program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021400000000c0a01030000000000000000070000000900020073797a31000000000900010073797a30000000001400038010000080c2518d25e4e563c924cbc870e4f2db080003400000000204000a80140000001000010000000000000000000084000a2c75918c11e5aa02e5671c62e28fa1a898c8c0b70ecab31f3e9fdbea86ec92d468330151683b52acb96ea1d79ad29ee795ac62bf5034fe2db93cd8b7ac41322cb68a706112bad33a3dafa0e56e6e10f1d6dfabbe0bd9473a6e"], 0xc4}}, 0x0) syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") socket$nl_route(0x10, 0x3, 0x0) epoll_create1(0x0) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file1\x00', 0x50, &(0x7f00000001c0), 0x1, 0x3fb, &(0x7f0000000480)="$eJzs3E9PHGUYAPBnhn9CC4uJB1M9kGgUo0IXRa0xsXr1z6X6AQjQ2khLUzCxlQMaT548GG8e+gU8+AGaxjQx8Sv4BUyTxlAOesPM7MyywOwKsrCl/f2Syb7vzOw+77MzTN532HkDeGxNRMT5iOiLiJmIqBXr02KJ9caS7fdgY21+c2NtPomtrQt/JZEU68rPSorXU0VlMo1Iv414Zn1v3JUbNz+fW1pavF7Up1evXJteuXHz1ctX5i4tXlq8Wn/zXL0+O/NW/fWu5frj8y+d63v//Jmf/qjdmR0cHM7ae7rY1ppHt0zERPM72W2228F6bLDXDQAAYF/Sou/fn/f/a9GXlxpqMb3W08YBAAAAXbH1bvHazljbLQAAAMCJkbQf+wMAAACPhPJ3AA821ubLpYc/Rzh299+LiPHtZ5s3m/n3xxPFPgNH+HzrRERceyGpZUsc0XPIAACt7mT9n7NV/b80nm7Zbygi7w8Ndzn+xK763v5Peq/LIXfI+n/vRMTmnv5fWu4y3lfURvOu4kBy8fLS4tmIGIuIyRgYyur1DjE++Pvnj9tty/K/m4yOlUsW/26Sf3Qhvdc/tPM9C3Orc4fJudX9ryPO9FflnzT7v0lEjBwiRt9Xt95ut606/9GxQ4Q7kK1bES9WHv/tmXuSzvMTTefnw3R5Vuz1zze/fNQufq/zz47/SOf8x5PW+ZpWDh7j9me/P5sXKrJqHf9U5199/g8mn+Tlclz25dzq6vV6xGDy4d71M9vvLevl/ln+k89V//2X17+kmNPqdHEN6GCrauV33//6Sue3NfLPlix+ORY8Dln+Cwc6/p0KF4arNr1x+7dP28VvHv8kYr0y/+z4N+YAmyzW7Of6918t/f9nMwAAAJw8aX5fI0mnmuU0nZpq3O94KkbSpeWV1ZcvLn9xdaFx/2M8BtLyTlet5X5ovfFv9GZ9Zlf9tYh4MiJ+qA3n9an55aWFXicPAAAAj4lTbcb/mT+P7VcIAAAAwJEb73UDAAAAgCNn/A8AAACPtP3N66ews5B9cw9BM3pRGHo4mqFw1IVeX5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOtn8DAAD//61VsxM=") chdir(&(0x7f00000001c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x82400, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000531000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8) creat(&(0x7f0000000300)='./file0\x00', 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) memfd_create(&(0x7f0000000100)='\\[[]!,,@@!--\x00', 0x2) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0x800c1}) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)={0x2, [0x5, 0x2], 0x1ff}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$nl_sock_diag(0x10, 0x3, 0x4) writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) io_uring_enter(r1, 0x7629, 0xa6e6, 0x3c, 0x0, 0x0) io_uring_enter(r1, 0x2219, 0xcf74, 0x16, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[], 0xfe, 0xf24, &(0x7f00000020c0)="$eJzs3U9sHNUZAPA3a6//xCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0RATA+IqogiIU4VByoulEopUpFAlSrUU9tTq956Qr1QqUqloB7aSLGr2O+td8c77Hpsz653fz/p8/ObNzvfN2tnMzOefRuAkVVb/3rixEIWwjufvv3oy09lH19fdldzjcPrX7PYa4QQ6i39LLe9z+OCa1deOt2pzcKx9a+pHx673HzsTAhhJRwOn4VG+HBp+csP3n3kyEevTd3y5oVnXtmj3W/K7wcAAAyjS39e/vt9//zTA/NXLx06FSaby9PxeSP2Z+Jx/9F4oJyOl2uhvZ+1RKuJ3HpjMWq59cZy643n8owX5KvntlMvWG+iS76xlmWd9hMAAAD2o3Re2whZbbGtX6stLm6c91/3+dxEtvjcueWz5/tUKAAAAFDafy6u33Qr+hbxjoS+1yFGJKYHoAYhhBBCCCHEXke2ddnaXL+vQAAAAACjJj9f2BYruztTV3Nrjd7yX3641vnxsAuq/v3/6vxTfc7fwYjnf/9VrzgAAJQ3rEeTab/ScXSaxyA/j+BY7nHbPf6v5bYzvs06i+YV3C/zDRbVmX9eB1VR/dv9OfZLUf35+TAHVVH9+Xk6B1VR/ZMV11FWUf0drvwMpKL6pyuuo6yi+g9UXEdZRfXPVFxHWUX1z1ZcR1lF9d9QcR1lFdV/sOI6yiqqf7/cVltUf6PiOsoqqn++4jrKKqr/xorrKKuo/psqrqOsovpvrriOfrkztul5OFSw3kyHc7r9co4HAAAAo+5/5v8TQoh9HvFqbN/rGJqY8nwKIYQQomP8bABq2EFc7O/lBwAAAGAApPcFpHe9r0VpfKzL+Hjr+NTmCmm83uXxE13GJ7uMAwAAACH87vWzt72Vbc53t9P58NK8UdPh49VQYh6j/HyE282/03nPdpp/v8xbBgAAwGjJvvfZ6v2PvvfC/NVLh061nP2uxvPdNA/oeLw28Ensp/sCZnP9LJ1Dn2rPUytYL3994Iai7T2+wx0FAACAEZbO3xshqy22nHc3Qq22uLh5Pr4Q6tnZc8tnjsZ++nyWP87VJ68vf6jiugEAAIDebZ7vdz7/T5/juxAmssXnzi2fPb/Rn20ur9darwvMbS7PWq8LNHLLjxUsPx776fM7fzA3vb588fQPl5/a7Z0HAACAEXH+xQvPPLm8fOZHvvGNb3zT/Kbfr0wAAMBu++KLt+s/Pj77+433/2/Of7cavzkc+404t99f4vJ0n0B6H8CW9+s/0Z5nrmi959vXa+TWG4sxmat7qmU7YX2+wfbHzRfla7RvZ6Ig30wu32wuX36egvHc+lmHuQRDh/kJ03pzueX5eRjHczmyXP67O+QCAACAZOmFZ59fOv/ihQfPPfvk02eePvPc8WMnv3vy5NGHvvPQ0vp9/Uutd/cDAAAA+9HmTb/9rgQAAAAAAAAAAAAAAAAAAABGVxUfJ9bvfQQAAIBR9++LIYQVIQoifcBgv+sQgxxrk/2vYbgj+HcohNh+jHvtEEK0xvCd92UDUMO+i7W1/CfNAwAAAOyta1deOt3abrGS7Wq+5tYaG81qzJva2Qf/Nn890mqXH26/XnJgV6th1FX9+y//oOaf7Dj+/qu7m38qbL72hZ5e/2rtGzjV1pvuNe+9S79aaOYPIdw+3mP+/P4/3mvGdkdy+e8NveVfey+X/4m2Xq3X/Pfl8h/oMf+W/X++14zt7o/5F2L/yD295m/fxfRbmvaj11+Ab+f2/6nQa/7c/jd6TJjzQMwPAKOo+b/52sX+FrLL0lFCOp6eif20v+meuPzdD9s9/q/ltjO+48rbt5uOg26N/almHe15k+3Wn56X2djeULLOvP1yV0lR/bv1c9xrRfXXK66jrKL6Jyquo6yi+jufvQ+eovqnKq6jrKL6e74Q0WdF9e+X68pF9c9UXEdZRfXPVlxHWUX1b/f/8X4pqv9gxXWUVVT/XMV1lFVUf8nLapUrqn++4jrKKqr/xorrKKuo/psqrqOsovpvrriOfrkjtkXnw+n8cy6OpX4j15/s8Fz2/McQAAAAYE/9ayDngWi5ctD3WoQQQgghhBj++O/ahn7XIYTYu1hb6+fVB/ptb9/NDMCg8vo/2vz8R5uf/2jz8+erpL/EZ7l+MtZlfLzLeL3L+ERuPP/7Otll/KbcdtfSdc3o5i7jX4t7UDR+sMvjb+0yvtBl/LYu47d3Gb+jyzgAAACj4ZbYOj8EAACA4fXyrz9547f3PnFl/uqlQ6fCxJZ554/G/mT82/rrsZ+f9z6px7/5/yT2fxnbP8T2H7n13X8CAAAAey99Toy//wMAAMDwSp9T6vwfAAAAhtd8bJ3/AwAAwPC6MbbO/wEAAGCIZVOdF8c2XRe4O7a9zusHAAy+r8f2ztgeiu1dsf1GbNNxwD2x/WZF9QEAu+cX3//pybeyzfn+j+fGr8Xlqd1iZeNKQVZrn8l/OrYHYvutHuvJfx5Ar/mTgz3m2av8czvMDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMj9r61xMnFrIQ3vn07Ud/PvHGX68vu6u5xuH1r1nsNUII9ebj0uhm/zdxxWtXXjrd2q7GNgvHQhay5vLw2OVmppkQwko4HD4LjfDh0vKXH7z7yJGPXpu65c0Lz7yyh09B2/4BAADAMPp/AAAA//9V8B6R") r2 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r4 = open(&(0x7f0000000180)='./bus\x00', 0x313000, 0x139) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r2, &(0x7f0000000000), 0x100000, 0x80000}]) open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) [ 83.769199][ T5299] Bluetooth: hci0: command tx timeout [ 83.959411][ T5319] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 83.966771][ T5319] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 83.986680][ T5319] loop0: detected capacity change from 0 to 1024 [ 84.092366][ T24] audit: type=1804 audit(1772936128.978:2): pid=5319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.0" name="/newroot/0/file1/file0/file0" dev="loop0" ino=18 res=1 errno=0 [ 84.243133][ T5319] [ 84.244540][ T5319] ====================================================== [ 84.247633][ T5319] WARNING: possible circular locking dependency detected [ 84.250980][ T5319] syzkaller #0 Not tainted [ 84.252947][ T5319] ------------------------------------------------------ [ 84.256194][ T5319] syz.0.0/5319 is trying to acquire lock: [ 84.259575][ T5319] ffff888037898e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 84.264798][ T5319] [ 84.264798][ T5319] but task is already holding lock: [ 84.268161][ T5319] ffff8880351a40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.273584][ T5319] [ 84.273584][ T5319] which lock already depends on the new lock. [ 84.273584][ T5319] [ 84.278812][ T5319] [ 84.278812][ T5319] the existing dependency chain (in reverse order) is: [ 84.282738][ T5319] [ 84.282738][ T5319] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 84.286385][ T5319] __mutex_lock+0x19f/0x1300 [ 84.289213][ T5319] hfsplus_find_init+0x168/0x2d0 [ 84.292782][ T5319] hfsplus_file_truncate+0x39b/0xc30 [ 84.295314][ T5319] hfsplus_setattr+0x1c4/0x270 [ 84.297665][ T5319] notify_change+0xc1a/0xf40 [ 84.300019][ T5319] do_truncate+0x1c2/0x250 [ 84.302182][ T5319] path_openat+0x2f89/0x3860 [ 84.304618][ T5319] do_file_open+0x23e/0x4a0 [ 84.307896][ T5319] do_sys_openat2+0x113/0x200 [ 84.310469][ T5319] __x64_sys_creat+0x8f/0xc0 [ 84.312674][ T5319] do_syscall_64+0x14d/0xf80 [ 84.314954][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.317740][ T5319] [ 84.317740][ T5319] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 84.321749][ T5319] __lock_acquire+0x15a5/0x2cf0 [ 84.324212][ T5319] lock_acquire+0xf0/0x2e0 [ 84.326588][ T5319] __mutex_lock+0x19f/0x1300 [ 84.329525][ T5319] hfsplus_file_extend+0x215/0x1d70 [ 84.332978][ T5319] hfsplus_bmap_reserve+0x125/0x510 [ 84.335270][ T5319] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 84.338122][ T5319] __hfsplus_ext_cache_extent+0x89/0xe30 [ 84.340952][ T5319] hfsplus_file_extend+0x4af/0x1d70 [ 84.344006][ T5319] hfsplus_get_block+0x42c/0x1670 [ 84.346813][ T5319] __block_write_begin_int+0x6c6/0x1910 [ 84.350845][ T5319] cont_write_begin+0x737/0xae0 [ 84.353694][ T5319] hfsplus_write_begin+0x66/0xb0 [ 84.356119][ T5319] cont_write_begin+0x2e7/0xae0 [ 84.359054][ T5319] hfsplus_write_begin+0x66/0xb0 [ 84.361706][ T5319] generic_perform_write+0x2e2/0x8f0 [ 84.364469][ T5319] generic_file_write_iter+0x14a/0x680 [ 84.367933][ T5319] aio_write+0x5cd/0x870 [ 84.370326][ T5319] io_submit_one+0x7bb/0x14c0 [ 84.372763][ T5319] __se_sys_io_submit+0x195/0x340 [ 84.375637][ T5319] do_syscall_64+0x14d/0xf80 [ 84.378289][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.381427][ T5319] [ 84.381427][ T5319] other info that might help us debug this: [ 84.381427][ T5319] [ 84.386307][ T5319] Possible unsafe locking scenario: [ 84.386307][ T5319] [ 84.389909][ T5319] CPU0 CPU1 [ 84.392573][ T5319] ---- ---- [ 84.395281][ T5319] lock(&tree->tree_lock/1); [ 84.397529][ T5319] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.402583][ T5319] lock(&tree->tree_lock/1); [ 84.406432][ T5319] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.409125][ T5319] [ 84.409125][ T5319] *** DEADLOCK *** [ 84.409125][ T5319] [ 84.412861][ T5319] 3 locks held by syz.0.0/5319: [ 84.415778][ T5319] #0: ffff888037849df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 84.421931][ T5319] #1: ffff888037849c08 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 84.426723][ T5319] #2: ffff8880351a40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.431645][ T5319] [ 84.431645][ T5319] stack backtrace: [ 84.434546][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.434570][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.434579][ T5319] Call Trace: [ 84.434589][ T5319] [ 84.435504][ T5319] dump_stack_lvl+0xe8/0x150 [ 84.435538][ T5319] print_circular_bug+0x2e1/0x300 [ 84.435561][ T5319] check_noncircular+0x12e/0x150 [ 84.435578][ T5319] __lock_acquire+0x15a5/0x2cf0 [ 84.435593][ T5319] ? rcu_is_watching+0x15/0xb0 [ 84.435970][ T5319] ? lock_release+0x4b/0x3d0 [ 84.435981][ T5319] ? lock_release+0x4b/0x3d0 [ 84.435995][ T5319] lock_acquire+0xf0/0x2e0 [ 84.436008][ T5319] ? hfsplus_file_extend+0x215/0x1d70 [ 84.436026][ T5319] __mutex_lock+0x19f/0x1300 [ 84.436044][ T5319] ? hfsplus_file_extend+0x215/0x1d70 [ 84.436063][ T5319] ? stack_trace_save+0xa9/0x100 [ 84.436075][ T5319] ? __pfx_stack_trace_save+0x10/0x10 [ 84.436088][ T5319] ? hfsplus_file_extend+0x215/0x1d70 [ 84.436103][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 84.436125][ T5319] ? lockdep_unlock+0x5d/0xd0 [ 84.436138][ T5319] ? __lock_acquire+0x146e/0x2cf0 [ 84.436157][ T5319] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 84.436175][ T5319] hfsplus_file_extend+0x215/0x1d70 [ 84.436195][ T5319] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 84.436209][ T5319] ? __pfx___mutex_trylock_common+0x10/0x10 [ 84.436234][ T5319] ? rcu_is_watching+0x15/0xb0 [ 84.436249][ T5319] ? trace_contention_end+0x3d/0x150 [ 84.436268][ T5319] ? __asan_memset+0x22/0x50 [ 84.436287][ T5319] ? hfsplus_brec_find+0x19d/0x520 [ 84.436301][ T5319] hfsplus_bmap_reserve+0x125/0x510 [ 84.436321][ T5319] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 84.436338][ T5319] __hfsplus_ext_cache_extent+0x89/0xe30 [ 84.436355][ T5319] hfsplus_file_extend+0x4af/0x1d70 [ 84.436372][ T5319] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 84.436387][ T5319] ? percpu_ref_get_many+0x19/0x140 [ 84.436398][ T5319] ? percpu_ref_get_many+0x19/0x140 [ 84.436410][ T5319] ? rcu_is_watching+0x15/0xb0 [ 84.436424][ T5319] ? trace_kmem_cache_alloc+0x29/0xf0 [ 84.436444][ T5319] hfsplus_get_block+0x42c/0x1670 [ 84.436460][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.436474][ T5319] ? do_raw_spin_unlock+0x4d/0x210 [ 84.436485][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 84.436499][ T5319] __block_write_begin_int+0x6c6/0x1910 [ 84.436514][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.436530][ T5319] ? __pfx___block_write_begin_int+0x10/0x10 [ 84.436543][ T5319] cont_write_begin+0x737/0xae0 [ 84.436557][ T5319] ? __pfx_cont_write_begin+0x10/0x10 [ 84.436567][ T5319] ? folio_unlock+0x101/0x160 [ 84.436688][ T5319] hfsplus_write_begin+0x66/0xb0 [ 84.436711][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.436731][ T5319] cont_write_begin+0x2e7/0xae0 [ 84.436747][ T5319] ? __pfx_cont_write_begin+0x10/0x10 [ 84.436760][ T5319] ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0 [ 84.436779][ T5319] ? lockdep_hardirqs_on+0x7a/0x110 [ 84.436796][ T5319] hfsplus_write_begin+0x66/0xb0 [ 84.436811][ T5319] ? __pfx_hfsplus_get_block+0x10/0x10 [ 84.436836][ T5319] generic_perform_write+0x2e2/0x8f0 [ 84.436852][ T5319] ? __pfx_generic_perform_write+0x10/0x10 [ 84.436863][ T5319] ? file_update_time_flags+0x3b3/0x4a0 [ 84.436886][ T5319] ? __generic_file_write_iter+0xf9/0x230 [ 84.436897][ T5319] ? generic_file_write_iter+0x136/0x680 [ 84.436909][ T5319] generic_file_write_iter+0x14a/0x680 [ 84.436920][ T5319] ? __pfx_generic_file_write_iter+0x10/0x10 [ 84.436933][ T5319] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.436946][ T5319] ? __lock_acquire+0x6b5/0x2cf0 [ 84.436961][ T5319] ? lockdep_hardirqs_on+0x7a/0x110 [ 84.436977][ T5319] ? kasan_save_track+0x4f/0x80 [ 84.436998][ T5319] ? aio_write+0x547/0x870 [ 84.437009][ T5319] aio_write+0x5cd/0x870 [ 84.437020][ T5319] ? __pfx_aio_write+0x10/0x10 [ 84.437039][ T5319] io_submit_one+0x7bb/0x14c0 [ 84.437110][ T5319] ? irqentry_exit+0x59e/0x620 [ 84.437137][ T5319] ? trace_irq_disable+0x3b/0x150 [ 84.437159][ T5319] ? __pfx_io_submit_one+0x10/0x10 [ 84.437172][ T5319] ? __might_fault+0xaf/0x130 [ 84.437192][ T5319] __se_sys_io_submit+0x195/0x340 [ 84.437212][ T5319] ? __pfx___se_sys_io_submit+0x10/0x10 [ 84.437232][ T5319] do_syscall_64+0x14d/0xf80 [ 84.437247][ T5319] ? trace_irq_disable+0x3b/0x150 [ 84.437263][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.437274][ T5319] ? clear_bhb_loop+0x40/0x90 [ 84.437286][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.437299][ T5319] RIP: 0033:0x7fdca8b9c799 [ 84.437314][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.437324][ T5319] RSP: 002b:00007fdca9998fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 84.437340][ T5319] RAX: ffffffffffffffda RBX: 00007fdca8e15fa0 RCX: 00007fdca8b9c799 [ 84.437351][ T5319] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007fdca994f000 [ 84.437359][ T5319] RBP: 00007fdca8c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 84.437425][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.437432][ T5319] R13: 00007fdca8e16038 R14: 00007fdca8e15fa0 R15: 00007ffe774113a8 [ 84.437447][ T5319]