./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2584506586

<...>
Warning: Permanently added '10.128.1.229' (ED25519) to the list of known hosts.
execve("./syz-executor2584506586", ["./syz-executor2584506586"], 0x7ffd02fdec40 /* 10 vars */) = 0
brk(NULL)                               = 0x555590203000
brk(0x555590203d00)                     = 0x555590203d00
arch_prctl(ARCH_SET_FS, 0x555590203380) = 0
set_tid_address(0x555590203650)         = 5840
set_robust_list(0x555590203660, 24)     = 0
rseq(0x555590203ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2584506586", 4096) = 28
getrandom("\x7f\x9c\x1b\x4f\xab\xe7\x96\x84", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555590203d00
brk(0x555590224d00)                     = 0x555590224d00
brk(0x555590225000)                     = 0x555590225000
mprotect(0x7f773fcda000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 28
recvfrom(4, [{nlmsg_len=180, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5840}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x0a\x00\x00\x00\x54\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 180
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5840}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(4)                                = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
[   92.329661][ T5840] 
[   92.332024][ T5840] ======================================================
[   92.339035][ T5840] WARNING: possible circular locking dependency detected
[   92.346069][ T5840] 6.16.0-syzkaller-06588-g759dfc7d04ba #0 Not tainted
[   92.352853][ T5840] ------------------------------------------------------
[   92.359864][ T5840] syz-executor258/5840 is trying to acquire lock:
[   92.366505][ T5840] ffff88801b2ff188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x30/0x60
[   92.375769][ T5840] 
[   92.375769][ T5840] but task is already holding lock:
[   92.383498][ T5840] ffff8881433a4558 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   92.394028][ T5840] 
[   92.394028][ T5840] which lock already depends on the new lock.
[   92.394028][ T5840] 
[   92.404434][ T5840] 
[   92.404434][ T5840] the existing dependency chain (in reverse order) is:
[   92.413466][ T5840] 
[   92.413466][ T5840] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[   92.422095][ T5840]        lock_acquire+0x120/0x360
[   92.427234][ T5840]        blk_alloc_queue+0x538/0x620
[   92.432520][ T5840]        __blk_mq_alloc_disk+0x15c/0x340
[   92.438153][ T5840]        nbd_dev_add+0x46c/0xae0
[   92.443085][ T5840]        nbd_init+0x168/0x1f0
[   92.447777][ T5840]        do_one_initcall+0x233/0x820
[   92.453057][ T5840]        do_initcall_level+0x104/0x190
[   92.458510][ T5840]        do_initcalls+0x59/0xa0
[   92.463356][ T5840]        kernel_init_freeable+0x334/0x4a0
[   92.469095][ T5840]        kernel_init+0x1d/0x1d0
[   92.473957][ T5840]        ret_from_fork+0x3fc/0x770
[   92.479071][ T5840]        ret_from_fork_asm+0x1a/0x30
[   92.484355][ T5840] 
[   92.484355][ T5840] -> #1 (fs_reclaim){+.+.}-{0:0}:
[   92.491570][ T5840]        lock_acquire+0x120/0x360
[   92.496694][ T5840]        fs_reclaim_acquire+0x72/0x100
[   92.502194][ T5840]        kmem_cache_alloc_lru_noprof+0x49/0x3d0
[   92.508465][ T5840]        alloc_inode+0xb8/0x1b0
[   92.513333][ T5840]        iget_locked+0xf0/0x570
[   92.518183][ T5840]        kernfs_get_inode+0x4f/0x780
[   92.523550][ T5840]        kernfs_get_tree+0x5a9/0x920
[   92.528833][ T5840]        sysfs_get_tree+0x46/0x110
[   92.533941][ T5840]        vfs_get_tree+0x8f/0x2b0
[   92.538965][ T5840]        do_new_mount+0x2a2/0x9e0
[   92.543984][ T5840]        __se_sys_mount+0x317/0x410
[   92.549441][ T5840]        do_syscall_64+0xfa/0x3b0
[   92.554495][ T5840]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.561080][ T5840] 
[   92.561080][ T5840] -> #0 (&root->kernfs_rwsem){++++}-{4:4}:
[   92.569074][ T5840]        validate_chain+0xb9b/0x2140
[   92.574530][ T5840]        __lock_acquire+0xab9/0xd20
[   92.579730][ T5840]        lock_acquire+0x120/0x360
[   92.584757][ T5840]        down_write+0x96/0x1f0
[   92.589512][ T5840]        kernfs_remove+0x30/0x60
[   92.594446][ T5840]        __kobject_del+0xe1/0x300
[   92.599464][ T5840]        kobject_del+0x45/0x60
[   92.604244][ T5840]        elevator_change_done+0xf2/0x470
[   92.609868][ T5840]        elevator_set_none+0x42/0xb0
[   92.615147][ T5840]        blk_mq_update_nr_hw_queues+0x68f/0x1890
[   92.621563][ T5840]        nbd_start_device+0x17f/0xb10
[   92.626945][ T5840]        nbd_genl_connect+0x135b/0x18f0
[   92.632656][ T5840]        genl_family_rcv_msg_doit+0x215/0x300
[   92.638731][ T5840]        genl_rcv_msg+0x60e/0x790
[   92.643835][ T5840]        netlink_rcv_skb+0x208/0x470
[   92.649119][ T5840]        genl_rcv+0x28/0x40
[   92.653615][ T5840]        netlink_unicast+0x82c/0x9e0
[   92.658994][ T5840]        netlink_sendmsg+0x805/0xb30
[   92.664282][ T5840]        __sock_sendmsg+0x21c/0x270
[   92.669482][ T5840]        ____sys_sendmsg+0x505/0x830
[   92.674872][ T5840]        ___sys_sendmsg+0x21f/0x2a0
[   92.680099][ T5840]        __x64_sys_sendmsg+0x19b/0x260
[   92.685553][ T5840]        do_syscall_64+0xfa/0x3b0
[   92.690581][ T5840]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.696991][ T5840] 
[   92.696991][ T5840] other info that might help us debug this:
[   92.696991][ T5840] 
[   92.707477][ T5840] Chain exists of:
[   92.707477][ T5840]   &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#49
[   92.707477][ T5840] 
[   92.721389][ T5840]  Possible unsafe locking scenario:
[   92.721389][ T5840] 
[   92.729023][ T5840]        CPU0                    CPU1
[   92.734427][ T5840]        ----                    ----
[   92.739976][ T5840]   lock(&q->q_usage_counter(io)#49);
[   92.745363][ T5840]                                lock(fs_reclaim);
[   92.751870][ T5840]                                lock(&q->q_usage_counter(io)#49);
[   92.759856][ T5840]   lock(&root->kernfs_rwsem);
[   92.764622][ T5840] 
[   92.764622][ T5840]  *** DEADLOCK ***
[   92.764622][ T5840] 
[   92.772831][ T5840] 6 locks held by syz-executor258/5840:
[   92.778396][ T5840]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   92.786703][ T5840]  #1: ffffffff8f56e208 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   92.795773][ T5840]  #2: ffff888025120988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa6/0x1890
[   92.807477][ T5840]  #3: ffff8880251208d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb9/0x1890
[   92.818583][ T5840]  #4: ffff8881433a4558 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   92.829445][ T5840]  #5: ffff8881433a4590 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   92.840339][ T5840] 
[   92.840339][ T5840] stack backtrace:
[   92.846409][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor258 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[   92.846428][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   92.846443][ T5840] Call Trace:
[   92.846451][ T5840]  <TASK>
[   92.846465][ T5840]  dump_stack_lvl+0x189/0x250
[   92.846486][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.846501][ T5840]  ? __pfx__printk+0x10/0x10
[   92.846520][ T5840]  ? print_lock_name+0xde/0x100
[   92.846538][ T5840]  print_circular_bug+0x2ee/0x310
[   92.846555][ T5840]  check_noncircular+0x134/0x160
[   92.846572][ T5840]  validate_chain+0xb9b/0x2140
[   92.846594][ T5840]  __lock_acquire+0xab9/0xd20
[   92.846616][ T5840]  ? kernfs_remove+0x30/0x60
[   92.846634][ T5840]  lock_acquire+0x120/0x360
[   92.846654][ T5840]  ? kernfs_remove+0x30/0x60
[   92.846677][ T5840]  down_write+0x96/0x1f0
[   92.846691][ T5840]  ? kernfs_remove+0x30/0x60
[   92.846709][ T5840]  ? __pfx_down_write+0x10/0x10
[   92.846722][ T5840]  ? kernfs_root+0x1c/0x230
[   92.846738][ T5840]  ? kernfs_root+0x1c/0x230
[   92.846755][ T5840]  ? kernfs_root+0x1ea/0x230
[   92.846772][ T5840]  kernfs_remove+0x30/0x60
[   92.846790][ T5840]  __kobject_del+0xe1/0x300
[   92.846806][ T5840]  kobject_del+0x45/0x60
[   92.846828][ T5840]  elevator_change_done+0xf2/0x470
[   92.846846][ T5840]  elevator_set_none+0x42/0xb0
[   92.846862][ T5840]  blk_mq_update_nr_hw_queues+0x68f/0x1890
[   92.846887][ T5840]  ? __mutex_unlock_slowpath+0x1a1/0x760
[   92.846911][ T5840]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   92.846933][ T5840]  ? sysfs_add_file_mode_ns+0x259/0x300
[   92.846950][ T5840]  nbd_start_device+0x17f/0xb10
[   92.846967][ T5840]  ? device_create_file+0xf4/0x1c0
[   92.846985][ T5840]  nbd_genl_connect+0x135b/0x18f0
[   92.847002][ T5840]  ? __pfx_nbd_genl_connect+0x10/0x10
[   92.847023][ T5840]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   92.847046][ T5840]  genl_family_rcv_msg_doit+0x215/0x300
[   92.847066][ T5840]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   92.847088][ T5840]  ? stack_trace_save+0x9c/0xe0
[   92.847106][ T5840]  genl_rcv_msg+0x60e/0x790
[   92.847124][ T5840]  ? __pfx_genl_rcv_msg+0x10/0x10
[   92.847140][ T5840]  ? __pfx_nbd_genl_connect+0x10/0x10
[   92.847158][ T5840]  netlink_rcv_skb+0x208/0x470
[   92.847179][ T5840]  ? __lock_acquire+0xab9/0xd20
[   92.847199][ T5840]  ? __pfx_genl_rcv_msg+0x10/0x10
[   92.847216][ T5840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   92.847243][ T5840]  ? down_read+0x1ad/0x2e0
[   92.847257][ T5840]  genl_rcv+0x28/0x40
[   92.847272][ T5840]  netlink_unicast+0x82c/0x9e0
[   92.847294][ T5840]  ? __pfx_netlink_unicast+0x10/0x10
[   92.847314][ T5840]  ? netlink_sendmsg+0x642/0xb30
[   92.847335][ T5840]  ? skb_put+0x11b/0x210
[   92.847350][ T5840]  netlink_sendmsg+0x805/0xb30
[   92.847375][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   92.847398][ T5840]  ? aa_sock_msg_perm+0x94/0x160
[   92.847418][ T5840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   92.847435][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   92.847462][ T5840]  __sock_sendmsg+0x21c/0x270
[   92.847483][ T5840]  ____sys_sendmsg+0x505/0x830
[   92.847499][ T5840]  ? __pfx_____sys_sendmsg+0x10/0x10
[   92.847517][ T5840]  ? import_iovec+0x74/0xa0
[   92.847539][ T5840]  ___sys_sendmsg+0x21f/0x2a0
[   92.847554][ T5840]  ? __pfx____sys_sendmsg+0x10/0x10
[   92.847571][ T5840]  ? do_raw_spin_lock+0x121/0x290
[   92.847602][ T5840]  __x64_sys_sendmsg+0x19b/0x260
[   92.847617][ T5840]  ? _raw_spin_unlock_irq+0x2e/0x50
[   92.847636][ T5840]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   92.847659][ T5840]  do_syscall_64+0xfa/0x3b0
[   92.847680][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[   92.847700][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.847715][ T5840]  ? clear_bhb_loop+0x60/0xb0
[   92.847731][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.847745][ T5840] RIP: 0033:0x7f773fc67419
[   92.847763][ T5840] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   92.847776][ T5840] RSP: 002b:00007ffc34589e38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.847791][ T5840] RAX: ffffffffffffffda RBX: 00007ffc3458a008 RCX: 00007f773fc67419
[   92.847803][ T5840] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000003
[   92.847812][ T5840] RBP: 00007f773fcda610 R08: 0000000000000008 R09: 00007ffc3458a008
[   92.847822][ T5840] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001
[   92.847831][ T5840] R13: 00007ffc34589ff8 R14: 0000000000000001 R15: 0000000000000001
[   92.847848][ T5840]  </TASK>
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x68\x00\x00\x00\x29\x00\x01\x00\xfe\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x08\x00\x01\x00\x00\x00\x00\x00\x0c\x00\x05\x00\x1b\x19\x3c\x99\xa8\x77\x2e\xfb\x0c\x00\x02\x00\xff\xff\x00\x00\x00\x00\x00\x00\x28\x00\x07\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x08\x00\xff\xff\xff\x7f"..., iov_len=104}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_FASTOPEN) = 104
exit_group(0)                           = ?
+++ exited with 0 +++