program: r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8") r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) socket$nl_route(0x10, 0x3, 0x0) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f00000006c0)={0x0, {}, 0x0, {}, 0x400, 0x2, 0xa, 0x1d, "9e959f16b6a5e942c126e66c4056a51695284854c382ec6bcfeef4a3637c7dd8a6078ed98e203f04edc609337f4bb8ac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36e0fb7e904d865c2fdc458ec58d040000005a0800", [0x400059, 0x7]}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fallocate(r1, 0x8, 0x4000, 0x4000) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r6, 0x25, 0x0, @void}, 0x10) bind$can_raw(r0, &(0x7f0000000100)={0x1d, r6}, 0x10) [ 84.236826][ T4674] Bluetooth: hci0: command tx timeout [ 84.370697][ T5331] loop0: detected capacity change from 0 to 1024 [ 84.413522][ T5331] ======================================================= [ 84.413522][ T5331] WARNING: The mand mount option has been deprecated and [ 84.413522][ T5331] and is ignored by this kernel. Remove the mand [ 84.413522][ T5331] option from the mount to silence this warning. [ 84.413522][ T5331] ======================================================= [ 84.492863][ T5331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.507739][ T5331] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.530712][ T5331] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 84.540381][ T5331] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 28 [ 84.546806][ T5331] EXT4-fs (loop0): This should not happen!! Data will be lost [ 84.546806][ T5331] [ 84.552409][ T5331] EXT4-fs (loop0): Total free blocks count 0 [ 84.555243][ T5331] EXT4-fs (loop0): Free/Dirty block details [ 84.558787][ T5331] EXT4-fs (loop0): free_blocks=4293918720 [ 84.561187][ T5331] EXT4-fs (loop0): dirty_blocks=64 [ 84.563443][ T5331] EXT4-fs (loop0): Block reservation details [ 84.566714][ T5331] EXT4-fs (loop0): i_reserved_data_blocks=4 [ 84.596155][ T5331] loop0: detected capacity change from 1024 to 1022 [ 84.599329][ T5331] [ 84.600355][ T5331] ====================================================== [ 84.603085][ T5331] WARNING: possible circular locking dependency detected [ 84.606325][ T5331] 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 Not tainted [ 84.609670][ T5331] ------------------------------------------------------ [ 84.612567][ T5331] syz.0.0/5331 is trying to acquire lock: [ 84.614590][ T5331] ffffffff8f87a3a8 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560 [ 84.618653][ T5331] [ 84.618653][ T5331] but task is already holding lock: [ 84.621988][ T5331] ffff8880346e9e00 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 84.626726][ T5331] [ 84.626726][ T5331] which lock already depends on the new lock. [ 84.626726][ T5331] [ 84.631021][ T5331] [ 84.631021][ T5331] the existing dependency chain (in reverse order) is: [ 84.634889][ T5331] [ 84.634889][ T5331] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 84.638854][ T5331] lock_acquire+0x120/0x360 [ 84.641535][ T5331] blk_alloc_queue+0x538/0x620 [ 84.644162][ T5331] __blk_mq_alloc_disk+0x162/0x340 [ 84.646559][ T5331] loop_add+0x41b/0xad0 [ 84.648594][ T5331] loop_init+0x173/0x230 [ 84.650780][ T5331] do_one_initcall+0x233/0x820 [ 84.653104][ T5331] do_initcall_level+0x137/0x1f0 [ 84.655571][ T5331] do_initcalls+0x69/0xd0 [ 84.657926][ T5331] kernel_init_freeable+0x3d9/0x570 [ 84.660758][ T5331] kernel_init+0x1d/0x1d0 [ 84.663501][ T5331] ret_from_fork+0x3fc/0x770 [ 84.665781][ T5331] ret_from_fork_asm+0x1a/0x30 [ 84.668004][ T5331] [ 84.668004][ T5331] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 84.671169][ T5331] lock_acquire+0x120/0x360 [ 84.673320][ T5331] fs_reclaim_acquire+0x72/0x100 [ 84.675714][ T5331] kmem_cache_alloc_node_noprof+0x47/0x3c0 [ 84.678360][ T5331] __alloc_skb+0x112/0x2d0 [ 84.680911][ T5331] alloc_uevent_skb+0x7d/0x230 [ 84.684324][ T5331] kobject_uevent_net_broadcast+0x2fa/0x560 [ 84.687758][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 84.689890][ T5331] kobject_synth_uevent+0x527/0xb00 [ 84.692185][ T5331] bus_uevent_store+0x115/0x170 [ 84.694488][ T5331] kernfs_fop_write_iter+0x378/0x4f0 [ 84.697064][ T5331] vfs_write+0x548/0xa90 [ 84.699323][ T5331] ksys_write+0x145/0x250 [ 84.701359][ T5331] do_syscall_64+0xfa/0x3b0 [ 84.703462][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.706280][ T5331] [ 84.706280][ T5331] -> #0 (uevent_sock_mutex){+.+.}-{4:4}: [ 84.710535][ T5331] validate_chain+0xb9b/0x2140 [ 84.713278][ T5331] __lock_acquire+0xab9/0xd20 [ 84.715990][ T5331] lock_acquire+0x120/0x360 [ 84.717997][ T5331] __mutex_lock+0x182/0xe80 [ 84.720008][ T5331] kobject_uevent_net_broadcast+0x27e/0x560 [ 84.722659][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 84.725059][ T5331] set_capacity_and_notify+0x26d/0x2d0 [ 84.727346][ T5331] loop_set_status+0x45b/0xaf0 [ 84.729446][ T5331] lo_ioctl+0xa5e/0x2410 [ 84.731425][ T5331] blkdev_ioctl+0x5a8/0x6d0 [ 84.733356][ T5331] __se_sys_ioctl+0xf9/0x170 [ 84.736259][ T5331] do_syscall_64+0xfa/0x3b0 [ 84.738936][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.741861][ T5331] [ 84.741861][ T5331] other info that might help us debug this: [ 84.741861][ T5331] [ 84.746003][ T5331] Chain exists of: [ 84.746003][ T5331] uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17 [ 84.746003][ T5331] [ 84.751604][ T5331] Possible unsafe locking scenario: [ 84.751604][ T5331] [ 84.754846][ T5331] CPU0 CPU1 [ 84.757022][ T5331] ---- ---- [ 84.759322][ T5331] lock(&q->q_usage_counter(io)#17); [ 84.761884][ T5331] lock(fs_reclaim); [ 84.764719][ T5331] lock(&q->q_usage_counter(io)#17); [ 84.767976][ T5331] lock(uevent_sock_mutex); [ 84.769794][ T5331] [ 84.769794][ T5331] *** DEADLOCK *** [ 84.769794][ T5331] [ 84.772939][ T5331] 3 locks held by syz.0.0/5331: [ 84.775355][ T5331] #0: ffff888034731400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2c/0xaf0 [ 84.779964][ T5331] #1: ffff8880346e9e00 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 84.784061][ T5331] #2: ffff8880346e9e38 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: loop_set_status+0x227/0xaf0 [ 84.788158][ T5331] [ 84.788158][ T5331] stack backtrace: [ 84.790507][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) [ 84.790523][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.790530][ T5331] Call Trace: [ 84.790538][ T5331] [ 84.790544][ T5331] dump_stack_lvl+0x189/0x250 [ 84.790566][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.790581][ T5331] ? __pfx__printk+0x10/0x10 [ 84.790592][ T5331] ? print_lock_name+0xde/0x100 [ 84.790602][ T5331] print_circular_bug+0x2ee/0x310 [ 84.790613][ T5331] check_noncircular+0x134/0x160 [ 84.790624][ T5331] validate_chain+0xb9b/0x2140 [ 84.790637][ T5331] __lock_acquire+0xab9/0xd20 [ 84.790651][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 84.790664][ T5331] lock_acquire+0x120/0x360 [ 84.790676][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 84.790692][ T5331] __mutex_lock+0x182/0xe80 [ 84.790701][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 84.790713][ T5331] ? vsnprintf+0xe11/0xf00 [ 84.790726][ T5331] ? kobject_uevent_net_broadcast+0x27e/0x560 [ 84.790738][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 84.790746][ T5331] ? add_uevent_var+0x278/0x450 [ 84.790759][ T5331] ? kobject_uevent_env+0x50a/0x8c0 [ 84.790771][ T5331] ? __pfx_add_uevent_var+0x10/0x10 [ 84.790787][ T5331] kobject_uevent_net_broadcast+0x27e/0x560 [ 84.790799][ T5331] kobject_uevent_env+0x55b/0x8c0 [ 84.790812][ T5331] set_capacity_and_notify+0x26d/0x2d0 [ 84.790829][ T5331] ? __pfx_set_capacity_and_notify+0x10/0x10 [ 84.790843][ T5331] ? loop_set_status_from_info+0x185/0x250 [ 84.790857][ T5331] loop_set_status+0x45b/0xaf0 [ 84.790871][ T5331] lo_ioctl+0xa5e/0x2410 [ 84.790884][ T5331] ? stack_trace_save+0x9c/0xe0 [ 84.790895][ T5331] ? __pfx_lo_ioctl+0x10/0x10 [ 84.790907][ T5331] ? kasan_save_track+0x4f/0x80 [ 84.790921][ T5331] ? kasan_save_track+0x3e/0x80 [ 84.790934][ T5331] ? kasan_save_free_info+0x46/0x50 [ 84.790945][ T5331] ? __kasan_slab_free+0x62/0x70 [ 84.790952][ T5331] ? kfree+0x18e/0x440 [ 84.790965][ T5331] ? tomoyo_check_open_permission+0x2c2/0x3b0 [ 84.790976][ T5331] ? do_dentry_open+0x35e/0x1970 [ 84.790987][ T5331] ? vfs_open+0x3b/0x340 [ 84.790997][ T5331] ? path_openat+0x2ee5/0x3830 [ 84.791012][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791025][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791042][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791056][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791070][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791085][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 84.791101][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 84.791114][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 84.791128][ T5331] ? kernel_text_address+0xa5/0xe0 [ 84.791141][ T5331] ? __kernel_text_address+0xd/0x40 [ 84.791152][ T5331] ? unwind_get_return_address+0x4d/0x90 [ 84.791167][ T5331] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 84.791177][ T5331] ? arch_stack_walk+0xfc/0x150 [ 84.791188][ T5331] ? stack_trace_save+0x9c/0xe0 [ 84.791200][ T5331] ? kasan_save_track+0x4f/0x80 [ 84.791213][ T5331] ? kasan_save_track+0x3e/0x80 [ 84.791225][ T5331] ? kasan_save_free_info+0x46/0x50 [ 84.791236][ T5331] ? __kasan_slab_free+0x62/0x70 [ 84.791244][ T5331] ? kfree+0x18e/0x440 [ 84.791256][ T5331] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 84.791266][ T5331] ? security_file_ioctl+0xcb/0x2d0 [ 84.791276][ T5331] ? __se_sys_ioctl+0x47/0x170 [ 84.791288][ T5331] ? do_syscall_64+0xfa/0x3b0 [ 84.791302][ T5331] ? do_vfs_ioctl+0xf37/0x1990 [ 84.791316][ T5331] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.791330][ T5331] ? kasan_quarantine_put+0xdd/0x220 [ 84.791344][ T5331] ? blkdev_common_ioctl+0xfc3/0x2450 [ 84.791357][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 84.791368][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 84.791378][ T5331] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 84.791390][ T5331] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 84.791400][ T5331] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 84.791410][ T5331] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 84.791424][ T5331] ? __lock_acquire+0xab9/0xd20 [ 84.791439][ T5331] ? __pfx_lo_ioctl+0x10/0x10 [ 84.791449][ T5331] blkdev_ioctl+0x5a8/0x6d0 [ 84.791463][ T5331] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.791475][ T5331] ? __fget_files+0x2a/0x420 [ 84.791486][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.791500][ T5331] ? __pfx_blkdev_ioctl+0x10/0x10 [ 84.791512][ T5331] __se_sys_ioctl+0xf9/0x170 [ 84.791526][ T5331] do_syscall_64+0xfa/0x3b0 [ 84.791534][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 84.791546][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.791557][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 84.791570][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.791582][ T5331] RIP: 0033:0x7fbf4778e929 [ 84.791593][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.791602][ T5331] RSP: 002b:00007fbf48693038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.791614][ T5331] RAX: ffffffffffffffda RBX: 00007fbf479b5fa0 RCX: 00007fbf4778e929 [ 84.791622][ T5331] RDX: 00002000000006c0 RSI: 0000000000004c02 RDI: 0000000000000006 [ 84.791628][ T5331] RBP: 00007fbf47810b39 R08: 0000000000000000 R09: 0000000000000000 [ 84.791634][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.791640][ T5331] R13: 0000000000000000 R14: 00007fbf479b5fa0 R15: 00007ffee663b078 [ 84.791649][ T5331]