program:
syz_read_part_table(0x5e8, &(0x7f0000006180)="$eJzs3L2LXUUYB+DfOXvP2Q+yrJWV4EIKgxYRUupCFJKYLojW2lqsSKws5N4lgoVGEGzstTAKQayEFAoS1HRWIixaiAj+A1u4jJyvexXtrqCB5ynuzLzvnHcGzpxybri/lb2kVF3vaBWc1WPnlyRNcvTCU8nmEGrGVPfM87cuXb66f63aXMa66GLMtst6u21+GwpnfwzdmeXmrStvvvPebpVF7tXzIbxImk/azPqtDSXe//umT6q+Fv+5c1+U4UW0+S755omdw2qjf/ndefoweSBbeffz5HySjYw/i2S767Xrr3/74G4pY3972MdJaYbRPI+Ux8dck1JKqTM/Oz25kTz05Pnr/1S0yV8/h+4sltKcmZ6tV1/B4Wk7ncMLX/80z9HDy+r9itPmjreTV46fHc51NdRwhAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n/Ovfrol+00uNj/7uwNo8+efuaj1Kupi+T3qb+/1Tdba69/++Du3o03rtd57eCl719+/ecrv6YZU2eSzeW8F4fm07f6ZjZGH9xed/3D07r9+IOvVnVm1dT79uwPJ2VjHBwvJ6z2lIN63eUBAAAAAAAAAAAAAAAAAACgd+ny1f1rdZ5Lquxmuu5fp2QrqZZ34euklNLfhu/a5MKd2eHNNjd2hvy9HzPMLdWfq19M9naTsvn2Y2M+i77CrJv6L/x9AGv6IwAA///kNmc3")
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000003f40)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@generic="03"]}, 0x14}], 0x1}, 0x28004010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='ext4_mballoc_prealloc\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f00000002c0)={[{@nobarrier}]}, 0xff, 0x486, &(0x7f0000001040)="$eJzs3M9rHFUcAPDv7Db93SbWWm1tNVrF4o+kSav24EFFwYOCoId6jElaa7eNNBFsCRpF6lEK3sWj4F/gzYuoBxG8KniUQtEgNPW0Mr+a7WaTJmmSNdnPBzb73s6bfe87M2/3zbzMBtCxetM/ScTOiPgtIrrz7K0FevOnmenJ4RvTk8NJ1Otv/JVk5a5PTw6XRcv1dhSZI5WIyqdJPJ/MrXf84qWzQ7Xa6IUi3z9x7r3+8YuXnjpzbuj06OnR84MnThw/NvDsM4NPr0icaVzXD3w4dnD/K29deW345JW3f/wmbda+Q/nyxjhu60aLgFroTbfa3/VM87JHl9D29WBXQzrZ1MaGsCTViEh3V1fW/7ujGrM7rzte/qStjQNWVfrdtGX+xVN1YANLot0tANqj/KJPz3/LxxoNPf4Xrr0QsblIz0xPDs/cjL9arxSvd61i/b0RcXLq3y/TRyz1OgQAwDJkY5snW43/KrEve87nOnYXcyg9EXFXROyJiLsjYm9E3BORlb03Iu7LV653L7L+3qb83PFP5WrLNq+QdPz3XMPYb6Yh/uKpp1rkdmXxdyWnztRGjxbb5Eh0bUnzAwvU8d1Lv34+37LG8V/6SOsvx4JFA65uarpANzI0MbRSG+HaxxEHNrWKP7k5E5AeAfsj4sDS3np3mTjz+NcH5yt0+/gXsALzTPWvIh7L9/9UNMVfShaen+zfGrXRo/3lUTHXT79cfn2++u8o/hWQ7v/ttx7/TSW6/0ny+dquqNVGL4wvvY7Lv3827znNco//zcmb2Zz1z+/kr30wNDFxYSBic/Jqli/P6bLXB2fXLfNl+TT+I4db9/89xTpp/PdHRHoQH4qIByLiwaLtD0XEwxFxeIH4f3jxkXcXiD+JJNq6/0dafv7dPP57ksb5+mUkqme//3a+GfPF7f/jMZV91uayz7/bWGwD73DzAQAAwLpQiYidkVT68nTvzqhU+vry/+HfG9srtbHxiSdOjb1/fiS/R6Anuirlla7uhuuhA8lU8Y55frC4VlwuP1ZcN/6iui3L9w2P1UbaHDt0uh239v8o+3/qz2q7WwesOvdrQedq7v+VNrUDWHuL+f53LgAbU4v+v60d7QDWnvN/6Fyt+v9HTXnjf9iY5vb/P1r8ZB2wERn/Q+fS/6Fz6f/Qke7kvv7lJ8qbBZb/PlsXfYd/pyTKX7xYzbq2xewrUWl7yB2USHvM2lY6+xsqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA69l/AQAA//9EvefZ")
r2 = openat$ptp1(0xffffffffffffff9c, &(0x7f0000000200), 0x200041, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, &(0x7f00000004c0)={0xf})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mount(&(0x7f0000000080)=@filename='./file1\x00', &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)='hpfs\x00', 0xc000, 0x0)

[   68.885760][ T4670] Bluetooth: hci0: command tx timeout
[   68.957380][ T5323] loop0: detected capacity change from 0 to 2048
[   68.989458][ T5323]  loop0: p1 < > p3 p4 < >
[   68.994205][ T5323] loop0: p3 start 4284289 is beyond EOD, truncated
[   69.067890][ T5323] hpfs: hpfs_map_sector(): read error
[   69.133057][ T5323] 
[   69.134137][ T5323] ======================================================
[   69.136837][ T5323] WARNING: possible circular locking dependency detected
[   69.139517][ T5323] 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 Not tainted
[   69.142214][ T5323] ------------------------------------------------------
[   69.145097][ T5323] syz.0.0/5323 is trying to acquire lock:
[   69.147266][ T5323] ffff888043402c38 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570
[   69.151116][ T5323] 
[   69.151116][ T5323] but task is already holding lock:
[   69.153952][ T5323] ffff8880332e8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[   69.157463][ T5323] 
[   69.157463][ T5323] which lock already depends on the new lock.
[   69.157463][ T5323] 
[   69.161434][ T5323] 
[   69.161434][ T5323] the existing dependency chain (in reverse order) is:
[   69.164890][ T5323] 
[   69.164890][ T5323] -> #2 (&disk->open_mutex){+.+.}-{4:4}:
[   69.167924][ T5323]        lock_acquire+0x116/0x2f0
[   69.169909][ T5323]        __mutex_lock+0x1a5/0x10c0
[   69.171921][ T5323]        bdev_open+0xf7/0xcd0
[   69.173814][ T5323]        bdev_file_open_by_dev+0x1b2/0x230
[   69.176249][ T5323]        disk_scan_partitions+0x1be/0x2b0
[   69.178447][ T5323]        add_disk_fwnode+0xd26/0x1020
[   69.180481][ T5323]        pmem_attach_disk+0xd42/0x1020
[   69.182681][ T5323]        nvdimm_bus_probe+0x147/0x4e0
[   69.184857][ T5323]        really_probe+0x2b9/0xad0
[   69.186965][ T5323]        __driver_probe_device+0x1a2/0x390
[   69.189303][ T5323]        driver_probe_device+0x50/0x430
[   69.191553][ T5323]        __driver_attach+0x45f/0x710
[   69.193714][ T5323]        bus_for_each_dev+0x23e/0x2b0
[   69.195961][ T5323]        bus_add_driver+0x346/0x670
[   69.197903][ T5323]        driver_register+0x23a/0x320
[   69.199879][ T5323]        do_one_initcall+0x24a/0x940
[   69.201919][ T5323]        do_initcall_level+0x157/0x210
[   69.204030][ T5323]        do_initcalls+0x71/0xd0
[   69.205980][ T5323]        kernel_init_freeable+0x432/0x5d0
[   69.208245][ T5323]        kernel_init+0x1d/0x2b0
[   69.210126][ T5323]        ret_from_fork+0x4b/0x80
[   69.212163][ T5323]        ret_from_fork_asm+0x1a/0x30
[   69.214368][ T5323] 
[   69.214368][ T5323] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}:
[   69.217628][ T5323]        lock_acquire+0x116/0x2f0
[   69.219582][ T5323]        __mutex_lock+0x1a5/0x10c0
[   69.221578][ T5323]        uevent_show+0x17d/0x340
[   69.223440][ T5323]        dev_attr_show+0x55/0xc0
[   69.225380][ T5323]        sysfs_kf_seq_show+0x32b/0x4a0
[   69.227502][ T5323]        seq_read_iter+0x461/0xda0
[   69.229508][ T5323]        vfs_read+0x9a0/0xb90
[   69.231295][ T5323]        ksys_read+0x19d/0x2d0
[   69.233191][ T5323]        do_syscall_64+0xf3/0x210
[   69.235157][ T5323]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.237719][ T5323] 
[   69.237719][ T5323] -> #0 (kn->active#5){++++}-{0:0}:
[   69.240582][ T5323]        validate_chain+0xa69/0x24e0
[   69.242488][ T5323]        __lock_acquire+0xad5/0xd80
[   69.244531][ T5323]        lock_acquire+0x116/0x2f0
[   69.246557][ T5323]        kernfs_drain+0x275/0x5e0
[   69.248565][ T5323]        __kernfs_remove+0x336/0x570
[   69.250700][ T5323]        kernfs_remove_by_name_ns+0xad/0x130
[   69.253064][ T5323]        device_del+0x56c/0x9b0
[   69.255051][ T5323]        drop_partition+0x11b/0x180
[   69.257089][ T5323]        bdev_disk_changed+0x2ca/0x14e0
[   69.259206][ T5323]        lo_release+0x540/0x850
[   69.261112][ T5323]        bdev_release+0x5dd/0x700
[   69.263097][ T5323]        blkdev_release+0x15/0x20
[   69.265052][ T5323]        __fput+0x3e9/0x9f0
[   69.266724][ T5323]        task_work_run+0x251/0x310
[   69.268720][ T5323]        syscall_exit_to_user_mode+0x13f/0x340
[   69.271071][ T5323]        do_syscall_64+0x100/0x210
[   69.273099][ T5323]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.275601][ T5323] 
[   69.275601][ T5323] other info that might help us debug this:
[   69.275601][ T5323] 
[   69.279653][ T5323] Chain exists of:
[   69.279653][ T5323]   kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex
[   69.279653][ T5323] 
[   69.284749][ T5323]  Possible unsafe locking scenario:
[   69.284749][ T5323] 
[   69.287747][ T5323]        CPU0                    CPU1
[   69.289899][ T5323]        ----                    ----
[   69.292048][ T5323]   lock(&disk->open_mutex);
[   69.294010][ T5323]                                lock(&nvdimm_namespace_key);
[   69.296788][ T5323]                                lock(&disk->open_mutex);
[   69.299477][ T5323]   lock(kn->active#5);
[   69.301124][ T5323] 
[   69.301124][ T5323]  *** DEADLOCK ***
[   69.301124][ T5323] 
[   69.304298][ T5323] 1 lock held by syz.0.0/5323:
[   69.306105][ T5323]  #0: ffff8880332e8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[   69.309794][ T5323] 
[   69.309794][ T5323] stack backtrace:
[   69.312031][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) 
[   69.312047][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.312054][ T5323] Call Trace:
[   69.312062][ T5323]  <TASK>
[   69.312067][ T5323]  dump_stack_lvl+0x241/0x360
[   69.312086][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.312099][ T5323]  ? __pfx__printk+0x10/0x10
[   69.312112][ T5323]  ? print_lock+0x171/0x1a0
[   69.312129][ T5323]  print_circular_bug+0x2e1/0x300
[   69.312140][ T5323]  check_noncircular+0x142/0x160
[   69.312151][ T5323]  validate_chain+0xa69/0x24e0
[   69.312163][ T5323]  ? check_path+0x21/0x40
[   69.312172][ T5323]  ? check_noncircular+0xee/0x160
[   69.312183][ T5323]  ? lockdep_unlock+0x8d/0x120
[   69.312197][ T5323]  __lock_acquire+0xad5/0xd80
[   69.312209][ T5323]  ? up_write+0x1ab/0x590
[   69.312216][ T5323]  lock_acquire+0x116/0x2f0
[   69.312224][ T5323]  ? __kernfs_remove+0x336/0x570
[   69.312233][ T5323]  kernfs_drain+0x275/0x5e0
[   69.312239][ T5323]  ? __kernfs_remove+0x336/0x570
[   69.312246][ T5323]  ? __pfx_kernfs_drain+0x10/0x10
[   69.312255][ T5323]  __kernfs_remove+0x336/0x570
[   69.312262][ T5323]  kernfs_remove_by_name_ns+0xad/0x130
[   69.312269][ T5323]  device_del+0x56c/0x9b0
[   69.312278][ T5323]  ? __pfx_device_del+0x10/0x10
[   69.312284][ T5323]  ? kobject_put+0x446/0x480
[   69.312292][ T5323]  drop_partition+0x11b/0x180
[   69.312304][ T5323]  bdev_disk_changed+0x2ca/0x14e0
[   69.312310][ T5323]  ? kobject_uevent_env+0x54d/0x8e0
[   69.312319][ T5323]  ? __pfx_bdev_disk_changed+0x10/0x10
[   69.312325][ T5323]  ? kobject_uevent_env+0x54d/0x8e0
[   69.312339][ T5323]  lo_release+0x540/0x850
[   69.312347][ T5323]  ? __pfx_lo_release+0x10/0x10
[   69.312356][ T5323]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.312364][ T5323]  ? __pfx_lo_release+0x10/0x10
[   69.312370][ T5323]  bdev_release+0x5dd/0x700
[   69.312380][ T5323]  blkdev_release+0x15/0x20
[   69.312389][ T5323]  ? __pfx_blkdev_release+0x10/0x10
[   69.312398][ T5323]  __fput+0x3e9/0x9f0
[   69.312411][ T5323]  task_work_run+0x251/0x310
[   69.312424][ T5323]  ? __pfx_task_work_run+0x10/0x10
[   69.312436][ T5323]  ? syscall_exit_to_user_mode+0xa3/0x340
[   69.312446][ T5323]  syscall_exit_to_user_mode+0x13f/0x340
[   69.312456][ T5323]  do_syscall_64+0x100/0x210
[   69.312463][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.312470][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.312477][ T5323] RIP: 0033:0x7f15f038e169
[   69.312486][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.312491][ T5323] RSP: 002b:00007f15f11dd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   69.312499][ T5323] RAX: ffffffffffffffea RBX: 00007f15f05b5fa0 RCX: 00007f15f038e169
[   69.312504][ T5323] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000200000000080
[   69.312508][ T5323] RBP: 00007f15f0410a68 R08: 0000000000000000 R09: 0000000000000000
[   69.312512][ T5323] R10: 000000000000c000 R11: 0000000000000246 R12: 0000000000000000
[   69.312516][ T5323] R13: 0000000000000000 R14: 00007f15f05b5fa0 R15: 00007fffddbdc5e8
[   69.312523][ T5323]  </TASK>
[   69.505009][ T5303] udevd[5303]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[   69.511328][ T5305] udevd[5305]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory