program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=ANY=[@ANYBLOB="44000000100001000600"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c001a8018000a80140007000000000000000000000000000000000008000400e5000000"], 0x44}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000c96d0a010300000000000000000100fffd0900010073797a30000000002c000000030a010200000000000000000100000009000300733d2ac4060000000900010073797a30000000004c000000060a010400000000000000000100000008000b4080000000a200010073797a300000000024000480200001800d00010073796e70726f787900000000b99525b1ef762c9c00000011140000004000010000000000000000000000000a33091f836443dcb93dfd3d01050a3364ad4fbd4624b0f6e81de282"], 0xc0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd0d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
fcntl$setsig(r5, 0xa, 0x2d)
fcntl$getflags(r5, 0xb)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x4, &(0x7f0000000180)={{r6}, 0x0, &(0x7f0000000280)}, 0x20)
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x194, &(0x7f0000000280)="$eJzsVbtu4kAUPYMHzK62oN520cIWu9hmF+0fhCpVPiAWOATF5IGREhCFU/EpSPmKFPmHFJHSkIIiKUgZKXI0MxczltIlEiDNkcw59859jZGuD6OzyAbwuhi3UIIEwzfcMQYOoMKUb9dW/FxQ3CB7zhW75L8ifiCOhiP4YRj0o+HoyC8sRfgBkVDr1PN+tIXPaLY+wbARYxixtaKIjRhjjWJl7lzm8CR32e1i3BJiH0CSJInwtdXD9BgLwI0W853Lh1lI0hgutyVQAVAb9E5r0XD0u9vzO0EnOPa8esP56zj/vNpBNwwc9cu0Fjm1yCD4FwCx2L5o53kA97RgvyILpo1G50zPFft3HquA6o9sbk7L1WuoutdpDVq0EK9iDz9RBHAeM81bltU45NWaYLDIcLk2p+pZlAd/WidhewIGtkybgqc13BnyqeHpRv1/vBxxQlwmbhJPiWfENst+k7is8EhWNV5dWrgu/MGg7wotlZf6vFJM/418caLrSyF7ubINAwMDAwMDA4MtwVsAAAD//3/pXaA=")
listxattr(&(0x7f00000001c0)='./file1\x00', 0x0, 0x4)
read$FUSE(r5, &(0x7f00000007c0)={0x2020}, 0x2020)
writev(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff010000000100000056000000250000001900040004e0144000000007fd17e5ffff0800040000000000", 0x39}], 0x1)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=ANY=[@ANYBLOB="44000000100001000600"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c001a8018000a80140007000000000000000000000000000000000008000400e5000000"], 0x44}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000c96d0a010300000000000000000100fffd0900010073797a30000000002c000000030a010200000000000000000100000009000300733d2ac4060000000900010073797a30000000004c000000060a010400000000000000000100000008000b4080000000a200010073797a300000000024000480200001800d00010073796e70726f787900000000b99525b1ef762c9c00000011140000004000010000000000000000000000000a33091f836443dcb93dfd3d01050a3364ad4fbd4624b0f6e81de282"], 0xc0}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd0d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
socket$inet(0x2, 0x2, 0x0) (async)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) (async)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) (async)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
fcntl$setsig(r5, 0xa, 0x2d) (async)
fcntl$getflags(r5, 0xb) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x4, &(0x7f0000000180)={{r6}, 0x0, &(0x7f0000000280)}, 0x20) (async)
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x194, &(0x7f0000000280)="$eJzsVbtu4kAUPYMHzK62oN520cIWu9hmF+0fhCpVPiAWOATF5IGREhCFU/EpSPmKFPmHFJHSkIIiKUgZKXI0MxczltIlEiDNkcw59859jZGuD6OzyAbwuhi3UIIEwzfcMQYOoMKUb9dW/FxQ3CB7zhW75L8ifiCOhiP4YRj0o+HoyC8sRfgBkVDr1PN+tIXPaLY+wbARYxixtaKIjRhjjWJl7lzm8CR32e1i3BJiH0CSJInwtdXD9BgLwI0W853Lh1lI0hgutyVQAVAb9E5r0XD0u9vzO0EnOPa8esP56zj/vNpBNwwc9cu0Fjm1yCD4FwCx2L5o53kA97RgvyILpo1G50zPFft3HquA6o9sbk7L1WuoutdpDVq0EK9iDz9RBHAeM81bltU45NWaYLDIcLk2p+pZlAd/WidhewIGtkybgqc13BnyqeHpRv1/vBxxQlwmbhJPiWfENst+k7is8EhWNV5dWrgu/MGg7wotlZf6vFJM/418caLrSyF7ubINAwMDAwMDA4MtwVsAAAD//3/pXaA=") (async)
listxattr(&(0x7f00000001c0)='./file1\x00', 0x0, 0x4) (async)
read$FUSE(r5, &(0x7f00000007c0)={0x2020}, 0x2020) (async)
writev(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff010000000100000056000000250000001900040004e0144000000007fd17e5ffff0800040000000000", 0x39}], 0x1) (async)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) (async)

[  134.592238][ T4672] Bluetooth: hci0: command tx timeout
[  134.647404][ T5339] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  134.678721][ T5339] loop0: detected capacity change from 0 to 8
[  134.727445][ T5339] SQUASHFS error: Failed to read block 0xdfa: -5
[  134.729892][ T5339] SQUASHFS error: Unable to read metadata cache entry [dfa]
[  134.740339][ T5340] 
[  134.741449][ T5340] =====================================
[  134.744248][ T5340] WARNING: bad unlock balance detected!
[  134.746928][ T5340] 6.15.0-rc1-syzkaller #0 Not tainted
[  134.749076][ T5340] -------------------------------------
[  134.751191][ T5340] syz.0.0/5340 is trying to release lock (&dev_instance_lock_key) at:
[  134.754375][ T5340] [<ffffffff89f49376>] do_setlink+0xc26/0x43a0
[  134.756890][ T5340] but there are no more locks to release!
[  134.759139][ T5340] 
[  134.759139][ T5340] other info that might help us debug this:
[  134.762321][ T5340] 1 lock held by syz.0.0/5340:
[  134.764253][ T5340]  #0: ffffffff900fd388 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0
[  134.767760][ T5340] 
[  134.767760][ T5340] stack backtrace:
[  134.770080][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  134.770093][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.770100][ T5340] Call Trace:
[  134.770106][ T5340]  <TASK>
[  134.770112][ T5340]  dump_stack_lvl+0x241/0x360
[  134.770131][ T5340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.770144][ T5340]  ? __pfx__printk+0x10/0x10
[  134.770165][ T5340]  ? print_lock+0x171/0x1a0
[  134.770177][ T5340]  ? do_setlink+0xc26/0x43a0
[  134.770191][ T5340]  print_unlock_imbalance_bug+0x185/0x1a0
[  134.770214][ T5340]  lock_release+0x1ed/0x3e0
[  134.770224][ T5340]  ? do_setlink+0xc26/0x43a0
[  134.770237][ T5340]  ? do_setlink+0xc26/0x43a0
[  134.770250][ T5340]  __mutex_unlock_slowpath+0xee/0x800
[  134.770264][ T5340]  ? validate_linkmsg+0x70e/0xa40
[  134.770276][ T5340]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  134.770288][ T5340]  ? __pfx_validate_linkmsg+0x10/0x10
[  134.770299][ T5340]  ? __kernel_text_address+0xd/0x40
[  134.770308][ T5340]  ? unwind_get_return_address+0x4d/0x90
[  134.770322][ T5340]  do_setlink+0xc26/0x43a0
[  134.770337][ T5340]  ? stack_trace_save+0x11a/0x1d0
[  134.770352][ T5340]  ? __pfx_do_setlink+0x10/0x10
[  134.770367][ T5340]  ? __lock_acquire+0xad5/0xd80
[  134.770379][ T5340]  ? __pfx___mutex_trylock_common+0x10/0x10
[  134.770393][ T5340]  ? rcu_is_watching+0x15/0xb0
[  134.770404][ T5340]  ? trace_contention_end+0x3c/0x120
[  134.770416][ T5340]  ? __mutex_lock+0x380/0x10c0
[  134.770427][ T5340]  ? __pfx_aa_get_newest_label+0x10/0x10
[  134.770480][ T5340]  ? rcu_is_watching+0x15/0xb0
[  134.770491][ T5340]  ? rtnl_newlink+0xd68/0x1fe0
[  134.770504][ T5340]  ? __pfx___mutex_lock+0x10/0x10
[  134.770517][ T5340]  ? ns_capable+0x8a/0xf0
[  134.770527][ T5340]  ? rtnl_link_get_net_capable+0x168/0x340
[  134.770542][ T5340]  rtnl_newlink+0x17e2/0x1fe0
[  134.770554][ T5340]  ? stack_depot_save_flags+0x44/0x940
[  134.770568][ T5340]  ? __pfx_rtnl_newlink+0x10/0x10
[  134.770580][ T5340]  ? __netlink_deliver_tap+0x561/0x7f0
[  134.770593][ T5340]  ? netlink_deliver_tap+0x19d/0x1b0
[  134.770604][ T5340]  ? netlink_unicast+0x7c6/0x9a0
[  134.770615][ T5340]  ? netlink_sendmsg+0x8c3/0xcd0
[  134.770627][ T5340]  ? __sock_sendmsg+0x221/0x270
[  134.770639][ T5340]  ? ____sys_sendmsg+0x523/0x860
[  134.770648][ T5340]  ? __sys_sendmsg+0x271/0x360
[  134.770657][ T5340]  ? do_syscall_64+0xf3/0x230
[  134.770668][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.770686][ T5340]  ? kasan_quarantine_put+0xdc/0x230
[  134.770697][ T5340]  ? lockdep_hardirqs_on+0x9d/0x150
[  134.770708][ T5340]  ? nlmon_xmit+0xaf/0x100
[  134.770724][ T5340]  ? __local_bh_enable_ip+0x168/0x200
[  134.770733][ T5340]  ? lockdep_hardirqs_on+0x9d/0x150
[  134.770745][ T5340]  ? aa_get_newest_label+0x101/0x6f0
[  134.770758][ T5340]  ? __lock_acquire+0xad5/0xd80
[  134.770772][ T5340]  ? __pfx_rtnl_newlink+0x10/0x10
[  134.770785][ T5340]  rtnetlink_rcv_msg+0x80f/0xd70
[  134.770797][ T5340]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  134.770810][ T5340]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  134.770824][ T5340]  ? ref_tracker_free+0x63e/0x7e0
[  134.770835][ T5340]  netlink_rcv_skb+0x208/0x480
[  134.770848][ T5340]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  134.770861][ T5340]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  134.770877][ T5340]  ? netlink_deliver_tap+0x2e/0x1b0
[  134.770890][ T5340]  ? netlink_deliver_tap+0x2e/0x1b0
[  134.770903][ T5340]  netlink_unicast+0x7f8/0x9a0
[  134.770916][ T5340]  ? __pfx_netlink_unicast+0x10/0x10
[  134.770928][ T5340]  ? skb_put+0x114/0x1f0
[  134.770938][ T5340]  netlink_sendmsg+0x8c3/0xcd0
[  134.770954][ T5340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  134.770968][ T5340]  ? aa_sock_msg_perm+0x91/0x160
[  134.770981][ T5340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  134.770994][ T5340]  __sock_sendmsg+0x221/0x270
[  134.771006][ T5340]  ____sys_sendmsg+0x523/0x860
[  134.771017][ T5340]  ? __pfx_____sys_sendmsg+0x10/0x10
[  134.771026][ T5340]  ? __fget_files+0x2a/0x420
[  134.771036][ T5340]  ? __fget_files+0x2a/0x420
[  134.771045][ T5340]  __sys_sendmsg+0x271/0x360
[  134.771055][ T5340]  ? __lock_acquire+0xad5/0xd80
[  134.771065][ T5340]  ? __pfx___sys_sendmsg+0x10/0x10
[  134.771086][ T5340]  ? do_syscall_64+0xb6/0x230
[  134.771097][ T5340]  do_syscall_64+0xf3/0x230
[  134.771108][ T5340]  ? clear_bhb_loop+0x45/0xa0
[  134.771120][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.771130][ T5340] RIP: 0033:0x7f3922b8d169
[  134.771141][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.771149][ T5340] RSP: 002b:00007f3923951038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  134.771165][ T5340] RAX: ffffffffffffffda RBX: 00007f3922da6080 RCX: 00007f3922b8d169
[  134.771173][ T5340] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  134.771179][ T5340] RBP: 00007f3922c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  134.771185][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  134.771191][ T5340] R13: 0000000000000000 R14: 00007f3922da6080 R15: 00007ffc51f96928
[  134.771202][ T5340]  </TASK>