./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor369531151 <...> Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. execve("./syz-executor369531151", ["./syz-executor369531151"], 0x7fffc856fbd0 /* 10 vars */) = 0 brk(NULL) = 0x55555c863000 brk(0x55555c863d00) = 0x55555c863d00 arch_prctl(ARCH_SET_FS, 0x55555c863380) = 0 set_tid_address(0x55555c863650) = 5834 set_robust_list(0x55555c863660, 24) = 0 rseq(0x55555c863ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor369531151", 4096) = 27 getrandom("\xb6\xcd\xea\xa1\x5d\xfc\x95\xfe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555c863d00 brk(0x55555c884d00) = 0x55555c884d00 brk(0x55555c885000) = 0x55555c885000 mprotect(0x7fe9cc20d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x55555c863660, 24 [pid 5834] <... clone resumed>, child_tidptr=0x55555c863650) = 5835 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] getppid() = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5835] dup2(3, 201) = 201 [pid 5835] close(3) = 0 [pid 5835] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5835] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5835] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5835] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5835] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5835] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5835] unshare(CLONE_NEWNS) = 0 [pid 5835] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5835] unshare(CLONE_NEWIPC) = 0 [pid 5835] unshare(CLONE_NEWCGROUP) = 0 [pid 5835] unshare(CLONE_NEWUTS) = 0 [pid 5835] unshare(CLONE_SYSVSEM) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "16777216", 8) = 8 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "536870912", 9) = 9 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1024", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "8192", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1024", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1024", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5835] close(3) = 0 [pid 5835] getpid() = 1 [pid 5835] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 [ 88.340468][ T13] [ 88.340468][ T13] but task is already holding lock: [ 88.347858][ T13] ffff88802583c188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 88.357691][ T13] [ 88.357691][ T13] which lock already depends on the new lock. [ 88.357691][ T13] [ 88.368193][ T13] [ 88.368193][ T13] the existing dependency chain (in reverse order) is: [ 88.377300][ T13] [ 88.377300][ T13] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}: [ 88.386174][ T13] lock_acquire+0x120/0x360 [ 88.391206][ T13] down_write+0x96/0x1f0 [ 88.395990][ T13] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 88.402498][ T13] nbd_start_device+0x16c/0xac0 [ 88.407889][ T13] nbd_genl_connect+0x1250/0x1930 [ 88.413448][ T13] genl_family_rcv_msg_doit+0x215/0x300 [ 88.419525][ T13] genl_rcv_msg+0x60e/0x790 [ 88.424559][ T13] netlink_rcv_skb+0x208/0x470 [ 88.429855][ T13] genl_rcv+0x28/0x40 [ 88.434368][ T13] netlink_unicast+0x75b/0x8d0 [ 88.439661][ T13] netlink_sendmsg+0x805/0xb30 [ 88.445128][ T13] __sock_sendmsg+0x21c/0x270 [ 88.450432][ T13] ____sys_sendmsg+0x505/0x830 [ 88.455724][ T13] ___sys_sendmsg+0x21f/0x2a0 [ 88.460936][ T13] __x64_sys_sendmsg+0x19b/0x260 [ 88.466402][ T13] do_syscall_64+0xfa/0x3b0 [ 88.471520][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.477935][ T13] [ 88.477935][ T13] -> #1 (&nbd->config_lock){+.+.}-{4:4}: [ 88.485777][ T13] lock_acquire+0x120/0x360 [ 88.490804][ T13] __mutex_lock+0x182/0xe80 [ 88.495843][ T13] refcount_dec_and_mutex_lock+0x30/0xa0 [ 88.502000][ T13] nbd_config_put+0x2c/0x790 [ 88.507119][ T13] nbd_release+0xfe/0x140 [ 88.511970][ T13] bdev_release+0x536/0x650 [ 88.517174][ T13] blkdev_release+0x15/0x20 [ 88.522211][ T13] __fput+0x44c/0xa70 [ 88.526892][ T13] fput_close_sync+0x119/0x200 [ 88.532181][ T13] __x64_sys_close+0x7f/0x110 [ 88.537430][ T13] do_syscall_64+0xfa/0x3b0 [ 88.542490][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.548934][ T13] [ 88.548934][ T13] -> #0 (&disk->open_mutex){+.+.}-{4:4}: [ 88.556789][ T13] validate_chain+0xb9b/0x2140 [ 88.562207][ T13] __lock_acquire+0xab9/0xd20 [ 88.567420][ T13] lock_acquire+0x120/0x360 [ 88.572599][ T13] __mutex_lock+0x182/0xe80 [ 88.577890][ T13] __del_gendisk+0x129/0x9e0 [ 88.583022][ T13] del_gendisk+0xe8/0x160 [ 88.587881][ T13] nbd_dev_remove_work+0x47/0xe0 [ 88.593366][ T13] process_scheduled_works+0xae1/0x17b0 [ 88.599957][ T13] worker_thread+0x8a0/0xda0 [ 88.605089][ T13] kthread+0x70e/0x8a0 [ 88.609703][ T13] ret_from_fork+0x3f9/0x770 [ 88.614834][ T13] ret_from_fork_asm+0x1a/0x30 [ 88.620236][ T13] [ 88.620236][ T13] other info that might help us debug this: [ 88.620236][ T13] [ 88.630474][ T13] Chain exists of: [ 88.630474][ T13] &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock [ 88.630474][ T13] [ 88.644743][ T13] Possible unsafe locking scenario: [ 88.644743][ T13] [ 88.652192][ T13] CPU0 CPU1 [ 88.657555][ T13] ---- ---- [ 88.662920][ T13] rlock(&set->update_nr_hwq_lock); [ 88.668210][ T13] lock(&nbd->config_lock); [ 88.675335][ T13] lock(&set->update_nr_hwq_lock); [ 88.683231][ T13] lock(&disk->open_mutex); [ 88.687843][ T13] [ 88.687843][ T13] *** DEADLOCK *** [ 88.687843][ T13] [ 88.696338][ T13] 3 locks held by kworker/u8:1/13: [ 88.701458][ T13] #0: ffff888025bf5148 ((wq_completion)nbd-del){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 88.712524][ T13] #1: ffffc90000127bc0 ((work_completion)(&nbd->remove_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 88.724804][ T13] #2: ffff88802583c188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 88.734830][ T13] [ 88.734830][ T13] stack backtrace: [ 88.740722][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 88.740741][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.740751][ T13] Workqueue: nbd-del nbd_dev_remove_work [ 88.740777][ T13] Call Trace: [ 88.740785][ T13] [ 88.740792][ T13] dump_stack_lvl+0x189/0x250 [ 88.740811][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.740828][ T13] ? __pfx__printk+0x10/0x10 [ 88.740844][ T13] ? print_lock_name+0xde/0x100 [ 88.740860][ T13] print_circular_bug+0x2ee/0x310 [ 88.740880][ T13] check_noncircular+0x134/0x160 [ 88.740900][ T13] validate_chain+0xb9b/0x2140 [ 88.740919][ T13] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 88.740940][ T13] ? arch_stack_walk+0x11c/0x150 [ 88.740961][ T13] __lock_acquire+0xab9/0xd20 [ 88.740977][ T13] ? __del_gendisk+0x129/0x9e0 [ 88.740993][ T13] lock_acquire+0x120/0x360 [ 88.741006][ T13] ? __del_gendisk+0x129/0x9e0 [ 88.741025][ T13] ? check_path+0x21/0x40 [ 88.741043][ T13] __mutex_lock+0x182/0xe80 [ 88.741058][ T13] ? __del_gendisk+0x129/0x9e0 [ 88.741078][ T13] ? __del_gendisk+0x129/0x9e0 [ 88.741095][ T13] ? __pfx___mutex_lock+0x10/0x10 [ 88.741109][ T13] ? __pfx___might_resched+0x10/0x10 [ 88.741127][ T13] ? __lock_acquire+0xab9/0xd20 [ 88.741141][ T13] ? disk_del_events+0xb5/0x210 [ 88.741160][ T13] ? __del_gendisk+0xc1/0x9e0 [ 88.741177][ T13] __del_gendisk+0x129/0x9e0 [ 88.741195][ T13] ? del_gendisk+0xe0/0x160 [ 88.741214][ T13] ? __pfx___del_gendisk+0x10/0x10 [ 88.741233][ T13] ? down_read+0x1ad/0x2e0 [ 88.741248][ T13] del_gendisk+0xe8/0x160 [ 88.741266][ T13] nbd_dev_remove_work+0x47/0xe0 [ 88.741287][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 88.741303][ T13] process_scheduled_works+0xae1/0x17b0 [ 88.741334][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 88.741355][ T13] worker_thread+0x8a0/0xda0 [ 88.741379][ T13] kthread+0x70e/0x8a0 [ 88.741399][ T13] ? __pfx_worker_thread+0x10/0x10 [ 88.741416][ T13] ? __pfx_kthread+0x10/0x10 [pid 5835] exit_group(1) = ? [pid 5835] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=1, si_utime=0, si_stime=55 /* 0.55 s */} --- exit_group(0) = ? [ 88.741440][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.741460][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.741481][ T13] ? __pfx_kthread+0x10/0x10 [ 88.741500][ T13] ret_from_fork+0x3f9/0x770 [ 88.741515][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 88.741531][ T13] ? __switch_to_asm+0x39/0x70 [ 88.741549][ T13] ? __switch_to_asm+0x33/0x70 [ 88.741568][ T13] ? __pfx_kthread+0x10/0x10 [ 88.741586][ T13] ret_from_fork_asm+0x1a/0x30 [ 88.741609][ T13] +++ exited with 0 +++ [ 88.995295][ T5152] blo