./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3382002807

<...>
Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts.
execve("./syz-executor3382002807", ["./syz-executor3382002807"], 0x7ffd0e4db4f0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555592de000
brk(0x5555592ded00)                     = 0x5555592ded00
arch_prctl(ARCH_SET_FS, 0x5555592de380) = 0
set_tid_address(0x5555592de650)         = 5840
set_robust_list(0x5555592de660, 24)     = 0
rseq(0x5555592deca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3382002807", 4096) = 28
getrandom("\x3f\x90\x4e\x6c\xfd\xac\xfa\x2f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555592ded00
brk(0x5555592ffd00)                     = 0x5555592ffd00
brk(0x555559300000)                     = 0x555559300000
mprotect(0x7fd12dc1e000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program
) = 0x200001000000
write(1, "executing program\n", 18)     = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 28
recvfrom(4, [{nlmsg_len=180, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5840}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x0a\x00\x00\x00\x54\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 180
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5840}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(4)                                = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
[   91.036402][ T5840] 
[   91.038776][ T5840] ======================================================
[   91.045787][ T5840] WARNING: possible circular locking dependency detected
[   91.052808][ T5840] 6.16.0-syzkaller-06588-g759dfc7d04ba #0 Not tainted
[   91.059575][ T5840] ------------------------------------------------------
[   91.066667][ T5840] syz-executor338/5840 is trying to acquire lock:
[   91.073194][ T5840] ffff88801b2ff188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x30/0x60
[   91.082467][ T5840] 
[   91.082467][ T5840] but task is already holding lock:
[   91.089838][ T5840] ffff88814331d8f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   91.100107][ T5840] 
[   91.100107][ T5840] which lock already depends on the new lock.
[   91.100107][ T5840] 
[   91.110586][ T5840] 
[   91.110586][ T5840] the existing dependency chain (in reverse order) is:
[   91.119591][ T5840] 
[   91.119591][ T5840] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[   91.128195][ T5840]        lock_acquire+0x120/0x360
[   91.133246][ T5840]        blk_alloc_queue+0x538/0x620
[   91.138530][ T5840]        __blk_mq_alloc_disk+0x15c/0x340
[   91.144168][ T5840]        nbd_dev_add+0x46c/0xae0
[   91.149122][ T5840]        nbd_init+0x168/0x1f0
[   91.153797][ T5840]        do_one_initcall+0x233/0x820
[   91.159076][ T5840]        do_initcall_level+0x104/0x190
[   91.164529][ T5840]        do_initcalls+0x59/0xa0
[   91.169382][ T5840]        kernel_init_freeable+0x334/0x4a0
[   91.175110][ T5840]        kernel_init+0x1d/0x1d0
[   91.179962][ T5840]        ret_from_fork+0x3fc/0x770
[   91.185074][ T5840]        ret_from_fork_asm+0x1a/0x30
[   91.190357][ T5840] 
[   91.190357][ T5840] -> #1 (fs_reclaim){+.+.}-{0:0}:
[   91.197569][ T5840]        lock_acquire+0x120/0x360
[   91.202609][ T5840]        fs_reclaim_acquire+0x72/0x100
[   91.208063][ T5840]        kmem_cache_alloc_lru_noprof+0x49/0x3d0
[   91.214302][ T5840]        alloc_inode+0xb8/0x1b0
[   91.219176][ T5840]        iget_locked+0xf0/0x570
[   91.224039][ T5840]        kernfs_get_inode+0x4f/0x780
[   91.229320][ T5840]        kernfs_get_tree+0x5a9/0x920
[   91.234609][ T5840]        sysfs_get_tree+0x46/0x110
[   91.239732][ T5840]        vfs_get_tree+0x8f/0x2b0
[   91.244681][ T5840]        do_new_mount+0x2a2/0x9e0
[   91.249711][ T5840]        __se_sys_mount+0x317/0x410
[   91.254912][ T5840]        do_syscall_64+0xfa/0x3b0
[   91.259944][ T5840]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.266357][ T5840] 
[   91.266357][ T5840] -> #0 (&root->kernfs_rwsem){++++}-{4:4}:
[   91.274349][ T5840]        validate_chain+0xb9b/0x2140
[   91.279633][ T5840]        __lock_acquire+0xab9/0xd20
[   91.284834][ T5840]        lock_acquire+0x120/0x360
[   91.289874][ T5840]        down_write+0x96/0x1f0
[   91.294631][ T5840]        kernfs_remove+0x30/0x60
[   91.299565][ T5840]        __kobject_del+0xe1/0x300
[   91.304580][ T5840]        kobject_del+0x45/0x60
[   91.309344][ T5840]        elevator_change_done+0xf2/0x470
[   91.314989][ T5840]        elevator_set_none+0x42/0xb0
[   91.320290][ T5840]        blk_mq_update_nr_hw_queues+0x68f/0x1890
[   91.326618][ T5840]        nbd_start_device+0x17f/0xb10
[   91.332003][ T5840]        nbd_genl_connect+0x135b/0x18f0
[   91.337560][ T5840]        genl_family_rcv_msg_doit+0x215/0x300
[   91.343655][ T5840]        genl_rcv_msg+0x60e/0x790
[   91.348691][ T5840]        netlink_rcv_skb+0x208/0x470
[   91.353982][ T5840]        genl_rcv+0x28/0x40
[   91.358493][ T5840]        netlink_unicast+0x82c/0x9e0
[   91.363805][ T5840]        netlink_sendmsg+0x805/0xb30
[   91.369116][ T5840]        __sock_sendmsg+0x21c/0x270
[   91.374318][ T5840]        ____sys_sendmsg+0x505/0x830
[   91.379600][ T5840]        ___sys_sendmsg+0x21f/0x2a0
[   91.384794][ T5840]        __x64_sys_sendmsg+0x19b/0x260
[   91.390246][ T5840]        do_syscall_64+0xfa/0x3b0
[   91.395287][ T5840]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.401698][ T5840] 
[   91.401698][ T5840] other info that might help us debug this:
[   91.401698][ T5840] 
[   91.411918][ T5840] Chain exists of:
[   91.411918][ T5840]   &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#49
[   91.411918][ T5840] 
[   91.425927][ T5840]  Possible unsafe locking scenario:
[   91.425927][ T5840] 
[   91.433369][ T5840]        CPU0                    CPU1
[   91.438723][ T5840]        ----                    ----
[   91.444185][ T5840]   lock(&q->q_usage_counter(io)#49);
[   91.449572][ T5840]                                lock(fs_reclaim);
[   91.456090][ T5840]                                lock(&q->q_usage_counter(io)#49);
[   91.463987][ T5840]   lock(&root->kernfs_rwsem);
[   91.468761][ T5840] 
[   91.468761][ T5840]  *** DEADLOCK ***
[   91.468761][ T5840] 
[   91.476922][ T5840] 6 locks held by syz-executor338/5840:
[   91.482462][ T5840]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   91.490653][ T5840]  #1: ffffffff8f56e208 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   91.499619][ T5840]  #2: ffff8880251d8988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa6/0x1890
[   91.511016][ T5840]  #3: ffff8880251d88d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb9/0x1890
[   91.522083][ T5840]  #4: ffff88814331d8f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   91.532846][ T5840]  #5: ffff88814331d930 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   91.543558][ T5840] 
[   91.543558][ T5840] stack backtrace:
[   91.549498][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor338 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[   91.549519][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   91.549533][ T5840] Call Trace:
[   91.549542][ T5840]  <TASK>
[   91.549552][ T5840]  dump_stack_lvl+0x189/0x250
[   91.549575][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.549590][ T5840]  ? __pfx__printk+0x10/0x10
[   91.549608][ T5840]  ? print_lock_name+0xde/0x100
[   91.549627][ T5840]  print_circular_bug+0x2ee/0x310
[   91.549644][ T5840]  check_noncircular+0x134/0x160
[   91.549660][ T5840]  validate_chain+0xb9b/0x2140
[   91.549683][ T5840]  __lock_acquire+0xab9/0xd20
[   91.549705][ T5840]  ? kernfs_remove+0x30/0x60
[   91.549723][ T5840]  lock_acquire+0x120/0x360
[   91.549743][ T5840]  ? kernfs_remove+0x30/0x60
[   91.549766][ T5840]  down_write+0x96/0x1f0
[   91.549780][ T5840]  ? kernfs_remove+0x30/0x60
[   91.549801][ T5840]  ? __pfx_down_write+0x10/0x10
[   91.549815][ T5840]  ? kernfs_root+0x1c/0x230
[   91.549831][ T5840]  ? kernfs_root+0x1c/0x230
[   91.549847][ T5840]  ? kernfs_root+0x1ea/0x230
[   91.549864][ T5840]  kernfs_remove+0x30/0x60
[   91.549882][ T5840]  __kobject_del+0xe1/0x300
[   91.549897][ T5840]  kobject_del+0x45/0x60
[   91.549919][ T5840]  elevator_change_done+0xf2/0x470
[   91.549937][ T5840]  elevator_set_none+0x42/0xb0
[   91.549953][ T5840]  blk_mq_update_nr_hw_queues+0x68f/0x1890
[   91.549978][ T5840]  ? __mutex_unlock_slowpath+0x1a1/0x760
[   91.550002][ T5840]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   91.550024][ T5840]  ? sysfs_add_file_mode_ns+0x259/0x300
[   91.550041][ T5840]  nbd_start_device+0x17f/0xb10
[   91.550058][ T5840]  ? device_create_file+0xf4/0x1c0
[   91.550076][ T5840]  nbd_genl_connect+0x135b/0x18f0
[   91.550093][ T5840]  ? __pfx_nbd_genl_connect+0x10/0x10
[   91.550114][ T5840]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   91.550136][ T5840]  genl_family_rcv_msg_doit+0x215/0x300
[   91.550156][ T5840]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   91.550178][ T5840]  ? stack_trace_save+0x9c/0xe0
[   91.550201][ T5840]  genl_rcv_msg+0x60e/0x790
[   91.550220][ T5840]  ? __pfx_genl_rcv_msg+0x10/0x10
[   91.550236][ T5840]  ? __pfx_nbd_genl_connect+0x10/0x10
[   91.550255][ T5840]  netlink_rcv_skb+0x208/0x470
[   91.550276][ T5840]  ? __lock_acquire+0xab9/0xd20
[   91.550296][ T5840]  ? __pfx_genl_rcv_msg+0x10/0x10
[   91.550313][ T5840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   91.550340][ T5840]  ? down_read+0x1ad/0x2e0
[   91.550354][ T5840]  genl_rcv+0x28/0x40
[   91.550368][ T5840]  netlink_unicast+0x82c/0x9e0
[   91.550391][ T5840]  ? __pfx_netlink_unicast+0x10/0x10
[   91.550411][ T5840]  ? netlink_sendmsg+0x642/0xb30
[   91.550432][ T5840]  ? skb_put+0x11b/0x210
[   91.550446][ T5840]  netlink_sendmsg+0x805/0xb30
[   91.550472][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   91.550495][ T5840]  ? aa_sock_msg_perm+0x94/0x160
[   91.550515][ T5840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   91.550532][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   91.550554][ T5840]  __sock_sendmsg+0x21c/0x270
[   91.550575][ T5840]  ____sys_sendmsg+0x505/0x830
[   91.550591][ T5840]  ? __pfx_____sys_sendmsg+0x10/0x10
[   91.550610][ T5840]  ? import_iovec+0x74/0xa0
[   91.550631][ T5840]  ___sys_sendmsg+0x21f/0x2a0
[   91.550647][ T5840]  ? __pfx____sys_sendmsg+0x10/0x10
[   91.550664][ T5840]  ? do_raw_spin_lock+0x121/0x290
[   91.550695][ T5840]  __x64_sys_sendmsg+0x19b/0x260
[   91.550710][ T5840]  ? _raw_spin_unlock_irq+0x2e/0x50
[   91.550729][ T5840]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   91.550753][ T5840]  do_syscall_64+0xfa/0x3b0
[   91.550775][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.550796][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.550810][ T5840]  ? clear_bhb_loop+0x60/0xb0
[   91.550827][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.550842][ T5840] RIP: 0033:0x7fd12dbab419
[   91.550861][ T5840] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   91.550873][ T5840] RSP: 002b:00007ffd24f354a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   91.550890][ T5840] RAX: ffffffffffffffda RBX: 00007ffd24f35678 RCX: 00007fd12dbab419
[   91.550901][ T5840] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000003
[   91.550911][ T5840] RBP: 00007fd12dc1e610 R08: 0000000000000008 R09: 00007ffd24f35678
[   91.550921][ T5840] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001
[   91.550929][ T5840] R13: 00007ffd24f35668 R14: 0000000000000001 R15: 0000000000000001
[   91.550945][ T5840]  </TASK>
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x68\x00\x00\x00\x29\x00\x01\x00\xfe\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x08\x00\x01\x00\x00\x00\x00\x00\x0c\x00\x05\x00\x1b\x19\x3c\x99\xa8\x77\x2e\xfb\x0c\x00\x02\x00\xff\xff\x00\x00\x00\x00\x00\x00\x28\x00\x07\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x08\x00\xff\xff\xff\x7f"..., iov_len=104}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_FASTOPEN) = 104
exit_group(0)                           = ?
[   91.987208][   T24] cfg80211: failed to load regulatory.db
+++ exited with 0 +++