program:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r1, &(0x7f00000010c0)=ANY=[], 0x1a3)
syz_80211_inject_frame(0x0, &(0x7f0000000ac0)=@data_frame={@msdu=@type11={{0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @broadcast, @broadcast, @device_a, {0x5, 0x803}}, @random="57e3bebae4635330884924d3a856e3fb107a5ce133bf1f4e1b74afbeeac68ddc5951c203d5a4e3ca5c122b831cd79814bbef05cfe304af14505f2ac4e0d067f4922083c1768537ef8d8a9c5416ce16682f171bd652cc9bd9188a4c8fa487addec6a3ba9b9b6693edb170a1b0b53cf833b6dd94946169375466ea10ed666c85bd95e1d51e5311b2adf40bec0013f817f6594f999235ae7513ea77f3f5ba6c2a2b2e7b3841df8b872ea82b387a71987023da4e981aa71b93de5ae41b97a551b55f4e61c453a0326f3b85a3dc6b7498a802c63ec835f96c4d0ff4be3fb000cc983d56c88858efe770654404716bb86e299e4e7e2e3f5af708989741d0be54ed036dcc98b349ee112f6656002e2e2dc50b8de7adf63e9b4c85d1c85056a5cd0a4a6254d71057ded1dce739d948f7e2a52b4a3e7d1c5ce16b3e0cd79220315b1c67a863367015b1b620e3c1272ec68ff44ec38ad9c1dbf2d8754f3748a9db933984fc83049eed385f1fc50f4ded450f0f41077c74225ce2ad517e82bab41f4413edd8eb94db4cd84059b58adcdf7743a0aea01cdab08cac092d5b86b43615102af6269adf7bc40b2f928ba8f217f28d5b38460e3c1e4502e1d5ddec748442c9e3e2"}, 0x1dd)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
[ 77.142188][ T5312] Bluetooth: hci0: command tx timeout
[ 77.146144][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[ 77.163690][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[ 77.212508][ T5328] loop0: detected capacity change from 0 to 7
[ 77.226800][ T5308] loop0: [CUMANA/ADFS] p1 [ADFS] p1
[ 77.229725][ T5308] loop0: partition table partially beyond EOD, truncated
[ 77.239515][ T5308] loop0: p1 size 3797445902 extends beyond EOD, truncated
[ 77.319900][ T5328] loop0: [CUMANA/ADFS] p1 [ADFS] p1
[ 77.324023][ T5328] loop0: partition table partially beyond EOD, truncated
[ 77.327617][ T5328] loop0: p1 size 3797445902 extends beyond EOD, truncated
[ 77.344720][ T5327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 77.407790][ T5308]
[ 77.408757][ T5308] ======================================================
[ 77.411235][ T5308] WARNING: possible circular locking dependency detected
[ 77.413956][ T5308] 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 Not tainted
[ 77.416668][ T5308] ------------------------------------------------------
[ 77.419436][ T5308] udevd/5308 is trying to acquire lock:
[ 77.421620][ T5308] ffff88803f73c1e8 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x33b/0x570
[ 77.425375][ T5308]
[ 77.425375][ T5308] but task is already holding lock:
[ 77.428463][ T5308] ffff888032e26358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[ 77.432022][ T5308]
[ 77.432022][ T5308] which lock already depends on the new lock.
[ 77.432022][ T5308]
[ 77.436149][ T5308]
[ 77.436149][ T5308] the existing dependency chain (in reverse order) is:
[ 77.439686][ T5308]
[ 77.439686][ T5308] -> #2 (&disk->open_mutex){+.+.}-{4:4}:
[ 77.442887][ T5308] lock_acquire+0x120/0x360
[ 77.444910][ T5308] __mutex_lock+0x182/0xe80
[ 77.446894][ T5308] bdev_open+0xe0/0xd30
[ 77.448867][ T5308] bdev_file_open_by_dev+0x1b9/0x230
[ 77.451181][ T5308] disk_scan_partitions+0x1c1/0x2c0
[ 77.453501][ T5308] add_disk_fwnode+0xdbc/0x10e0
[ 77.455589][ T5308] pmem_attach_disk+0xbc7/0xdc0
[ 77.457800][ T5308] nvdimm_bus_probe+0x144/0x490
[ 77.459916][ T5308] really_probe+0x26a/0x9a0
[ 77.462077][ T5308] __driver_probe_device+0x18c/0x2f0
[ 77.464430][ T5308] driver_probe_device+0x4f/0x430
[ 77.466684][ T5308] __driver_attach+0x452/0x700
[ 77.468663][ T5308] bus_for_each_dev+0x230/0x2b0
[ 77.470698][ T5308] bus_add_driver+0x345/0x640
[ 77.472698][ T5308] driver_register+0x23a/0x320
[ 77.474729][ T5308] do_one_initcall+0x233/0x820
[ 77.476885][ T5308] do_initcall_level+0x137/0x1f0
[ 77.478874][ T5308] do_initcalls+0x69/0xd0
[ 77.480739][ T5308] kernel_init_freeable+0x3d9/0x570
[ 77.483110][ T5308] kernel_init+0x1d/0x1d0
[ 77.485193][ T5308] ret_from_fork+0x4b/0x80
[ 77.487198][ T5308] ret_from_fork_asm+0x1a/0x30
[ 77.489403][ T5308]
[ 77.489403][ T5308] -> #1 (&nvdimm_namespace_key){+.+.}-{4:4}:
[ 77.492524][ T5308] lock_acquire+0x120/0x360
[ 77.494252][ T5308] __mutex_lock+0x182/0xe80
[ 77.495991][ T5308] uevent_show+0x174/0x330
[ 77.497693][ T5308] dev_attr_show+0x55/0xc0
[ 77.499414][ T5308] sysfs_kf_seq_show+0x30d/0x490
[ 77.501497][ T5308] seq_read_iter+0x4e7/0xe10
[ 77.503370][ T5308] vfs_read+0x4cd/0x980
[ 77.505157][ T5308] ksys_read+0x145/0x250
[ 77.507098][ T5308] do_syscall_64+0xf6/0x210
[ 77.509140][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.511663][ T5308]
[ 77.511663][ T5308] -> #0 (kn->active#5){++++}-{0:0}:
[ 77.514519][ T5308] validate_chain+0xb9b/0x2140
[ 77.516564][ T5308] __lock_acquire+0xaac/0xd20
[ 77.518615][ T5308] lock_acquire+0x120/0x360
[ 77.520674][ T5308] kernfs_drain+0x27a/0x5e0
[ 77.522601][ T5308] __kernfs_remove+0x33b/0x570
[ 77.524703][ T5308] kernfs_remove_by_name_ns+0xaf/0x130
[ 77.527145][ T5308] device_del+0x4f0/0x8e0
[ 77.529117][ T5308] drop_partition+0x11b/0x180
[ 77.531190][ T5308] bdev_disk_changed+0x28c/0x14b0
[ 77.533431][ T5308] lo_release+0x514/0x7e0
[ 77.535650][ T5308] bdev_release+0x533/0x650
[ 77.537587][ T5308] blkdev_release+0x15/0x20
[ 77.539574][ T5308] __fput+0x449/0xa70
[ 77.541348][ T5308] fput_close_sync+0x169/0x200
[ 77.543460][ T5308] __x64_sys_close+0x7f/0x110
[ 77.545657][ T5308] do_syscall_64+0xf6/0x210
[ 77.547595][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.550086][ T5308]
[ 77.550086][ T5308] other info that might help us debug this:
[ 77.550086][ T5308]
[ 77.553997][ T5308] Chain exists of:
[ 77.553997][ T5308] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex
[ 77.553997][ T5308]
[ 77.559190][ T5308] Possible unsafe locking scenario:
[ 77.559190][ T5308]
[ 77.562129][ T5308] CPU0 CPU1
[ 77.564281][ T5308] ---- ----
[ 77.566471][ T5308] lock(&disk->open_mutex);
[ 77.568334][ T5308] lock(&nvdimm_namespace_key);
[ 77.571435][ T5308] lock(&disk->open_mutex);
[ 77.574137][ T5308] lock(kn->active#5);
[ 77.575859][ T5308]
[ 77.575859][ T5308] *** DEADLOCK ***
[ 77.575859][ T5308]
[ 77.579141][ T5308] 1 lock held by udevd/5308:
[ 77.581070][ T5308] #0: ffff888032e26358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[ 77.584978][ T5308]
[ 77.584978][ T5308] stack backtrace:
[ 77.587264][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: udevd Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full)
[ 77.587279][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.587284][ T5308] Call Trace:
[ 77.587291][ T5308] <TASK>
[ 77.587296][ T5308] dump_stack_lvl+0x189/0x250
[ 77.587316][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.587330][ T5308] ? __pfx__printk+0x10/0x10
[ 77.587341][ T5308] ? print_lock_name+0xde/0x100
[ 77.587351][ T5308] print_circular_bug+0x2ee/0x310
[ 77.587362][ T5308] check_noncircular+0x134/0x160
[ 77.587369][ T5308] validate_chain+0xb9b/0x2140
[ 77.587377][ T5308] ? lockdep_unlock+0x89/0x120
[ 77.587386][ T5308] __lock_acquire+0xaac/0xd20
[ 77.587395][ T5308] ? __kernfs_remove+0x33b/0x570
[ 77.587403][ T5308] lock_acquire+0x120/0x360
[ 77.587415][ T5308] ? __kernfs_remove+0x33b/0x570
[ 77.587424][ T5308] ? up_write+0x1c4/0x420
[ 77.587434][ T5308] kernfs_drain+0x27a/0x5e0
[ 77.587443][ T5308] ? __kernfs_remove+0x33b/0x570
[ 77.587452][ T5308] ? __pfx_kernfs_drain+0x10/0x10
[ 77.587463][ T5308] __kernfs_remove+0x33b/0x570
[ 77.587472][ T5308] kernfs_remove_by_name_ns+0xaf/0x130
[ 77.587483][ T5308] device_del+0x4f0/0x8e0
[ 77.587492][ T5308] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.587507][ T5308] ? __pfx_device_del+0x10/0x10
[ 77.587516][ T5308] ? kobject_put+0x43f/0x480
[ 77.587530][ T5308] drop_partition+0x11b/0x180
[ 77.587543][ T5308] bdev_disk_changed+0x28c/0x14b0
[ 77.587558][ T5308] ? __pfx_bdev_disk_changed+0x10/0x10
[ 77.587570][ T5308] ? kobject_uevent_env+0x36b/0x8c0
[ 77.587585][ T5308] lo_release+0x514/0x7e0
[ 77.587596][ T5308] ? __pfx_lo_release+0x10/0x10
[ 77.587609][ T5308] ? do_raw_spin_unlock+0x4d/0x240
[ 77.587618][ T5308] ? __pfx_lo_release+0x10/0x10
[ 77.587623][ T5308] bdev_release+0x533/0x650
[ 77.587631][ T5308] ? __pfx_blkdev_release+0x10/0x10
[ 77.587638][ T5308] blkdev_release+0x15/0x20
[ 77.587647][ T5308] __fput+0x449/0xa70
[ 77.587657][ T5308] fput_close_sync+0x169/0x200
[ 77.587666][ T5308] ? __pfx_fput_close_sync+0x10/0x10
[ 77.587674][ T5308] ? do_raw_spin_unlock+0x4d/0x240
[ 77.587686][ T5308] __x64_sys_close+0x7f/0x110
[ 77.587710][ T5308] do_syscall_64+0xf6/0x210
[ 77.587724][ T5308] ? clear_bhb_loop+0x45/0xa0
[ 77.587735][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.587742][ T5308] RIP: 0033:0x7f8dd7b170a8
[ 77.587749][ T5308] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
[ 77.587755][ T5308] RSP: 002b:00007ffd4cb98a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 77.587763][ T5308] RAX: ffffffffffffffda RBX: 00007f8dd7f860e0 RCX: 00007f8dd7b170a8
[ 77.587767][ T5308] RDX: 000055d8d6fa4874 RSI: 00007ffd4cb98258 RDI: 0000000000000008
[ 77.587771][ T5308] RBP: 000055dd8b220440 R08: 0000000000000006 R09: 3b544aa8c7e92342
[ 77.587776][ T5308] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002
[ 77.587779][ T5308] R13: 000055dd8b2079c0 R14: 0000000000000008 R15: 000055dd8b1fe910
[ 77.587786][ T5308] </TASK>
[ 77.735396][ T5308] udevd[5308]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory