program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r1, &(0x7f0000000580)="f6", 0x1, 0x8000c61) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x18}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x20004090) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0xf30, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x200480c0) sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_O_TEI={0x8}, @GTPA_FLOW={0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x4042044}, 0x4000000) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x3000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) r5 = socket$phonet(0x23, 0x2, 0x1) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)={0x44, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x101, 0x400]}}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)={0x150, 0x9, 0x6, 0x3, 0x0, 0x0, {0x3}, [@IPSET_ATTR_ADT={0xe8, 0x8, 0x0, 0x1, [{0x9c, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x95, 0x1a, '&o\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00^\x04\x00\x00\x00\x00\x00\x00\x00b\xc8J\xfe.\x02\x00L:\r\x00\x10\x00\x00\x00\x00\x00\x00F\xa2g\xe6jPq$=\x13\xc4\xb5m\xbc\xec\xe9.\x9a0\xcf\xa7\f\xf8A\x87.\xfc:r\x9d\xa6\xb1\xa1\xfd\xc5\xec\r\x88\b\xa8sB\xbc\xc4\xe4V\xde\xac\xe4\xa9\xfb\x96\x8f\xd1\x8b h\xe7\xd5\x17\xcd|!IV\xddA\x02\xc4x\xd6^\xdb\xc4o\x98Dl=\xcaE\"\xb5\xd4 m\x9c6\xbb\x99/\x92\x03\xfe\xb1\xc3\x00\x96x\x12\xc8:\x95\x88\x85!$\"uJ\x8d`^S\t+\xc8\xaeW\xe2[\x1d\xbf\xa5\xd4\xcf\xc6\xc0q\xb0\x11H\xe0\xd3\f\x7fO\xdd\xec\xf6_~\a\xbc\xc2|\xca\xe2\xb5\xb0\xba\xf0\xf3\xf0\xf4\x9b\xfd\x13\aH9%\xc2\xea\x96\xc0\xe8\x8fIzJ\x01\x05B\xeb\x8ac\xd8QA\xbb\xd4\xc3\xf1/ \xaf\xcf\xe0\x89c\xa4\xb35\xbdI\xc3\xda&\a\x11\x15ujQ\x87\x9d(\xf9\xa7\x9e\x020\x8b\x19:?p\x90\xe07V!na\x9bt\xa2=h[\xde3\xe6Q/5\xfbK8\x9a%\\\v\x9et\xd9\xea\xc1\x91\xb5\x15\xa7v\xe6\x9e\tZ\xb6o\x97\x80\v\xb7p\xd0\xc5d\xc1R\xcb\x8f\xf0\x88\xd4\x1d(\xf0\xa1A\x16\xc3\xb0t\x95\xb9'}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010102}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x3ff}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xd}, @IPSET_ATTR_CIDR2={0x5, 0x15, 0xb9}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz0\x00'}, @IPSET_ATTR_IP2={0xffffff61, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2}}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10000893}, 0x80) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) [ 74.159687][ T4655] Bluetooth: hci0: command tx timeout [ 74.229458][ T5324] loop0: detected capacity change from 0 to 64 [ 74.247689][ T5324] ======================================================= [ 74.247689][ T5324] WARNING: The mand mount option has been deprecated and [ 74.247689][ T5324] and is ignored by this kernel. Remove the mand [ 74.247689][ T5324] option from the mount to silence this warning. [ 74.247689][ T5324] ======================================================= [ 75.127177][ T5324] hfs: request for non-existent node 8 in B*Tree [ 75.130040][ T5324] hfs: request for non-existent node 8 in B*Tree [ 75.144620][ T24] audit: type=1800 audit(1778661299.462:2): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=22 res=0 errno=0 [ 75.201966][ T5324] [ 75.203099][ T5324] ====================================================== [ 75.206295][ T5324] WARNING: possible circular locking dependency detected [ 75.209264][ T5324] syzkaller #0 Not tainted [ 75.211242][ T5324] ------------------------------------------------------ [ 75.214336][ T5324] syz.0.0/5324 is trying to acquire lock: [ 75.216864][ T5324] ffff8880338540a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 75.222542][ T5324] [ 75.222542][ T5324] but task is already holding lock: [ 75.225473][ T5324] ffff888044d740f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 75.229685][ T5324] [ 75.229685][ T5324] which lock already depends on the new lock. [ 75.229685][ T5324] [ 75.233586][ T5324] [ 75.233586][ T5324] the existing dependency chain (in reverse order) is: [ 75.236888][ T5324] [ 75.236888][ T5324] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 75.240392][ T5324] __mutex_lock+0x1a3/0x1550 [ 75.242423][ T5324] hfs_extend_file+0xf2/0x15e0 [ 75.244462][ T5324] hfs_bmap_reserve+0x107/0x430 [ 75.246734][ T5324] __hfs_ext_write_extent+0x1fa/0x470 [ 75.249301][ T5324] __hfs_ext_cache_extent+0x6b/0x9b0 [ 75.251762][ T5324] hfs_extend_file+0x39b/0x15e0 [ 75.254130][ T5324] hfs_get_block+0x412/0xc50 [ 75.256412][ T5324] __block_write_begin_int+0x6c6/0x1910 [ 75.259046][ T5324] cont_write_begin+0x737/0xae0 [ 75.261305][ T5324] hfs_write_begin+0x66/0xb0 [ 75.263585][ T5324] cont_write_begin+0x2e7/0xae0 [ 75.265998][ T5324] hfs_write_begin+0x66/0xb0 [ 75.268220][ T5324] hfs_file_truncate+0x1cf/0xb70 [ 75.270657][ T5324] hfs_inode_setattr+0x4a9/0x670 [ 75.273052][ T5324] notify_change+0xc1a/0xf40 [ 75.275305][ T5324] do_truncate+0x1c2/0x250 [ 75.277514][ T5324] do_ftruncate+0x490/0x540 [ 75.279692][ T5324] __x64_sys_ftruncate+0x8f/0xe0 [ 75.282102][ T5324] do_syscall_64+0x15f/0xf80 [ 75.284382][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.287295][ T5324] [ 75.287295][ T5324] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 75.290613][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 75.292832][ T5324] lock_acquire+0x106/0x350 [ 75.294885][ T5324] __mutex_lock+0x1a3/0x1550 [ 75.297182][ T5324] hfs_find_init+0x18e/0x300 [ 75.299421][ T5324] hfs_extend_file+0x35c/0x15e0 [ 75.301784][ T5324] hfs_bmap_reserve+0x107/0x430 [ 75.304083][ T5324] hfs_cat_create+0x20f/0x800 [ 75.306294][ T5324] hfs_create+0x75/0xe0 [ 75.308312][ T5324] path_openat+0x1395/0x3860 [ 75.310584][ T5324] do_file_open+0x23e/0x4a0 [ 75.312720][ T5324] do_sys_openat2+0x113/0x200 [ 75.314935][ T5324] __x64_sys_openat+0x138/0x170 [ 75.317223][ T5324] do_syscall_64+0x15f/0xf80 [ 75.319415][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.322238][ T5324] [ 75.322238][ T5324] other info that might help us debug this: [ 75.322238][ T5324] [ 75.326451][ T5324] Possible unsafe locking scenario: [ 75.326451][ T5324] [ 75.329203][ T5324] CPU0 CPU1 [ 75.331429][ T5324] ---- ---- [ 75.333951][ T5324] lock(&HFS_I(tree->inode)->extents_lock); [ 75.336852][ T5324] lock(&tree->tree_lock/1); [ 75.340158][ T5324] lock(&HFS_I(tree->inode)->extents_lock); [ 75.343987][ T5324] lock(&tree->tree_lock/1); [ 75.346248][ T5324] [ 75.346248][ T5324] *** DEADLOCK *** [ 75.346248][ T5324] [ 75.349878][ T5324] 4 locks held by syz.0.0/5324: [ 75.352215][ T5324] #0: ffff88801280c410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 75.356224][ T5324] #1: ffff8880447dfad0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 75.360585][ T5324] #2: ffff8880338520a8 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 75.364721][ T5324] #3: ffff888044d740f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 75.369624][ T5324] [ 75.369624][ T5324] stack backtrace: [ 75.372224][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.372241][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.372248][ T5324] Call Trace: [ 75.372256][ T5324] [ 75.372263][ T5324] dump_stack_lvl+0xe8/0x150 [ 75.372281][ T5324] print_circular_bug+0x2e1/0x300 [ 75.372299][ T5324] check_noncircular+0x12e/0x150 [ 75.372316][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 75.372329][ T5324] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 75.372343][ T5324] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.372358][ T5324] ? stack_depot_save_flags+0x3f3/0x810 [ 75.372421][ T5324] ? kasan_save_track+0x4f/0x80 [ 75.372462][ T5324] ? kasan_save_track+0x3e/0x80 [ 75.372474][ T5324] ? hfs_find_init+0x18e/0x300 [ 75.372487][ T5324] lock_acquire+0x106/0x350 [ 75.372498][ T5324] ? hfs_find_init+0x18e/0x300 [ 75.372514][ T5324] __mutex_lock+0x1a3/0x1550 [ 75.372532][ T5324] ? hfs_find_init+0x18e/0x300 [ 75.372548][ T5324] ? hfs_find_init+0x18e/0x300 [ 75.372562][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 75.372575][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.372588][ T5324] ? __kmalloc_noprof+0x37d/0x760 [ 75.372601][ T5324] ? kasan_save_track+0x4f/0x80 [ 75.372613][ T5324] ? hfs_find_init+0xaa/0x300 [ 75.372627][ T5324] ? __kmalloc_noprof+0x1b8/0x760 [ 75.372641][ T5324] hfs_find_init+0x18e/0x300 [ 75.372656][ T5324] hfs_extend_file+0x35c/0x15e0 [ 75.372668][ T5324] ? __pfx_hfs_extend_file+0x10/0x10 [ 75.372679][ T5324] ? __mutex_lock+0x319/0x1550 [ 75.372695][ T5324] ? hfs_find_init+0x18e/0x300 [ 75.372708][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 75.372723][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.372736][ T5324] hfs_bmap_reserve+0x107/0x430 [ 75.372754][ T5324] hfs_cat_create+0x20f/0x800 [ 75.372765][ T5324] ? do_raw_spin_lock+0x12b/0x2f0 [ 75.372781][ T5324] ? __pfx_hfs_cat_create+0x10/0x10 [ 75.372794][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 75.372806][ T5324] ? hfs_new_inode+0x92d/0xc70 [ 75.372820][ T5324] hfs_create+0x75/0xe0 [ 75.372830][ T5324] ? __pfx_hfs_create+0x10/0x10 [ 75.372840][ T5324] path_openat+0x1395/0x3860 [ 75.372861][ T5324] ? __pfx_path_openat+0x10/0x10 [ 75.372872][ T5324] ? __x64_sys_openat+0x138/0x170 [ 75.372887][ T5324] do_file_open+0x23e/0x4a0 [ 75.372901][ T5324] ? __pfx_do_file_open+0x10/0x10 [ 75.372978][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 75.372994][ T5324] ? alloc_fd+0x64b/0x6c0 [ 75.373008][ T5324] do_sys_openat2+0x113/0x200 [ 75.373020][ T5324] ? __se_sys_futex+0x3a8/0x450 [ 75.373034][ T5324] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.373045][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.373061][ T5324] __x64_sys_openat+0x138/0x170 [ 75.373074][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.373086][ T5324] do_syscall_64+0x15f/0xf80 [ 75.373109][ T5324] ? trace_irq_disable+0x3b/0x140 [ 75.373126][ T5324] ? clear_bhb_loop+0x40/0x90 [ 75.373141][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.373153][ T5324] RIP: 0033:0x7ff5b4d9ce59 [ 75.373165][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.373176][ T5324] RSP: 002b:00007ff5b5b83fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.373191][ T5324] RAX: ffffffffffffffda RBX: 00007ff5b5015fa0 RCX: 00007ff5b4d9ce59 [ 75.373200][ T5324] RDX: 000000000000275a RSI: 0000200000000200 RDI: ffffffffffffff9c [ 75.373209][ T5324] RBP: 00007ff5b4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 75.373216][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.373223][ T5324] R13: 00007ff5b5016038 R14: 00007ff5b5015fa0 R15: 00007ffc97a0f738 [ 75.373236][ T5324] [ 75.526325][ T5324] syz.0.0: attempt to access beyond end of device [ 75.526325][ T5324] loop0: rw=0, sector=27871, nr_sectors = 1 limit=64 [ 75.532465][ T5324] Buffer I/O error on dev loop0, logical block 27871, async page read [ 75.536151][ T5324] syz.0.0: attempt to access beyond end of device [ 75.536151][ T5324] loop0: rw=0, sector=27872, nr_sectors = 1 limit=64 [ 75.541713][ T5324] Buffer I/O error on dev loop0, logical block 27872, async page read [ 75.545174][ T5324] syz.0.0: attempt to access beyond end of device [ 75.545174][ T5324] loop0: rw=0, sector=27874, nr_sectors = 1 limit=64 [ 75.550385][ T5324] Buffer I/O error on dev loop0, logical block 27874, async page read [ 75.568137][ T5324] syz.0.0: attempt to access beyond end of device [ 75.568137][ T5324] loop0: rw=0, sector=27871, nr_sectors = 1 limit=64 [ 75.573578][ T5324] Buffer I/O error on dev loop0, logical block 27871, async page read [ 75.577077][ T5324] syz.0.0: attempt to access beyond end of device [ 75.577077][ T5324] loop0: rw=0, sector=27872, nr_sectors = 1 limit=64 [ 75.582142][ T5324] Buffer I/O error on dev loop0, logical block 27872, async page read [ 75.585198][ T5324] syz.0.0: attempt to access beyond end of device [ 75.585198][ T5324] loop0: rw=0, sector=27874, nr_sectors = 1 limit=64 [ 75.590445][ T5324] Buffer I/O error on dev loop0, logical block 27874, async page read