program: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYRESDEC, @ANYBLOB="87936fc50bbc50446d3a62ca5ad29a7948fab7301fd7d8a9b831c14cb4a1ee0845300a1cee3b172bcaa2a33eb55e519dc1ec231b31206e21c73669af9c070d8df8babdebf30aeb623ef9b2c3f22ffa123f365dbef3517ae2bc0bdd15bdde4d3f49e325c4da6f60754ac815f2"], 0x0, 0x26, 0x0, 0x200001, 0xfffffffd, 0x0, @void, @value}, 0x28) r1 = fsopen(&(0x7f0000000600)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) openat$cgroup_int(r2, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000640)={0x6, 0x52a229baafd590a2, 0x0, {0xa97a, 0x8, 0x8, 0x8}}) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000680)=0x400) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r3, 0x4) syz_read_part_table(0x5e0, &(0x7f0000000000)="$eJzs3L9rJFUcAPDvzM7ObiAasbZYSCMKRrATF23UpBONnYWNgkVEYiFWu4uC4I8/IK1oYRRCrC08OEK4dFcdB+Huv7gUF94xP/fgUt2Gg4PPp9jve2++3/dmdl77Jni+pY2IlEWc1b3fB3Uo8u1Be/2LrMscNWHYdqvxTw/f/2Bn8lE26seq0Xl7dbRcpWxjEZO29V8Rvx1++VPeZcyaMI8Y/lNGUeWmpu7gyZu+qKYvsmv5A1hF8X+qX1aUcTv+jYi9bFC9/FHEIv6MeCnGdd5WxMuDlFL9mucRaxGDKPt98dSOpieLd6PYrdpr0e60YdOb/ZylN9u8YaSUUh6zza5yEPHKO1v7V01a1y/qPdYNpZSG611tvrywd1l2zbdO789iMe5nj9Ru7m6ffnP+8Rv1nWTNHMNVHx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGv36rev3ci7znv1b9b/bv8V+TJ1HvGwa0/G17T+0fRk44cf9/P4fvrVna+zbngQWx+uR4z6vM+bcPxLHYo+bVV7l3n59x831/qBduos4tbm3YvUrXDexu/efqx4mq+8PgAAAAAAAAAAAAAAAAAAAFSOY2fySR67EVl8Fsvj/inGEVl/Hn8ckVJKD1KtO/xfHrzYts7uRVYVRepKTsvmgwIbL0Sk0a+v1x8UaApTSkW9RPYMH5QrPQoAAP//HdhdXQ==") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYRESDEC, @ANYBLOB="87936fc50bbc50446d3a62ca5ad29a7948fab7301fd7d8a9b831c14cb4a1ee0845300a1cee3b172bcaa2a33eb55e519dc1ec231b31206e21c73669af9c070d8df8babdebf30aeb623ef9b2c3f22ffa123f365dbef3517ae2bc0bdd15bdde4d3f49e325c4da6f60754ac815f2"], 0x0, 0x26, 0x0, 0x200001, 0xfffffffd, 0x0, @void, @value}, 0x28) (async) fsopen(&(0x7f0000000600)='bpf\x00', 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async) fsmount(r1, 0x0, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) (async) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000640)={0x6, 0x52a229baafd590a2, 0x0, {0xa97a, 0x8, 0x8, 0x8}}) (async) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000680)=0x400) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r3, 0x4) (async) syz_read_part_table(0x5e0, &(0x7f0000000000)="$eJzs3L9rJFUcAPDvzM7ObiAasbZYSCMKRrATF23UpBONnYWNgkVEYiFWu4uC4I8/IK1oYRRCrC08OEK4dFcdB+Huv7gUF94xP/fgUt2Gg4PPp9jve2++3/dmdl77Jni+pY2IlEWc1b3fB3Uo8u1Be/2LrMscNWHYdqvxTw/f/2Bn8lE26seq0Xl7dbRcpWxjEZO29V8Rvx1++VPeZcyaMI8Y/lNGUeWmpu7gyZu+qKYvsmv5A1hF8X+qX1aUcTv+jYi9bFC9/FHEIv6MeCnGdd5WxMuDlFL9mucRaxGDKPt98dSOpieLd6PYrdpr0e60YdOb/ZylN9u8YaSUUh6zza5yEPHKO1v7V01a1y/qPdYNpZSG611tvrywd1l2zbdO789iMe5nj9Ru7m6ffnP+8Rv1nWTNHMNVHx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGv36rev3ci7znv1b9b/bv8V+TJ1HvGwa0/G17T+0fRk44cf9/P4fvrVna+zbngQWx+uR4z6vM+bcPxLHYo+bVV7l3n59x831/qBduos4tbm3YvUrXDexu/efqx4mq+8PgAAAAAAAAAAAAAAAAAAAFSOY2fySR67EVl8Fsvj/inGEVl/Hn8ckVJKD1KtO/xfHrzYts7uRVYVRepKTsvmgwIbL0Sk0a+v1x8UaApTSkW9RPYMH5QrPQoAAP//HdhdXQ==") (async) [ 68.722088][ T4668] Bluetooth: hci0: command tx timeout [ 68.844149][ T5323] loop0: detected capacity change from 0 to 2048 [ 68.884563][ T5323] loop0: p3 p4 < > [ 69.071915][ T5322] [ 69.073003][ T5322] ====================================================== [ 69.075717][ T5322] WARNING: possible circular locking dependency detected [ 69.078485][ T5322] 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 Not tainted [ 69.081253][ T5322] ------------------------------------------------------ [ 69.083939][ T5322] syz.0.0/5322 is trying to acquire lock: [ 69.086166][ T5322] ffff8880410a0008 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x336/0x570 [ 69.089654][ T5322] [ 69.089654][ T5322] but task is already holding lock: [ 69.092400][ T5322] ffff888034c7a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 69.096065][ T5322] [ 69.096065][ T5322] which lock already depends on the new lock. [ 69.096065][ T5322] [ 69.099957][ T5322] [ 69.099957][ T5322] the existing dependency chain (in reverse order) is: [ 69.103320][ T5322] [ 69.103320][ T5322] -> #2 (&disk->open_mutex){+.+.}-{4:4}: [ 69.106395][ T5322] lock_acquire+0x116/0x2f0 [ 69.108574][ T5322] __mutex_lock+0x1a5/0x10c0 [ 69.110683][ T5322] bdev_open+0xf7/0xcd0 [ 69.112533][ T5322] bdev_file_open_by_dev+0x1b2/0x230 [ 69.114759][ T5322] disk_scan_partitions+0x1be/0x2b0 [ 69.116928][ T5322] add_disk_fwnode+0xd26/0x1020 [ 69.119038][ T5322] pmem_attach_disk+0xd42/0x1020 [ 69.121125][ T5322] nvdimm_bus_probe+0x147/0x4e0 [ 69.123110][ T5322] really_probe+0x2b9/0xad0 [ 69.125209][ T5322] __driver_probe_device+0x1a2/0x390 [ 69.127372][ T5322] driver_probe_device+0x50/0x430 [ 69.129522][ T5322] __driver_attach+0x45f/0x710 [ 69.131602][ T5322] bus_for_each_dev+0x23e/0x2b0 [ 69.133657][ T5322] bus_add_driver+0x346/0x670 [ 69.135650][ T5322] driver_register+0x23a/0x320 [ 69.137722][ T5322] do_one_initcall+0x24a/0x940 [ 69.139817][ T5322] do_initcall_level+0x157/0x210 [ 69.141989][ T5322] do_initcalls+0x71/0xd0 [ 69.143887][ T5322] kernel_init_freeable+0x432/0x5d0 [ 69.146079][ T5322] kernel_init+0x1d/0x2b0 [ 69.148027][ T5322] ret_from_fork+0x4b/0x80 [ 69.149951][ T5322] ret_from_fork_asm+0x1a/0x30 [ 69.152018][ T5322] [ 69.152018][ T5322] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}: [ 69.155078][ T5322] lock_acquire+0x116/0x2f0 [ 69.157065][ T5322] __mutex_lock+0x1a5/0x10c0 [ 69.158955][ T5322] uevent_show+0x17d/0x340 [ 69.160810][ T5322] dev_attr_show+0x55/0xc0 [ 69.162723][ T5322] sysfs_kf_seq_show+0x32b/0x4a0 [ 69.164800][ T5322] seq_read_iter+0x461/0xda0 [ 69.166708][ T5322] vfs_read+0x9a0/0xb90 [ 69.168510][ T5322] ksys_read+0x19d/0x2d0 [ 69.170367][ T5322] do_syscall_64+0xf3/0x210 [ 69.172275][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.174826][ T5322] [ 69.174826][ T5322] -> #0 (kn->active#5){++++}-{0:0}: [ 69.177622][ T5322] validate_chain+0xa69/0x24e0 [ 69.179653][ T5322] __lock_acquire+0xad5/0xd80 [ 69.181591][ T5322] lock_acquire+0x116/0x2f0 [ 69.183534][ T5322] kernfs_drain+0x275/0x5e0 [ 69.185417][ T5322] __kernfs_remove+0x336/0x570 [ 69.187385][ T5322] kernfs_remove_by_name_ns+0xad/0x130 [ 69.189628][ T5322] device_del+0x56c/0x9b0 [ 69.191544][ T5322] drop_partition+0x11b/0x180 [ 69.193357][ T5322] bdev_disk_changed+0x2ca/0x14e0 [ 69.195205][ T5322] lo_release+0x540/0x850 [ 69.196815][ T5322] bdev_release+0x5dd/0x700 [ 69.198691][ T5322] blkdev_release+0x15/0x20 [ 69.200657][ T5322] __fput+0x3e9/0x9f0 [ 69.202505][ T5322] fput_close_sync+0x1ef/0x270 [ 69.204615][ T5322] __x64_sys_close+0x7f/0x110 [ 69.206547][ T5322] do_syscall_64+0xf3/0x210 [ 69.208368][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.210866][ T5322] [ 69.210866][ T5322] other info that might help us debug this: [ 69.210866][ T5322] [ 69.214736][ T5322] Chain exists of: [ 69.214736][ T5322] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex [ 69.214736][ T5322] [ 69.219709][ T5322] Possible unsafe locking scenario: [ 69.219709][ T5322] [ 69.222570][ T5322] CPU0 CPU1 [ 69.224667][ T5322] ---- ---- [ 69.226778][ T5322] lock(&disk->open_mutex); [ 69.228519][ T5322] lock(&nvdimm_namespace_key); [ 69.231339][ T5322] lock(&disk->open_mutex); [ 69.233978][ T5322] lock(kn->active#5); [ 69.235718][ T5322] [ 69.235718][ T5322] *** DEADLOCK *** [ 69.235718][ T5322] [ 69.238834][ T5322] 1 lock held by syz.0.0/5322: [ 69.240650][ T5322] #0: ffff888034c7a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700 [ 69.244354][ T5322] [ 69.244354][ T5322] stack backtrace: [ 69.246663][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 69.246678][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.246684][ T5322] Call Trace: [ 69.246691][ T5322] [ 69.246696][ T5322] dump_stack_lvl+0x241/0x360 [ 69.246715][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.246728][ T5322] ? __pfx__printk+0x10/0x10 [ 69.246741][ T5322] ? print_lock+0x171/0x1a0 [ 69.246756][ T5322] print_circular_bug+0x2e1/0x300 [ 69.246767][ T5322] check_noncircular+0x142/0x160 [ 69.246778][ T5322] validate_chain+0xa69/0x24e0 [ 69.246792][ T5322] ? lockdep_unlock+0x8d/0x120 [ 69.246804][ T5322] __lock_acquire+0xad5/0xd80 [ 69.246818][ T5322] ? up_write+0x1ab/0x590 [ 69.246828][ T5322] lock_acquire+0x116/0x2f0 [ 69.246840][ T5322] ? __kernfs_remove+0x336/0x570 [ 69.246853][ T5322] kernfs_drain+0x275/0x5e0 [ 69.246862][ T5322] ? __kernfs_remove+0x336/0x570 [ 69.246873][ T5322] ? __pfx_kernfs_drain+0x10/0x10 [ 69.246887][ T5322] __kernfs_remove+0x336/0x570 [ 69.246896][ T5322] kernfs_remove_by_name_ns+0xad/0x130 [ 69.246907][ T5322] device_del+0x56c/0x9b0 [ 69.246920][ T5322] ? __pfx_device_del+0x10/0x10 [ 69.246930][ T5322] ? kobject_put+0x446/0x480 [ 69.246942][ T5322] drop_partition+0x11b/0x180 [ 69.246956][ T5322] bdev_disk_changed+0x2ca/0x14e0 [ 69.246964][ T5322] ? kobject_uevent_env+0x54d/0x8e0 [ 69.246979][ T5322] ? __pfx_bdev_disk_changed+0x10/0x10 [ 69.246987][ T5322] ? kobject_uevent_env+0x54d/0x8e0 [ 69.247000][ T5322] lo_release+0x540/0x850 [ 69.247012][ T5322] ? __pfx_lo_release+0x10/0x10 [ 69.247025][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.247037][ T5322] ? __pfx_lo_release+0x10/0x10 [ 69.247047][ T5322] bdev_release+0x5dd/0x700 [ 69.247063][ T5322] blkdev_release+0x15/0x20 [ 69.247075][ T5322] ? __pfx_blkdev_release+0x10/0x10 [ 69.247087][ T5322] __fput+0x3e9/0x9f0 [ 69.247099][ T5322] fput_close_sync+0x1ef/0x270 [ 69.247106][ T5322] ? __pfx_fput_close_sync+0x10/0x10 [ 69.247112][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.247120][ T5322] ? filp_flush+0x116/0x190 [ 69.247127][ T5322] __x64_sys_close+0x7f/0x110 [ 69.247134][ T5322] do_syscall_64+0xf3/0x210 [ 69.247141][ T5322] ? clear_bhb_loop+0x45/0xa0 [ 69.247148][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.247155][ T5322] RIP: 0033:0x7fe21218cdca [ 69.247165][ T5322] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24 [ 69.247173][ T5322] RSP: 002b:00007fe212f6cd50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 69.247184][ T5322] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007fe21218cdca [ 69.247190][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 69.247203][ T5322] RBP: 0000000000000010 R08: 0000000000000000 R09: 00000000000005da [ 69.247209][ T5322] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006 [ 69.247214][ T5322] R13: 00007fe212f6cdec R14: 00007fe212f6d668 R15: 00007fe206000000 [ 69.247223][ T5322] [ 69.404003][ T5302] udevd[5302]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory