program: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0xfffffffc}, 0x9) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r2 = socket(0x2, 0x2, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x80040) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x6) ioctl$NBD_DO_IT(r3, 0xab03) ioctl$NBD_CLEAR_SOCK(r1, 0x125f) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2612000166ccab00ff0000008080000000000000"], 0x26}, 0x1, 0x0, 0x0, 0x844}, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r5, &(0x7f0000000000)={0x23, 0x20}, 0x10) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) r7 = socket(0x23, 0x5, 0x0) listen(r7, 0x0) bind$phonet(r6, &(0x7f0000000100)={0x23, 0x30}, 0x10) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/softlockup_count', 0x88102, 0x0) write$cgroup_int(r8, &(0x7f0000000040)=0x700, 0xfdef) [ 84.582690][ T4668] Bluetooth: hci0: command tx timeout [ 84.723762][ T5321] nbd0: detected capacity change from 0 to 12 [ 84.730368][ T5295] block nbd0: Send control failed (result -89) [ 84.735741][ T5295] block nbd0: Request send failed, requeueing [ 84.740294][ T4668] block nbd0: Receive control failed (result -32) [ 84.745817][ T49] block nbd0: Dead connection, failed to find a fallback [ 84.748747][ T49] block nbd0: shutting down sockets [ 84.751290][ T49] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.756694][ T49] Buffer I/O error on dev nbd0, logical block 0, async page read [ 84.759930][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.764366][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 84.768031][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.772784][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 84.776834][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.780820][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 84.785410][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.789706][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 84.794362][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 84.799302][ T5322] [ 84.800452][ T5322] ====================================================== [ 84.803463][ T5322] WARNING: possible circular locking dependency detected [ 84.806418][ T5322] 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 Not tainted [ 84.809343][ T5322] ------------------------------------------------------ [ 84.812517][ T5322] syz.0.0/5322 is trying to acquire lock: [ 84.815685][ T5322] ffff888030fcb358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 [ 84.820605][ T5322] [ 84.820605][ T5322] but task is already holding lock: [ 84.823897][ T5322] ffff888030fca368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 84.828022][ T5322] [ 84.828022][ T5322] which lock already depends on the new lock. [ 84.828022][ T5322] [ 84.832257][ T5322] [ 84.832257][ T5322] the existing dependency chain (in reverse order) is: [ 84.836031][ T5322] [ 84.836031][ T5322] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}: [ 84.839574][ T5322] lock_acquire+0x120/0x360 [ 84.841863][ T5322] down_write+0x96/0x1f0 [ 84.844075][ T5322] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 84.846733][ T5322] nbd_start_device+0x16c/0xac0 [ 84.848921][ T5322] nbd_ioctl+0x636/0xeb0 [ 84.851044][ T5322] blkdev_ioctl+0x5a8/0x6d0 [ 84.853349][ T5322] __se_sys_ioctl+0xfc/0x170 [ 84.855693][ T5322] do_syscall_64+0xfa/0x3b0 [ 84.857979][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.860826][ T5322] [ 84.860826][ T5322] -> #1 (&nbd->config_lock){+.+.}-{4:4}: [ 84.863953][ T5322] lock_acquire+0x120/0x360 [ 84.866165][ T5322] __mutex_lock+0x182/0xe80 [ 84.868405][ T5322] refcount_dec_and_mutex_lock+0x30/0xa0 [ 84.871157][ T5322] nbd_config_put+0x2c/0x790 [ 84.873516][ T5322] nbd_release+0xfe/0x140 [ 84.875702][ T5322] bdev_release+0x536/0x650 [ 84.877792][ T5322] blkdev_release+0x15/0x20 [ 84.880005][ T5322] __fput+0x44c/0xa70 [ 84.882004][ T5322] fput_close_sync+0x119/0x200 [ 84.884270][ T5322] __x64_sys_close+0x7f/0x110 [ 84.886428][ T5322] do_syscall_64+0xfa/0x3b0 [ 84.888512][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.891194][ T5322] [ 84.891194][ T5322] -> #0 (&disk->open_mutex){+.+.}-{4:4}: [ 84.894568][ T5322] validate_chain+0xb9b/0x2140 [ 84.897407][ T5322] __lock_acquire+0xab9/0xd20 [ 84.900289][ T5322] lock_acquire+0x120/0x360 [ 84.902591][ T5322] __mutex_lock+0x182/0xe80 [ 84.904782][ T5322] __del_gendisk+0x129/0x9e0 [ 84.906856][ T5322] del_gendisk+0xe8/0x160 [ 84.908879][ T5322] loop_remove+0x42/0xc0 [ 84.910784][ T5322] loop_control_ioctl+0x4ac/0x5a0 [ 84.913140][ T5322] __se_sys_ioctl+0xfc/0x170 [ 84.915340][ T5322] do_syscall_64+0xfa/0x3b0 [ 84.917570][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.920448][ T5322] [ 84.920448][ T5322] other info that might help us debug this: [ 84.920448][ T5322] [ 84.924936][ T5322] Chain exists of: [ 84.924936][ T5322] &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock [ 84.924936][ T5322] [ 84.931188][ T5322] Possible unsafe locking scenario: [ 84.931188][ T5322] [ 84.935425][ T5322] CPU0 CPU1 [ 84.938507][ T5322] ---- ---- [ 84.940961][ T5322] rlock(&set->update_nr_hwq_lock); [ 84.943642][ T5322] lock(&nbd->config_lock); [ 84.946928][ T5322] lock(&set->update_nr_hwq_lock); [ 84.950636][ T5322] lock(&disk->open_mutex); [ 84.953284][ T5322] [ 84.953284][ T5322] *** DEADLOCK *** [ 84.953284][ T5322] [ 84.956915][ T5322] 1 lock held by syz.0.0/5322: [ 84.959051][ T5322] #0: ffff888030fca368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 84.963322][ T5322] [ 84.963322][ T5322] stack backtrace: [ 84.965942][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 84.965962][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.965970][ T5322] Call Trace: [ 84.965980][ T5322] [ 84.965986][ T5322] dump_stack_lvl+0x189/0x250 [ 84.966009][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.966024][ T5322] ? __pfx__printk+0x10/0x10 [ 84.966031][ T5322] ? print_lock_name+0xde/0x100 [ 84.966039][ T5322] print_circular_bug+0x2ee/0x310 [ 84.966047][ T5322] check_noncircular+0x134/0x160 [ 84.966055][ T5322] validate_chain+0xb9b/0x2140 [ 84.966062][ T5322] ? stack_depot_save_flags+0x40/0x900 [ 84.966075][ T5322] __lock_acquire+0xab9/0xd20 [ 84.966088][ T5322] ? __del_gendisk+0x129/0x9e0 [ 84.966103][ T5322] lock_acquire+0x120/0x360 [ 84.966114][ T5322] ? __del_gendisk+0x129/0x9e0 [ 84.966124][ T5322] ? lockdep_unlock+0x89/0x120 [ 84.966133][ T5322] __mutex_lock+0x182/0xe80 [ 84.966145][ T5322] ? __del_gendisk+0x129/0x9e0 [ 84.966156][ T5322] ? __del_gendisk+0x129/0x9e0 [ 84.966165][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 84.966176][ T5322] ? __pfx___might_resched+0x10/0x10 [ 84.966187][ T5322] ? __lock_acquire+0xab9/0xd20 [ 84.966196][ T5322] ? disk_del_events+0xb5/0x210 [ 84.966202][ T5322] ? __del_gendisk+0xc1/0x9e0 [ 84.966212][ T5322] __del_gendisk+0x129/0x9e0 [ 84.966226][ T5322] ? del_gendisk+0xe0/0x160 [ 84.966237][ T5322] ? __pfx___del_gendisk+0x10/0x10 [ 84.966247][ T5322] ? down_read+0x1ad/0x2e0 [ 84.966254][ T5322] del_gendisk+0xe8/0x160 [ 84.966263][ T5322] loop_remove+0x42/0xc0 [ 84.966271][ T5322] loop_control_ioctl+0x4ac/0x5a0 [ 84.966279][ T5322] ? __fget_files+0x2a/0x420 [ 84.966288][ T5322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 84.966296][ T5322] ? __fget_files+0x2a/0x420 [ 84.966304][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.966316][ T5322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 84.966323][ T5322] __se_sys_ioctl+0xfc/0x170 [ 84.966333][ T5322] do_syscall_64+0xfa/0x3b0 [ 84.966344][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 84.966353][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.966360][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 84.966367][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.966375][ T5322] RIP: 0033:0x7f6996b8e929 [ 84.966383][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.966390][ T5322] RSP: 002b:00007f69979b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.966401][ T5322] RAX: ffffffffffffffda RBX: 00007f6996db6080 RCX: 00007f6996b8e929 [ 84.966406][ T5322] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007 [ 84.966411][ T5322] RBP: 00007f6996c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 84.966416][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.966420][ T5322] R13: 0000000000000000 R14: 00007f6996db6080 R15: 00007fffa8336598 [ 84.966427][ T5322] [ 85.098396][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 85.102195][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 85.106122][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 85.109835][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 85.114088][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 85.117856][ T5295] ldm_validate_partition_table(): Disk read failed. [ 85.120558][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 85.124735][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 85.128420][ T5295] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 85.132393][ T5295] Buffer I/O error on dev nbd0, logical block 0, async page read [ 85.136052][ T5295] Dev nbd0: unable to read RDB block 0 [ 85.138950][ T5295] nbd0: unable to read partition table [ 85.141649][ T5295] nbd0: partition table beyond EOD, truncated [ 85.151503][ T5295] ldm_validate_partition_table(): Disk read failed. [ 85.155765][ T5295] Dev nbd0: unable to read RDB block 0 [ 85.158871][ T5295] nbd0: unable to read partition table [ 85.167215][ T5295] nbd0: partition table beyond EOD, truncated [ 85.192772][ T5321] ldm_validate_partition_table(): Disk read failed. [ 85.195927][ T5321] Dev nbd0: unable to read RDB block 0 [ 85.198535][ T5321] nbd0: unable to read partition table [ 85.201317][ T5321] nbd0: partition table beyond EOD, truncated