program:
r0 = open(&(0x7f0000000040)='./file0\x00', 0x42082, 0x0)
write$FUSE_IOCTL(r0, &(0x7f0000000100)={0x20}, 0xfdef)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040))
mkdir(&(0x7f0000000280)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hugetlbfs\x00', 0x10010, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
syz_read_part_table(0x5c2, &(0x7f0000000f00)="$eJzs2z9I42ccBvA3OcPB3XDLTTfdXeGGcssdN16GuyPJnVgIURe7KCgiZoogRBoq6KAZFDOIo4sIWaxOxgxOikLnIg4WwcGlRRfBxRTrWyjF/sGmpYXPB358eV+e9314h4wJ/K8lw4+tVisRQmjdvz0x+Qene+uZ7Ken+XeFnhASoRVCGP3ys5/vScTEL7c+j+ujuF5ZftCcPf+Yqh92X7zo36kmf9V2/T1cbfS25YH8o9bSu4+mpku5uXJ65CBXOZn57tsvvjnLFBpd1dp6Z+rDYMztxdkR51goh4kwGgZCMRTDUCi1qX+pfvzq6kmuvjn89jLbnN9+HXP5v/nOv9o//myhr1Z5/3Lj8eKb8tZ+4fTeTa74O78uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+W9bSu4+mpku5uXJ65CCXPJkZDyGcZQqNrmptvTP1YTDm9uLsiHMslMNEGA0DoRgSYSiU2tJfOVmqH7+6epKrbw6/vcw257dfx1z+twc77lj4J/3jzxb6apX3LzceL74pb+0XTu/d5Ir329MHAAAAAAAAAAAAAAAAAAAAt8lkPz3Nvyv0fB3Xn//wVfJ6tuL/3RNx/3mcR3F/ZflBc/b8Y6p+2H3xon+n+n3cn4zfw9VG77/6EO7kpwAAAP//SueTAQ==")
open(&(0x7f0000000040)='./file0\x00', 0x42082, 0x0) (async)
write$FUSE_IOCTL(r0, &(0x7f0000000100)={0x20}, 0xfdef) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) (async)
mkdir(&(0x7f0000000280)='./file1\x00', 0x0) (async)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hugetlbfs\x00', 0x10010, 0x0) (async)
chdir(&(0x7f0000000080)='./file1\x00') (async)
syz_read_part_table(0x5c2, &(0x7f0000000f00)="$eJzs2z9I42ccBvA3OcPB3XDLTTfdXeGGcssdN16GuyPJnVgIURe7KCgiZoogRBoq6KAZFDOIo4sIWaxOxgxOikLnIg4WwcGlRRfBxRTrWyjF/sGmpYXPB358eV+e9314h4wJ/K8lw4+tVisRQmjdvz0x+Qene+uZ7Ken+XeFnhASoRVCGP3ys5/vScTEL7c+j+ujuF5ZftCcPf+Yqh92X7zo36kmf9V2/T1cbfS25YH8o9bSu4+mpku5uXJ65CBXOZn57tsvvjnLFBpd1dp6Z+rDYMztxdkR51goh4kwGgZCMRTDUCi1qX+pfvzq6kmuvjn89jLbnN9+HXP5v/nOv9o//myhr1Z5/3Lj8eKb8tZ+4fTeTa74O78uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+W9bSu4+mpku5uXJ65CCXPJkZDyGcZQqNrmptvTP1YTDm9uLsiHMslMNEGA0DoRgSYSiU2tJfOVmqH7+6epKrbw6/vcw257dfx1z+twc77lj4J/3jzxb6apX3LzceL74pb+0XTu/d5Ir329MHAAAAAAAAAAAAAAAAAAAAt8lkPz3Nvyv0fB3Xn//wVfJ6tuL/3RNx/3mcR3F/ZflBc/b8Y6p+2H3xon+n+n3cn4zfw9VG77/6EO7kpwAAAP//SueTAQ==") (async)

[   68.628047][ T5309] Bluetooth: hci0: command tx timeout
[   68.698408][ T5324] loop0: detected capacity change from 0 to 2048
[   68.728841][ T5324] Alternate GPT is invalid, using primary GPT.
[   68.731288][ T5324]  loop0: p1 p2 p3
[   68.826575][ T5325] 
[   68.827658][ T5325] ======================================================
[   68.830438][ T5325] WARNING: possible circular locking dependency detected
[   68.833119][ T5325] 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 Not tainted
[   68.835847][ T5325] ------------------------------------------------------
[   68.838588][ T5325] syz.0.0/5325 is trying to acquire lock:
[   68.840926][ T5325] ffff888033a17008 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570
[   68.844711][ T5325] 
[   68.844711][ T5325] but task is already holding lock:
[   68.847410][ T5325] ffff888032d67358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[   68.851000][ T5325] 
[   68.851000][ T5325] which lock already depends on the new lock.
[   68.851000][ T5325] 
[   68.854594][ T5325] 
[   68.854594][ T5325] the existing dependency chain (in reverse order) is:
[   68.858059][ T5325] 
[   68.858059][ T5325] -> #2 (&disk->open_mutex){+.+.}-{4:4}:
[   68.861011][ T5325]        lock_acquire+0x116/0x2f0
[   68.862458][ T5325]        __mutex_lock+0x1a5/0x10c0
[   68.863962][ T5325]        bdev_open+0xf7/0xcd0
[   68.865431][ T5325]        bdev_file_open_by_dev+0x1b2/0x230
[   68.867192][ T5325]        disk_scan_partitions+0x1be/0x2b0
[   68.869053][ T5325]        add_disk_fwnode+0xd26/0x1020
[   68.870813][ T5325]        pmem_attach_disk+0xd42/0x1020
[   68.872744][ T5325]        nvdimm_bus_probe+0x147/0x4e0
[   68.874631][ T5325]        really_probe+0x2b9/0xad0
[   68.876308][ T5325]        __driver_probe_device+0x1a2/0x390
[   68.878305][ T5325]        driver_probe_device+0x50/0x430
[   68.880320][ T5325]        __driver_attach+0x45f/0x710
[   68.882095][ T5325]        bus_for_each_dev+0x23e/0x2b0
[   68.883777][ T5325]        bus_add_driver+0x346/0x670
[   68.885586][ T5325]        driver_register+0x23a/0x320
[   68.887319][ T5325]        do_one_initcall+0x24a/0x940
[   68.889111][ T5325]        do_initcall_level+0x157/0x210
[   68.890851][ T5325]        do_initcalls+0x71/0xd0
[   68.892498][ T5325]        kernel_init_freeable+0x432/0x5d0
[   68.894487][ T5325]        kernel_init+0x1d/0x2b0
[   68.896425][ T5325]        ret_from_fork+0x4b/0x80
[   68.898308][ T5325]        ret_from_fork_asm+0x1a/0x30
[   68.900055][ T5325] 
[   68.900055][ T5325] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}:
[   68.903120][ T5325]        lock_acquire+0x116/0x2f0
[   68.904880][ T5325]        __mutex_lock+0x1a5/0x10c0
[   68.906598][ T5325]        uevent_show+0x17d/0x340
[   68.908250][ T5325]        dev_attr_show+0x55/0xc0
[   68.910101][ T5325]        sysfs_kf_seq_show+0x32b/0x4a0
[   68.912238][ T5325]        seq_read_iter+0x461/0xda0
[   68.914263][ T5325]        vfs_read+0x9a0/0xb90
[   68.916204][ T5325]        ksys_read+0x19d/0x2d0
[   68.918107][ T5325]        do_syscall_64+0xf3/0x210
[   68.920077][ T5325]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.922625][ T5325] 
[   68.922625][ T5325] -> #0 (kn->active#5){++++}-{0:0}:
[   68.925550][ T5325]        validate_chain+0xa69/0x24e0
[   68.927577][ T5325]        __lock_acquire+0xad5/0xd80
[   68.929444][ T5325]        lock_acquire+0x116/0x2f0
[   68.931325][ T5325]        kernfs_drain+0x275/0x5e0
[   68.933121][ T5325]        __kernfs_remove+0x336/0x570
[   68.935143][ T5325]        kernfs_remove_by_name_ns+0xad/0x130
[   68.938113][ T5325]        device_del+0x56c/0x9b0
[   68.939898][ T5325]        drop_partition+0x11b/0x180
[   68.941624][ T5325]        bdev_disk_changed+0x2ca/0x14e0
[   68.943543][ T5325]        lo_release+0x540/0x850
[   68.945194][ T5325]        bdev_release+0x5dd/0x700
[   68.946807][ T5325]        blkdev_release+0x15/0x20
[   68.948452][ T5325]        __fput+0x3e9/0x9f0
[   68.949907][ T5325]        fput_close_sync+0x1ef/0x270
[   68.951522][ T5325]        __x64_sys_close+0x7f/0x110
[   68.953146][ T5325]        do_syscall_64+0xf3/0x210
[   68.954919][ T5325]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.957415][ T5325] 
[   68.957415][ T5325] other info that might help us debug this:
[   68.957415][ T5325] 
[   68.961415][ T5325] Chain exists of:
[   68.961415][ T5325]   kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex
[   68.961415][ T5325] 
[   68.966538][ T5325]  Possible unsafe locking scenario:
[   68.966538][ T5325] 
[   68.969480][ T5325]        CPU0                    CPU1
[   68.971642][ T5325]        ----                    ----
[   68.973783][ T5325]   lock(&disk->open_mutex);
[   68.975397][ T5325]                                lock(&nvdimm_namespace_key);
[   68.978025][ T5325]                                lock(&disk->open_mutex);
[   68.980545][ T5325]   lock(kn->active#5);
[   68.982148][ T5325] 
[   68.982148][ T5325]  *** DEADLOCK ***
[   68.982148][ T5325] 
[   68.985127][ T5325] 1 lock held by syz.0.0/5325:
[   68.986726][ T5325]  #0: ffff888032d67358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[   68.990287][ T5325] 
[   68.990287][ T5325] stack backtrace:
[   68.992702][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[   68.992743][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.992756][ T5325] Call Trace:
[   68.992825][ T5325]  <TASK>
[   68.992831][ T5325]  dump_stack_lvl+0x241/0x360
[   68.992852][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.992865][ T5325]  ? __pfx__printk+0x10/0x10
[   68.992879][ T5325]  ? print_lock+0x171/0x1a0
[   68.992894][ T5325]  print_circular_bug+0x2e1/0x300
[   68.992906][ T5325]  check_noncircular+0x142/0x160
[   68.992917][ T5325]  validate_chain+0xa69/0x24e0
[   68.992928][ T5325]  ? check_path+0x21/0x40
[   68.992936][ T5325]  ? check_noncircular+0xee/0x160
[   68.992947][ T5325]  ? lockdep_unlock+0x8d/0x120
[   68.992959][ T5325]  __lock_acquire+0xad5/0xd80
[   68.992973][ T5325]  ? up_write+0x1ab/0x590
[   68.992983][ T5325]  lock_acquire+0x116/0x2f0
[   68.992995][ T5325]  ? __kernfs_remove+0x336/0x570
[   68.993010][ T5325]  kernfs_drain+0x275/0x5e0
[   68.993021][ T5325]  ? __kernfs_remove+0x336/0x570
[   68.993032][ T5325]  ? __pfx_kernfs_drain+0x10/0x10
[   68.993046][ T5325]  __kernfs_remove+0x336/0x570
[   68.993057][ T5325]  kernfs_remove_by_name_ns+0xad/0x130
[   68.993068][ T5325]  device_del+0x56c/0x9b0
[   68.993156][ T5325]  ? __pfx_device_del+0x10/0x10
[   68.993165][ T5325]  ? kobject_put+0x446/0x480
[   68.993173][ T5325]  drop_partition+0x11b/0x180
[   68.993238][ T5325]  bdev_disk_changed+0x2ca/0x14e0
[   68.993249][ T5325]  ? kobject_uevent_env+0x54d/0x8e0
[   68.993264][ T5325]  ? __pfx_bdev_disk_changed+0x10/0x10
[   68.993271][ T5325]  ? kobject_uevent_env+0x54d/0x8e0
[   68.993280][ T5325]  lo_release+0x540/0x850
[   68.993289][ T5325]  ? __pfx_lo_release+0x10/0x10
[   68.993299][ T5325]  ? do_raw_spin_unlock+0x58/0x8b0
[   68.993307][ T5325]  ? __pfx_lo_release+0x10/0x10
[   68.993313][ T5325]  bdev_release+0x5dd/0x700
[   68.993324][ T5325]  blkdev_release+0x15/0x20
[   68.993332][ T5325]  ? __pfx_blkdev_release+0x10/0x10
[   68.993343][ T5325]  __fput+0x3e9/0x9f0
[   68.993357][ T5325]  fput_close_sync+0x1ef/0x270
[   68.993368][ T5325]  ? __pfx_fput_close_sync+0x10/0x10
[   68.993378][ T5325]  ? do_raw_spin_unlock+0x58/0x8b0
[   68.993390][ T5325]  ? filp_flush+0x116/0x190
[   68.993401][ T5325]  __x64_sys_close+0x7f/0x110
[   68.993413][ T5325]  do_syscall_64+0xf3/0x210
[   68.993453][ T5325]  ? clear_bhb_loop+0x45/0xa0
[   68.993466][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.993476][ T5325] RIP: 0033:0x7f7d8698cdca
[   68.993501][ T5325] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24
[   68.993510][ T5325] RSP: 002b:00007f7d8787ad50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   68.993521][ T5325] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f7d8698cdca
[   68.993528][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[   68.993534][ T5325] RBP: 0000000000000010 R08: 0000000000000000 R09: 00000000000005bc
[   68.993541][ T5325] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[   68.993547][ T5325] R13: 00007f7d8787adec R14: 00007f7d8787b668 R15: 00007f7d7a800000
[   68.993556][ T5325]  </TASK>
[   69.147532][ T5306] udevd[5306]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   69.156760][ T5304] udevd[5304]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory