program: r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000020961b0a0000000000000109022d00010000000009040000050300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x70000}]) syz_usb_control_io$hid(r0, 0x0, 0x0) truncate(0x0, 0x7fff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r4, 0x40305839, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5}, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x18, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095", @ANYRES16, @ANYRESHEX=0x0], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x5, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r7, 0x402, 0x8000003d) io_destroy(r2) r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r8, 0x402, 0x36) fcntl$setsig(r8, 0xa, 0x21) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x183042, 0x0) write$FUSE_ENTRY(r9, &(0x7f0000000140)={0x90, 0x0, 0x0, {0x6, 0x3, 0x48, 0x7c1, 0x3, 0x5, {0x4, 0x4, 0x4, 0x40000, 0x4, 0x5, 0x401, 0x221a, 0x1, 0x1000, 0x7, 0xffffffffffffffff, 0x0, 0x9, 0xcf}}}, 0x90) r10 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r10, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) [ 73.797312][ T46] Bluetooth: hci0: command tx timeout [ 74.057142][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.207016][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 74.211750][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 74.216211][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.220944][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.224878][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 74.230645][ T10] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 74.234415][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.247754][ T10] usb 5-1: config 0 descriptor?? [ 74.668353][ T10] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 74.673372][ T10] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 74.676735][ T10] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 74.682578][ T10] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 74.686807][ T10] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 74.698136][ T10] ntrig 0003:1B96:000A.0002: hidraw1: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 74.900347][ T5337] loop0: detected capacity change from 0 to 1024 [ 74.988113][ T5337] loop0: detected capacity change from 1024 to 64 [ 75.000676][ T5337] syz.0.0: attempt to access beyond end of device [ 75.000676][ T5337] loop0: rw=8388608, sector=86, nr_sectors = 2 limit=64 [ 75.017627][ T5337] Buffer I/O error on dev loop0, logical block 43, async page read [ 75.021243][ T5337] syz.0.0: attempt to access beyond end of device [ 75.021243][ T5337] loop0: rw=8388608, sector=88, nr_sectors = 2 limit=64 [ 75.026828][ T5337] Buffer I/O error on dev loop0, logical block 44, async page read [ 75.041871][ T5337] syz.0.0: attempt to access beyond end of device [ 75.041871][ T5337] loop0: rw=8388608, sector=90, nr_sectors = 2 limit=64 [ 75.048946][ T5337] Buffer I/O error on dev loop0, logical block 45, async page read [ 75.054892][ T5337] syz.0.0: attempt to access beyond end of device [ 75.054892][ T5337] loop0: rw=8388608, sector=92, nr_sectors = 2 limit=64 [ 75.074582][ T5337] Buffer I/O error on dev loop0, logical block 46, async page read [ 75.078376][ T5337] hfsplus: xattr searching failed [ 75.082151][ T5338] hfsplus: xattr searching failed [ 75.089724][ T5337] syz.0.0: attempt to access beyond end of device [ 75.089724][ T5337] loop0: rw=8390665, sector=350, nr_sectors = 64 limit=64 [ 75.100324][ T5338] [ 75.101527][ T5338] ====================================================== [ 75.105341][ T5338] WARNING: possible circular locking dependency detected [ 75.109343][ T5338] syzkaller #0 Not tainted [ 75.111636][ T5338] ------------------------------------------------------ [ 75.114703][ T5338] syz.0.0/5338 is trying to acquire lock: [ 75.117162][ T5338] ffff888033e280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 75.121439][ T5338] [ 75.121439][ T5338] but task is already holding lock: [ 75.124631][ T5338] ffff888040a7b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 75.130027][ T5338] [ 75.130027][ T5338] which lock already depends on the new lock. [ 75.130027][ T5338] [ 75.134776][ T5338] [ 75.134776][ T5338] the existing dependency chain (in reverse order) is: [ 75.138813][ T5338] [ 75.138813][ T5338] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 75.143028][ T5338] __mutex_lock+0x187/0x1350 [ 75.145354][ T5338] hfsplus_file_extend+0x1f8/0x1c30 [ 75.147675][ T5338] hfsplus_bmap_reserve+0x125/0x510 [ 75.150026][ T5338] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 75.153102][ T5338] __hfsplus_ext_cache_extent+0x89/0xe30 [ 75.155930][ T5338] hfsplus_file_extend+0x437/0x1c30 [ 75.158443][ T5338] hfsplus_get_block+0x40a/0x1600 [ 75.160863][ T5338] __block_write_begin_int+0x6b5/0x1900 [ 75.163574][ T5338] cont_write_begin+0x78c/0xb50 [ 75.165810][ T5338] hfsplus_write_begin+0x66/0xb0 [ 75.168188][ T5338] generic_perform_write+0x2c5/0x900 [ 75.170585][ T5338] generic_file_write_iter+0x117/0x550 [ 75.173295][ T5338] aio_write+0x535/0x7a0 [ 75.175513][ T5338] io_submit_one+0x775/0x1430 [ 75.177745][ T5338] __se_sys_io_submit+0x185/0x320 [ 75.180114][ T5338] do_syscall_64+0xec/0xf80 [ 75.182384][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.185172][ T5338] [ 75.185172][ T5338] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 75.188589][ T5338] __lock_acquire+0x15a6/0x2cf0 [ 75.190868][ T5338] lock_acquire+0x107/0x340 [ 75.193065][ T5338] __mutex_lock+0x187/0x1350 [ 75.195256][ T5338] hfsplus_find_init+0x168/0x2d0 [ 75.197614][ T5338] hfsplus_get_block+0x8dc/0x1600 [ 75.199987][ T5338] block_read_full_folio+0x29f/0x830 [ 75.202453][ T5338] read_pages+0x35d/0x580 [ 75.204616][ T5338] page_cache_ra_unbounded+0x750/0x990 [ 75.207261][ T5338] filemap_get_pages+0x468/0x1dc0 [ 75.209591][ T5338] filemap_read+0x3f6/0x11a0 [ 75.211798][ T5338] __kernel_read+0x4cf/0x960 [ 75.213913][ T5338] integrity_kernel_read+0x89/0xd0 [ 75.216183][ T5338] ima_calc_file_hash+0x85e/0x16f0 [ 75.218580][ T5338] ima_collect_measurement+0x428/0x8f0 [ 75.221201][ T5338] process_measurement+0x111e/0x1a70 [ 75.223792][ T5338] ima_file_check+0xd9/0x130 [ 75.226077][ T5338] security_file_post_open+0xbb/0x290 [ 75.228887][ T5338] path_openat+0x3456/0x3dd0 [ 75.231120][ T5338] do_filp_open+0x1fa/0x410 [ 75.233251][ T5338] do_sys_openat2+0x121/0x200 [ 75.235492][ T5338] __x64_sys_openat+0x138/0x170 [ 75.237957][ T5338] do_syscall_64+0xec/0xf80 [ 75.240148][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.242959][ T5338] [ 75.242959][ T5338] other info that might help us debug this: [ 75.242959][ T5338] [ 75.247442][ T5338] Possible unsafe locking scenario: [ 75.247442][ T5338] [ 75.250578][ T5338] CPU0 CPU1 [ 75.252875][ T5338] ---- ---- [ 75.255140][ T5338] lock(&HFSPLUS_I(inode)->extents_lock); [ 75.257546][ T5338] lock(&tree->tree_lock/1); [ 75.260554][ T5338] lock(&HFSPLUS_I(inode)->extents_lock); [ 75.264258][ T5338] lock(&tree->tree_lock/1); [ 75.266310][ T5338] [ 75.266310][ T5338] *** DEADLOCK *** [ 75.266310][ T5338] [ 75.269761][ T5338] 3 locks held by syz.0.0/5338: [ 75.271916][ T5338] #0: ffff8880110974a8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x74e/0x1a70 [ 75.276683][ T5338] #1: ffff888040a7b3d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x1cf/0x990 [ 75.281689][ T5338] #2: ffff888040a7b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 75.286563][ T5338] [ 75.286563][ T5338] stack backtrace: [ 75.289278][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.289295][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.289303][ T5338] Call Trace: [ 75.289311][ T5338] [ 75.289317][ T5338] dump_stack_lvl+0xe8/0x150 [ 75.289336][ T5338] print_circular_bug+0x2e2/0x300 [ 75.289351][ T5338] check_noncircular+0x12e/0x150 [ 75.289365][ T5338] __lock_acquire+0x15a6/0x2cf0 [ 75.289378][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 75.289393][ T5338] ? lockdep_hardirqs_on+0x7b/0x110 [ 75.289402][ T5338] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.289415][ T5338] ? stack_depot_save_flags+0x3f3/0x810 [ 75.289434][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 75.289449][ T5338] lock_acquire+0x107/0x340 [ 75.289486][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 75.289503][ T5338] __mutex_lock+0x187/0x1350 [ 75.289513][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 75.289529][ T5338] ? hfsplus_find_init+0x168/0x2d0 [ 75.289541][ T5338] ? __pfx___mutex_lock+0x10/0x10 [ 75.289551][ T5338] ? rcu_is_watching+0x15/0xb0 [ 75.289562][ T5338] ? trace_kmalloc+0x1f/0xb0 [ 75.289573][ T5338] ? __kmalloc_noprof+0x43e/0x800 [ 75.289584][ T5338] ? hfsplus_find_init+0x8c/0x2d0 [ 75.289599][ T5338] hfsplus_find_init+0x168/0x2d0 [ 75.289612][ T5338] hfsplus_get_block+0x8dc/0x1600 [ 75.289624][ T5338] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.289635][ T5338] ? block_read_full_folio+0x672/0x830 [ 75.289649][ T5338] block_read_full_folio+0x29f/0x830 [ 75.289662][ T5338] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.289672][ T5338] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 75.289683][ T5338] read_pages+0x35d/0x580 [ 75.289699][ T5338] ? __pfx_read_pages+0x10/0x10 [ 75.289715][ T5338] ? filemap_add_folio+0x35f/0x540 [ 75.289729][ T5338] page_cache_ra_unbounded+0x750/0x990 [ 75.289749][ T5338] filemap_get_pages+0x468/0x1dc0 [ 75.289763][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 75.289779][ T5338] ? __pfx_filemap_get_pages+0x10/0x10 [ 75.289796][ T5338] ? unwind_next_frame+0xa5/0x23d0 [ 75.289814][ T5338] filemap_read+0x3f6/0x11a0 [ 75.289830][ T5338] ? kernel_text_address+0xa5/0xe0 [ 75.289845][ T5338] ? __kernel_text_address+0xd/0x40 [ 75.289860][ T5338] ? __pfx_filemap_read+0x10/0x10 [ 75.289880][ T5338] ? generic_file_read_iter+0x8f/0x510 [ 75.289894][ T5338] ? __asan_memset+0x22/0x50 [ 75.289906][ T5338] ? iov_iter_kvec+0xb8/0x180 [ 75.289916][ T5338] __kernel_read+0x4cf/0x960 [ 75.289932][ T5338] ? __pfx___kernel_read+0x10/0x10 [ 75.289952][ T5338] integrity_kernel_read+0x89/0xd0 [ 75.289965][ T5338] ? __pfx_integrity_kernel_read+0x10/0x10 [ 75.289977][ T5338] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 75.289992][ T5338] ? ima_calc_file_hash+0x820/0x16f0 [ 75.290004][ T5338] ? __asan_memcpy+0x40/0x70 [ 75.290018][ T5338] ima_calc_file_hash+0x85e/0x16f0 [ 75.290032][ T5338] ? unwind_next_frame+0xa5/0x23d0 [ 75.290045][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 75.290055][ T5338] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 75.290086][ T5338] ? lockdep_hardirqs_on+0x7b/0x110 [ 75.290098][ T5338] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.290117][ T5338] ? stack_depot_save_flags+0x3f3/0x810 [ 75.290135][ T5338] ? kasan_save_track+0x4f/0x80 [ 75.290145][ T5338] ? kasan_save_track+0x3e/0x80 [ 75.290154][ T5338] ? make_vfsgid+0x49/0xa0 [ 75.290167][ T5338] ? generic_fillattr+0x63d/0x9a0 [ 75.290179][ T5338] ? hfsplus_getattr+0x235/0x2f0 [ 75.290193][ T5338] ima_collect_measurement+0x428/0x8f0 [ 75.290211][ T5338] ? __pfx_ima_collect_measurement+0x10/0x10 [ 75.290229][ T5338] ? kasan_quarantine_put+0xbb/0x1f0 [ 75.290245][ T5338] ? hfsplus_getxattr+0x118/0x180 [ 75.290256][ T5338] ? kfree+0x1c0/0x660 [ 75.290273][ T5338] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 75.290286][ T5338] process_measurement+0x111e/0x1a70 [ 75.290301][ T5338] ? __pfx_process_measurement+0x10/0x10 [ 75.290314][ T5338] ? tomoyo_check_open_permission+0x325/0x3b0 [ 75.290327][ T5338] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 75.290349][ T5338] ? mnt_get_write_access+0x66/0x280 [ 75.290365][ T5338] ima_file_check+0xd9/0x130 [ 75.290377][ T5338] ? __pfx_ima_file_check+0x10/0x10 [ 75.290392][ T5338] security_file_post_open+0xbb/0x290 [ 75.290407][ T5338] path_openat+0x3456/0x3dd0 [ 75.290426][ T5338] ? __pfx_path_openat+0x10/0x10 [ 75.290443][ T5338] do_filp_open+0x1fa/0x410 [ 75.290455][ T5338] ? __pfx_do_filp_open+0x10/0x10 [ 75.290468][ T5338] ? _raw_spin_unlock+0x28/0x50 [ 75.290480][ T5338] ? alloc_fd+0x64c/0x6c0 [ 75.290490][ T5338] do_sys_openat2+0x121/0x200 [ 75.290502][ T5338] ? __se_sys_futex+0x36f/0x400 [ 75.290512][ T5338] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.290523][ T5338] ? rcu_is_watching+0x15/0xb0 [ 75.290537][ T5338] __x64_sys_openat+0x138/0x170 [ 75.290548][ T5338] do_syscall_64+0xec/0xf80 [ 75.290556][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.290565][ T5338] ? trace_irq_disable+0x37/0x100 [ 75.290579][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 75.290592][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.290602][ T5338] RIP: 0033:0x7fe9a538f7c9 [ 75.290616][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.290625][ T5338] RSP: 002b:00007fe9a61f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.290637][ T5338] RAX: ffffffffffffffda RBX: 00007fe9a55e6090 RCX: 00007fe9a538f7c9 [ 75.290645][ T5338] RDX: 0000000000000042 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 75.290652][ T5338] RBP: 00007fe9a5413f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.290658][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.290663][ T5338] R13: 00007fe9a55e6128 R14: 00007fe9a55e6090 R15: 00007fffbfa98798 [ 75.290672][ T5338] [ 75.541942][ T5337] syz.0.0: attempt to access beyond end of device [ 75.541942][ T5337] loop0: rw=8390665, sector=414, nr_sectors = 12 limit=64 [ 75.576436][ T5338] syz.0.0: attempt to access beyond end of device [ 75.576436][ T5338] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 75.587039][ T5338] Buffer I/O error on dev loop0, logical block 134, async page read [ 75.591020][ T5338] syz.0.0: attempt to access beyond end of device [ 75.591020][ T5338] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 75.607039][ T5338] Buffer I/O error on dev loop0, logical block 134, async page read [ 75.612614][ T25] audit: type=1800 audit(1767544168.661:2): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 75.629824][ T5337] hfsplus: xattr searching failed [ 75.632272][ T5337] syz.0.0: attempt to access beyond end of device [ 75.632272][ T5337] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 75.638975][ T5337] Buffer I/O error on dev loop0, logical block 134, async page read [ 75.642876][ T25] audit: type=1800 audit(1767544168.691:3): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 75.651904][ T5337] hfsplus: xattr searching failed [ 75.654428][ T5337] syz.0.0: attempt to access beyond end of device [ 75.654428][ T5337] loop0: rw=8388608, sector=268, nr_sectors = 2 limit=64 [ 75.661834][ T5337] usb 5-1: USB disconnect, device number 2 [ 75.807198][ T46] Bluetooth: hci0: command tx timeout