] ? rcu_is_watching+0x15/0xb0 [ 92.409534][ T5321] hfs_bmap_reserve+0x107/0x430 [ 92.409547][ T5321] hfs_cat_create+0x20f/0x800 [ 92.409557][ T5321] ? do_raw_spin_lock+0x12b/0x2f0 [ 92.409568][ T5321] ? __pfx_hfs_cat_create+0x10/0x10 [ 92.409581][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 92.409593][ T5321] ? hfs_new_inode+0x92d/0xc70 [ 92.409608][ T5321] hfs_create+0x75/0xe0 [ 92.409618][ T5321] ? __pfx_hfs_create+0x10/0x10 [ 92.409628][ T5321] path_openat+0x1395/0x3860 [ 92.409670][ T5321] ? __pfx_path_openat+0x10/0x10 [ 92.409686][ T5321] ? __x64_sys_creat+0x8f/0xc0 [ 92.409702][ T5321] ? __lock_acquire+0x6b5/0x2cf0 [ 92.409718][ T5321] do_file_open+0x23e/0x4a0 [ 92.409734][ T5321] ? __pfx_do_file_open+0x10/0x10 [ 92.409753][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 92.409766][ T5321] ? alloc_fd+0x64b/0x6c0 [ 92.409781][ T5321] do_sys_openat2+0x113/0x200 [ 92.409793][ T5321] ? __se_sys_futex+0x3a8/0x450 [ 92.409817][ T5321] ? __pfx_do_sys_openat2+0x10/0x10 [ 92.409831][ T5321] ? rcu_is_watching+0x15/0xb0 [ 92.409847][ T5321] __x64_sys_creat+0x8f/0xc0 [ 92.409865][ T5321] do_syscall_64+0x14d/0xf80 [ 92.409892][ T5321] ? trace_irq_disable+0x3b/0x150 [ 92.409909][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.409926][ T5321] ? clear_bhb_loop+0x40/0x90 [ 92.409937][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.409969][ T5321] RIP: 0033:0x7f5a8b39c629 [ 92.410173][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.410184][ T5321] RSP: 002b:00007f5a8c234028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 92.410198][ T5321] RAX: ffffffffffffffda RBX: 00007f5a8b615fa0 RCX: 00007f5a8b39c629 [ 92.410208][ T5321] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000300 [ 92.410215][ T5321] RBP: 00007f5a8b432b39 R08: 0000000000000000 R09: 0000000000000000 [ 92.410222][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.410230][ T5321] R13: 00007f5a8b616038 R14: 00007f5a8b615fa0 R15: 00007ffdce6b7f98 [ 92.410241][ T5321] [ 92.571664][ T5321] syz.0.0: attempt to access beyond end of device [ 92.571664][ T5321] loop0: rw=8388608, sector=27869, nr_sectors = 1 limit=64 [ 92.577375][ T5321] Buffer I/O error on dev loop0, logical block 27869, async page read [ 92.616477][ T5321] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 92.620661][ T5321] syzkaller1: entered promiscuous mode [ 92.623046][ T5321] syzkaller1: entered allmulticast mode [ 93.113416][ T4661] Bluetooth: hci0: command tx timeout