program: r0 = landlock_create_ruleset(&(0x7f0000000080)={0x7ac8, 0x3, 0x3}, 0x2d, 0x0) landlock_restrict_self(r0, 0x0) syz_read_part_table(0x619, &(0x7f0000000640)="$eJzs2z9onGUcB/Df3fX+tCc9h04uth2cCtJSt9xgS3KtVAiXFqE4VKiUYhGJEDjxyEE66AmtZiiOLkW4paZT0wwO0tCCs5SASuCGLIJBCMYhr1zuzeU0iYhGpPD5LM89P37P830eeG58g2daNvKb44GtwrvfR2R2aey3RVKpDEqtuNQZHTufJElysRiZeDPyceybw3PFoe2SYn88HhGFoe3ufnFo4ePVc/nO0sTaS1cetbODPYvxfESUB83J9B5HL/6zG7OfDsZiZebmZO1Wb1JrdjfeiPjq59H6/IX27Nxr+bNXe/XpiMdpf/9hZAbvY/ul9OX2yPlleFLe/nmvulhp9fIb1etPa83u553lkxsv1DoPro2sH124/fWpiKlexHg/d3th4V9d+w/5M1v5L6fF5pkT94/cOd14+KS+kvs16Usj0//RJxNb59ntzwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/lXnWxMnNzsnarUb3+tNbsfvTdt6+/MvXpyPyF9uxctnD2atr3OB0PpOP70YgP4p14K27EjXg7Jv8y5fDw5HImSnvk/3YoYvnke89FPLg2sj62cLt8Ku0bH6w4uB/X/lN+Jp01u1PHPrs82zxz4v6RO6cbD5/UV3I71xT39QQAAAAAAAAAAAAAAAAAAAAQMTp2/uj4q/WLEZFrlSLipw+zvXqSfuS++WV8KeJ42v9DWr9bimitnst3libWClcetX9M660oRityUf5y/lLEi4Oc6R3Jmf/6avwNvwcAAP//YYuKzg==") syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000180), 0x1, 0x19d, &(0x7f0000000280)="$eJzs0L9rE3EYx/H3871vflSoEhWHCjZg8bxQTe6qDk7BKUIOHFwEg4Y0NsVETS+DLS10kYJU+y/oVEcV3EQUnIuD4KDn0k2aoTiIg0Tu/Crkb/D7gruH5wN3z8PTifpRDvi1v9qiSsrhIB8QNDAtfzKlGPPN5Fumv2T6TVOfmToVLa/cbna77aXixSKFsQD4nmb/ougFxxRDoYp82l9tNeVmyKhKT82HFOqUHuE06HuPmdKTHL2Bw8jd5LKiL24dDpUHvXvlaHnlzGKvudBeaN8JgrkLlXOVyvmgfGux2668QryHonjCGl5ILmTCWyPT4MGOPsCsIF5HxY6UhmQbbO04p0/ODlHeHiOEt+6Q3BfdKaqrnCJ/PVm+xhHhKU7ITJ0JhSYdVEOuqJfi64/6R0aRX3ecs6273fmNa0p+ZrerspcXf5eM6xOUfOaS03CYd2zEzMTUYrZjdr8yLa+TKX/vqteT93PTHecEZLnfHAyW/Cy8FzckSJ4CTKa/U+leBXhjvjGFz4JlWZZlWZZlWZb13/gdAAD//0ZSY2E=") (async) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000180), 0x1, 0x19d, &(0x7f0000000280)="$eJzs0L9rE3EYx/H3871vflSoEhWHCjZg8bxQTe6qDk7BKUIOHFwEg4Y0NsVETS+DLS10kYJU+y/oVEcV3EQUnIuD4KDn0k2aoTiIg0Tu/Crkb/D7gruH5wN3z8PTifpRDvi1v9qiSsrhIB8QNDAtfzKlGPPN5Fumv2T6TVOfmToVLa/cbna77aXixSKFsQD4nmb/ougFxxRDoYp82l9tNeVmyKhKT82HFOqUHuE06HuPmdKTHL2Bw8jd5LKiL24dDpUHvXvlaHnlzGKvudBeaN8JgrkLlXOVyvmgfGux2668QryHonjCGl5ILmTCWyPT4MGOPsCsIF5HxY6UhmQbbO04p0/ODlHeHiOEt+6Q3BfdKaqrnCJ/PVm+xhHhKU7ITJ0JhSYdVEOuqJfi64/6R0aRX3ecs6273fmNa0p+ZrerspcXf5eM6xOUfOaS03CYd2zEzMTUYrZjdr8yLa+TKX/vqteT93PTHecEZLnfHAyW/Cy8FzckSJ4CTKa/U+leBXhjvjGFz4JlWZZlWZZlWZb13/gdAAD//0ZSY2E=") r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040)={0x0, r1}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040)={0x0, r1}, 0x10) [ 75.507537][ T4670] Bluetooth: hci0: command tx timeout [ 75.589409][ T5331] loop0: detected capacity change from 0 to 2048 [ 75.617378][ T5331] loop0: p4 < > [ 75.660141][ T5312] [ 75.661255][ T5312] ====================================================== [ 75.664277][ T5312] WARNING: possible circular locking dependency detected [ 75.667318][ T5312] 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 Not tainted [ 75.670307][ T5312] ------------------------------------------------------ [ 75.673205][ T5312] udevd/5312 is trying to acquire lock: [ 75.675464][ T5312] ffff888030f360f8 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570 [ 75.679304][ T5312] [ 75.679304][ T5312] but task is already holding lock: [ 75.682146][ T5312] ffff888000969358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 75.685606][ T5312] [ 75.685606][ T5312] which lock already depends on the new lock. [ 75.685606][ T5312] [ 75.689503][ T5312] [ 75.689503][ T5312] the existing dependency chain (in reverse order) is: [ 75.692889][ T5312] [ 75.692889][ T5312] -> #2 (&disk->open_mutex){+.+.}-{4:4}: [ 75.696069][ T5312] lock_acquire+0x116/0x2f0 [ 75.698239][ T5312] __mutex_lock+0x1a5/0x10c0 [ 75.700485][ T5312] bdev_open+0xf7/0xcd0 [ 75.702555][ T5312] bdev_file_open_by_dev+0x1b2/0x230 [ 75.705068][ T5312] disk_scan_partitions+0x1be/0x2b0 [ 75.707733][ T5312] add_disk_fwnode+0xd26/0x1020 [ 75.710514][ T5312] pmem_attach_disk+0xd42/0x1020 [ 75.712879][ T5312] nvdimm_bus_probe+0x147/0x4e0 [ 75.714971][ T5312] really_probe+0x2b9/0xad0 [ 75.716775][ T5312] __driver_probe_device+0x1a2/0x390 [ 75.719099][ T5312] driver_probe_device+0x50/0x430 [ 75.721272][ T5312] __driver_attach+0x45f/0x710 [ 75.723371][ T5312] bus_for_each_dev+0x23e/0x2b0 [ 75.725396][ T5312] bus_add_driver+0x346/0x670 [ 75.727387][ T5312] driver_register+0x23a/0x320 [ 75.729352][ T5312] do_one_initcall+0x24a/0x940 [ 75.731330][ T5312] do_initcall_level+0x157/0x210 [ 75.733364][ T5312] do_initcalls+0x71/0xd0 [ 75.735274][ T5312] kernel_init_freeable+0x432/0x5d0 [ 75.737401][ T5312] kernel_init+0x1d/0x2b0 [ 75.739333][ T5312] ret_from_fork+0x4b/0x80 [ 75.741205][ T5312] ret_from_fork_asm+0x1a/0x30 [ 75.743218][ T5312] [ 75.743218][ T5312] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}: [ 75.746223][ T5312] lock_acquire+0x116/0x2f0 [ 75.748796][ T5312] __mutex_lock+0x1a5/0x10c0 [ 75.750760][ T5312] uevent_show+0x17d/0x340 [ 75.752740][ T5312] dev_attr_show+0x55/0xc0 [ 75.754630][ T5312] sysfs_kf_seq_show+0x32b/0x4a0 [ 75.756696][ T5312] seq_read_iter+0x461/0xda0 [ 75.758704][ T5312] vfs_read+0x9a0/0xb90 [ 75.760555][ T5312] ksys_read+0x19d/0x2d0 [ 75.762407][ T5312] do_syscall_64+0xf3/0x210 [ 75.764425][ T5312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.766989][ T5312] [ 75.766989][ T5312] -> #0 (kn->active#5){++++}-{0:0}: [ 75.769844][ T5312] validate_chain+0xa69/0x24e0 [ 75.771854][ T5312] __lock_acquire+0xad5/0xd80 [ 75.773815][ T5312] lock_acquire+0x116/0x2f0 [ 75.775727][ T5312] kernfs_drain+0x275/0x5e0 [ 75.777734][ T5312] __kernfs_remove+0x336/0x570 [ 75.779820][ T5312] kernfs_remove_by_name_ns+0xad/0x130 [ 75.782110][ T5312] device_del+0x56c/0x9b0 [ 75.784104][ T5312] drop_partition+0x11b/0x180 [ 75.786175][ T5312] bdev_disk_changed+0x2ca/0x14e0 [ 75.788299][ T5312] lo_release+0x540/0x850 [ 75.790209][ T5312] bdev_release+0x5dd/0x700 [ 75.792167][ T5312] blkdev_release+0x15/0x20 [ 75.794151][ T5312] __fput+0x3e9/0x9f0 [ 75.795935][ T5312] fput_close_sync+0x1ef/0x270 [ 75.798043][ T5312] __x64_sys_close+0x7f/0x110 [ 75.800329][ T5312] do_syscall_64+0xf3/0x210 [ 75.802266][ T5312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.804950][ T5312] [ 75.804950][ T5312] other info that might help us debug this: [ 75.804950][ T5312] [ 75.808960][ T5312] Chain exists of: [ 75.808960][ T5312] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex [ 75.808960][ T5312] [ 75.814175][ T5312] Possible unsafe locking scenario: [ 75.814175][ T5312] [ 75.817154][ T5312] CPU0 CPU1 [ 75.819228][ T5312] ---- ---- [ 75.821416][ T5312] lock(&disk->open_mutex); [ 75.823271][ T5312] lock(&nvdimm_namespace_key); [ 75.826187][ T5312] lock(&disk->open_mutex); [ 75.829089][ T5312] lock(kn->active#5); [ 75.830716][ T5312] [ 75.830716][ T5312] *** DEADLOCK *** [ 75.830716][ T5312] [ 75.833815][ T5312] 1 lock held by udevd/5312: [ 75.835648][ T5312] #0: ffff888000969358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 75.839328][ T5312] [ 75.839328][ T5312] stack backtrace: [ 75.841766][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: udevd Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 75.841786][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.841800][ T5312] Call Trace: [ 75.841847][ T5312] [ 75.841854][ T5312] dump_stack_lvl+0x241/0x360 [ 75.841872][ T5312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.841881][ T5312] ? __pfx__printk+0x10/0x10 [ 75.841893][ T5312] ? print_lock+0x171/0x1a0 [ 75.841908][ T5312] print_circular_bug+0x2e1/0x300 [ 75.841919][ T5312] check_noncircular+0x142/0x160 [ 75.841930][ T5312] validate_chain+0xa69/0x24e0 [ 75.841939][ T5312] ? check_path+0x21/0x40 [ 75.841947][ T5312] ? check_noncircular+0xee/0x160 [ 75.841957][ T5312] ? lockdep_unlock+0x8d/0x120 [ 75.841970][ T5312] __lock_acquire+0xad5/0xd80 [ 75.841984][ T5312] ? up_write+0x1ab/0x590 [ 75.841994][ T5312] lock_acquire+0x116/0x2f0 [ 75.842006][ T5312] ? __kernfs_remove+0x336/0x570 [ 75.842018][ T5312] kernfs_drain+0x275/0x5e0 [ 75.842025][ T5312] ? __kernfs_remove+0x336/0x570 [ 75.842032][ T5312] ? __pfx_kernfs_drain+0x10/0x10 [ 75.842044][ T5312] __kernfs_remove+0x336/0x570 [ 75.842055][ T5312] kernfs_remove_by_name_ns+0xad/0x130 [ 75.842066][ T5312] device_del+0x56c/0x9b0 [ 75.842111][ T5312] ? __pfx_device_del+0x10/0x10 [ 75.842122][ T5312] ? kobject_put+0x446/0x480 [ 75.842133][ T5312] drop_partition+0x11b/0x180 [ 75.842175][ T5312] bdev_disk_changed+0x2ca/0x14e0 [ 75.842185][ T5312] ? kobject_uevent_env+0x54d/0x8e0 [ 75.842200][ T5312] ? __pfx_bdev_disk_changed+0x10/0x10 [ 75.842208][ T5312] ? kobject_uevent_env+0x54d/0x8e0 [ 75.842221][ T5312] lo_release+0x540/0x850 [ 75.842234][ T5312] ? __pfx_lo_release+0x10/0x10 [ 75.842247][ T5312] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.842258][ T5312] ? __pfx_lo_release+0x10/0x10 [ 75.842267][ T5312] bdev_release+0x5dd/0x700 [ 75.842282][ T5312] blkdev_release+0x15/0x20 [ 75.842294][ T5312] ? __pfx_blkdev_release+0x10/0x10 [ 75.842306][ T5312] __fput+0x3e9/0x9f0 [ 75.842319][ T5312] fput_close_sync+0x1ef/0x270 [ 75.842330][ T5312] ? __pfx_fput_close_sync+0x10/0x10 [ 75.842339][ T5312] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.842350][ T5312] ? filp_flush+0x116/0x190 [ 75.842362][ T5312] __x64_sys_close+0x7f/0x110 [ 75.842373][ T5312] do_syscall_64+0xf3/0x210 [ 75.842403][ T5312] ? clear_bhb_loop+0x45/0xa0 [ 75.842415][ T5312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.842426][ T5312] RIP: 0033:0x7f80ef3150a8 [ 75.842476][ T5312] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83 [ 75.842486][ T5312] RSP: 002b:00007ffffa3f5e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 75.842498][ T5312] RAX: ffffffffffffffda RBX: 00007f80ef1ec0e0 RCX: 00007f80ef3150a8 [ 75.842506][ T5312] RDX: 00005650290fa11b RSI: 00007ffffa3f5618 RDI: 0000000000000008 [ 75.842512][ T5312] RBP: 000056554c5d6fa0 R08: 0000000000000006 R09: bf35df5ddfeece7f [ 75.842519][ T5312] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002 [ 75.842525][ T5312] R13: 000056554c5b6fc0 R14: 0000000000000008 R15: 000056554c5b6910 [ 75.842535][ T5312] [ 75.985124][ T5331] loop0: detected capacity change from 0 to 8