program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r2, 0xc018480d, &(0x7f0000000040)={0x1, 0x100, 0x0, 0x7, 0xf, 0x2}) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008060001080006040002aaaaaaaaa68322ec14bbaaaaaaaaaa00ac1414aa"], 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3804402, &(0x7f0000000240)={[{@user_xattr}, {@abort}, {@resuid}, {@user_xattr}, {@discard}, {@max_dir_size_kb}, {@nolazytime}, {@noinit_itable}, {@nomblk_io_submit}, {@nodelalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}]}, 0x1, 0x55f, &(0x7f0000000c80)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIoVdOJlL19YfE7yYl6LDgd7PkmRlNFlGk461Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoingTOelJl7VJm3XZmpnPB077vuec9D1Pznnevm9OQgIYWhPpj1zECxHxZRJxqG3baGQbJ1b3W3lwrZAuSTQaH/2RRJKta+2fZL/3Z5X/R8Qvn0ecyG1st7a0PD9bLpcWsvpkvXJ5sra0fPJiZXauNFe6ND0zc/qNmem333qzb7G+eu6vbz68897pL46tfP3TvcO3kjgTB7Jt7XE8gevtlYmYyJ6TsTizbsepPjQ2SJKdPgC2ZSTL87FI+4BDMZJlPfDf91lENIAhlch/GFKtcUBrbt+nefBz4/67qxOgjfGPrr42Enuac6N9K8kjM6N0vjveh/bTNn7+/fatdIn+vQ4BsKXrNyLi1Ojoxv4vyfq/7TvVwz7r29D/wbNzJx3/vNZp/JNbG/9Eh/HP/g65ux1b53/uXh+a6Sod/73Tcfy7dtNqfCSrHWyO+caSCxfLpbRv+19EHI+x3Wl9s/s5p1fuNrptax//pUvafmssmB3HvdHdjz6mOFuffZKY292/EfFix/Fvsnb+kw7nP30+zvXYxtHS7Ze7bds6/qer8X3EKx3P/8M7Wsnm9ycnm9fDZOuq2OjPm0d/7db+Tsefnv99q/H/nU0J18c/nrTfr609fhvf7fmn1G3bdq//XcnHzfKubN3V2Xp9YSpiV/LBxvXTDx/bqrf2T+M/fmzz/q/T9b83Ij7pMf6bR358afvxP11p/MXNr/915//xC3ff//Tbbu33dv5fb5aOZ2t66f96PcAnee4AAAAAAABg0OQi4kAkufxaOZfL51ff33Ek9uXK1Vr9xIXq4qViND8rOx5judad7kNt74eYyt4P26pPr6vPRMThiPhqZG+zni9Uy8WdDh4AAAAAAAAAAAAAAAAAAAAGxP4un/9P/Tay00cHPHW+8huG15b5349vegIGkv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX507ezZdGisPrhXSevHK0uJ89crJYqk2n68sFvKF6sLl/Fy1Olcu5QvVylZ/r1ytXp6ajsWrk/VSrT5ZW1o+X6kuXqqfv1j54WBEaeyZRAUAAAAAAAAAAAAAAAAAAADPl9rS8vxsuVxaUGgWdsdAHMZzVBgdjMNQ6HNhp3smAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjo3wAAAP//waw5Ug==") r8 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) fallocate(r8, 0x0, 0x0, 0x1001f0) open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r9 = open(&(0x7f0000000000)='./bus\x00', 0x48400, 0x0) ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x5, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]}) io_setup(0x1, &(0x7f00000004c0)=0x0) r11 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r10, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r11, &(0x7f0000000140)='i', 0x1001, 0x8b}]) sendto$packet(r5, &(0x7f0000000100)="f257a8ea7bc2fcffaeab96851806", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000054000000060a010400000000000000000100000008000b006e617400230002800800014000000001080002400000000008000340000000000900010073797a3000000000140000001100010000000000000000000000000a"], 0xc8}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 85.020284][ T5323] Bluetooth: hci0: command tx timeout [ 85.133798][ T5352] loop0: detected capacity change from 0 to 1024 [ 85.416220][ T5347] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.569792][ T5347] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 85.574749][ T5347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 85.579907][ T5347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 85.584096][ T5347] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 85.591125][ T5347] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 85.595008][ T5347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.607190][ T5347] usb 5-1: config 0 descriptor?? [ 86.019003][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.022320][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.025581][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.034804][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.044365][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.048879][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.051999][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.055221][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.059472][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.062690][ T5347] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 86.084097][ T5347] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 86.306320][ T5352] loop0: detected capacity change from 1024 to 64 [ 86.321091][ T5352] syz.0.0: attempt to access beyond end of device [ 86.321091][ T5352] loop0: rw=8388608, sector=86, nr_sectors = 2 limit=64 [ 86.334784][ T5352] Buffer I/O error on dev loop0, logical block 43, async page read [ 86.342881][ T5352] syz.0.0: attempt to access beyond end of device [ 86.342881][ T5352] loop0: rw=8388608, sector=88, nr_sectors = 2 limit=64 [ 86.349382][ T5352] Buffer I/O error on dev loop0, logical block 44, async page read [ 86.352475][ T5352] syz.0.0: attempt to access beyond end of device [ 86.352475][ T5352] loop0: rw=8388608, sector=90, nr_sectors = 2 limit=64 [ 86.360273][ T5352] Buffer I/O error on dev loop0, logical block 45, async page read [ 86.363511][ T5352] syz.0.0: attempt to access beyond end of device [ 86.363511][ T5352] loop0: rw=8388608, sector=92, nr_sectors = 2 limit=64 [ 86.369776][ T5352] Buffer I/O error on dev loop0, logical block 46, async page read [ 86.376351][ T5352] hfsplus: xattr searching failed [ 86.387951][ T5352] syz.0.0: attempt to access beyond end of device [ 86.387951][ T5352] loop0: rw=8390665, sector=350, nr_sectors = 64 limit=64 [ 86.394106][ T5352] syz.0.0: attempt to access beyond end of device [ 86.394106][ T5352] loop0: rw=8390665, sector=414, nr_sectors = 12 limit=64 [ 86.402269][ T5353] hfsplus: xattr searching failed [ 86.405293][ T5353] [ 86.406422][ T5353] ====================================================== [ 86.409423][ T5353] WARNING: possible circular locking dependency detected [ 86.412450][ T5353] syzkaller #0 Not tainted [ 86.414460][ T5353] ------------------------------------------------------ [ 86.417559][ T5353] syz.0.0/5353 is trying to acquire lock: [ 86.419835][ T5353] ffff8880404640b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 86.424625][ T5353] [ 86.424625][ T5353] but task is already holding lock: [ 86.427717][ T5353] ffff88801238f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 86.432351][ T5353] [ 86.432351][ T5353] which lock already depends on the new lock. [ 86.432351][ T5353] [ 86.436505][ T5353] [ 86.436505][ T5353] the existing dependency chain (in reverse order) is: [ 86.440063][ T5353] [ 86.440063][ T5353] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 86.443699][ T5353] __mutex_lock+0x187/0x1350 [ 86.445842][ T5353] hfsplus_file_extend+0x1f8/0x1c30 [ 86.448285][ T5353] hfsplus_bmap_reserve+0x125/0x510 [ 86.450737][ T5353] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 86.453288][ T5353] __hfsplus_ext_cache_extent+0x89/0xe30 [ 86.455973][ T5353] hfsplus_file_extend+0x437/0x1c30 [ 86.458462][ T5353] hfsplus_get_block+0x40a/0x1600 [ 86.460873][ T5353] __block_write_begin_int+0x6b5/0x1900 [ 86.463513][ T5353] cont_write_begin+0x78c/0xb50 [ 86.465681][ T5353] hfsplus_write_begin+0x66/0xb0 [ 86.468141][ T5353] generic_perform_write+0x2c5/0x900 [ 86.470494][ T5353] generic_file_write_iter+0x117/0x550 [ 86.472978][ T5353] aio_write+0x535/0x7a0 [ 86.475076][ T5353] io_submit_one+0x775/0x1430 [ 86.477348][ T5353] __se_sys_io_submit+0x185/0x320 [ 86.479517][ T5353] do_syscall_64+0xec/0xf80 [ 86.481739][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.484631][ T5353] [ 86.484631][ T5353] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 86.487759][ T5353] __lock_acquire+0x15a6/0x2cf0 [ 86.489946][ T5353] lock_acquire+0x107/0x340 [ 86.491957][ T5353] __mutex_lock+0x187/0x1350 [ 86.494075][ T5353] hfsplus_find_init+0x168/0x2d0 [ 86.496312][ T5353] hfsplus_get_block+0x8dc/0x1600 [ 86.498559][ T5353] block_read_full_folio+0x29f/0x830 [ 86.501057][ T5353] read_pages+0x35d/0x580 [ 86.503268][ T5353] page_cache_ra_unbounded+0x750/0x990 [ 86.505970][ T5353] filemap_get_pages+0x468/0x1dc0 [ 86.508507][ T5353] filemap_read+0x3f6/0x11a0 [ 86.510774][ T5353] __kernel_read+0x4cf/0x960 [ 86.512998][ T5353] integrity_kernel_read+0x89/0xd0 [ 86.515406][ T5353] ima_calc_file_hash+0x85e/0x16f0 [ 86.517886][ T5353] ima_collect_measurement+0x428/0x8f0 [ 86.520521][ T5353] process_measurement+0x111e/0x1a70 [ 86.523017][ T5353] ima_file_check+0xd9/0x130 [ 86.525055][ T5353] security_file_post_open+0xbb/0x290 [ 86.527672][ T5353] path_openat+0x3456/0x3dd0 [ 86.529840][ T5353] do_filp_open+0x1fa/0x410 [ 86.532068][ T5353] do_sys_openat2+0x121/0x200 [ 86.534376][ T5353] __x64_sys_open+0x11e/0x150 [ 86.536665][ T5353] do_syscall_64+0xec/0xf80 [ 86.538766][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.541506][ T5353] [ 86.541506][ T5353] other info that might help us debug this: [ 86.541506][ T5353] [ 86.545653][ T5353] Possible unsafe locking scenario: [ 86.545653][ T5353] [ 86.549001][ T5353] CPU0 CPU1 [ 86.551430][ T5353] ---- ---- [ 86.553778][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.556158][ T5353] lock(&tree->tree_lock/1); [ 86.559163][ T5353] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.563093][ T5353] lock(&tree->tree_lock/1); [ 86.565762][ T5353] [ 86.565762][ T5353] *** DEADLOCK *** [ 86.565762][ T5353] [ 86.570049][ T5353] 4 locks held by syz.0.0/5353: [ 86.572817][ T5353] #0: ffff888040466420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.577891][ T5353] #1: ffff88803f9b15b8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x74e/0x1a70 [ 86.583715][ T5353] #2: ffff88801238f3d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x1cf/0x990 [ 86.588555][ T5353] #3: ffff88801238f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 86.593433][ T5353] [ 86.593433][ T5353] stack backtrace: [ 86.595915][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.595926][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.595931][ T5353] Call Trace: [ 86.595937][ T5353] [ 86.595942][ T5353] dump_stack_lvl+0xe8/0x150 [ 86.595954][ T5353] print_circular_bug+0x2e2/0x300 [ 86.595965][ T5353] check_noncircular+0x12e/0x150 [ 86.595975][ T5353] __lock_acquire+0x15a6/0x2cf0 [ 86.595983][ T5353] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 86.595994][ T5353] ? lockdep_hardirqs_on+0x7b/0x110 [ 86.596000][ T5353] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.596010][ T5353] ? stack_depot_save_flags+0x3f3/0x810 [ 86.596021][ T5353] ? hfsplus_find_init+0x168/0x2d0 [ 86.596030][ T5353] lock_acquire+0x107/0x340 [ 86.596036][ T5353] ? hfsplus_find_init+0x168/0x2d0 [ 86.596046][ T5353] __mutex_lock+0x187/0x1350 [ 86.596052][ T5353] ? hfsplus_find_init+0x168/0x2d0 [ 86.596062][ T5353] ? hfsplus_find_init+0x168/0x2d0 [ 86.596071][ T5353] ? __pfx___mutex_lock+0x10/0x10 [ 86.596079][ T5353] ? rcu_is_watching+0x15/0xb0 [ 86.596088][ T5353] ? trace_kmalloc+0x1f/0xb0 [ 86.596096][ T5353] ? __kmalloc_noprof+0x43e/0x800 [ 86.596104][ T5353] ? hfsplus_find_init+0x8c/0x2d0 [ 86.596115][ T5353] hfsplus_find_init+0x168/0x2d0 [ 86.596126][ T5353] hfsplus_get_block+0x8dc/0x1600 [ 86.596135][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.596142][ T5353] ? block_read_full_folio+0x672/0x830 [ 86.596153][ T5353] block_read_full_folio+0x29f/0x830 [ 86.596166][ T5353] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.596175][ T5353] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.596186][ T5353] read_pages+0x35d/0x580 [ 86.596199][ T5353] ? __pfx_read_pages+0x10/0x10 [ 86.596222][ T5353] ? filemap_add_folio+0x35f/0x540 [ 86.596236][ T5353] page_cache_ra_unbounded+0x750/0x990 [ 86.596249][ T5353] filemap_get_pages+0x468/0x1dc0 [ 86.596262][ T5353] ? __lock_acquire+0x6b6/0x2cf0 [ 86.596276][ T5353] ? __pfx_filemap_get_pages+0x10/0x10 [ 86.596291][ T5353] ? unwind_next_frame+0xa5/0x23d0 [ 86.596305][ T5353] filemap_read+0x3f6/0x11a0 [ 86.596320][ T5353] ? kernel_text_address+0xa5/0xe0 [ 86.596333][ T5353] ? __kernel_text_address+0xd/0x40 [ 86.596348][ T5353] ? __pfx_filemap_read+0x10/0x10 [ 86.596366][ T5353] ? generic_file_read_iter+0x8f/0x510 [ 86.596380][ T5353] ? __asan_memset+0x22/0x50 [ 86.596393][ T5353] ? iov_iter_kvec+0xb8/0x180 [ 86.596402][ T5353] __kernel_read+0x4cf/0x960 [ 86.596417][ T5353] ? __pfx___kernel_read+0x10/0x10 [ 86.596435][ T5353] integrity_kernel_read+0x89/0xd0 [ 86.596446][ T5353] ? __pfx_integrity_kernel_read+0x10/0x10 [ 86.596457][ T5353] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 86.596471][ T5353] ? ima_calc_file_hash+0x820/0x16f0 [ 86.596484][ T5353] ? __asan_memcpy+0x40/0x70 [ 86.596495][ T5353] ima_calc_file_hash+0x85e/0x16f0 [ 86.596507][ T5353] ? unwind_next_frame+0xa5/0x23d0 [ 86.596521][ T5353] ? __lock_acquire+0x6b6/0x2cf0 [ 86.596531][ T5353] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 86.596550][ T5353] ? lockdep_hardirqs_on+0x7b/0x110 [ 86.596556][ T5353] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.596565][ T5353] ? stack_depot_save_flags+0x3f3/0x810 [ 86.596574][ T5353] ? kasan_save_track+0x4f/0x80 [ 86.596582][ T5353] ? kasan_save_track+0x3e/0x80 [ 86.596590][ T5353] ? make_vfsgid+0x49/0xa0 [ 86.596599][ T5353] ? generic_fillattr+0x63d/0x9a0 [ 86.596606][ T5353] ? hfsplus_getattr+0x235/0x2f0 [ 86.596613][ T5353] ima_collect_measurement+0x428/0x8f0 [ 86.596624][ T5353] ? __pfx_ima_collect_measurement+0x10/0x10 [ 86.596636][ T5353] ? kasan_quarantine_put+0xbb/0x1f0 [ 86.596648][ T5353] ? hfsplus_getxattr+0x118/0x180 [ 86.596658][ T5353] ? kfree+0x1c0/0x660 [ 86.596671][ T5353] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 86.596685][ T5353] process_measurement+0x111e/0x1a70 [ 86.596701][ T5353] ? __pfx_process_measurement+0x10/0x10 [ 86.596713][ T5353] ? tomoyo_check_open_permission+0x325/0x3b0 [ 86.596728][ T5353] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 86.596750][ T5353] ? mnt_get_write_access+0x66/0x280 [ 86.596765][ T5353] ima_file_check+0xd9/0x130 [ 86.596777][ T5353] ? __pfx_ima_file_check+0x10/0x10 [ 86.596785][ T5353] security_file_post_open+0xbb/0x290 [ 86.596795][ T5353] path_openat+0x3456/0x3dd0 [ 86.596808][ T5353] ? __pfx_path_openat+0x10/0x10 [ 86.596818][ T5353] do_filp_open+0x1fa/0x410 [ 86.596826][ T5353] ? __pfx_do_filp_open+0x10/0x10 [ 86.596839][ T5353] ? _raw_spin_unlock+0x28/0x50 [ 86.596850][ T5353] ? alloc_fd+0x64c/0x6c0 [ 86.596860][ T5353] do_sys_openat2+0x121/0x200 [ 86.596871][ T5353] ? __se_sys_futex+0x36f/0x400 [ 86.596882][ T5353] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.596894][ T5353] ? rcu_is_watching+0x15/0xb0 [ 86.596907][ T5353] __x64_sys_open+0x11e/0x150 [ 86.596919][ T5353] do_syscall_64+0xec/0xf80 [ 86.596926][ T5353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.596933][ T5353] ? trace_irq_disable+0x37/0x100 [ 86.596941][ T5353] ? clear_bhb_loop+0x60/0xb0 [ 86.596948][ T5353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.596956][ T5353] RIP: 0033:0x7f3ec318f7c9 [ 86.596967][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.596976][ T5353] RSP: 002b:00007f3ec4049038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 86.596990][ T5353] RAX: ffffffffffffffda RBX: 00007f3ec33e6090 RCX: 00007f3ec318f7c9 [ 86.596998][ T5353] RDX: 0000000000000020 RSI: 000000000014927e RDI: 00002000000001c0 [ 86.597012][ T5353] RBP: 00007f3ec3213f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.597020][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.597025][ T5353] R13: 00007f3ec33e6128 R14: 00007f3ec33e6090 R15: 00007ffe5775c538 [ 86.597036][ T5353] [ 86.849365][ T5353] syz.0.0: attempt to access beyond end of device [ 86.849365][ T5353] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 86.861859][ T5353] Buffer I/O error on dev loop0, logical block 134, async page read [ 86.866394][ T5353] syz.0.0: attempt to access beyond end of device [ 86.866394][ T5353] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 86.872617][ T5353] Buffer I/O error on dev loop0, logical block 134, async page read [ 86.877462][ T5352] loop0: detected capacity change from 64 to 0 [ 86.890612][ T25] audit: type=1800 audit(1767544179.952:2): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 86.899444][ T5352] hfsplus: xattr searching failed [ 86.902050][ T5352] Buffer I/O error on dev loop0, logical block 134, async page read [ 86.912446][ T5352] hfsplus: xattr searching failed [ 86.915033][ T25] audit: type=1800 audit(1767544179.962:3): pid=5352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 86.924196][ T5352] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 86.932758][ T9] usb 5-1: USB disconnect, device number 2 [ 86.992446][ T12] Buffer I/O error on dev loop0, logical block 99, async page read [ 86.996105][ T12] Buffer I/O error on dev loop0, logical block 100, async page read [ 86.999667][ T12] Buffer I/O error on dev loop0, logical block 101, async page read [ 87.003208][ T12] hfsplus: b-tree write err: -5, ino 4 [ 87.076563][ T5323] Bluetooth: hci0: command tx timeout