program: r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) (async, rerun: 32) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async, rerun: 32) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket(0x2a, 0x2, 0x0) (async) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0xc011}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xd, 0x2}, {}, {0x0, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x892f}, @TCA_FLOWER_KEY_CT_STATE_MASK={0x6, 0x5c, 0x5}]}}]}, 0x44}}, 0x24000000) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) (async) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async, rerun: 64) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) (rerun: 64) r5 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x6) ftruncate(r5, 0x2007ffc) (async, rerun: 32) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x9, 0x6d0, &(0x7f0000001340)="$eJzs3cFvHFcdB/DvrNeOt1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitEKQAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/Y6Xif2OoHPJxrPe/Nm3vzmN29mvOusNsD/rctn0ryfIpfPvHG3rG+sL7Y31heP1M3tJGW5kTS7sxQ3k+JBslS2FwNTBubbfLx66a3PHm583q0166laf6q/3exYIY/Yx716ynzd3/zILafH6r/bVxVeXkxypZ4Pmxm3r6EVy6Sdrudw6Drb3NvL5jte78Czr/d0KrrPzW3mkhfqJ3P1O0F9d2hMLsKDsae7HAAAADynPr112BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA86f+/v+inhr1PPMpet//P9NbVpefQUtjr3n/QOMAAAAAAAAAgMn4+qM8yt0c7dU7RfU3/1NV5Xi+6CRfyvu5k5XcztnczXLWspbbOZ9kbqCjmbvLa2u3z/e3LI3e8sLILS9M6ogBAAAAAAAA4H/SL9Pa/Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8C4pkqjurpuP1PHNpNLPZlnvJP5PMHHa8e1CMWnh/8nEAAADAU5l9gm2+/CiPcjdHe/VOUb3m/0r1enk27+dm1rKatbSzkqv1a+jyVX9jY32xvbG+eKOcyvpwv9//957CmKl7mKpqo/Z8slqjlWtZrZaczZUqmKtpdPd9OjnZi2cgrgEflTEV36uNGVmzTmu5s9/v9C7Cvhh+K6LxmDVbm8El/Yws1LGVWx7rZqCo3qhJtmZi17PTHKrNVb1O9/d0Po3+Oz/HDyDnL9Tz8nh+c6A536t+JhqpMnGhN/rKa+bxmUi+8dc/vX29ffPd69funHl2DmkXUzss3zomFgcy8cpznYnmHtdfqDJxol+/nB/lJzmT+byZ21nNT7OctaykU7cv1+O5/Dn3+EwtDdXe3C2Smfq8dM/ZODHN54dVaTmnqm2PZjVFbuVqVvJ69e9CzufbuZiLuTRwhk/sGHd1bNVV39h61ffO9N9GBn/6m3WhvLv9dvMut/S4I95pdO6X7r2/zOuxgbx2R/3D/lrHBq6DhYEsvdTLzvTIzp/k3tj8al0o9/GrXZ4TkzVXZ6K8gHpPiV50L3cz0ayeRdvH+R865XZp3+x0ri+/t0P/97bUX6vn5bBa/9pua/eMPhX7qxwvL2W2vpMMj46y7eX+XWagrbM5lrttw0/ccrsTVVtR9K7UH+dWNQC2X6kz9e9w23u6ULW9MrJtsWo7OdA29PtWbqWdqxPIHwBP4h9v94tzeWGm9a/Wp61PWr9uXW+9MfuDI9858upMpv8+/d3mwtRrjVeLv+ST/Hzz9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDk7nzw4bvL7fbK7dGFxs5NQ4VWti7Zqecjo/sp6i/0GWNfz0VhNsnQkup7jiYeRmtrGNsKnV8kE89P70sER6/zu7LQ3DaiRhWWhpb8eXuHH+0xwmK86+IAC41MdqdTGT0ADvGmBEzEubUb752788GH31q9sfzOyjsrN6cvXry0cOni64vnrq22Vxa6Pw87SuAgbD70DzsSAAAAAAAAAAAAYFyjPhhw6sXdPjQy1mc8/M9CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYF9cPpPm/RQ5v3B2oaxvrC+2y6lX3lyzmaTRSIqfJcWDZCndKXMD3RX544N0Ruzn49VLb332cOPzzb6a3fWTRj3f2eNbk9yrp8wnmarnT2GovytP3V/xn94xlAn7otPpLD1dfLA//hsAAP//P3v0tA==") (rerun: 32) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000)) creat(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async, rerun: 32) rename(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000200)={&(0x7f000037a000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) [ 75.807900][ T5301] Bluetooth: hci0: command tx timeout [ 75.885978][ T5322] loop0: detected capacity change from 0 to 64 [ 75.902883][ T5322] ======================================================= [ 75.902883][ T5322] WARNING: The mand mount option has been deprecated and [ 75.902883][ T5322] and is ignored by this kernel. Remove the mand [ 75.902883][ T5322] option from the mount to silence this warning. [ 75.902883][ T5322] ======================================================= [ 76.022525][ T5322] [ 76.023676][ T5322] ============================================ [ 76.026362][ T5322] WARNING: possible recursive locking detected [ 76.029037][ T5322] syzkaller #0 Not tainted [ 76.031011][ T5322] -------------------------------------------- [ 76.033691][ T5322] syz.0.0/5322 is trying to acquire lock: [ 76.036162][ T5322] ffff8880410180f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 76.040876][ T5322] [ 76.040876][ T5322] but task is already holding lock: [ 76.044047][ T5322] ffff888041018778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 76.048828][ T5322] [ 76.048828][ T5322] other info that might help us debug this: [ 76.052293][ T5322] Possible unsafe locking scenario: [ 76.052293][ T5322] [ 76.055525][ T5322] CPU0 [ 76.057023][ T5322] ---- [ 76.058432][ T5322] lock(&HFS_I(tree->inode)->extents_lock); [ 76.060946][ T5322] lock(&HFS_I(tree->inode)->extents_lock); [ 76.063546][ T5322] [ 76.063546][ T5322] *** DEADLOCK *** [ 76.063546][ T5322] [ 76.066907][ T5322] May be due to missing lock nesting notation [ 76.066907][ T5322] [ 76.070602][ T5322] 5 locks held by syz.0.0/5322: [ 76.072814][ T5322] #0: ffff88801e9de420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 76.076704][ T5322] #1: ffff888041018fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830 [ 76.081135][ T5322] #2: ffff88803493c0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 76.085232][ T5322] #3: ffff888041018778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 76.089996][ T5322] #4: ffff88803493e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 76.095191][ T5322] [ 76.095191][ T5322] stack backtrace: [ 76.098446][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.098460][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.098467][ T5322] Call Trace: [ 76.098474][ T5322] [ 76.098479][ T5322] dump_stack_lvl+0x189/0x250 [ 76.098494][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.098504][ T5322] ? __pfx__printk+0x10/0x10 [ 76.098515][ T5322] ? print_lock_name+0xde/0x100 [ 76.098525][ T5322] print_deadlock_bug+0x28b/0x2a0 [ 76.098540][ T5322] validate_chain+0x1a3f/0x2140 [ 76.098554][ T5322] ? rcu_is_watching+0x15/0xb0 [ 76.098569][ T5322] ? rcu_is_watching+0x15/0xb0 [ 76.098582][ T5322] ? lock_release+0x4b/0x3e0 [ 76.098594][ T5322] ? lock_release+0x4b/0x3e0 [ 76.098604][ T5322] ? look_up_lock_class+0x74/0x170 [ 76.098657][ T5322] ? register_lock_class+0x51/0x320 [ 76.098668][ T5322] __lock_acquire+0xab9/0xd20 [ 76.098681][ T5322] ? hfs_extend_file+0xda/0x14c0 [ 76.098692][ T5322] lock_acquire+0x120/0x360 [ 76.098703][ T5322] ? hfs_extend_file+0xda/0x14c0 [ 76.098717][ T5322] __mutex_lock+0x187/0x1350 [ 76.098727][ T5322] ? hfs_extend_file+0xda/0x14c0 [ 76.098739][ T5322] ? lockdep_unlock+0x89/0x120 [ 76.098748][ T5322] ? hfs_extend_file+0xda/0x14c0 [ 76.098759][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 76.098772][ T5322] hfs_extend_file+0xda/0x14c0 [ 76.098786][ T5322] ? __pfx_hfs_extend_file+0x10/0x10 [ 76.098797][ T5322] ? __pfx___mutex_trylock_common+0x10/0x10 [ 76.098813][ T5322] ? rcu_is_watching+0x15/0xb0 [ 76.098825][ T5322] ? trace_contention_end+0x39/0x120 [ 76.098839][ T5322] ? __asan_memset+0x22/0x50 [ 76.098853][ T5322] ? hfs_brec_find+0x1a7/0x510 [ 76.098869][ T5322] hfs_bmap_reserve+0x107/0x430 [ 76.098882][ T5322] __hfs_ext_write_extent+0x1fa/0x470 [ 76.098893][ T5322] __hfs_ext_cache_extent+0x6b/0x9b0 [ 76.098905][ T5322] ? hfs_find_init+0x18e/0x2c0 [ 76.098919][ T5322] hfs_extend_file+0x31e/0x14c0 [ 76.098932][ T5322] ? __pfx_hfs_extend_file+0x10/0x10 [ 76.098942][ T5322] ? __mutex_lock+0x335/0x1350 [ 76.098955][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 76.098964][ T5322] hfs_bmap_reserve+0x107/0x430 [ 76.098973][ T5322] hfs_cat_create+0x1c5/0x730 [ 76.098982][ T5322] ? do_raw_spin_lock+0x121/0x290 [ 76.098991][ T5322] ? __pfx_hfs_cat_create+0x10/0x10 [ 76.099003][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 76.099016][ T5322] ? hfs_new_inode+0x837/0xbd0 [ 76.099030][ T5322] hfs_create+0x66/0xe0 [ 76.099040][ T5322] ? __pfx_hfs_create+0x10/0x10 [ 76.099050][ T5322] path_openat+0x14f4/0x3830 [ 76.099069][ T5322] ? __pfx_path_openat+0x10/0x10 [ 76.099085][ T5322] do_filp_open+0x1fa/0x410 [ 76.099097][ T5322] ? __lock_acquire+0xab9/0xd20 [ 76.099109][ T5322] ? __pfx_do_filp_open+0x10/0x10 [ 76.099126][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 76.099145][ T5322] ? alloc_fd+0x64c/0x6c0 [ 76.099156][ T5322] do_sys_openat2+0x121/0x1c0 [ 76.099169][ T5322] ? __se_sys_futex+0x36f/0x400 [ 76.099181][ T5322] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.099194][ T5322] __x64_sys_open+0x11e/0x150 [ 76.099206][ T5322] do_syscall_64+0xfa/0xfa0 [ 76.099215][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.099230][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.099240][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 76.099251][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.099262][ T5322] RIP: 0033:0x7fca1058eec9 [ 76.099278][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.099286][ T5322] RSP: 002b:00007fca11466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 76.099298][ T5322] RAX: ffffffffffffffda RBX: 00007fca107e6090 RCX: 00007fca1058eec9 [ 76.099305][ T5322] RDX: 0000000000000000 RSI: 000000000014927e RDI: 0000200000000180 [ 76.099311][ T5322] RBP: 00007fca10611f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.099318][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.099323][ T5322] R13: 00007fca107e6128 R14: 00007fca107e6090 R15: 00007ffd16210388 [ 76.099333][ T5322] [ 76.277663][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.280765][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.293603][ T5322] syz.0.0: attempt to access beyond end of device [ 76.293603][ T5322] loop0: rw=0, sector=338, nr_sectors = 1 limit=64 [ 76.299180][ T5322] Buffer I/O error on dev loop0, logical block 338, async page read [ 76.302507][ T5322] syz.0.0: attempt to access beyond end of device [ 76.302507][ T5322] loop0: rw=0, sector=339, nr_sectors = 1 limit=64 [ 76.308075][ T5322] Buffer I/O error on dev loop0, logical block 339, async page read [ 76.311364][ T5322] syz.0.0: attempt to access beyond end of device [ 76.311364][ T5322] loop0: rw=0, sector=340, nr_sectors = 1 limit=64 [ 76.316505][ T5322] Buffer I/O error on dev loop0, logical block 340, async page read [ 76.319975][ T5322] syz.0.0: attempt to access beyond end of device [ 76.319975][ T5322] loop0: rw=0, sector=341, nr_sectors = 1 limit=64 [ 76.325313][ T5322] Buffer I/O error on dev loop0, logical block 341, async page read [ 76.328867][ T5322] syz.0.0: attempt to access beyond end of device [ 76.328867][ T5322] loop0: rw=0, sector=342, nr_sectors = 1 limit=64 [ 76.333908][ T5322] Buffer I/O error on dev loop0, logical block 342, async page read [ 76.337668][ T5322] syz.0.0: attempt to access beyond end of device [ 76.337668][ T5322] loop0: rw=0, sector=338, nr_sectors = 1 limit=64 [ 76.343198][ T5322] Buffer I/O error on dev loop0, logical block 338, async page read [ 76.346657][ T5322] syz.0.0: attempt to access beyond end of device [ 76.346657][ T5322] loop0: rw=0, sector=339, nr_sectors = 1 limit=64 [ 76.352086][ T5322] Buffer I/O error on dev loop0, logical block 339, async page read [ 76.355284][ T5322] syz.0.0: attempt to access beyond end of device [ 76.355284][ T5322] loop0: rw=0, sector=340, nr_sectors = 1 limit=64 [ 76.360860][ T5322] Buffer I/O error on dev loop0, logical block 340, async page read [ 76.364346][ T5322] syz.0.0: attempt to access beyond end of device [ 76.364346][ T5322] loop0: rw=0, sector=341, nr_sectors = 1 limit=64 [ 76.370084][ T5322] Buffer I/O error on dev loop0, logical block 341, async page read [ 76.373459][ T5322] syz.0.0: attempt to access beyond end of device [ 76.373459][ T5322] loop0: rw=0, sector=342, nr_sectors = 1 limit=64 [ 76.378947][ T5322] Buffer I/O error on dev loop0, logical block 342, async page read