program: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r1) r4 = openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000180)) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x451, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") syz_emit_ethernet(0x5e, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa88a81d0081003854888a2500000d01000000040300003a7fab9c40b9bee916f3ddd11572f6ec255b0773e85cde9e4467c7d8d02b71e6b9da40ddf46c87f90421b92a164b57"], &(0x7f0000000100)={0x0, 0x1, [0xa54, 0xdec, 0x9b9, 0x353]}) sendmsg$NFC_CMD_SE_IO(r2, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002d40)={&(0x7f00000002c0)={0x1c, r3, 0x8, 0x70bd30, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40808}, 0x10000800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000300000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010000000000fcdbdf2500000000", @ANYRES32=r5, @ANYBLOB="20d10000000200000800290030740200"], 0x28}, 0x1, 0x0, 0x0, 0x88000}, 0x0) [ 68.489302][ T5308] Bluetooth: hci0: command tx timeout [ 68.553911][ T5323] loop0: detected capacity change from 0 to 512 [ 68.573463][ T5323] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 68.584085][ T5323] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.0: invalid indirect mapped block 2683928664 (level 1) [ 68.597639][ T5323] EXT4-fs (loop0): Remounting filesystem read-only [ 68.601925][ T5323] EXT4-fs (loop0): 1 truncate cleaned up [ 68.605771][ T5323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.615545][ T5323] [ 68.616533][ T5323] ===================================== [ 68.618759][ T5323] WARNING: bad unlock balance detected! [ 68.620964][ T5323] 6.15.0-rc1-syzkaller-00025-gbec7dcbc242c #0 Not tainted [ 68.623787][ T5323] ------------------------------------- [ 68.625993][ T5323] syz.0.0/5323 is trying to release lock (&dev_instance_lock_key) at: [ 68.630098][ T5323] [] do_setlink+0xc26/0x43a0 [ 68.632833][ T5323] but there are no more locks to release! [ 68.635057][ T5323] [ 68.635057][ T5323] other info that might help us debug this: [ 68.638138][ T5323] 1 lock held by syz.0.0/5323: [ 68.640128][ T5323] #0: ffffffff900fd3c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0 [ 68.643827][ T5323] [ 68.643827][ T5323] stack backtrace: [ 68.646236][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00025-gbec7dcbc242c #0 PREEMPT(full) [ 68.646258][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.646266][ T5323] Call Trace: [ 68.646274][ T5323] [ 68.646280][ T5323] dump_stack_lvl+0x241/0x360 [ 68.646302][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.646319][ T5323] ? __pfx__printk+0x10/0x10 [ 68.646334][ T5323] ? print_lock+0x171/0x1a0 [ 68.646348][ T5323] ? do_setlink+0xc26/0x43a0 [ 68.646365][ T5323] print_unlock_imbalance_bug+0x185/0x1a0 [ 68.646393][ T5323] lock_release+0x1ed/0x3e0 [ 68.646405][ T5323] ? do_setlink+0xc26/0x43a0 [ 68.646421][ T5323] ? do_setlink+0xc26/0x43a0 [ 68.646437][ T5323] __mutex_unlock_slowpath+0xee/0x800 [ 68.646452][ T5323] ? rcu_is_watching+0x15/0xb0 [ 68.646466][ T5323] ? do_trace_netlink_extack+0x8b/0x1f0 [ 68.646480][ T5323] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 68.646493][ T5323] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.646511][ T5323] ? __pfx_validate_linkmsg+0x10/0x10 [ 68.646545][ T5323] ? __kernel_text_address+0xd/0x40 [ 68.646556][ T5323] ? unwind_get_return_address+0x4d/0x90 [ 68.646574][ T5323] do_setlink+0xc26/0x43a0 [ 68.646593][ T5323] ? stack_trace_save+0x11a/0x1d0 [ 68.646613][ T5323] ? __pfx_do_setlink+0x10/0x10 [ 68.646632][ T5323] ? __lock_acquire+0xad5/0xd80 [ 68.646646][ T5323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 68.646663][ T5323] ? rcu_is_watching+0x15/0xb0 [ 68.646678][ T5323] ? trace_contention_end+0x3c/0x120 [ 68.646692][ T5323] ? __mutex_lock+0x380/0x10c0 [ 68.646707][ T5323] ? __pfx_aa_get_newest_label+0x10/0x10 [ 68.646763][ T5323] ? rcu_is_watching+0x15/0xb0 [ 68.646777][ T5323] ? rtnl_newlink+0xd68/0x1fe0 [ 68.646792][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 68.646808][ T5323] ? ns_capable+0x8a/0xf0 [ 68.646819][ T5323] ? rtnl_link_get_net_capable+0x168/0x340 [ 68.646838][ T5323] rtnl_newlink+0x17e2/0x1fe0 [ 68.646854][ T5323] ? stack_depot_save_flags+0x43f/0x940 [ 68.646870][ T5323] ? __pfx_rtnl_newlink+0x10/0x10 [ 68.646885][ T5323] ? __netlink_deliver_tap+0x561/0x7f0 [ 68.646901][ T5323] ? netlink_deliver_tap+0x19d/0x1b0 [ 68.646917][ T5323] ? netlink_unicast+0x7c6/0x9a0 [ 68.646930][ T5323] ? netlink_sendmsg+0x8c3/0xcd0 [ 68.646945][ T5323] ? __sock_sendmsg+0x221/0x270 [ 68.646958][ T5323] ? ____sys_sendmsg+0x523/0x860 [ 68.646968][ T5323] ? __sys_sendmsg+0x271/0x360 [ 68.646978][ T5323] ? do_syscall_64+0xf3/0x230 [ 68.646991][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.647010][ T5323] ? kasan_quarantine_put+0xdc/0x230 [ 68.647022][ T5323] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.647035][ T5323] ? nlmon_xmit+0xaf/0x100 [ 68.647053][ T5323] ? __local_bh_enable_ip+0x168/0x200 [ 68.647063][ T5323] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.647077][ T5323] ? aa_get_newest_label+0x101/0x6f0 [ 68.647094][ T5323] ? __lock_acquire+0xad5/0xd80 [ 68.647110][ T5323] ? __pfx_rtnl_newlink+0x10/0x10 [ 68.647125][ T5323] rtnetlink_rcv_msg+0x80f/0xd70 [ 68.647139][ T5323] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 68.647155][ T5323] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 68.647172][ T5323] ? ref_tracker_free+0x63e/0x7e0 [ 68.647185][ T5323] netlink_rcv_skb+0x208/0x480 [ 68.647201][ T5323] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 68.647223][ T5323] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 68.647247][ T5323] ? netlink_deliver_tap+0x2e/0x1b0 [ 68.647263][ T5323] ? netlink_deliver_tap+0x2e/0x1b0 [ 68.647280][ T5323] netlink_unicast+0x7f8/0x9a0 [ 68.647297][ T5323] ? __pfx_netlink_unicast+0x10/0x10 [ 68.647311][ T5323] ? skb_put+0x114/0x1f0 [ 68.647322][ T5323] netlink_sendmsg+0x8c3/0xcd0 [ 68.647341][ T5323] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.647357][ T5323] ? aa_sock_msg_perm+0x91/0x160 [ 68.647375][ T5323] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.647390][ T5323] __sock_sendmsg+0x221/0x270 [ 68.647406][ T5323] ____sys_sendmsg+0x523/0x860 [ 68.647420][ T5323] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.647432][ T5323] ? __fget_files+0x2a/0x420 [ 68.647442][ T5323] ? __fget_files+0x2a/0x420 [ 68.647454][ T5323] __sys_sendmsg+0x271/0x360 [ 68.647464][ T5323] ? __lock_acquire+0xad5/0xd80 [ 68.647475][ T5323] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.647500][ T5323] ? do_syscall_64+0xb6/0x230 [ 68.647514][ T5323] do_syscall_64+0xf3/0x230 [ 68.647527][ T5323] ? clear_bhb_loop+0x45/0xa0 [ 68.647538][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.647550][ T5323] RIP: 0033:0x7f3b9c58d169 [ 68.647561][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.647571][ T5323] RSP: 002b:00007f3b9d32f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.647583][ T5323] RAX: ffffffffffffffda RBX: 00007f3b9c7a5fa0 RCX: 00007f3b9c58d169 [ 68.647591][ T5323] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000009 [ 68.647598][ T5323] RBP: 00007f3b9c60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.647605][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.647612][ T5323] R13: 0000000000000000 R14: 00007f3b9c7a5fa0 R15: 00007ffefc9f39f8 [ 68.647623][ T5323]