program: socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$igmp(0x2, 0x3, 0x2) openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x82) syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000002c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe8}}, {@noadinicb}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r1, 0x2007ffc) sendfile(r1, r1, 0x0, 0x800000009) r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r3, 0x2007ffb) sendfile(r2, r3, 0x0, 0x1000000201005) r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x8000) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000380)={0x29, 0x1, 0x9, "003bc99de54a068f1f8e02db0b2a130a2e0e25d97d269099cd8698f69d357ada83e615008751cef68e"}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', 0x0}) r6 = syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x0, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2920100331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c740f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd9f, &(0x7f0000001bc0)="$eJzs3UtvXNUdAPBzx544LxqHmMZN0yQlpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1WCQbbPGY//mdGdcWyPx/P7SWfO3Pu/955z5nHnzn2dBIytxurj4uJsldLbt966eO/05P9WxpxuT3Fm9XEyDy2llJrt+VKaDstbmlrLP/vk2qXO/POcV+lCqlLVHp+evdue91BK6Xo6k26n6fTcx8dvvvTBM8vvHbtx7OIbc3e2p/UAADBe7v3o3V/+7fEfXjv6/9+fWkpT7fFl+3wpDx/O2/1L1dpwztr/A6qOvOoYLvaF6SZzaoTpJrpM11lOM0w32aP8fWG5zR7TTdWUP9Exrlu7YZSt/4+vGvMbhhuN+fm1/+QrPpzYV82/cmX5hatDqiiw5T49nXfxSZI0dql1ZNhrIIA18bjhfa7HPQsPpr20yf7Kv/t0o/v8sAV2+vOv/NEq/90b1jhsnb36aSrtKt+jw3k4HkeYDPMN+v0vy4vHI5p91rPXcYRROb7Qq54TO1yPzepV//i52Ku+lvPyOpwK8c7vT3xPR+U9Brq7Z/+/JI1tag17BQTsWvG8uVZW4vG8vhifqonvr4kfqIkfrIkfqonDOPvDq79NN6v1//nxP/2g+8PKfraHcv6lAesT90cOWn4873dQD1p+PJ8YdrW5/5789Ne3/x7P//88nP9/Nv+WTucVRNlfGPert8/9DxcGN3pM93CozkNdpl99PrNxumpmfTmpYz1zXz1mN853pNd0JzdONx2mO5i3RfaH+sbtk4NhvrL9Udar5fWaDO1thnbsC/Uo78zRnO8P7Tnaq11hR/a+MF0zp2OhXTOhXY+E+b4c2lXNbmxX3H9e6nM8jI/HScp04W2773cpvhfxuoxHc/5mzt/J+fs5/6hLueOofB57nf9fPp+zqVm9cGX58hN5uHxO70w0p1bGn9/hegMPrt/rf2bTxut/DrfHNxud64Uj6+OrzvXCdBh/ocf4J/Nw+T376cSB1fHzl36+/JOtbjyMuauvvf6z55eXL//KE0888aT9ZNhrJmC7Lbz68i8Wrr72+rkrLz//4uUXL79y/onvf+/Jp55aXFjdql/o3LYH9pb1H/1h1wQAAAAAAAAAAADoW3Wg++ic193ftlxPXq5Pj9fHMxrK+1Y+DeU+BuX6z173dSnXbx7dgTqy9XbicqJhtxHo7t/h/r+tXXBPUkmSdia1Wu7iD+wOw+7/r9z3sOSHz/3z6Eoqk919euP6Mt6/EB7Ebu9/Tvl7q/+/dv9Xfa//Qo9Z05sr94/3Dvyjo9h0ot/yY/vLfWBnBiv/T7n80prHUn/lt34Xyo83Ku3Tn0P5B/ss/772n9xc+X/J5ZeXbe5sv+Wv1bhqbKxH3G9c7gMY9xsXfw3tL/f2G7j9m+yo7VYuH8bZqPQzOahR6f+zl7Lcsh7Mq+f2cbpy/+3Y38Gg9S/3/S6/A4+E5Vc1v2/6/xxtdf1/ls/fgv4/Yc/5UP+fkjS2qdVqDbXrk3Htd2W3GPbrP+xtyGGXP+zXv07s/zP+X4r9f8Z47P8zxmP/nzEe+9eK8dj/Z3w9Y/+fMX48LDf2DzpbE/9KTfxETfyrNfGTNfH4/y3Gz9TET9XET9fEH66JP1oTP1sT/0ZN/LGa+OM18bma+F739ZyPa/thnMV+I33/YXyU4z+9vv8zNXFgdMV+neP3+5s1cWB0lfM8fL9hDFXd79gR97eX/bhv5vydnL+f84+2rYLshG/l/Ns5/07Ov5vzczmfz/lCzvUNOdp+868Tp25W6+f5HQnxfs8njdcDxPvEnO+zPvH43KDnsx7vs5ztKn+Tl4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjIzG6uPi4myV0tu33rr4n5kf/HhlzOn2FGdWHyfz0FJKqZlSqvLwZFje9am1/LNPrl3qllfpwupjGU7P3m3Pe2hl/nQm3U7T6bmPj9986YNnlt87duPYxTfm7mxP6wEAAGA8fBEAAP//f//mwA==") newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000902, r7, &(0x7f00000002c0)) r8 = signalfd(r6, &(0x7f0000000140)={[0x3]}, 0x8) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r9) sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x54, r10, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0xc004}, 0x4000040) sendmsg$nl_route_sched(r8, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)=@newtclass={0x64, 0x28, 0x100, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xfff1, 0xfff1}, {0xffe0}, {0xfff6, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0xd, 0x9}}, @tclass_kind_options=@c_multiq={0xb}, @tclass_kind_options=@c_prio={0x9}, @TCA_RATE={0x6, 0x5, {0x73, 0x40}}, @TCA_RATE={0x6, 0x5, {0x9, 0x4}}, @TCA_RATE={0x6, 0x5, {0x9, 0x8}}, @TCA_RATE={0x6, 0x5, {0x10, 0x4}}]}, 0x64}, 0x1, 0x0, 0x0, 0x804}, 0x6ffa57f3917b3c23) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) r11 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r12 = creat(&(0x7f0000000040)='./bus\x00', 0x0) pwrite64(r12, &(0x7f0000000280)='+', 0x1, 0x0) r13 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) copy_file_range(r13, 0x0, r11, &(0x7f00000000c0)=0x10000, 0x6, 0x0) [ 181.006154][ T44] Bluetooth: hci0: command tx timeout [ 181.045200][ T5349] loop0: detected capacity change from 0 to 2048 [ 181.067686][ T5349] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362 [ 181.096437][ T5349] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 181.103098][ T5349] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 181.125541][ T5349] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.160880][ T25] audit: type=1800 audit(1780349992.999:2): pid=5349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 181.567661][ T25] audit: type=1804 audit(1780349993.409:3): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/bus/bus" dev="loop0" ino=1472 res=1 errno=0 [ 181.596806][ T5349] [ 181.598123][ T5349] ============================================ [ 181.601316][ T5349] WARNING: possible recursive locking detected [ 181.604481][ T5349] syzkaller #0 Not tainted [ 181.606786][ T5349] -------------------------------------------- [ 181.609373][ T5349] syz.0.0/5349 is trying to acquire lock: [ 181.611724][ T5349] ffff888012cbfd20 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_free_blocks+0xaaf/0x1940 [ 181.615533][ T5349] [ 181.615533][ T5349] but task is already holding lock: [ 181.618722][ T5349] ffff888012cbfd20 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 181.622878][ T5349] [ 181.622878][ T5349] other info that might help us debug this: [ 181.626296][ T5349] Possible unsafe locking scenario: [ 181.626296][ T5349] [ 181.629492][ T5349] CPU0 [ 181.631034][ T5349] ---- [ 181.632529][ T5349] lock(&sbi->s_alloc_mutex); [ 181.634598][ T5349] lock(&sbi->s_alloc_mutex); [ 181.636761][ T5349] [ 181.636761][ T5349] *** DEADLOCK *** [ 181.636761][ T5349] [ 181.640296][ T5349] May be due to missing lock nesting notation [ 181.640296][ T5349] [ 181.644054][ T5349] 4 locks held by syz.0.0/5349: [ 181.646139][ T5349] #0: ffff888042a6c410 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 181.650412][ T5349] #1: ffff888046913c90 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: udf_file_write_iter+0x6f/0x6b0 [ 181.654986][ T5349] #2: ffff888046913a70 (&ei->i_data_sem#2){++++}-{4:4}, at: udf_map_block+0x2a4/0x42d0 [ 181.659048][ T5349] #3: ffff888012cbfd20 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 181.663355][ T5349] [ 181.663355][ T5349] stack backtrace: [ 181.666013][ T5349] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 181.666030][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 181.666037][ T5349] Call Trace: [ 181.666045][ T5349] [ 181.666052][ T5349] dump_stack_lvl+0xe8/0x150 [ 181.666068][ T5349] print_deadlock_bug+0x279/0x290 [ 181.666084][ T5349] __lock_acquire+0x253f/0x2cf0 [ 181.666102][ T5349] ? udf_free_blocks+0xaaf/0x1940 [ 181.666112][ T5349] lock_acquire+0x106/0x350 [ 181.666125][ T5349] ? udf_free_blocks+0xaaf/0x1940 [ 181.666138][ T5349] __mutex_lock+0x1a3/0x1550 [ 181.666195][ T5349] ? udf_free_blocks+0xaaf/0x1940 [ 181.666206][ T5349] ? __lock_acquire+0x6b5/0x2cf0 [ 181.666218][ T5349] ? loop_queue_rq+0x9f8/0xb00 [ 181.666265][ T5349] ? udf_free_blocks+0xaaf/0x1940 [ 181.666276][ T5349] ? __pfx___mutex_lock+0x10/0x10 [ 181.666285][ T5349] ? folio_mark_accessed+0x442/0x8c0 [ 181.666302][ T5349] ? fs_reclaim_acquire+0x7c/0x100 [ 181.666316][ T5349] ? fs_reclaim_acquire+0x7c/0x100 [ 181.666329][ T5349] udf_free_blocks+0xaaf/0x1940 [ 181.666341][ T5349] ? bdev_getblk+0x582/0x6e0 [ 181.666356][ T5349] ? udf_get_fileshortad+0x6e/0x1b0 [ 181.666369][ T5349] ? udf_current_aext+0x698/0xb30 [ 181.666383][ T5349] ? __pfx_udf_free_blocks+0x10/0x10 [ 181.666394][ T5349] ? udf_next_aext+0x447/0x530 [ 181.666409][ T5349] udf_delete_aext+0x4fb/0xbe0 [ 181.666423][ T5349] ? __pfx_udf_delete_aext+0x10/0x10 [ 181.666434][ T5349] ? udf_next_aext+0x447/0x530 [ 181.666449][ T5349] udf_new_block+0x149e/0x1c70 [ 181.666462][ T5349] ? bdev_getblk+0x582/0x6e0 [ 181.666486][ T5349] ? __pfx_udf_new_block+0x10/0x10 [ 181.666503][ T5349] udf_map_block+0x1340/0x42d0 [ 181.666516][ T5349] ? filemap_get_folios_tag+0x118/0x720 [ 181.666535][ T5349] ? __pfx_udf_map_block+0x10/0x10 [ 181.666558][ T5349] ? do_raw_spin_unlock+0x4d/0x210 [ 181.666573][ T5349] __udf_get_block+0x52/0x250 [ 181.666584][ T5349] __block_write_begin_int+0x6c6/0x1910 [ 181.666600][ T5349] ? __pfx_udf_get_block+0x10/0x10 [ 181.666641][ T5349] ? __pfx___block_write_begin_int+0x10/0x10 [ 181.666661][ T5349] ? __pfx_udf_get_block+0x10/0x10 [ 181.666672][ T5349] block_write_begin+0x8d/0x120 [ 181.666688][ T5349] ? udf_write_begin+0x92/0x270 [ 181.666706][ T5349] udf_write_begin+0x118/0x270 [ 181.666717][ T5349] generic_perform_write+0x2e2/0x8f0 [ 181.666735][ T5349] ? __pfx_generic_perform_write+0x10/0x10 [ 181.666751][ T5349] ? generic_file_direct_write+0x385/0x3e0 [ 181.666766][ T5349] __generic_file_write_iter+0x1ae/0x230 [ 181.666782][ T5349] udf_file_write_iter+0x2ca/0x6b0 [ 181.666793][ T5349] iter_file_splice_write+0x9a1/0x10f0 [ 181.666808][ T5349] ? __pfx_iter_file_splice_write+0x10/0x10 [ 181.666822][ T5349] ? __pfx_iter_file_splice_write+0x10/0x10 [ 181.666833][ T5349] direct_splice_actor+0x101/0x160 [ 181.666846][ T5349] splice_direct_to_actor+0x53a/0xc70 [ 181.666860][ T5349] ? __pfx_direct_splice_actor+0x10/0x10 [ 181.666872][ T5349] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 181.666884][ T5349] do_splice_direct+0x195/0x290 [ 181.666896][ T5349] ? __pfx_do_splice_direct+0x10/0x10 [ 181.666907][ T5349] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 181.666920][ T5349] ? rw_verify_area+0x255/0x4d0 [ 181.666934][ T5349] do_sendfile+0x535/0x7d0 [ 181.666944][ T5349] ? __pfx_do_truncate+0x10/0x10 [ 181.666958][ T5349] ? __pfx_do_sendfile+0x10/0x10 [ 181.666969][ T5349] ? __se_sys_futex+0x3a8/0x450 [ 181.666982][ T5349] __se_sys_sendfile64+0x144/0x1a0 [ 181.666997][ T5349] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 181.667012][ T5349] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.667023][ T5349] do_syscall_64+0x174/0x580 [ 181.667034][ T5349] ? clear_bhb_loop+0x40/0x90 [ 181.667045][ T5349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.667056][ T5349] RIP: 0033:0x7f64dd59ce59 [ 181.667068][ T5349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 181.667076][ T5349] RSP: 002b:00007f64de37dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 181.667088][ T5349] RAX: ffffffffffffffda RBX: 00007f64dd815fa0 RCX: 00007f64dd59ce59 [ 181.667096][ T5349] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 181.667103][ T5349] RBP: 00007f64dd632d6f R08: 0000000000000000 R09: 0000000000000000 [ 181.667110][ T5349] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000000 [ 181.667117][ T5349] R13: 00007f64dd816038 R14: 00007f64dd815fa0 R15: 00007ffd125f5f88 [ 181.667128][ T5349] [ 183.082850][ T44] Bluetooth: hci0: command tx timeout