program: creat(&(0x7f0000000000)='./bus\x00', 0x0) syz_read_part_table(0x5e4, &(0x7f0000000600)="$eJzs3D+oHFUUB+DfzO7OvhcSnpWV4IMUBgWfkFIXo5A80wXRTtDWYkViZSG7SwQLjZWNvRZGIYhtCgUJajorER5aiNhbmMJwZefPrqJWT9TA9xUz95w795xZ5k65E+5uZS8p1Xq02ibHdT/4MckkWT3/RDLtUpN+ar3m2WvnL1zcv1RNN7l1dtnPTrcFm6Fw9vvRjXGuXjt84+13TlVZ5la96NLLZPJRk3F7a926d/9807erthb/uTOflu5BNPk6+fLRE/Nq1D789X56P7knO21wkGSU/rBMdtej5vj9r89urh7vx7vpd9qkixZ5oDzSz01SSil1FqeHlaPkvscOLv9V0Un++Dqs92Ipk5PD2nr7FszvNMM+PPvF94us7t9UbzuW0sVHu8nLR08/3NaquhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz/nHnlwc+aITjXHqs++uTJpz5Ivb10mfw6jPd3/qH+12c39668frnOq7MXv3nptR8Of8rPSUY5ODyZTDfXvdCdPn6zPY377L27x+0/v1M3H773+bZOX7pKvjr97e0y6tNHmwu295RZfdz2AAAAAAAAAAAAAAAAAAAA0Dp/4eL+pTrPJFWey/bv/iU7STV8CmAdlFLKL6WTnL0xnl9tcuVEN3/ru/6zAaX6ffVzyd6ppEzfemj4rMCyrTRuW1T/1q/k7/wWAAD//27mZ2s=") mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x101201, 0x28) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) io_setup(0x1, &(0x7f00000004c0)=0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r1, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) syz_read_part_table(0x5c1, &(0x7f0000000000)="$eJzs2z+rI1UYB+DfTJKZBFxiZSkprdzCetlV2A0LFotgJ+gnEButlJ0gaKOCaGPhF9jCWwhWgt1F9DNcroWi3UUs1OYemfyZJNoo9woKz1OcnHnPOe97krzthP+3Mh8loz8Fx3VdJRc/9PNJktXLzybtIrvnXpXkxUd3791fPKia7bH1eNEl9UGgSZ4cEmexnX05zvuPlu9+8PGbTbp05w+TfJp0SWn79emHKeuz+aT5y6V/64uP22v+Kfjnnsrs6Lkahl6XxzNdz25m22WjdTib/+6dK9c/uXW6ut1PyqZLZs2+epI7x7vroTMn+fkyk3oxLG16N7c31zvWjlJKmRymmezS7Ks98/V3D7NqNiuj7LpzuR7PZslrZy88XR3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgv6mUUvrPZoiM++Hz56pueByPDg78XjauofbJrdP529t05dW3vl/+NP0lySg3l4+Vth32vZL2s48O71dfJnlidtX6ZVfi9ZcOw4us8s0bX/UXKWW+j0+qfvwi6fL8/iwAAAAAAAAAAAAAAAAAAABc0d179xcP6lk2r7LXQ7xkmlTt8Rvu5ddSyp2U5ig6S/LteaokP6ZUh0tNMr+RpH2vWa9nki4p5cZ0u2H6r30x/pY/AgAA//9VYV70") [ 68.412954][ T4669] Bluetooth: hci0: command tx timeout [ 68.492814][ T5325] loop0: detected capacity change from 0 to 2048 [ 68.525057][ T5325] loop0: p1 < > p3 p4 < > [ 68.530184][ T5325] loop0: p3 start 4284289 is beyond EOD, truncated [ 68.540835][ T4732] loop0: p1 < > p3 p4 < > [ 68.543819][ T4732] loop0: p3 start 4284289 is beyond EOD, truncated [ 68.623753][ T5324] [ 68.624712][ T5324] ====================================================== [ 68.627210][ T5324] WARNING: possible circular locking dependency detected [ 68.629600][ T5324] 6.12.0-rc6-syzkaller-00192-gf1dce1f09380 #0 Not tainted [ 68.632018][ T5324] ------------------------------------------------------ [ 68.634507][ T5324] syz.0.0/5324 is trying to acquire lock: [ 68.636537][ T5324] ffff88804ff14a58 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x400/0x870 [ 68.639846][ T5324] [ 68.639846][ T5324] but task is already holding lock: [ 68.642368][ T5324] ffff88801fb2b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x17e/0x700 [ 68.645558][ T5324] [ 68.645558][ T5324] which lock already depends on the new lock. [ 68.645558][ T5324] [ 68.649062][ T5324] [ 68.649062][ T5324] the existing dependency chain (in reverse order) is: [ 68.652021][ T5324] [ 68.652021][ T5324] -> #2 (&disk->open_mutex){+.+.}-{3:3}: [ 68.654619][ T5324] lock_acquire+0x1ed/0x550 [ 68.656229][ T5324] __mutex_lock+0x136/0xd70 [ 68.657956][ T5324] bdev_open+0xf0/0xc50 [ 68.659545][ T5324] bdev_file_open_by_dev+0x1b0/0x220 [ 68.661417][ T5324] disk_scan_partitions+0x1be/0x2b0 [ 68.663270][ T5324] device_add_disk+0xd02/0x1000 [ 68.665058][ T5324] pmem_attach_disk+0xdf7/0x10e0 [ 68.667030][ T5324] nvdimm_bus_probe+0x147/0x4e0 [ 68.669408][ T5324] really_probe+0x2b8/0xad0 [ 68.671481][ T5324] __driver_probe_device+0x1a2/0x390 [ 68.673539][ T5324] driver_probe_device+0x50/0x430 [ 68.675540][ T5324] __driver_attach+0x45f/0x710 [ 68.677477][ T5324] bus_for_each_dev+0x239/0x2b0 [ 68.679410][ T5324] bus_add_driver+0x346/0x670 [ 68.681348][ T5324] driver_register+0x23a/0x320 [ 68.683236][ T5324] do_one_initcall+0x248/0x880 [ 68.685188][ T5324] do_initcall_level+0x157/0x210 [ 68.687161][ T5324] do_initcalls+0x3f/0x80 [ 68.688920][ T5324] kernel_init_freeable+0x435/0x5d0 [ 68.690886][ T5324] kernel_init+0x1d/0x2b0 [ 68.692593][ T5324] ret_from_fork+0x4b/0x80 [ 68.694352][ T5324] ret_from_fork_asm+0x1a/0x30 [ 68.696212][ T5324] [ 68.696212][ T5324] -> #1 (&nvdimm_namespace_key){+.+.}-{3:3}: [ 68.699060][ T5324] lock_acquire+0x1ed/0x550 [ 68.700890][ T5324] __mutex_lock+0x136/0xd70 [ 68.702681][ T5324] uevent_show+0x17d/0x340 [ 68.704425][ T5324] dev_attr_show+0x55/0xc0 [ 68.706194][ T5324] sysfs_kf_seq_show+0x331/0x4c0 [ 68.708214][ T5324] seq_read_iter+0x43f/0xd70 [ 68.710179][ T5324] vfs_read+0x991/0xb70 [ 68.712154][ T5324] ksys_read+0x183/0x2b0 [ 68.714126][ T5324] do_syscall_64+0xf3/0x230 [ 68.716208][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.718824][ T5324] [ 68.718824][ T5324] -> #0 (kn->active#5){++++}-{0:0}: [ 68.721884][ T5324] validate_chain+0x18ef/0x5920 [ 68.724162][ T5324] __lock_acquire+0x1384/0x2050 [ 68.726467][ T5324] lock_acquire+0x1ed/0x550 [ 68.728433][ T5324] kernfs_drain+0x31c/0x6d0 [ 68.730212][ T5324] __kernfs_remove+0x400/0x870 [ 68.732135][ T5324] kernfs_remove_by_name_ns+0xdc/0x160 [ 68.734266][ T5324] device_del+0x56a/0x9b0 [ 68.736063][ T5324] drop_partition+0x11b/0x180 [ 68.737901][ T5324] bdev_disk_changed+0x2bf/0x13f0 [ 68.739894][ T5324] lo_release+0x53e/0x850 [ 68.741760][ T5324] bdev_release+0x5dd/0x700 [ 68.743467][ T5324] blkdev_release+0x15/0x20 [ 68.745176][ T5324] __fput+0x23f/0x880 [ 68.746803][ T5324] task_work_run+0x24f/0x310 [ 68.748569][ T5324] syscall_exit_to_user_mode+0x168/0x370 [ 68.750832][ T5324] do_syscall_64+0x100/0x230 [ 68.752687][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.754670][ T5324] [ 68.754670][ T5324] other info that might help us debug this: [ 68.754670][ T5324] [ 68.757388][ T5324] Chain exists of: [ 68.757388][ T5324] kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex [ 68.757388][ T5324] [ 68.761644][ T5324] Possible unsafe locking scenario: [ 68.761644][ T5324] [ 68.764387][ T5324] CPU0 CPU1 [ 68.766721][ T5324] ---- ---- [ 68.769106][ T5324] lock(&disk->open_mutex); [ 68.771196][ T5324] lock(&nvdimm_namespace_key); [ 68.774407][ T5324] lock(&disk->open_mutex); [ 68.777503][ T5324] lock(kn->active#5); [ 68.779327][ T5324] [ 68.779327][ T5324] *** DEADLOCK *** [ 68.779327][ T5324] [ 68.782938][ T5324] 1 lock held by syz.0.0/5324: [ 68.784881][ T5324] #0: ffff88801fb2b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x17e/0x700 [ 68.788888][ T5324] [ 68.788888][ T5324] stack backtrace: [ 68.791158][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00192-gf1dce1f09380 #0 [ 68.794910][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.798804][ T5324] Call Trace: [ 68.800038][ T5324] [ 68.801122][ T5324] dump_stack_lvl+0x241/0x360 [ 68.802847][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.804766][ T5324] ? __pfx__printk+0x10/0x10 [ 68.806477][ T5324] print_circular_bug+0x13a/0x1b0 [ 68.808290][ T5324] check_noncircular+0x36a/0x4a0 [ 68.810096][ T5324] ? __pfx_check_noncircular+0x10/0x10 [ 68.812011][ T5324] ? lockdep_lock+0x123/0x2b0 [ 68.813617][ T5324] ? unwind_next_frame+0x18e6/0x22d0 [ 68.815482][ T5324] ? deref_stack_reg+0x17c/0x210 [ 68.817337][ T5324] validate_chain+0x18ef/0x5920 [ 68.819015][ T5324] ? unwind_get_return_address+0x4d/0x90 [ 68.820791][ T5324] ? arch_stack_walk+0xfd/0x150 [ 68.822430][ T5324] ? __pfx_validate_chain+0x10/0x10 [ 68.824289][ T5324] ? stack_trace_save+0x118/0x1d0 [ 68.826171][ T5324] ? __pfx_validate_chain+0x10/0x10 [ 68.827987][ T5324] ? __pfx_stack_trace_save+0x10/0x10 [ 68.829973][ T5324] ? lockdep_unlock+0x16a/0x300 [ 68.831824][ T5324] ? __pfx_lockdep_unlock+0x10/0x10 [ 68.833756][ T5324] ? mark_lock+0x2ae/0x360 [ 68.835282][ T5324] __lock_acquire+0x1384/0x2050 [ 68.836914][ T5324] lock_acquire+0x1ed/0x550 [ 68.838406][ T5324] ? __kernfs_remove+0x400/0x870 [ 68.840218][ T5324] ? __pfx_lock_acquire+0x10/0x10 [ 68.841956][ T5324] ? up_write+0x1a9/0x590 [ 68.843480][ T5324] ? __pfx_up_write+0x10/0x10 [ 68.845220][ T5324] kernfs_drain+0x31c/0x6d0 [ 68.846886][ T5324] ? __kernfs_remove+0x400/0x870 [ 68.848663][ T5324] ? __pfx___might_resched+0x10/0x10 [ 68.850395][ T5324] ? __pfx_kernfs_drain+0x10/0x10 [ 68.852294][ T5324] __kernfs_remove+0x400/0x870 [ 68.854064][ T5324] kernfs_remove_by_name_ns+0xdc/0x160 [ 68.856075][ T5324] device_del+0x56a/0x9b0 [ 68.857555][ T5324] ? __pfx_device_del+0x10/0x10 [ 68.859370][ T5324] ? kobject_put+0x446/0x480 [ 68.861143][ T5324] drop_partition+0x11b/0x180 [ 68.862773][ T5324] bdev_disk_changed+0x2bf/0x13f0 [ 68.864559][ T5324] ? kobject_uevent_env+0x54d/0x8e0 [ 68.866311][ T5324] ? __pfx_bdev_disk_changed+0x10/0x10 [ 68.868347][ T5324] ? kobject_uevent_env+0x54d/0x8e0 [ 68.870325][ T5324] lo_release+0x53e/0x850 [ 68.871934][ T5324] ? __pfx_lo_release+0x10/0x10 [ 68.873750][ T5324] ? __pfx_invalidate_bh_lru+0x10/0x10 [ 68.875515][ T5324] ? do_raw_spin_unlock+0x58/0x8b0 [ 68.877418][ T5324] ? __pfx_lo_release+0x10/0x10 [ 68.879159][ T5324] bdev_release+0x5dd/0x700 [ 68.880714][ T5324] blkdev_release+0x15/0x20 [ 68.882217][ T5324] ? __pfx_blkdev_release+0x10/0x10 [ 68.883993][ T5324] __fput+0x23f/0x880 [ 68.885387][ T5324] task_work_run+0x24f/0x310 [ 68.887033][ T5324] ? __pfx_task_work_run+0x10/0x10 [ 68.888768][ T5324] ? syscall_exit_to_user_mode+0xa3/0x370 [ 68.890678][ T5324] syscall_exit_to_user_mode+0x168/0x370 [ 68.892505][ T5324] do_syscall_64+0x100/0x230 [ 68.894032][ T5324] ? clear_bhb_loop+0x35/0x90 [ 68.895345][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.897111][ T5324] RIP: 0033:0x7faffaf7e719 [ 68.898545][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.905286][ T5324] RSP: 002b:00007fffc81cc548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 68.908284][ T5324] RAX: 0000000000000000 RBX: 0000000000010b03 RCX: 00007faffaf7e719 [ 68.911076][ T5324] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 68.913887][ T5324] RBP: 00007faffb137a80 R08: 0000000000000001 R09: 00007fffc81cc83f [ 68.916593][ T5324] R10: 00007faffadff030 R11: 0000000000000246 R12: 0000000000010c4b [ 68.919201][ T5324] R13: 00007fffc81cc650 R14: 00000000000000fa R15: ffffffffffffffff [ 68.921794][ T5324] [ 68.939002][ T5305] udevd[5305]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 68.944708][ T5307] udevd[5307]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 68.957505][ T5305] udevd[5305]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory