program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000300), 0x4) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x0, 0x0, @vifc_lcl_ifindex, @remote}, 0x10) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x4, 0x0, 0x209, @vifc_lcl_addr=@remote, @loopback}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r1) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x4, 0x2, 0x2, 0x4}}, 0x26) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008e88052086800095d8b601020301090212000100000000090401"], 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f00000000c0)={0x0, 0x3, 0x5, &(0x7f0000000040)={0x1, "1a0c1c9da4693f2542f9eb34767f98bba3d2309893660cc16d461581326c87719d"}}) syz_usb_control_io$rtl8150(r3, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b80)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a6c000000060a010400000000000000000200000a400004803c0001800b00010065787468647200002c000280050002008300000008000340000000000800044000000001080006400000000208000140000000130900010073797a30000000000900020073797a32000000001400000011000100000000000000000000b0390a91c0a3fc7789382dbbca433d32ad9f345fd94d3b7e54cafda6687ac58e7fc740ce8e7f2a71209ec7daeee26abd483d962196a1ac536fffdb01bf6d50985a584c2f55bce5e0"], 0x94}}, 0x0) futex_waitv(&(0x7f00000000c0)=[{0x7, &(0x7f0000000940)=0x100000000ffff, 0x6}], 0x1, 0x0, 0x0, 0x1) syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000000280)=ANY=[], 0x1, 0x650, &(0x7f0000000500)="$eJzs3c9vHGf9B/D3rNd2Nt82ddOkzRdVqtVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6F6PL72kP/gHLwjRMS90jlwgVuvfqIhMSFC+GAFu3s7HrjX7XT2Lspr1c0+zzPPjPPfJ7PzOx6dxVNgP9ZyzOpP0iR5ZnXtzrtne2F5s72wr1ePclkklZST1JLUvyr3W5/ktzIs0V/mGJPuc9Ha0tvfvrPnb91W/X2ZG/9yaO3O55WtWQ6yVhVPqnxbn7u8Yr+DG8kuVqVMHTjSdqP+PGfn+n3DGgctPW5M4kROF1F931zn6nkfHWhl+/Ure7TtbON7slrDTsAAAAAOG3/qb593youDDsUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFq0du//X1XL+/sXRSuZTtG7//9E1ZeqPlpeOdnqD04rDgAAAAAAAAA4Q688zMNs5UKv3S7K3/xfLRuXysf/y7vZyGrWcy1bWclmNrOeuSRTAwNNbK1sbq7PHWPL+QO3nP+MQCersvFk5g0AAAAAAAAAXzC/yPLu7/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKimSsW5TLpV59KrV6knNJJjrrtZK/9upPswfDDgAAAADOwHMP8zBbudBrt4vyM/+L5ef+c3k397OZtWymmdXcKr8L6H7qr+1sLzR3thfudZb9437nHycKoxwx3e8eDt7zlXKNRm5nrXzmWm7m7TRzK7Vyy44rVTy9UffE9fNOTMW3K8eM7FZVdmb+YVXu88GJJnuYE36ZMlVmZLyfkdkqtk42nu8dmYOP0AmPzt49zaXWD/bSnj3tmcRj5fx8+Thezuc3h+V8KPZmYn7g7Hvx6JwnX/nj7390p3n/7p3bGzOjM6XjGavKdvnY2J+JhYFMvPRFzsQ+s2UmLvfby/l+fpiZTOeNrGctP8lKNrOa6XyvrK1U53MxcMkfkqkbj7Te+KxIJqoztHuwThbTq+W2F7KWH+Tt3MpqXiv/zWcu38hiFrM0cIQvH32Ey6u+dshV3372wOCvfrWqNJL8tipHQyevzw/kdfA1d6rsG3xmN0sXj5GlE7421r9UVTr7+GVVjoa9mZgbyMQLR2fid+XLykbz/t31OyvvHG93Fz+sKp3r6Ncj9S7ROV8udg5W2Xr07Oj0vXBg31zZd6nfV9vXd7nf171SW4deqRPV33D7R5ov+146sG+h7Lsy0HfQ31sAjLzzXzs/0fh74y+Njxu/atxpvH7uu5PfnHx5IuN/Gv9WfXbsy7WXiz/k4/xs9/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw+Dbee//uSrO5ur6n0m63Pzik62mu9G5ndoY7/f9nkiFNuXcnrRHI/L/b7Xb1TDESZ8KRlXblMTZPzibU9nPJqe5iiC9KwJm4vnnvnesb773/9bV7K2+tvrV6f2lxcWl2afG1heu315qrs93HYUcJnIbdN/2yecJbUQMAAAAAAAAAAADDcBb/p2LYcwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACebsszqT9IkbnZa7Od9s72QrOz9Oq7a9aT1JIUP02KT5Ib6S6ZGhiuOGw/H60tvfnp1OBY9d76taO2O55WtWQ6yVhVPqnxbn7u8Yr+DDsJu5p6N3EwbP8NAAD//7J4CF4=") r6 = syz_open_dev$dri(&(0x7f0000000040), 0xabd6, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064d0, &(0x7f0000000100)={0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x10e, &(0x7f0000000e00)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0xd8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '%kT', 0x0, 0x2b, 0x0, @mcast1, @dev, [@srh={0x3b, 0x14, 0x4, 0xa, 0x3, 0x40, 0x3, [@dev={0xfe, 0x80, '\x00', 0x17}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x12}, @dev={0xfe, 0x80, '\x00', 0x48}, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @mcast1, @local, @private1]}]}}}}}}}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) dup2(r1, r8) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x20000094}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000000b0601020000000000000000060000020500010007000000240007800c00148008000140000000000c000180080001400a010104060073797a3100000000"], 0x4c}, 0x1, 0x0, 0x0, 0x2}, 0x4800) [ 76.316109][ T4708] Bluetooth: hci0: command tx timeout [ 76.394095][ T5359] dvmrp1: entered allmulticast mode [ 76.445076][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.447806][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.641350][ T5338] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 76.793995][ T5338] usb 5-1: Using ep0 maxpacket: 32 [ 76.798997][ T5338] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 76.804660][ T5338] usb 5-1: config 0 has no interface number 0 [ 76.807328][ T5338] usb 5-1: config 0 interface 1 has no altsetting 0 [ 76.815217][ T5338] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 76.819003][ T5338] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.822651][ T5338] usb 5-1: Product: syz [ 76.824595][ T5338] usb 5-1: Manufacturer: syz [ 76.826611][ T5338] usb 5-1: SerialNumber: syz [ 76.835205][ T5338] usb 5-1: config 0 descriptor?? [ 76.852829][ T5338] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 76.856741][ T5338] usb 5-1: selecting invalid altsetting 1 [ 76.859155][ T5338] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 76.876982][ T5338] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 76.883560][ T5338] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 76.887502][ T5338] usb 5-1: media controller created [ 76.906261][ T5338] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 77.043600][ T5338] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 77.047152][ T5338] zl10353_read_register: readreg error (reg=127, ret==-32) [ 77.050360][ T5338] usb 5-1: selecting invalid altsetting 0 [ 77.053958][ T5338] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 77.433246][ T5360] loop0: detected capacity change from 0 to 1024 [ 77.484526][ T5360] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 77.490788][ T5360] [ 77.492244][ T5360] ============================================ [ 77.495274][ T5360] WARNING: possible recursive locking detected [ 77.497754][ T5360] syzkaller #0 Not tainted [ 77.499486][ T5360] -------------------------------------------- [ 77.501818][ T5360] syz.0.0/5360 is trying to acquire lock: [ 77.503986][ T5360] ffff88805220d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 77.508446][ T5360] [ 77.508446][ T5360] but task is already holding lock: [ 77.511430][ T5360] ffff88805220ce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 77.515959][ T5360] [ 77.515959][ T5360] other info that might help us debug this: [ 77.519049][ T5360] Possible unsafe locking scenario: [ 77.519049][ T5360] [ 77.521866][ T5360] CPU0 [ 77.523242][ T5360] ---- [ 77.524558][ T5360] lock(&HFSPLUS_I(inode)->extents_lock); [ 77.526865][ T5360] lock(&HFSPLUS_I(inode)->extents_lock); [ 77.529321][ T5360] [ 77.529321][ T5360] *** DEADLOCK *** [ 77.529321][ T5360] [ 77.532494][ T5360] May be due to missing lock nesting notation [ 77.532494][ T5360] [ 77.535931][ T5360] 6 locks held by syz.0.0/5360: [ 77.538043][ T5360] #0: ffff88803f00e428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 77.541725][ T5360] #1: ffff88805220e4b8 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 77.545870][ T5360] #2: ffff8880340100b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 77.549667][ T5360] #3: ffff888043d180b0 (&tree->tree_lock/2){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 77.553787][ T5360] #4: ffff88805220ce88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 77.558211][ T5360] #5: ffff88805229a8f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 77.562312][ T5360] [ 77.562312][ T5360] stack backtrace: [ 77.564680][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.564695][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.564703][ T5360] Call Trace: [ 77.564711][ T5360] [ 77.564716][ T5360] dump_stack_lvl+0x189/0x250 [ 77.564734][ T5360] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.564747][ T5360] ? __pfx__printk+0x10/0x10 [ 77.564762][ T5360] ? print_lock_name+0xde/0x100 [ 77.564777][ T5360] print_deadlock_bug+0x28b/0x2a0 [ 77.564789][ T5360] validate_chain+0x1a3f/0x2140 [ 77.564801][ T5360] ? lock_release+0x4b/0x3e0 [ 77.564817][ T5360] ? look_up_lock_class+0x74/0x170 [ 77.564896][ T5360] ? register_lock_class+0x51/0x320 [ 77.564913][ T5360] __lock_acquire+0xab9/0xd20 [ 77.564930][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 77.564941][ T5360] lock_acquire+0x120/0x360 [ 77.564955][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 77.564973][ T5360] ? stack_trace_save+0x9c/0xe0 [ 77.564987][ T5360] ? __pfx_hlock_conflict+0x10/0x10 [ 77.565002][ T5360] __mutex_lock+0x187/0x1350 [ 77.565015][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 77.565027][ T5360] ? lockdep_unlock+0x89/0x120 [ 77.565042][ T5360] ? validate_chain+0x897/0x2140 [ 77.565053][ T5360] ? hfsplus_get_block+0x39e/0x1530 [ 77.565066][ T5360] ? __pfx___mutex_lock+0x10/0x10 [ 77.565081][ T5360] hfsplus_get_block+0x39e/0x1530 [ 77.565093][ T5360] ? __pfx_hfsplus_get_block+0x10/0x10 [ 77.565104][ T5360] ? do_raw_spin_unlock+0x4d/0x240 [ 77.565117][ T5360] ? _raw_spin_unlock+0x28/0x50 [ 77.565133][ T5360] block_read_full_folio+0x29f/0x830 [ 77.565146][ T5360] ? __pfx_hfsplus_get_block+0x10/0x10 [ 77.565156][ T5360] filemap_read_folio+0x117/0x380 [ 77.565180][ T5360] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 77.565190][ T5360] ? __pfx_filemap_read_folio+0x10/0x10 [ 77.565206][ T5360] ? filemap_add_folio+0x1af/0x270 [ 77.565221][ T5360] do_read_cache_folio+0x350/0x590 [ 77.565232][ T5360] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 77.565243][ T5360] read_cache_page+0x5d/0x170 [ 77.565254][ T5360] hfsplus_block_allocate+0xe4/0x9b0 [ 77.565272][ T5360] hfsplus_file_extend+0xae3/0x1990 [ 77.565283][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.565295][ T5360] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 77.565314][ T5360] ? hfsplus_find_init+0x15a/0x1d0 [ 77.565331][ T5360] ? __pfx___mutex_lock+0x10/0x10 [ 77.565344][ T5360] hfsplus_bmap_reserve+0x122/0x500 [ 77.565362][ T5360] hfsplus_create_attr+0x1a9/0x3a0 [ 77.565379][ T5360] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 77.565396][ T5360] ? hfsplus_find_init+0x8c/0x1d0 [ 77.565411][ T5360] ? hfsplus_find_init+0x15a/0x1d0 [ 77.565426][ T5360] __hfsplus_setxattr+0x661/0x1fe0 [ 77.565437][ T5360] ? do_raw_spin_lock+0x121/0x290 [ 77.565452][ T5360] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 77.565468][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.565478][ T5360] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 77.565493][ T5360] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 77.565507][ T5360] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.565524][ T5360] ? stack_depot_save_flags+0x41b/0x860 [ 77.565553][ T5360] ? __kasan_kmalloc+0x93/0xb0 [ 77.565566][ T5360] ? hfsplus_setxattr+0x102/0x180 [ 77.565578][ T5360] hfsplus_setxattr+0x11e/0x180 [ 77.565589][ T5360] hfsplus_trusted_setxattr+0x40/0x60 [ 77.565600][ T5360] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 77.565611][ T5360] __vfs_setxattr+0x43c/0x480 [ 77.565627][ T5360] __vfs_setxattr_noperm+0x12d/0x660 [ 77.565643][ T5360] vfs_setxattr+0x16b/0x2f0 [ 77.565658][ T5360] ? __pfx_vfs_setxattr+0x10/0x10 [ 77.565670][ T5360] ? mnt_get_write_access+0x223/0x2a0 [ 77.565681][ T5360] filename_setxattr+0x274/0x600 [ 77.565696][ T5360] ? __pfx_filename_setxattr+0x10/0x10 [ 77.565711][ T5360] ? getname_flags+0x1e5/0x540 [ 77.565726][ T5360] path_setxattrat+0x364/0x3a0 [ 77.565738][ T5360] ? __pfx_path_setxattrat+0x10/0x10 [ 77.565755][ T5360] ? rcu_is_watching+0x15/0xb0 [ 77.565768][ T5360] __x64_sys_lsetxattr+0xbf/0xe0 [ 77.565784][ T5360] do_syscall_64+0xfa/0x3b0 [ 77.565794][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.565804][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.565814][ T5360] ? clear_bhb_loop+0x60/0xb0 [ 77.565825][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.565837][ T5360] RIP: 0033:0x7f6a20f8ec29 [ 77.565848][ T5360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.565858][ T5360] RSP: 002b:00007f6a21dd1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 77.565871][ T5360] RAX: ffffffffffffffda RBX: 00007f6a211d6090 RCX: 00007f6a20f8ec29 [ 77.565879][ T5360] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000180 [ 77.565886][ T5360] RBP: 00007f6a21011e41 R08: 0000000000000000 R09: 0000000000000000 [ 77.565893][ T5360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.565899][ T5360] R13: 00007f6a211d6128 R14: 00007f6a211d6090 R15: 00007fff248d62c8 [ 77.565911][ T5360] [ 77.774750][ T5368] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 77.778449][ T5360] syz.0.0: attempt to access beyond end of device [ 77.778449][ T5360] loop0: rw=0, sector=917504, nr_sectors = 2 limit=1024 [ 77.784594][ T5360] Buffer I/O error on dev loop0, logical block 458752, async page read [ 77.788058][ T5360] syz.0.0: attempt to access beyond end of device [ 77.788058][ T5360] loop0: rw=0, sector=917504, nr_sectors = 2 limit=1024 [ 77.793198][ T5360] Buffer I/O error on dev loop0, logical block 458752, async page read [ 78.361943][ T4708] Bluetooth: hci0: command tx timeout [ 79.377411][ T5338] usb 5-1: USB disconnect, device number 2