program: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f0000000280)='./file1\x00', 0x50) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) chdir(&(0x7f0000000080)='./file1\x00') syz_read_part_table(0x5be, &(0x7f00000005c0)="$eJzs2z9o02kYB/An1SAonIuTk3VwOFwURzOoJFFRCNEu4qCgiJgpghC5gKCDzdDSDKVjl1LI0j9T0wwdjpYWOpfSoUehQ5c72qXQpTlK39vb6x8QPh94eXjf95s8v2f4jb/gl9YT/3S73UxEdC8d/9d9rXzhyY3Sg/LLiEy8jojeP3+bOrjJpMR//3oz7dfTfmz0cqd/53G2tfZi99ab+UZPuv+W1pXxdt+Jh+PMTeQWrn7/US0O1HIfV4v1zZ8ry88nt/Pl9rNGc+pp9tG7lFtM9WKqn6MWX+NTvI1KVOJ9VE+p/0hr487+9WJr5sP9vUJncO5uypVOOOdR+3/pHXrVrD+8PX1t+F5tdqm8deEwV/kfbxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOdvIrdw9fuPanGglvu4Wqxv/lxZfj65nS+3nzWaU0+zj96l3GKqF1P9HLX4Gp/ibVSiEu+jekr9R1obd/avF1szH+7vFTqDc3dTrnTCOY/a/0vv0Ktm/eHt6WvD92qzS+WtC4e5yqUzegAAAAAAAAAAAAAAAAAAAACIiHzhyY3Sg/LLiEy8jojf//6j5+C8m753z6TczVTX0/nY6OVO/87jbGvtxe6tN/ONv9L5t7SujLf7zn0Yju3fAAAA//8CE5V6") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mkdir(&(0x7f0000000280)='./file1\x00', 0x50) (async) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) (async) chdir(&(0x7f0000000080)='./file1\x00') (async) syz_read_part_table(0x5be, &(0x7f00000005c0)="$eJzs2z9o02kYB/An1SAonIuTk3VwOFwURzOoJFFRCNEu4qCgiJgpghC5gKCDzdDSDKVjl1LI0j9T0wwdjpYWOpfSoUehQ5c72qXQpTlK39vb6x8QPh94eXjf95s8v2f4jb/gl9YT/3S73UxEdC8d/9d9rXzhyY3Sg/LLiEy8jojeP3+bOrjJpMR//3oz7dfTfmz0cqd/53G2tfZi99ab+UZPuv+W1pXxdt+Jh+PMTeQWrn7/US0O1HIfV4v1zZ8ry88nt/Pl9rNGc+pp9tG7lFtM9WKqn6MWX+NTvI1KVOJ9VE+p/0hr487+9WJr5sP9vUJncO5uypVOOOdR+3/pHXrVrD+8PX1t+F5tdqm8deEwV/kfbxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOdvIrdw9fuPanGglvu4Wqxv/lxZfj65nS+3nzWaU0+zj96l3GKqF1P9HLX4Gp/ibVSiEu+jekr9R1obd/avF1szH+7vFTqDc3dTrnTCOY/a/0vv0Ktm/eHt6WvD92qzS+WtC4e5yqUzegAAAAAAAAAAAAAAAAAAAACIiHzhyY3Sg/LLiEy8jojf//6j5+C8m753z6TczVTX0/nY6OVO/87jbGvtxe6tN/ONv9L5t7SujLf7zn0Yju3fAAAA//8CE5V6") (async) [ 79.903546][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 79.906151][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 79.909687][ T4673] Bluetooth: hci0: command tx timeout [ 80.027129][ T5327] loop0: detected capacity change from 0 to 2048 [ 80.065798][ T5329] loop0: p1 p2 p3 [ 80.087858][ T5327] loop0: p1 p2 p3 [ 80.220547][ T5331] [ 80.221528][ T5331] ====================================================== [ 80.224240][ T5331] WARNING: possible circular locking dependency detected [ 80.227061][ T5331] 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 Not tainted [ 80.229882][ T5331] ------------------------------------------------------ [ 80.232262][ T5331] udevd/5331 is trying to acquire lock: [ 80.234127][ T5331] ffff88805353a878 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570 [ 80.237442][ T5331] [ 80.237442][ T5331] but task is already holding lock: [ 80.239968][ T5331] ffff888034a4e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 80.243434][ T5331] [ 80.243434][ T5331] which lock already depends on the new lock. [ 80.243434][ T5331] [ 80.247290][ T5331] [ 80.247290][ T5331] the existing dependency chain (in reverse order) is: [ 80.250223][ T5331] [ 80.250223][ T5331] -> #2 (&disk->open_mutex){+.+.}-{4:4}: [ 80.253206][ T5331] lock_acquire+0x116/0x2f0 [ 80.255142][ T5331] __mutex_lock+0x1a5/0x10c0 [ 80.257207][ T5331] bdev_open+0xf7/0xcd0 [ 80.259097][ T5331] bdev_file_open_by_dev+0x1b2/0x230 [ 80.261277][ T5331] disk_scan_partitions+0x1be/0x2b0 [ 80.263317][ T5331] add_disk_fwnode+0xd26/0x1020 [ 80.265180][ T5331] pmem_attach_disk+0xd42/0x1020 [ 80.267232][ T5331] nvdimm_bus_probe+0x147/0x4e0 [ 80.269100][ T5331] really_probe+0x2b9/0xad0 [ 80.270972][ T5331] __driver_probe_device+0x1a2/0x390 [ 80.273243][ T5331] driver_probe_device+0x50/0x430 [ 80.275287][ T5331] __driver_attach+0x45f/0x710 [ 80.277500][ T5331] bus_for_each_dev+0x23e/0x2b0 [ 80.279882][ T5331] bus_add_driver+0x346/0x670 [ 80.281688][ T5331] driver_register+0x23a/0x320 [ 80.283752][ T5331] do_one_initcall+0x24a/0x940 [ 80.285597][ T5331] do_initcall_level+0x157/0x210 [ 80.287669][ T5331] do_initcalls+0x71/0xd0 [ 80.289483][ T5331] kernel_init_freeable+0x432/0x5d0 [ 80.291706][ T5331] kernel_init+0x1d/0x2b0 [ 80.293490][ T5331] ret_from_fork+0x4b/0x80 [ 80.295435][ T5331] ret_from_fork_asm+0x1a/0x30 [ 80.297458][ T5331] [ 80.297458][ T5331] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}: [ 80.300591][ T5331] lock_acquire+0x116/0x2f0 [ 80.302585][ T5331] __mutex_lock+0x1a5/0x10c0 [ 80.304646][ T5331] uevent_show+0x17d/0x340 [ 80.306572][ T5331] dev_attr_show+0x55/0xc0 [ 80.308478][ T5331] sysfs_kf_seq_show+0x32b/0x4a0 [ 80.310457][ T5331] seq_read_iter+0x461/0xda0 [ 80.312411][ T5331] vfs_read+0x9a0/0xb90 [ 80.314145][ T5331] ksys_read+0x19d/0x2d0 [ 80.316260][ T5331] do_syscall_64+0xf3/0x210 [ 80.318295][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.320928][ T5331] [ 80.320928][ T5331] -> #0 (kn->active#5){++++}-{0:0}: [ 80.324215][ T5331] validate_chain+0xa69/0x24e0 [ 80.326594][ T5331] __lock_acquire+0xad5/0xd80 [ 80.328416][ T5331] lock_acquire+0x116/0x2f0 [ 80.330202][ T5331] kernfs_drain+0x275/0x5e0 [ 80.332351][ T5331] __kernfs_remove+0x336/0x570 [ 80.334499][ T5331] kernfs_remove_by_name_ns+0xad/0x130 [ 80.336928][ T5331] device_del+0x56c/0x9b0 [ 80.338461][ T5331] drop_partition+0x11b/0x180 [ 80.340329][ T5331] bdev_disk_changed+0x2ca/0x14e0 [ 80.342543][ T5331] lo_release+0x540/0x850 [ 80.344497][ T5331] bdev_release+0x5dd/0x700 [ 80.346290][ T5331] blkdev_release+0x15/0x20 [ 80.348245][ T5331] __fput+0x3e9/0x9f0 [ 80.350081][ T5331] fput_close_sync+0x1ef/0x270 [ 80.352214][ T5331] __x64_sys_close+0x7f/0x110 [ 80.354286][ T5331] do_syscall_64+0xf3/0x210 [ 80.356325][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.358797][ T5331] [ 80.358797][ T5331] other info that might help us debug this: [ 80.358797][ T5331] [ 80.362459][ T5331] Chain exists of: [ 80.362459][ T5331] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex [ 80.362459][ T5331] [ 80.367463][ T5331] Possible unsafe locking scenario: [ 80.367463][ T5331] [ 80.370081][ T5331] CPU0 CPU1 [ 80.372181][ T5331] ---- ---- [ 80.374374][ T5331] lock(&disk->open_mutex); [ 80.376636][ T5331] lock(&nvdimm_namespace_key); [ 80.380136][ T5331] lock(&disk->open_mutex); [ 80.382723][ T5331] lock(kn->active#5); [ 80.384229][ T5331] [ 80.384229][ T5331] *** DEADLOCK *** [ 80.384229][ T5331] [ 80.386964][ T5331] 1 lock held by udevd/5331: [ 80.388572][ T5331] #0: ffff888034a4e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 80.392114][ T5331] [ 80.392114][ T5331] stack backtrace: [ 80.394339][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: udevd Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 80.394353][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.394360][ T5331] Call Trace: [ 80.394367][ T5331] [ 80.394372][ T5331] dump_stack_lvl+0x241/0x360 [ 80.394392][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.394406][ T5331] ? __pfx__printk+0x10/0x10 [ 80.394419][ T5331] ? print_lock+0x171/0x1a0 [ 80.394436][ T5331] print_circular_bug+0x2e1/0x300 [ 80.394447][ T5331] check_noncircular+0x142/0x160 [ 80.394459][ T5331] validate_chain+0xa69/0x24e0 [ 80.394471][ T5331] ? lockdep_unlock+0x8d/0x120 [ 80.394484][ T5331] __lock_acquire+0xad5/0xd80 [ 80.394497][ T5331] ? up_write+0x1ab/0x590 [ 80.394505][ T5331] lock_acquire+0x116/0x2f0 [ 80.394517][ T5331] ? __kernfs_remove+0x336/0x570 [ 80.394531][ T5331] kernfs_drain+0x275/0x5e0 [ 80.394541][ T5331] ? __kernfs_remove+0x336/0x570 [ 80.394552][ T5331] ? __pfx_kernfs_drain+0x10/0x10 [ 80.394565][ T5331] __kernfs_remove+0x336/0x570 [ 80.394575][ T5331] kernfs_remove_by_name_ns+0xad/0x130 [ 80.394587][ T5331] device_del+0x56c/0x9b0 [ 80.394600][ T5331] ? __pfx_device_del+0x10/0x10 [ 80.394610][ T5331] ? kobject_put+0x446/0x480 [ 80.394621][ T5331] drop_partition+0x11b/0x180 [ 80.394637][ T5331] bdev_disk_changed+0x2ca/0x14e0 [ 80.394645][ T5331] ? kobject_uevent_env+0x54d/0x8e0 [ 80.394659][ T5331] ? __pfx_bdev_disk_changed+0x10/0x10 [ 80.394667][ T5331] ? kobject_uevent_env+0x54d/0x8e0 [ 80.394680][ T5331] lo_release+0x540/0x850 [ 80.394691][ T5331] ? __pfx_lo_release+0x10/0x10 [ 80.394706][ T5331] ? do_raw_spin_unlock+0x58/0x8b0 [ 80.394719][ T5331] ? __pfx_lo_release+0x10/0x10 [ 80.394728][ T5331] bdev_release+0x5dd/0x700 [ 80.394742][ T5331] blkdev_release+0x15/0x20 [ 80.394754][ T5331] ? __pfx_blkdev_release+0x10/0x10 [ 80.394766][ T5331] __fput+0x3e9/0x9f0 [ 80.394779][ T5331] fput_close_sync+0x1ef/0x270 [ 80.394789][ T5331] ? __pfx_fput_close_sync+0x10/0x10 [ 80.394799][ T5331] ? do_raw_spin_unlock+0x58/0x8b0 [ 80.394810][ T5331] ? filp_flush+0x116/0x190 [ 80.394821][ T5331] __x64_sys_close+0x7f/0x110 [ 80.394832][ T5331] do_syscall_64+0xf3/0x210 [ 80.394843][ T5331] ? clear_bhb_loop+0x45/0xa0 [ 80.394854][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.394863][ T5331] RIP: 0033:0x7f495037b0a8 [ 80.394876][ T5331] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83 [ 80.394884][ T5331] RSP: 002b:00007fff6b821b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 80.394895][ T5331] RAX: ffffffffffffffda RBX: 00007f49502a70e0 RCX: 00007f495037b0a8 [ 80.394902][ T5331] RDX: 000055fed15e00ba RSI: 00007fff6b821368 RDI: 0000000000000008 [ 80.394908][ T5331] RBP: 000055fb8ee62c30 R08: 0000000000000006 R09: ffae2035b8306c50 [ 80.394914][ T5331] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002 [ 80.394920][ T5331] R13: 000055fb8ee54b00 R14: 0000000000000008 R15: 000055fb8ee43910 [ 80.394929][ T5331]