program: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xb24ed4be780fbf3d, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(r1, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1012}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000001ac0)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x413a, 0x40, &(0x7f00000000c0)="5d16", 0x2, 0x6, 0x75, 0x6, 0x8, 0x79, 0x0}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = socket(0x10, 0x4, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000002740)=@deltfilter={0xff0, 0x2d, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xfff3, 0x7}, {0xf, 0x9}, {0xffe0, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0xffff}, @filter_kind_options=@f_matchall={{0xd}, {0xfa4, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x10}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1c, 0xf}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0xa}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0x1}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x5}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xe, 0xf}}, @TCA_MATCHALL_ACT={0xf60, 0x2, [@m_pedit={0xec8, 0x1b, 0x0, 0x0, {{0xa}, {0xe64, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x28, 0x5, 0x0, 0x1, [{0x24, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}]}, @TCA_PEDIT_PARMS={0xe38, 0x2, {{{0x2, 0x6, 0x20000000, 0x0, 0x1ff}, 0x9, 0x0, [{0xfffffffd, 0x80000001, 0x200, 0x6a, 0x8, 0x587}]}, [{0x0, 0x7, 0x6, 0xd7cb, 0x7, 0x5}, {0x5, 0x10, 0xf, 0x7, 0x3, 0x8}, {0x7ff, 0xed, 0x7, 0x200, 0xb5, 0x81}, {0x5, 0x525, 0x3, 0x5, 0x1db2, 0x6}, {0x200, 0x4, 0x2, 0x5, 0x4, 0x1}, {0xb, 0x80, 0x7ff, 0x9, 0xba0, 0xa}, {0xfff, 0xfffffffa, 0x10000, 0x80000001, 0x9d2, 0x2}, {0x6, 0x7, 0x9, 0x94, 0x40, 0x5}, {0x5, 0x6, 0x8, 0xc, 0x2b, 0x8}, {0x3, 0x800, 0x3, 0xa8c8, 0x0, 0xffff}, {0x3, 0x9, 0x7, 0x80, 0x91cf, 0x9}, {0x6, 0xffffff00, 0xf972, 0x4, 0x7fff, 0x1}, {0x31, 0x0, 0x401, 0x1, 0x80000000, 0x5}, {0x101, 0x4, 0x9, 0x1, 0x3ff, 0xf782}, {0x3, 0x99ef, 0x8, 0x7, 0x4, 0x4d64}, {0x7, 0x3ce8bf97, 0x3, 0x9, 0x3, 0x81}, {0x7, 0x2, 0xfffff3d2, 0x4, 0x2, 0xe}, {0x7, 0x3, 0x5, 0x6, 0x9, 0xff}, {0x6, 0x5, 0x0, 0x9d3b, 0x2a6, 0x8000}, {0xfff, 0x2, 0x0, 0x8, 0x9, 0x6}, {0xff, 0x0, 0x3, 0x81, 0x9, 0x4}, {0x8, 0x20, 0x6, 0x5, 0x8, 0xfffffffc}, {0x0, 0x1, 0x400, 0xfff, 0x8001, 0xfffffffc}, {0x0, 0xa1, 0x8373, 0x5, 0x81, 0x1000}, {0x400, 0x9f3, 0x3, 0xf14, 0xffffe11f, 0x6}, {0x9, 0x0, 0x1, 0x1d71, 0x47, 0xc63}, {0x9, 0xc1e6, 0x0, 0x5, 0x80000001, 0x1}, {0x80000000, 0x4, 0x6, 0x0, 0x0, 0x26}, {0x2, 0x6, 0x4, 0x4d15b6e4, 0x4, 0xb}, {0x6, 0x200, 0xff, 0x5, 0x800, 0x4}, {0x4, 0x5, 0x0, 0x1ff, 0x7, 0x1}, {0xf, 0x2, 0x8, 0x6, 0x0, 0x7ff}, {0xb, 0x9, 0x1, 0x7, 0x0, 0x8}, {0x9, 0x9, 0xe574, 0x5, 0x272, 0x2}, {0x40713716, 0x200, 0x4, 0x874, 0x2, 0x2}, {0x0, 0xfffffffb, 0x6, 0x7, 0x6, 0x6}, {0x2d129064, 0x5, 0x6, 0x3, 0xc, 0xb0}, {0x3, 0x5, 0x9, 0x7fff, 0x1, 0x8}, {0x5, 0x1da, 0x6, 0x200, 0x75, 0x5}, {0x2, 0x4, 0xeb, 0x1ff, 0xfffffff7, 0x100}, {0xc9a6, 0x0, 0xfffffff7, 0x1c000000, 0x3}, {0x4, 0x1, 0x5, 0xffffffff, 0x40}, {0x240000, 0x0, 0xac69, 0x81, 0x8, 0x200}, {0xfff, 0xfffffff1, 0xfff, 0x4, 0xa, 0x1ff}, {0x10, 0x1, 0xfffffffc, 0x6, 0x0, 0x7a7a}, {0x0, 0x8e, 0x16, 0x1000, 0x7, 0x3}, {0x7ff, 0x10, 0x3, 0x3af, 0x8, 0x2}, {0xa, 0x2, 0x0, 0x2, 0x2, 0x8}, {0x5, 0xc0000000, 0xfffffff7, 0xff, 0x3, 0xf10}, {0x2, 0x8, 0x5, 0x4, 0x1, 0x3}, {0xa8, 0xfffff2b8, 0x8, 0x80000000, 0x40, 0x3}, {0x3, 0x5, 0xa, 0xffffffa6, 0x9d, 0x7}, {0xd01, 0x70, 0x410, 0xb, 0x4, 0x28000000}, {0x9, 0xfffffff7, 0x3, 0x0, 0x10001, 0x80000000}, {0x6, 0x34, 0x6d, 0x1ff, 0x8, 0x4f2e}, {0x6, 0x10, 0x700000, 0x80, 0x1, 0x1}, {0xa6, 0x3, 0x7fffffff, 0x6, 0x2, 0x2}, {0x1, 0x401, 0x400, 0xa9, 0x1, 0x4}, {0x3, 0x4, 0x2de39c86, 0xffffffff, 0x7ff, 0x1}, {0x2, 0x7, 0x9ca, 0x7fffffff, 0x7, 0x1aa}, {0x3, 0x72e, 0xfffffffe, 0x8, 0x2de8, 0xc}, {0x8, 0x3, 0xadda, 0x8001, 0x0, 0x80}, {0x3, 0x7ff, 0x6, 0xbc, 0x6, 0x8}, {0x10, 0x1, 0x92, 0x0, 0x5, 0x2b500000}, {0x2, 0x8, 0x40000, 0x7fffffff, 0x1, 0xa}, {0x8, 0x2ab, 0x80000001, 0xd, 0x8, 0x101}, {0x4, 0x2c8, 0x5b1, 0x40, 0x1, 0x6}, {0x77, 0x4, 0x0, 0x5, 0x6, 0xb44d}, {0x6, 0x7, 0x9c, 0x1, 0xfffff51f, 0x3f800000}, {0x0, 0x800, 0x5, 0x58, 0x2, 0xffffffff}, {0x6, 0x4, 0xd5d6, 0x92c7, 0xb1, 0xe}, {0xffff, 0x9, 0x1, 0x3, 0xfffffff9, 0x2}, {0x7, 0x96a0, 0xc, 0x4c, 0x80, 0x9}, {0x4, 0x8, 0xc9, 0x7, 0x9, 0xf1}, {0x0, 0x3, 0xc822, 0x10001, 0x7, 0x8}, {0xe, 0xabf2, 0xffff22dd, 0x30, 0x7, 0xbd}, {0x3, 0x9, 0x96, 0x7, 0x1, 0x3}, {0x1, 0x9, 0x3, 0xbb3d, 0x9, 0xcf}, {0x8000000, 0x4, 0x8000, 0x9db, 0x17d0, 0xe26}, {0x800, 0x8, 0x2, 0x2, 0x3, 0x4}, {0x7, 0x7, 0xb53, 0x8, 0xffffffff, 0x800}, {0x80, 0x2, 0x100, 0x3, 0x8000, 0x8}, {0x200, 0xd, 0x3, 0x4, 0x3, 0x5}, {0xd, 0x7f, 0x5, 0x9, 0x9, 0x4}, {0xa44, 0xfffffffb, 0x1, 0x9, 0x3, 0xffff}, {0x8, 0x4, 0x81, 0x1, 0x1, 0x7}, {0x0, 0x6, 0xfff, 0xffff0000, 0x4f, 0xf}, {0x7, 0x2, 0x9, 0x1, 0x80000000, 0x68188000}, {0xa, 0x78e4b32f, 0x5, 0x9, 0x3, 0xfffffffd}, {0x3, 0x400, 0xe0c2, 0x6, 0x7, 0x8}, {0xfffffff7, 0x80000000, 0x7fffffff, 0x401, 0x1}, {0x8f, 0x5, 0x10000, 0x6, 0x5, 0x9}, {0x5d4fd1f7, 0x100, 0xda, 0x2, 0x1, 0x2}, {0xc, 0x80000001, 0x391, 0x80, 0x1}, {0x2, 0xde4f, 0x5, 0xc, 0xfffffffd, 0x3}, {0x6204, 0x6, 0x8, 0x3, 0x92, 0x10}, {0x568c, 0x6, 0x4, 0x10001, 0x8, 0x2}, {0x9, 0x3, 0x10000, 0x2, 0x786b, 0x3}, {0x1ff, 0x0, 0x6, 0x5, 0x8, 0x8}, {0x8, 0x5, 0x6, 0x5, 0x1, 0xff}, {0x3, 0x8, 0x5, 0xffffffff, 0x9, 0xd9}, {0x6, 0x5, 0xbb, 0xffff0000, 0x8}, {0xff, 0x7, 0x3, 0x4a, 0x7, 0x8}, {0x4, 0x2, 0x2, 0x1, 0x468638d1, 0x240000}, {0x4f0, 0x5, 0x2, 0x9, 0x0, 0x1}, {0x1, 0x0, 0x400, 0x4, 0xd16, 0x6}, {0x500000, 0x8, 0x6, 0x4, 0xffffffff, 0x10000}, {0x4, 0x2, 0xd, 0x2, 0x6, 0x3ff}, {0xe6, 0x9, 0x40, 0x400, 0x1e2d}, {0xfffffffc, 0x6a, 0x8, 0xd, 0x3, 0x7e}, {0x7ff, 0x0, 0xbd5b, 0xa6a, 0x3, 0x7}, {0x42cb, 0x0, 0x1, 0x19, 0x4, 0x1}, {0x9, 0x1200, 0x9, 0x1d, 0x6fd}, {0x8, 0x1, 0x7, 0xfffffffd, 0x4, 0x1}, {0x12b2b201, 0x9, 0x80, 0x4, 0x3, 0xa21}, {0xc, 0x9, 0x2, 0xc, 0x6, 0x5}, {0x22, 0x7fff, 0x6, 0x7fffffff, 0x8ff, 0x5}, {0x9, 0x5, 0x9, 0x4, 0x361, 0x4a1}, {0x1, 0x8, 0x1e, 0x825, 0x1, 0x47a}, {0x7ff, 0x9, 0x9, 0x400, 0xdf6, 0x2}, {0x3, 0x7, 0x1, 0xe, 0x8, 0x7}, {0x354, 0xb, 0x736, 0x7, 0x6, 0xfffffff8}, {0x98, 0x54d, 0x1000, 0x1, 0x4, 0x2}, {0x8, 0xfc, 0x3, 0x8, 0x9, 0x401}, {0x5, 0x3, 0xffff, 0x3, 0x2, 0x401}, {0xff, 0xfffffff9, 0x1, 0x7, 0x2, 0xbb}, {0x6000000, 0x43c, 0x2, 0xb, 0x9234, 0x8001}, {0xfffffffd, 0x7, 0x2, 0x5, 0x6, 0x8000}], [{0x3}, {0x2, 0x1}, {0x4}, {0x5, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x6}, {0x2}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x5}, {0x7}, {}, {0x1}, {0x2, 0x1}, {0x3}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x4}, {0x3, 0x1}, {}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {}, {}, {0x3}, {0x5}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x5}, {0x4, 0x1}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0xd63f1321745906a4}, {}, {0x5}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x3}, {0x2}, {}, {0x4}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {0x5}, {0x5}, {0x3, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x2}, {0x5}, {0x3}, {0x1, 0x1}, {0x2}, {0x1, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x3}, {0x4}, {0x2, 0x1}, {}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x3}, {0x2}, {0x4}, {0x3, 0x1}, {0x2}, {0x3, 0x1}]}}]}, {0x39, 0x6, "75ea55db767463fb7a7b2177506038fd60cd740c370e7a798db4d7da8c2443f3364b3679953d62fe778c13f3ad4f9204712b83d3cc"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_gact={0x94, 0x19, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x2, 0x4, 0xe, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1155, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x2197}}, @TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x10001, 0x2, 0xffffffff, 0x5}}]}, {0x1e, 0x6, "750a9ace66fec80b1f36af98b964d966db2168e045cdd176daa0"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff2, 0xfff1}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xe, 0x7}}]}}]}, 0xff0}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xe}, {}, {0xa, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x7}]}]}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x48800}, 0x4000810) io_setup(0x6, 0x0) syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000002c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe8}}, {@noadinicb}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") r9 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r9, 0x2007ffc) sendfile(r9, r9, 0x0, 0x800000009) r10 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r11 = open(&(0x7f0000000080)='./bus\x00', 0x107382, 0x1d0) ftruncate(r11, 0x2007ffb) sendfile(r10, r11, 0x0, 0x1000000201005) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x6cb, 0x2968, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x20, 0x5, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x1, 0x3, 0x0, {0x9, 0x21, 0x7, 0x1, 0x1, {0x22, 0x9f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x1, 0x80, 0xb5}}}}}]}}]}}, 0x0) truncate(&(0x7f00000013c0)='./file1\x00', 0x0) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='./file0\x00') io_submit(0x0, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000000340)={0x1000, 0xa000}) [ 74.829712][ T5316] Bluetooth: hci0: command tx timeout [ 74.981857][ T5337] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 75.026696][ T5337] loop0: detected capacity change from 0 to 2048 [ 75.065257][ T5337] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362 [ 75.080776][ T5337] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 75.143210][ T5337] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 75.162863][ T5337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 75.281976][ T25] audit: type=1800 audit(1753230032.968:2): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 75.670119][ T5330] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 76.448961][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.453629][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.465138][ T5338] [ 76.466395][ T5338] ============================================ [ 76.469943][ T5338] WARNING: possible recursive locking detected [ 76.473288][ T5338] 6.16.0-rc7-syzkaller #0 Not tainted [ 76.475830][ T5338] -------------------------------------------- [ 76.478998][ T5338] syz.0.0/5338 is trying to acquire lock: [ 76.484417][ T5338] ffff88804085bd28 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_free_blocks+0x9e2/0x17f0 [ 76.507734][ T5338] [ 76.507734][ T5338] but task is already holding lock: [ 76.511294][ T5338] ffff88804085bd28 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_prealloc_blocks+0x8d0/0x10b0 [ 76.516580][ T5338] [ 76.516580][ T5338] other info that might help us debug this: [ 76.520944][ T5338] Possible unsafe locking scenario: [ 76.520944][ T5338] [ 76.524533][ T5338] CPU0 [ 76.526098][ T5338] ---- [ 76.527632][ T5338] lock(&sbi->s_alloc_mutex); [ 76.535173][ T5338] lock(&sbi->s_alloc_mutex); [ 76.537390][ T5338] [ 76.537390][ T5338] *** DEADLOCK *** [ 76.537390][ T5338] [ 76.542169][ T5338] May be due to missing lock nesting notation [ 76.542169][ T5338] [ 76.546756][ T5338] 4 locks held by syz.0.0/5338: [ 76.548958][ T5338] #0: ffff888000aa8428 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 76.554101][ T5338] #1: ffff888045cf95c0 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: udf_file_write_iter+0x6e/0x6c0 [ 76.576117][ T5338] #2: ffff888045cf93f0 (&ei->i_data_sem#2){++++}-{4:4}, at: udf_map_block+0x291/0x42a0 [ 76.581479][ T5338] #3: ffff88804085bd28 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_prealloc_blocks+0x8d0/0x10b0 [ 76.591442][ T5338] [ 76.591442][ T5338] stack backtrace: [ 76.594632][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 76.594658][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.594667][ T5338] Call Trace: [ 76.594675][ T5338] [ 76.594683][ T5338] dump_stack_lvl+0x189/0x250 [ 76.594704][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.594720][ T5338] ? __pfx__printk+0x10/0x10 [ 76.594738][ T5338] ? print_lock_name+0xde/0x100 [ 76.594755][ T5338] print_deadlock_bug+0x28b/0x2a0 [ 76.594772][ T5338] validate_chain+0x1a3f/0x2140 [ 76.594786][ T5338] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 76.594859][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.594875][ T5338] __lock_acquire+0xab9/0xd20 [ 76.594889][ T5338] ? udf_free_blocks+0x9e2/0x17f0 [ 76.594903][ T5338] lock_acquire+0x120/0x360 [ 76.594915][ T5338] ? udf_free_blocks+0x9e2/0x17f0 [ 76.594932][ T5338] __mutex_lock+0x182/0xe80 [ 76.594945][ T5338] ? udf_free_blocks+0x9e2/0x17f0 [ 76.594960][ T5338] ? __pfx_folio_mark_accessed+0x10/0x10 [ 76.594978][ T5338] ? rcu_read_unlock_special+0x3fe/0x4c0 [ 76.594998][ T5338] ? udf_free_blocks+0x9e2/0x17f0 [ 76.595012][ T5338] ? __pfx___mutex_lock+0x10/0x10 [ 76.595028][ T5338] ? __pfx___might_resched+0x10/0x10 [ 76.595044][ T5338] udf_free_blocks+0x9e2/0x17f0 [ 76.595061][ T5338] ? bdev_getblk+0x7b/0x690 [ 76.595079][ T5338] ? udf_get_fileshortad+0x6e/0x1b0 [ 76.595094][ T5338] ? __pfx_udf_free_blocks+0x10/0x10 [ 76.595115][ T5338] udf_delete_aext+0x4df/0xbc0 [ 76.595128][ T5338] ? udf_get_fileshortad+0xcb/0x1b0 [ 76.595141][ T5338] ? __pfx_udf_delete_aext+0x10/0x10 [ 76.595161][ T5338] udf_prealloc_blocks+0xb7e/0x10b0 [ 76.595176][ T5338] ? udf_get_filelongad+0x6e/0x1b0 [ 76.595188][ T5338] ? __pfx_udf_new_block+0x10/0x10 [ 76.595200][ T5338] ? udf_current_aext+0x660/0xad0 [ 76.595216][ T5338] ? __pfx_udf_prealloc_blocks+0x10/0x10 [ 76.595232][ T5338] ? udf_map_block+0x1508/0x42a0 [ 76.595246][ T5338] udf_map_block+0x1ddd/0x42a0 [ 76.595314][ T5338] ? __pfx_udf_map_block+0x10/0x10 [ 76.595344][ T5338] ? do_raw_spin_unlock+0x4d/0x240 [ 76.595361][ T5338] __udf_get_block+0x52/0x250 [ 76.595376][ T5338] __block_write_begin_int+0x6b2/0x1900 [ 76.595395][ T5338] ? folio_add_lru+0x1b2/0x3d0 [ 76.595411][ T5338] ? __pfx_udf_get_block+0x10/0x10 [ 76.595425][ T5338] ? __pfx___block_write_begin_int+0x10/0x10 [ 76.595442][ T5338] ? __pfx_udf_get_block+0x10/0x10 [ 76.595455][ T5338] block_write_begin+0x8a/0x120 [ 76.595471][ T5338] ? udf_write_begin+0x7d/0x260 [ 76.595485][ T5338] udf_write_begin+0x100/0x260 [ 76.595500][ T5338] generic_perform_write+0x2c7/0x910 [ 76.595513][ T5338] ? __pfx_generic_perform_write+0x10/0x10 [ 76.595524][ T5338] ? file_update_time+0x416/0x490 [ 76.595535][ T5338] ? __generic_file_write_iter+0xf9/0x230 [ 76.595544][ T5338] ? udf_file_write_iter+0x1a3/0x6c0 [ 76.595558][ T5338] udf_file_write_iter+0x2d5/0x6c0 [ 76.595574][ T5338] iter_file_splice_write+0x937/0x1000 [ 76.595595][ T5338] ? __pfx_iter_file_splice_write+0x10/0x10 [ 76.595610][ T5338] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.595625][ T5338] ? direct_splice_actor+0x10c/0x160 [ 76.595649][ T5338] ? __pfx_iter_file_splice_write+0x10/0x10 [ 76.595664][ T5338] direct_splice_actor+0x101/0x160 [ 76.595679][ T5338] splice_direct_to_actor+0x5a5/0xcc0 [ 76.595697][ T5338] ? __pfx_direct_splice_actor+0x10/0x10 [ 76.595711][ T5338] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 76.595733][ T5338] ? __pfx_aa_file_perm+0x10/0x10 [ 76.595746][ T5338] do_splice_direct+0x181/0x270 [ 76.595761][ T5338] ? __pfx_do_splice_direct+0x10/0x10 [ 76.595775][ T5338] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 76.595792][ T5338] ? rw_verify_area+0x258/0x650 [ 76.595806][ T5338] do_sendfile+0x4da/0x7e0 [ 76.595824][ T5338] ? __pfx_do_sendfile+0x10/0x10 [ 76.595839][ T5338] ? rcu_is_watching+0x15/0xb0 [ 76.595855][ T5338] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 76.595874][ T5338] __se_sys_sendfile64+0x13e/0x190 [ 76.595890][ T5338] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 76.595904][ T5338] ? rcu_is_watching+0x15/0xb0 [ 76.595923][ T5338] ? do_syscall_64+0xbe/0x3b0 [ 76.595937][ T5338] do_syscall_64+0xfa/0x3b0 [ 76.595948][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.595958][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.595969][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 76.595982][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.595993][ T5338] RIP: 0033:0x7f8f4a58e9a9 [ 76.596006][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.596015][ T5338] RSP: 002b:00007f8f4b3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 76.596029][ T5338] RAX: ffffffffffffffda RBX: 00007f8f4a7b6080 RCX: 00007f8f4a58e9a9 [ 76.596038][ T5338] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 76.596046][ T5338] RBP: 00007f8f4a610d69 R08: 0000000000000000 R09: 0000000000000000 [ 76.596054][ T5338] R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000 [ 76.596067][ T5338] R13: 0000000000000000 R14: 00007f8f4a7b6080 R15: 00007ffccdd52bb8 [ 76.596080][ T5338] [ 77.101217][ T5316] Bluetooth: hci0: command tx timeout [ 79.160020][ T5316] Bluetooth: hci0: command tx timeout [ 80.919711][ T5330] usb 5-1: unable to get BOS descriptor or descriptor too short [ 80.924514][ T5330] usb 5-1: unable to read config index 0 descriptor/start: -32 [ 80.930224][ T5330] usb 5-1: chopping to 0 config(s) [ 80.942057][ T5330] usb 5-1: can't read configurations, error -32 [ 81.069336][ T5330] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 81.199368][ T5330] usb 5-1: device descriptor read/64, error -32 [ 81.239444][ T5316] Bluetooth: hci0: command tx timeout [ 81.309619][ T5330] usb usb5-port1: attempt power cycle [ 81.649312][ T5330] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 81.669592][ T5330] usb 5-1: device descriptor read/8, error -32