program: syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800c10, &(0x7f0000000000)=ANY=[], 0xff, 0x1d4, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdGmaGMyc9dbWWyTIztHpqy4PFTvmBxeRSe4zcJBezMzAzhKYeWVRcWZWdmJOTeoJhIUOFAgMDw+kTDCzX7a+pNEtwOvyR53BI0nTQYTri45E1o7GEc5KUphgbW6bC2TMf5NexaRxheLSCeWOdZ15jXWHq1Ly0vKSqrKqseQxMG2c2djY2rpxYF5Xmt4qxJcVlU1MnI5PDFjWBzcyG6pNstCe8a1/1MMmBtcfDr/mUsdLrVOZLxguLpE6tqJo54YvSbEbD7wx3eMpWSGhoOElckbBoMGE4Umfb4MpQcYuVgYEhTSGMMUmNTaxty5k5Icz8bG4LFFqSTzCFHuVYOlPC4oBQ1cmflppvHRLdZmx76sB2hufwcZ41BX2CRsclGJwWCv6XYai4lZzQ0FCmsZZpqe2CL0UafyW8Vhs7ZTC42zMtgwUoSwOIXAnlyYL1JCSv8NDR1DRKSU5o2KSQkORWYKjMsHUP52qBBgakaFNhYGDYzgiLWwi4BmOMglEwCkbBKBgFo2AUjIJRMApGwSgYEQAQAAD//4Skkys=") sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_create1(0x0) syz_read_part_table(0x5e2, &(0x7f0000000b00)="$eJzs3L+rHFUUB/DvndlfD6LPP8DiQRpR8Al24sNY6DNdEO0EbS2eSCzEQnYXFcEff0Ba0cIohFhbKEgQ01mJ8NBCxN7CFIYrOzuzG1CrfSiBz6fYe+6de86Z4U47G+5udT+pJbnZzT5qu2HUJNNV8GvyzjhZvvhkv5CM+8SS5PmrTz198eBSmW7WVquL/up022XSj6Mc9NGXo3x49fjdLl6kZJ4+zPjzSUarvXWdd+XvN32rpO328D8bfVXXBzHJ9/kiyUlpV4c/TZb5JLkvs27fYZK21tod8yLZS9rNW7GDa0c3lk/08V76N228ns3fK/WR/to4tdbaZH5+yGyT+x8/vPxPRbv8Zfd4w1KtdXxuyG22F05uT4bw0W9/nmc521RPbbYlT/eSV0+ffbi7k7KuMd798QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGMPvPbg180wudD9lk38zKdptlsXyZ9DfDA7o/7Xjm7sv/X25SZvHL38wytv/nL8W35P0ubw+Fwy3ex7aT1cf78bRv1qu3P/k9vN5LOPv9nbLPSlS/Ld+R9v1aHDaT++/tgdyUfNzv0BAAAAAAAAAAAAAAAAAABg5XouHlxq8lxS8kK2n/vXzJJShuksqbXWP2pn+Ph/cuXePrr5U8oqKbXcWf1Csn9PUqcfPNT9rcA6sdY66lqU/+YZ+Xd/BQAA//8EFGMK") socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3e5, &(0x7f00000008c0)="$eJzs3M1uG1UbAOB3Jn9f0h/nk1igwiISCIKApA4EKEKisOVnA1xAlKSlwm2qxki0ZFEQKzawQOxY9AZYcAFVhZCQuAVuAFWqUJIF7IJmPOMYxw6xbMdq+jzSyOfMnPad1zMenTOZOQE8suYi4mJEjEXEUkRUivVpscTtxpK129neWt3d3lpNYm/vgz+TSIp15f+VFJ+nisp8GpF+FfHE7YNxN2/e+mSlVlu/UdQX61evL27evPXilasrl9cvr1+rvnqhWl1eeq368sBy/f7p5y6MvX3x3A+/V+4tT05OZ/t7uti2sz2wME1zMdf8TtotDz7cSE3G1Kh3AQCAI0iLvv943v+vxFheaqjE4tZIdw4AAAAYiL03i08AAADgBEuM/QEAAOCEK58D2NneWi2XET6OcOwevBURs/vvNu828x+P/xVtJvL3W4djLiKuP5NUsiXa3qcGABiGe1n/53yn/l8aj7e0m4rI+0PTA44/11Y/2P9J7w845L9k/b83ImL3QP8vLZvMjhW1M3lXcSK5dKW2fj4izkbEfExMZfXqITHe+evH97tty/L/JTlztlyy+Nnnfov0/njb1CprK/WVfnJu9eCLiHPjnfJPmv3fJCJm+ogx9vmd17tt++/8h2vvTsSzHY///sw9yeHzEy3m58NicVZ0mPDn7y9/eq9b/FHnnx3/mcPzn01a52va7D3G3Y9/e7LbttbxTy/n/2TyYV4ux2WfrdTrN6oRk8m7B9cv7f/bsl62z/Kff6rz77+8/iXFnFani2tAr77+9ucXDsn/m+K3lX8HWfxyLHgcsvzXejr+vRdeufvrR93itx7/zvlnx78xB9h8seYo17+j7mA/3x0AAAA8LNL8vkaSLjTLabqw0Ljf8VjMpLWNzfrzlzY+vbbWuP8xGxNpef+z0nI/tNr4M3qzvtRWfyki/h8R31Wm8/rC6kZtbdTJAwAAwCPiVJfxf+aPY3sKAQAAABi62VHvAAAAADB0xv8AAABwovUzr19fhRgfQVAFBYWjFUZ9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHi4/RMAAP//u5y0Jg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x17, 0x11, r0, 0x0) timer_create(0x3, 0x0, &(0x7f0000000040)) [ 68.386712][ T5335] loop0: detected capacity change from 0 to 8 [ 68.423825][ T4671] Bluetooth: hci0: command tx timeout [ 68.446347][ T5335] SQUASHFS error: zlib decompression failed, data probably corrupt [ 68.449495][ T5335] SQUASHFS error: Failed to read block 0x9b: -5 [ 68.452567][ T5335] SQUASHFS error: Unable to read metadata cache entry [99] [ 68.458537][ T5335] SQUASHFS error: Unable to read inode 0x127 [ 68.500694][ T5335] loop0: detected capacity change from 0 to 2048 [ 68.525848][ T5316] loop0: p2 p3 < > p4 < p5 > [ 68.528196][ T5316] loop0: partition table partially beyond EOD, truncated [ 68.535423][ T5316] loop0: p3 start 4284289 is beyond EOD, truncated [ 68.553918][ T5335] loop0: p2 p3 < > p4 < p5 > [ 68.557802][ T5335] loop0: partition table partially beyond EOD, truncated [ 68.562595][ T5335] loop0: p3 start 4284289 is beyond EOD, truncated [ 68.606898][ T5335] [ 68.607900][ T5335] ====================================================== [ 68.610558][ T5335] WARNING: possible circular locking dependency detected [ 68.613213][ T5335] 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 Not tainted [ 68.615906][ T5335] ------------------------------------------------------ [ 68.618457][ T5335] syz.0.0/5335 is trying to acquire lock: [ 68.620548][ T5335] ffff8880405ed0f8 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570 [ 68.623837][ T5335] [ 68.623837][ T5335] but task is already holding lock: [ 68.626386][ T5335] ffff888000d6c358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 68.629631][ T5335] [ 68.629631][ T5335] which lock already depends on the new lock. [ 68.629631][ T5335] [ 68.633568][ T5335] [ 68.633568][ T5335] the existing dependency chain (in reverse order) is: [ 68.636928][ T5335] [ 68.636928][ T5335] -> #2 (&disk->open_mutex){+.+.}-{4:4}: [ 68.639974][ T5335] lock_acquire+0x116/0x2f0 [ 68.641892][ T5335] __mutex_lock+0x1a5/0x10c0 [ 68.643886][ T5335] bdev_open+0xf7/0xcd0 [ 68.645730][ T5335] bdev_file_open_by_dev+0x1b2/0x230 [ 68.648089][ T5335] disk_scan_partitions+0x1be/0x2b0 [ 68.650185][ T5335] add_disk_fwnode+0xd26/0x1020 [ 68.652161][ T5335] pmem_attach_disk+0xd42/0x1020 [ 68.654159][ T5335] nvdimm_bus_probe+0x147/0x4e0 [ 68.656083][ T5335] really_probe+0x2b9/0xad0 [ 68.657904][ T5335] __driver_probe_device+0x1a2/0x390 [ 68.660049][ T5335] driver_probe_device+0x50/0x430 [ 68.662131][ T5335] __driver_attach+0x45f/0x710 [ 68.664262][ T5335] bus_for_each_dev+0x23e/0x2b0 [ 68.666302][ T5335] bus_add_driver+0x346/0x670 [ 68.668637][ T5335] driver_register+0x23a/0x320 [ 68.670699][ T5335] do_one_initcall+0x24a/0x940 [ 68.672842][ T5335] do_initcall_level+0x157/0x210 [ 68.674932][ T5335] do_initcalls+0x71/0xd0 [ 68.676794][ T5335] kernel_init_freeable+0x432/0x5d0 [ 68.679228][ T5335] kernel_init+0x1d/0x2b0 [ 68.681259][ T5335] ret_from_fork+0x4b/0x80 [ 68.683437][ T5335] ret_from_fork_asm+0x1a/0x30 [ 68.685479][ T5335] [ 68.685479][ T5335] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}: [ 68.689064][ T5335] lock_acquire+0x116/0x2f0 [ 68.691256][ T5335] __mutex_lock+0x1a5/0x10c0 [ 68.693253][ T5335] uevent_show+0x17d/0x340 [ 68.695186][ T5335] dev_attr_show+0x55/0xc0 [ 68.697195][ T5335] sysfs_kf_seq_show+0x32b/0x4a0 [ 68.699369][ T5335] seq_read_iter+0x461/0xda0 [ 68.701617][ T5335] vfs_read+0x9a0/0xb90 [ 68.703530][ T5335] ksys_read+0x19d/0x2d0 [ 68.705441][ T5335] do_syscall_64+0xf3/0x210 [ 68.707625][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.710181][ T5335] [ 68.710181][ T5335] -> #0 (kn->active#5){++++}-{0:0}: [ 68.713110][ T5335] validate_chain+0xa69/0x24e0 [ 68.715258][ T5335] __lock_acquire+0xad5/0xd80 [ 68.717314][ T5335] lock_acquire+0x116/0x2f0 [ 68.719331][ T5335] kernfs_drain+0x275/0x5e0 [ 68.721369][ T5335] __kernfs_remove+0x336/0x570 [ 68.723456][ T5335] kernfs_remove_by_name_ns+0xad/0x130 [ 68.725895][ T5335] device_del+0x56c/0x9b0 [ 68.727848][ T5335] drop_partition+0x11b/0x180 [ 68.729921][ T5335] bdev_disk_changed+0x2ca/0x14e0 [ 68.732197][ T5335] lo_release+0x540/0x850 [ 68.734190][ T5335] bdev_release+0x5dd/0x700 [ 68.736381][ T5335] blkdev_release+0x15/0x20 [ 68.738489][ T5335] __fput+0x3e9/0x9f0 [ 68.740442][ T5335] fput_close_sync+0x1ef/0x270 [ 68.742626][ T5335] __x64_sys_close+0x7f/0x110 [ 68.744751][ T5335] do_syscall_64+0xf3/0x210 [ 68.746934][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.749547][ T5335] [ 68.749547][ T5335] other info that might help us debug this: [ 68.749547][ T5335] [ 68.753684][ T5335] Chain exists of: [ 68.753684][ T5335] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex [ 68.753684][ T5335] [ 68.759042][ T5335] Possible unsafe locking scenario: [ 68.759042][ T5335] [ 68.762142][ T5335] CPU0 CPU1 [ 68.764249][ T5335] ---- ---- [ 68.766458][ T5335] lock(&disk->open_mutex); [ 68.768371][ T5335] lock(&nvdimm_namespace_key); [ 68.771376][ T5335] lock(&disk->open_mutex); [ 68.774205][ T5335] lock(kn->active#5); [ 68.775926][ T5335] [ 68.775926][ T5335] *** DEADLOCK *** [ 68.775926][ T5335] [ 68.778986][ T5335] 1 lock held by syz.0.0/5335: [ 68.780716][ T5335] #0: ffff888000d6c358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 68.783939][ T5335] [ 68.783939][ T5335] stack backtrace: [ 68.786010][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 68.786026][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.786033][ T5335] Call Trace: [ 68.786040][ T5335] [ 68.786047][ T5335] dump_stack_lvl+0x241/0x360 [ 68.786067][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.786081][ T5335] ? __pfx__printk+0x10/0x10 [ 68.786095][ T5335] ? print_lock+0x171/0x1a0 [ 68.786110][ T5335] print_circular_bug+0x2e1/0x300 [ 68.786122][ T5335] check_noncircular+0x142/0x160 [ 68.786135][ T5335] validate_chain+0xa69/0x24e0 [ 68.786149][ T5335] ? lockdep_unlock+0x8d/0x120 [ 68.786162][ T5335] __lock_acquire+0xad5/0xd80 [ 68.786177][ T5335] ? up_write+0x1ab/0x590 [ 68.786184][ T5335] lock_acquire+0x116/0x2f0 [ 68.786195][ T5335] ? __kernfs_remove+0x336/0x570 [ 68.786208][ T5335] kernfs_drain+0x275/0x5e0 [ 68.786220][ T5335] ? __kernfs_remove+0x336/0x570 [ 68.786232][ T5335] ? __pfx_kernfs_drain+0x10/0x10 [ 68.786246][ T5335] __kernfs_remove+0x336/0x570 [ 68.786257][ T5335] kernfs_remove_by_name_ns+0xad/0x130 [ 68.786269][ T5335] device_del+0x56c/0x9b0 [ 68.786282][ T5335] ? __pfx_device_del+0x10/0x10 [ 68.786293][ T5335] ? kobject_put+0x446/0x480 [ 68.786312][ T5335] drop_partition+0x11b/0x180 [ 68.786329][ T5335] bdev_disk_changed+0x2ca/0x14e0 [ 68.786339][ T5335] ? kobject_uevent_env+0x54d/0x8e0 [ 68.786353][ T5335] ? __pfx_bdev_disk_changed+0x10/0x10 [ 68.786362][ T5335] ? kobject_uevent_env+0x54d/0x8e0 [ 68.786376][ T5335] lo_release+0x540/0x850 [ 68.786389][ T5335] ? __pfx_lo_release+0x10/0x10 [ 68.786408][ T5335] ? do_raw_spin_unlock+0x58/0x8b0 [ 68.786426][ T5335] ? __pfx_lo_release+0x10/0x10 [ 68.786437][ T5335] bdev_release+0x5dd/0x700 [ 68.786458][ T5335] blkdev_release+0x15/0x20 [ 68.786471][ T5335] ? __pfx_blkdev_release+0x10/0x10 [ 68.786481][ T5335] __fput+0x3e9/0x9f0 [ 68.786499][ T5335] fput_close_sync+0x1ef/0x270 [ 68.786513][ T5335] ? __pfx_fput_close_sync+0x10/0x10 [ 68.786523][ T5335] ? do_raw_spin_unlock+0x58/0x8b0 [ 68.786536][ T5335] ? filp_flush+0x116/0x190 [ 68.786551][ T5335] __x64_sys_close+0x7f/0x110 [ 68.786562][ T5335] do_syscall_64+0xf3/0x210 [ 68.786573][ T5335] ? clear_bhb_loop+0x45/0xa0 [ 68.786586][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.786598][ T5335] RIP: 0033:0x7f22baf8cdca [ 68.786610][ T5335] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24 [ 68.786620][ T5335] RSP: 002b:00007f22bbe6fe00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 68.786632][ T5335] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f22baf8cdca [ 68.786640][ T5335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 68.786646][ T5335] RBP: 0000000000000010 R08: 0000000000000000 R09: 00000000000003df [ 68.786653][ T5335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 68.786659][ T5335] R13: 00007f22bbe6fef0 R14: 00007f22bbe70668 R15: 00007f22aee00000 [ 68.786671][ T5335] [ 68.930901][ T5316] udevd[5316]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 68.938449][ T5314] udevd[5314]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 68.950971][ T5337] udevd[5337]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 68.968726][ T5316] udevd[5316]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 68.975942][ T5314] udevd[5314]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 68.983607][ T5337] udevd[5337]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 69.013389][ T5337] udevd[5337]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 69.020871][ T25] audit: type=1800 audit(1744971343.409:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="loop0p4" dev="devtmpfs" ino=2575 res=0 errno=0 [ 69.049512][ T5314] udevd[5314]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory