program: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211118aa94c63377526ae01ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x44800, 0x0) sendfile(r3, r4, 0x0, 0xfffe82) r5 = creat(&(0x7f0000000100)='./bus\x00', 0x1b) r6 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r6, 0xfc15a000) fallocate(r6, 0x0, 0x80000, 0x4) r7 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10) r8 = open(&(0x7f00000001c0)='./bus\x00', 0x80, 0x86) copy_file_range(r8, 0x0, r7, &(0x7f00000000c0)=0x8010000, 0x400000, 0x0) fcntl$setstatus(r5, 0x4, 0x6000) io_setup(0x7, &(0x7f0000000080)=0x0) io_submit(r9, 0x0, &(0x7f0000000540)) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014976ab94c1fb10628c46d2e681cdb9e5c1a31965c61e0df52c5e", r10}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x800000, 0x0, 'queue0\x00', 0x9}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xf, 0xa, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x2, @perf_bp={0x0, 0x9}, 0x14705, 0x32, 0xfffffc03, 0x3, 0x2, 0x0, 0x4}, 0x0, 0xfffffffffffff7ff, 0xffffffffffffffff, 0x9) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000440)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=") r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r12, &(0x7f0000000240), 0x208e24b) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) [ 74.158139][ T5293] Bluetooth: hci0: command tx timeout [ 74.228435][ T5328] loop0: detected capacity change from 0 to 64 [ 74.240183][ T5328] ======================================================= [ 74.240183][ T5328] WARNING: The mand mount option has been deprecated and [ 74.240183][ T5328] and is ignored by this kernel. Remove the mand [ 74.240183][ T5328] option from the mount to silence this warning. [ 74.240183][ T5328] ======================================================= [ 75.057047][ T5328] hfs: request for non-existent node 8 in B*Tree [ 75.060916][ T5328] hfs: request for non-existent node 8 in B*Tree [ 75.075911][ T25] audit: type=1800 audit(1780849401.464:2): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=22 res=0 errno=0 [ 75.148433][ T25] audit: type=1800 audit(1780849402.224:3): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=22 res=0 errno=0 [ 75.168288][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.168288][ T1061] loop0: rw=1, sector=4169, nr_sectors = 1 limit=64 [ 75.196260][ T1061] Buffer I/O error on dev loop0, logical block 4169, lost async page write [ 75.209077][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.209077][ T1061] loop0: rw=1, sector=4170, nr_sectors = 1 limit=64 [ 75.225035][ T5329] [ 75.226164][ T5329] ====================================================== [ 75.229023][ T5329] WARNING: possible circular locking dependency detected [ 75.231895][ T5329] syzkaller #0 Tainted: G L [ 75.234392][ T5329] ------------------------------------------------------ [ 75.237245][ T5329] syz.0.0/5329 is trying to acquire lock: [ 75.239657][ T5329] ffff8880127ba0a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 75.244015][ T5329] [ 75.244015][ T5329] but task is already holding lock: [ 75.247817][ T5329] ffff888041a740f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 75.252307][ T5329] [ 75.252307][ T5329] which lock already depends on the new lock. [ 75.252307][ T5329] [ 75.257135][ T5329] [ 75.257135][ T5329] the existing dependency chain (in reverse order) is: [ 75.260668][ T5329] [ 75.260668][ T5329] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 75.264587][ T5329] __mutex_lock+0x1a3/0x1550 [ 75.266813][ T5329] hfs_extend_file+0xf2/0x15e0 [ 75.269017][ T5329] hfs_bmap_reserve+0x107/0x430 [ 75.271473][ T5329] __hfs_ext_write_extent+0x1fa/0x470 [ 75.274247][ T5329] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.276832][ T5329] hfs_extend_file+0x39b/0x15e0 [ 75.279059][ T5329] hfs_get_block+0x412/0xc50 [ 75.281152][ T5329] __block_write_begin_int+0x6c6/0x1910 [ 75.283698][ T5329] cont_write_begin+0x737/0xae0 [ 75.285988][ T5329] hfs_write_begin+0x66/0xb0 [ 75.288141][ T5329] cont_write_begin+0x2e7/0xae0 [ 75.290426][ T5329] hfs_write_begin+0x66/0xb0 [ 75.292582][ T5329] hfs_file_truncate+0x1cf/0xb70 [ 75.294899][ T5329] hfs_inode_setattr+0x4a9/0x670 [ 75.297255][ T5329] notify_change+0xc1a/0xf40 [ 75.299407][ T5329] do_truncate+0x1c2/0x250 [ 75.301484][ T5329] do_ftruncate+0x490/0x540 [ 75.303723][ T5329] __x64_sys_ftruncate+0x8f/0xe0 [ 75.306214][ T5329] do_syscall_64+0x174/0x580 [ 75.308650][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.311570][ T5329] [ 75.311570][ T5329] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 75.315068][ T5329] __lock_acquire+0x15a5/0x2cf0 [ 75.317358][ T5329] lock_acquire+0x106/0x350 [ 75.319633][ T5329] __mutex_lock+0x1a3/0x1550 [ 75.322325][ T5329] hfs_find_init+0x18e/0x300 [ 75.324760][ T5329] hfs_extend_file+0x35c/0x15e0 [ 75.327418][ T5329] hfs_bmap_reserve+0x107/0x430 [ 75.330380][ T5329] hfs_cat_create+0x20f/0x800 [ 75.332941][ T5329] hfs_create+0x75/0xe0 [ 75.334920][ T5329] path_openat+0x1395/0x3860 [ 75.336976][ T5329] do_file_open+0x23e/0x4a0 [ 75.338948][ T5329] do_sys_openat2+0x113/0x200 [ 75.341025][ T5329] __x64_sys_open+0x11e/0x150 [ 75.343381][ T5329] do_syscall_64+0x174/0x580 [ 75.345812][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.348488][ T5329] [ 75.348488][ T5329] other info that might help us debug this: [ 75.348488][ T5329] [ 75.353450][ T5329] Possible unsafe locking scenario: [ 75.353450][ T5329] [ 75.356692][ T5329] CPU0 CPU1 [ 75.359009][ T5329] ---- ---- [ 75.361331][ T5329] lock(&HFS_I(tree->inode)->extents_lock); [ 75.364029][ T5329] lock(&tree->tree_lock/1); [ 75.367690][ T5329] lock(&HFS_I(tree->inode)->extents_lock); [ 75.371560][ T5329] lock(&tree->tree_lock/1); [ 75.373568][ T5329] [ 75.373568][ T5329] *** DEADLOCK *** [ 75.373568][ T5329] [ 75.376979][ T5329] 4 locks held by syz.0.0/5329: [ 75.378990][ T5329] #0: ffff88801f5e6410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.382856][ T5329] #1: ffff888041a73ad0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 75.387095][ T5329] #2: ffff8880129a60a8 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 75.391028][ T5329] #3: ffff888041a740f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 75.395853][ T5329] [ 75.395853][ T5329] stack backtrace: [ 75.398787][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Tainted: G L syzkaller #0 PREEMPT(full) [ 75.398809][ T5329] Tainted: [L]=SOFTLOCKUP [ 75.398815][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.398823][ T5329] Call Trace: [ 75.398832][ T5329] [ 75.398862][ T5329] dump_stack_lvl+0xe8/0x150 [ 75.398881][ T5329] print_circular_bug+0x2e1/0x300 [ 75.398899][ T5329] check_noncircular+0x12e/0x150 [ 75.398911][ T5329] __lock_acquire+0x15a5/0x2cf0 [ 75.398920][ T5329] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 75.398938][ T5329] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.398954][ T5329] ? stack_depot_save_flags+0x3f3/0x810 [ 75.399037][ T5329] ? kasan_save_track+0x4f/0x80 [ 75.399054][ T5329] ? kasan_save_track+0x3e/0x80 [ 75.399070][ T5329] ? hfs_find_init+0x18e/0x300 [ 75.399088][ T5329] lock_acquire+0x106/0x350 [ 75.399102][ T5329] ? hfs_find_init+0x18e/0x300 [ 75.399123][ T5329] __mutex_lock+0x1a3/0x1550 [ 75.400266][ T5329] ? hfs_find_init+0x18e/0x300 [ 75.400293][ T5329] ? hfs_find_init+0x18e/0x300 [ 75.400310][ T5329] ? __pfx___mutex_lock+0x10/0x10 [ 75.400341][ T5329] ? rcu_is_watching+0x15/0xb0 [ 75.400356][ T5329] ? __kmalloc_noprof+0x37d/0x760 [ 75.400371][ T5329] ? kasan_save_track+0x4f/0x80 [ 75.400382][ T5329] ? hfs_find_init+0xaa/0x300 [ 75.400393][ T5329] ? __kmalloc_noprof+0x1b8/0x760 [ 75.400405][ T5329] hfs_find_init+0x18e/0x300 [ 75.400428][ T5329] hfs_extend_file+0x35c/0x15e0 [ 75.400443][ T5329] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.400453][ T5329] ? __mutex_lock+0x319/0x1550 [ 75.400465][ T5329] ? hfs_find_init+0x18e/0x300 [ 75.400476][ T5329] ? __pfx___mutex_lock+0x10/0x10 [ 75.400482][ T5329] ? rcu_is_watching+0x15/0xb0 [ 75.400491][ T5329] hfs_bmap_reserve+0x107/0x430 [ 75.400499][ T5329] hfs_cat_create+0x20f/0x800 [ 75.400507][ T5329] ? do_raw_spin_lock+0x12b/0x2f0 [ 75.400517][ T5329] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.400526][ T5329] ? _raw_spin_unlock+0x28/0x50 [ 75.400536][ T5329] ? hfs_new_inode+0x92d/0xc70 [ 75.400545][ T5329] hfs_create+0x75/0xe0 [ 75.400555][ T5329] ? __pfx_hfs_create+0x10/0x10 [ 75.400564][ T5329] path_openat+0x1395/0x3860 [ 75.400585][ T5329] ? __pfx_path_openat+0x10/0x10 [ 75.400597][ T5329] ? __x64_sys_open+0x11e/0x150 [ 75.400612][ T5329] do_file_open+0x23e/0x4a0 [ 75.400625][ T5329] ? __pfx_do_file_open+0x10/0x10 [ 75.400641][ T5329] ? _raw_spin_unlock+0x28/0x50 [ 75.400653][ T5329] ? alloc_fd+0x64b/0x6c0 [ 75.400664][ T5329] do_sys_openat2+0x113/0x200 [ 75.400674][ T5329] ? __se_sys_futex+0x3a8/0x450 [ 75.400686][ T5329] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.400697][ T5329] ? rcu_is_watching+0x15/0xb0 [ 75.400710][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.400722][ T5329] __x64_sys_open+0x11e/0x150 [ 75.400733][ T5329] do_syscall_64+0x174/0x580 [ 75.400744][ T5329] ? trace_irq_disable+0x3b/0x140 [ 75.400759][ T5329] ? clear_bhb_loop+0x40/0x90 [ 75.400771][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.400782][ T5329] RIP: 0033:0x7fb3ea39ce59 [ 75.400879][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.400906][ T5329] RSP: 002b:00007fb3eb2a4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 75.400921][ T5329] RAX: ffffffffffffffda RBX: 00007fb3ea616090 RCX: 00007fb3ea39ce59 [ 75.400928][ T5329] RDX: 0000000000000010 RSI: 0000000000060142 RDI: 0000200000000000 [ 75.400936][ T5329] RBP: 00007fb3ea432d6f R08: 0000000000000000 R09: 0000000000000000 [ 75.400944][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.400951][ T5329] R13: 00007fb3ea616128 R14: 00007fb3ea616090 R15: 00007ffd637bbfe8 [ 75.400964][ T5329] [ 75.572358][ T1061] Buffer I/O error on dev loop0, logical block 4170, lost async page write [ 75.576259][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.576259][ T1061] loop0: rw=1, sector=4172, nr_sectors = 1 limit=64 [ 75.582450][ T1061] Buffer I/O error on dev loop0, logical block 4172, lost async page write [ 75.586396][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.586396][ T1061] loop0: rw=1, sector=4173, nr_sectors = 1 limit=64 [ 75.591934][ T1061] Buffer I/O error on dev loop0, logical block 4173, lost async page write [ 75.596060][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.596060][ T1061] loop0: rw=1, sector=4174, nr_sectors = 1 limit=64 [ 75.601950][ T1061] Buffer I/O error on dev loop0, logical block 4174, lost async page write [ 75.605444][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.605444][ T1061] loop0: rw=1, sector=4175, nr_sectors = 1 limit=64 [ 75.610898][ T1061] Buffer I/O error on dev loop0, logical block 4175, lost async page write [ 75.614958][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.614958][ T1061] loop0: rw=1, sector=4176, nr_sectors = 1 limit=64 [ 75.621385][ T1061] Buffer I/O error on dev loop0, logical block 4176, lost async page write [ 75.625229][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.625229][ T1061] loop0: rw=1, sector=4177, nr_sectors = 1 limit=64 [ 75.630738][ T1061] Buffer I/O error on dev loop0, logical block 4177, lost async page write [ 75.634811][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.634811][ T1061] loop0: rw=1, sector=4178, nr_sectors = 16 limit=64 [ 75.640882][ T1061] kworker/u4:7: attempt to access beyond end of device [ 75.640882][ T1061] loop0: rw=1, sector=4196, nr_sectors = 1 limit=64 [ 75.646323][ T1061] Buffer I/O error on dev loop0, logical block 4196, lost async page write [ 75.651167][ T1061] Buffer I/O error on dev loop0, logical block 4197, lost async page write [ 75.821769][ T25] audit: type=1800 audit(1780849402.904:4): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=22 res=0 errno=0