program: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x14550, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") chdir(&(0x7f000000aac0)='./file0\x00') mq_getsetattr(r0, &(0x7f0000000200)={0xfffffffffffffffc, 0x3800000000000000, 0x1f1, 0x3}, &(0x7f0000000240)) r1 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000080)={0x0, 0x32315659, 0x280, 0x168, 0x2}) r2 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x6042, 0x144) sendfile(r3, r2, 0x0, 0x80000002) r4 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000140)={r4}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040), 0x6) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x2, 0xe, 0x1c, 0x10, "0a1b326e7a691468926ca4fa8455adf6130cc2293f9c520827a4b483dece605af0a2716504d9079b418632d5ba766fe61593077818ad26f5b265c473bb6b4c2a", "8a9124c72b9ed1128e3d69ff5d9c372b2207d8057cbde224b1c71d10894c4c94", [0x1, 0xcb13]}) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaae4aaaa0580c2000000080000000000000006907800"/35, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cc2000090780000"], 0x0) ioctl$sock_bt_hci(r6, 0x400448e6, &(0x7f0000001780)="fc78") r8 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r8, 0x4c09, 0x8000) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x16, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x8a}}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r10 = open(&(0x7f0000000180)='./file2\x00', 0x141200, 0x20) setns(r10, 0x40000000) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'dummy0\x00', 0x1000}) bind$inet(r5, &(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) socket$inet6(0xa, 0x3, 0x6) [ 92.573990][ T9] cfg80211: failed to load regulatory.db [ 92.590368][ T5307] Bluetooth: hci0: command tx timeout [ 92.853015][ T5330] loop0: detected capacity change from 0 to 8192 [ 92.864666][ T5330] ======================================================= [ 92.864666][ T5330] WARNING: The mand mount option has been deprecated and [ 92.864666][ T5330] and is ignored by this kernel. Remove the mand [ 92.864666][ T5330] option from the mount to silence this warning. [ 92.864666][ T5330] ======================================================= [ 92.918061][ T5330] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 92.951522][ T25] audit: type=1800 audit(1749864802.442:2): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1048585 res=0 errno=0 [ 93.031541][ T5331] loop0: detected capacity change from 8192 to 8191 [ 93.035821][ T5331] [ 93.036875][ T5331] ====================================================== [ 93.039838][ T5331] WARNING: possible circular locking dependency detected [ 93.042617][ T5331] 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 Not tainted [ 93.045695][ T5331] ------------------------------------------------------ [ 93.048793][ T5331] syz.0.0/5331 is trying to acquire lock: [ 93.051538][ T5331] ffffffff8f87a3a8 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560 [ 93.057305][ T5331] [ 93.057305][ T5331] but task is already holding lock: [ 93.060534][ T5331] ffff888032dd1e00 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 93.065135][ T5331] [ 93.065135][ T5331] which lock already depends on the new lock. [ 93.065135][ T5331] [ 93.070034][ T5331] [ 93.070034][ T5331] the existing dependency chain (in reverse order) is: [ 93.074902][ T5331] [ 93.074902][ T5331] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 93.078881][ T5331] lock_acquire+0x120/0x360 [ 93.081275][ T5331] blk_alloc_queue+0x538/0x620 [ 93.083505][ T5331] __blk_mq_alloc_disk+0x162/0x340 [ 93.086054][ T5331] loop_add+0x41b/0xad0 [ 93.088267][ T5331] loop_init+0x173/0x230 [ 93.090634][ T5331] do_one_initcall+0x233/0x820 [ 93.093043][ T5331] do_initcall_level+0x137/0x1f0 [ 93.095364][ T5331] do_initcalls+0x69/0xd0 [ 93.097307][ T5331] kernel_init_freeable+0x3d9/0x570 [ 93.099551][ T5331] kernel_init+0x1d/0x1d0 [ 93.101626][ T5331] ret_from_fork+0x3fc/0x770 [ 93.104030][ T5331] ret_from_fork_asm+0x1a/0x30 [ 93.106643][ T5331] [ 93.106643][ T5331] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 93.109573][ T5331] lock_acquire+0x120/0x360 [ 93.111498][ T5331] fs_reclaim_acquire+0x72/0x100 [ 93.113606][ T5331] kmem_cache_alloc_node_noprof+0x47/0x3c0 [ 93.116043][ T5331] __alloc_skb+0x112/0x2d0 [ 93.118303][ T5331] alloc_uevent_skb+0x7d/0x230 [ 93.121367][ T5331] kobject_uevent_net_broadcast+0x2fa/0x560 [ 93.124819][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 93.127001][ T5331] kobject_synth_uevent+0x527/0xb00 [ 93.129586][ T5331] bus_uevent_store+0x115/0x170 [ 93.132073][ T5331] kernfs_fop_write_iter+0x378/0x4f0 [ 93.134771][ T5331] vfs_write+0x548/0xa90 [ 93.136997][ T5331] ksys_write+0x145/0x250 [ 93.139621][ T5331] do_syscall_64+0xfa/0x3b0 [ 93.142677][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.146139][ T5331] [ 93.146139][ T5331] -> #0 (uevent_sock_mutex){+.+.}-{4:4}: [ 93.149523][ T5331] validate_chain+0xb9b/0x2140 [ 93.151595][ T5331] __lock_acquire+0xab9/0xd20 [ 93.153695][ T5331] lock_acquire+0x120/0x360 [ 93.155968][ T5331] __mutex_lock+0x182/0xe80 [ 93.158169][ T5331] kobject_uevent_net_broadcast+0x27e/0x560 [ 93.161402][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 93.164958][ T5331] set_capacity_and_notify+0x26d/0x2d0 [ 93.168480][ T5331] loop_set_status+0x45b/0xaf0 [ 93.170931][ T5331] lo_ioctl+0xa5e/0x2410 [ 93.173100][ T5331] blkdev_ioctl+0x5a8/0x6d0 [ 93.175379][ T5331] __se_sys_ioctl+0xf9/0x170 [ 93.177671][ T5331] do_syscall_64+0xfa/0x3b0 [ 93.179948][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.182798][ T5331] [ 93.182798][ T5331] other info that might help us debug this: [ 93.182798][ T5331] [ 93.187142][ T5331] Chain exists of: [ 93.187142][ T5331] uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17 [ 93.187142][ T5331] [ 93.194467][ T5331] Possible unsafe locking scenario: [ 93.194467][ T5331] [ 93.198257][ T5331] CPU0 CPU1 [ 93.200699][ T5331] ---- ---- [ 93.203051][ T5331] lock(&q->q_usage_counter(io)#17); [ 93.205550][ T5331] lock(fs_reclaim); [ 93.208075][ T5331] lock(&q->q_usage_counter(io)#17); [ 93.211583][ T5331] lock(uevent_sock_mutex); [ 93.214077][ T5331] [ 93.214077][ T5331] *** DEADLOCK *** [ 93.214077][ T5331] [ 93.218309][ T5331] 3 locks held by syz.0.0/5331: [ 93.220510][ T5331] #0: ffff888000d70400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2c/0xaf0 [ 93.224709][ T5331] #1: ffff888032dd1e00 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 93.229588][ T5331] #2: ffff888032dd1e38 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 93.235031][ T5331] [ 93.235031][ T5331] stack backtrace: [ 93.237554][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) [ 93.237576][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.237585][ T5331] Call Trace: [ 93.237594][ T5331] [ 93.237600][ T5331] dump_stack_lvl+0x189/0x250 [ 93.237628][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.237650][ T5331] ? __pfx__printk+0x10/0x10 [ 93.237666][ T5331] ? print_lock_name+0xde/0x100 [ 93.237681][ T5331] print_circular_bug+0x2ee/0x310 [ 93.237695][ T5331] check_noncircular+0x134/0x160 [ 93.237709][ T5331] validate_chain+0xb9b/0x2140 [ 93.237748][ T5331] __lock_acquire+0xab9/0xd20 [ 93.237768][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 93.237786][ T5331] lock_acquire+0x120/0x360 [ 93.237803][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 93.237824][ T5331] __mutex_lock+0x182/0xe80 [ 93.237845][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 93.237861][ T5331] ? vsnprintf+0xe11/0xf00 [ 93.237877][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 93.237892][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 93.237904][ T5331] ? add_uevent_var+0x278/0x450 [ 93.237921][ T5331] ? kobject_uevent_env+0x50a/0x8c0 [ 93.237935][ T5331] ? __pfx_add_uevent_var+0x10/0x10 [ 93.237951][ T5331] kobject_uevent_net_broadcast+0x27e/0x560 [ 93.237969][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 93.237984][ T5331] set_capacity_and_notify+0x26d/0x2d0 [ 93.238003][ T5331] ? __pfx_set_capacity_and_notify+0x10/0x10 [ 93.238020][ T5331] ? loop_set_status_from_info+0x185/0x250 [ 93.238038][ T5331] loop_set_status+0x45b/0xaf0 [ 93.238059][ T5331] lo_ioctl+0xa5e/0x2410 [ 93.238072][ T5331] ? __pfx_lo_ioctl+0x10/0x10 [ 93.238082][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 93.238103][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 93.238121][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 93.238140][ T5331] ? kernel_text_address+0xa5/0xe0 [ 93.238157][ T5331] ? __kernel_text_address+0xd/0x40 [ 93.238168][ T5331] ? unwind_get_return_address+0x4d/0x90 [ 93.238184][ T5331] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 93.238196][ T5331] ? arch_stack_walk+0xfc/0x150 [ 93.238209][ T5331] ? __lock_acquire+0xab9/0xd20 [ 93.238225][ T5331] ? __lock_acquire+0xab9/0xd20 [ 93.238241][ T5331] ? __lock_acquire+0xab9/0xd20 [ 93.238259][ T5331] ? __lock_acquire+0xab9/0xd20 [ 93.238280][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 93.238299][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 93.238316][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 93.238334][ T5331] ? kernel_text_address+0xa5/0xe0 [ 93.238348][ T5331] ? __kernel_text_address+0xd/0x40 [ 93.238363][ T5331] ? unwind_get_return_address+0x4d/0x90 [ 93.238380][ T5331] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 93.238393][ T5331] ? arch_stack_walk+0xfc/0x150 [ 93.238429][ T5331] ? stack_trace_save+0x9c/0xe0 [ 93.238447][ T5331] ? kasan_save_track+0x4f/0x80 [ 93.238469][ T5331] ? kasan_save_track+0x3e/0x80 [ 93.238487][ T5331] ? kasan_save_free_info+0x46/0x50 [ 93.238503][ T5331] ? __kasan_slab_free+0x62/0x70 [ 93.238514][ T5331] ? kfree+0x18e/0x440 [ 93.238536][ T5331] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 93.238550][ T5331] ? security_file_ioctl+0xcb/0x2d0 [ 93.238563][ T5331] ? __se_sys_ioctl+0x47/0x170 [ 93.238579][ T5331] ? do_syscall_64+0xfa/0x3b0 [ 93.238596][ T5331] ? do_vfs_ioctl+0xf37/0x1990 [ 93.238614][ T5331] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 93.238632][ T5331] ? kasan_quarantine_put+0xdd/0x220 [ 93.238650][ T5331] ? blkdev_common_ioctl+0xfc3/0x2450 [ 93.238670][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 93.238688][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 93.238705][ T5331] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 93.238724][ T5331] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 93.238740][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 93.238756][ T5331] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 93.238776][ T5331] ? __lock_acquire+0xab9/0xd20 [ 93.238798][ T5331] ? __pfx_lo_ioctl+0x10/0x10 [ 93.238814][ T5331] blkdev_ioctl+0x5a8/0x6d0 [ 93.238841][ T5331] ? __pfx_blkdev_ioctl+0x10/0x10 [ 93.238859][ T5331] ? __fget_files+0x2a/0x420 [ 93.238875][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20 [ 93.238895][ T5331] ? __pfx_blkdev_ioctl+0x10/0x10 [ 93.238912][ T5331] __se_sys_ioctl+0xf9/0x170 [ 93.238930][ T5331] do_syscall_64+0xfa/0x3b0 [ 93.238940][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.238957][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.238969][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 93.238982][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.238995][ T5331] RIP: 0033:0x7f987d98e929 [ 93.239010][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.239021][ T5331] RSP: 002b:00007f9879dd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 93.239035][ T5331] RAX: ffffffffffffffda RBX: 00007f987dbb6080 RCX: 00007f987d98e929 [ 93.239044][ T5331] RDX: 0000200000000280 RSI: 0000000000004c02 RDI: 0000000000000006 [ 93.239052][ T5331] RBP: 00007f987da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 93.239059][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.239067][ T5331] R13: 0000000000000000 R14: 00007f987dbb6080 R15: 00007ffd279f6ee8 [ 93.239079][ T5331] [ 93.510825][ T5330] Buffer I/O error on dev loop0, logical block 33, lost sync page write [ 93.514573][ T5303] Buffer I/O error on dev loop0, logical block 7936, async page read [ 93.518500][ T5303] Buffer I/O error on dev loop0, logical block 7937, async page read [ 93.526880][ T5331] Buffer I/O error on dev loop0, logical block 73, lost sync page write [ 93.530904][ T5303] Buffer I/O error on dev loop0, logical block 7938, async page read [ 93.534534][ T5303] Buffer I/O error on dev loop0, logical block 7939, async page read [ 93.538659][ T5330] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 93.543763][ T5331] FAT-fs (loop0): Directory bread(block 73) failed [ 93.546660][ T5303] Buffer I/O error on dev loop0, logical block 7940, async page read [ 93.551886][ T5330] FAT-fs (loop0): unable to read inode block for updating (i_pos 1173) [ 93.556297][ T5330] Buffer I/O error on dev loop0, logical block 85, lost async page write [ 93.560411][ T5303] Buffer I/O error on dev loop0, logical block 7941, async page read [ 93.569399][ T5331] FAT-fs (loop0): Directory bread(block 73) failed