zjz/w$(>T |h3 7`(*xk"޺GzRAoOź:m@dc~້]F#w[ 234.952630][T11482] blkdev_put_whole+0xad/0xf0 block/bdev.c:721 j&/oci!i[ 234.954759][T11482] bdev_release+0x47e/0x6d0 block/bdev.c:1144 P_yQ23@S[ 234.956801][T11482] blkdev_release+0x15/0x20 block/fops.c:684 vyAe]Q3L.p[ 234.958866][T11482] __fput+0x402/0xb70 fs/file_table.c:465 9^:l~[ 234.960790][T11482] fput_close_sync+0x118/0x260 fs/file_table.c:570 Xz~M&[ 234.963382][T11482] __do_sys_close fs/open.c:1589 [inline] Xz~M&[ 234.963382][T11482] __se_sys_close fs/open.c:1574 [inline] Xz~M&[ 234.963382][T11482] __x64_sys_close+0x8b/0x120 fs/open.c:1574 H~h !cN'[ 234.965568][T11482] do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] H~h !cN'[ 234.965568][T11482] do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94 оZ8í aπL[ 234.967679][T11482] entry_SYSCALL_64_after_hwframe+0x77/0x7f R%(ޅ]Z[ 234.970149][T11482] GӅԖj[ 234.973111][T11482] __mutex_lock_common kernel/locking/mutex.c:601 [inline] GӅԖj[ 234.973111][T11482] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746 3D C9[ 234.975247][T11482] __del_gendisk+0xf5/0xbd0 block/genhd.c:706 R8 M2xZ[ 234.977457][T11482] del_gendisk+0x13e/0x1e0 block/genhd.c:819 b%#R|f[ 234.979465][T11482] loop_remove drivers/block/loop.c:2081 [inline] b%#R|f[ 234.979465][T11482] loop_control_remove drivers/block/loop.c:2140 [inline] b%#R|f[ 234.979465][T11482] loop_control_ioctl+0x4eb/0x630 drivers/block/loop.c:2178 ䷓l_I\G_b[ 234.981839][T11482] __do_compat_sys_ioctl fs/ioctl.c:1005 [inline] ䷓l_I\G_b[ 234.981839][T11482] __se_compat_sys_ioctl fs/ioctl.c:948 [inline] ䷓l_I\G_b[ 234.981839][T11482] __ia32_compat_sys_ioctl+0x23f/0x370 fs/ioctl.c:948 hVi?NfgVBp[ 234.984163][T11482] do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] hVi?NfgVBp[ 234.984163][T11482] __do_fast_syscall_32+0x7c/0x3a0 arch/x86/entry/syscall_32.c:306 I+h9? [ 234.986400][T11482] do_fast_syscall_32+0x32/0x80 arch/x86/entry/syscall_32.c:331 Mvs>'p[ 234.988602][T11482] entry_SYSENTER_compat_after_hwframe+0x84/0x8e MXsQ.`l[ 234.991286][T11482] qxIz4Rg[[ 234.994371][T11482] check_prev_add kernel/locking/lockdep.c:3168 [inline] qxIz4Rg[[ 234.994371][T11482] check_prevs_add kernel/locking/lockdep.c:3287 [inline] qxIz4Rg[[ 234.994371][T11482] validate_chain kernel/locking/lockdep.c:3911 [inline] qxIz4Rg[[ 234.994371][T11482] __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240 Ҫa_^AHzz/[ 234.996519][T11482] lock_acquire kernel/locking/lockdep.c:5871 [inline] Ҫa_^AHzz/[ 234.996519][T11482] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828 f2=aheRW[ 234.998553][T11482] down_write+0x92/0x200 kernel/locking/rwsem.c:1577 5: &6k,c[ 235.000504][T11482] blk_mq_update_nr_hw_queues+0x32/0xcb0 block/blk-mq.c:5041 #VIVHF[ 235.002954][T11482] nbd_start_device+0x172/0xcd0 drivers/block/nbd.c:1476 ` W[ 235.005099][T11482] nbd_start_device_ioctl drivers/block/nbd.c:1527 [inline] W[ 235.005099][T11482] __nbd_ioctl drivers/block/nbd.c:1602 [inline] W[ 235.005099][T11482] nbd_ioctl+0x219/0xda0 drivers/block/nbd.c:1642 Vo&WlIir[ 235.007199][T11482] compat_blkdev_ioctl+0x2ee/0x7a0 block/ioctl.c:760 dc[ 235.009416][T11482] __do_compat_sys_ioctl fs/ioctl.c:1005 [inline] dc[ 235.009416][T11482] __se_compat_sys_ioctl fs/ioctl.c:948 [inline] dc[ 235.009416][T11482] __ia32_compat_sys_ioctl+0x23f/0x370 fs/ioctl.c:948 2-ed[ 235.011817][T11482] do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] 2-ed[ 235.011817][T11482] __do_fast_syscall_32+0x7c/0x3a0 arch/x86/entry/syscall_32.c:306 D*.=8󗴦[ 235.014044][T11482] do_fast_syscall_32+0x32/0x80 arch/x86/entry/syscall_32.c:331 ; ?w1)[ 235.016183][T11482] entry_SYSENTER_compat_after_hwframe+0x84/0x8e n߱[uyS Wq[ 235.018768][T11482] 5'Zbʌ0ym[ 235.022468][T11482] Chain exists of: :}kk |V[ 235.027258][T11482] Possible unsafe locking scenario: ג;%+l;H[ 235.030064][T11482] CPU0 CPU1 #oFJ[ 235.032316][T11482] ---- ---- ; !Yge4[ 235.034467][T11482] lock(&nbd->config_lock); <;ύ#~[ 235.036367][T11482] lock(&disk->open_mutex); OpL}q(Q[ 235.039016][T11482] lock(&nbd->config_lock); ;gj< N%[ 235.041733][T11482] lock(&set->update_nr_hwq_lock); Q=@~NHN߄04[ 235.043812][T11482]  gū[ 235.046785][T11482] 1 lock held by syz.2.1726/11482: G,S0l,Ðwm"[ 235.048846][T11482] #0: ffff888022f0b230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x150/0xda0 drivers/block/nbd.c:1635 ;o涠[ 235.052525][T11482] `H7vIj϶U([ 235.055507][T11482] CPU: 0 UID: 0 PID: 11482 Comm: syz.2.1726 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) cޗYmO[A[ 235.055528][T11482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Yɜ0π`;W[ 235.055536][T11482] Call Trace: d!xX~# [ 235.055541][T11482] ; `VH[ 235.055547][T11482] __dump_stack lib/dump_stack.c:94 [inline] ; `VH[ 235.055547][T11482] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 dU+*[ 235.055563][T11482] print_circular_bug+0x275/0x350 kernel/locking/lockdep.c:2046 us^[6;מ9[<[ 235.055603][T11482] check_prev_add kernel/locking/lockdep.c:3168 [inline] us^[6;מ9[<[ 235.055603][T11482] check_prevs_add kernel/locking/lockdep.c:3287 [inline] us^[6;מ9[<[ 235.055603][T11482] validate_chain kernel/locking/lockdep.c:3911 [inline] us^[6;מ9[<[ 235.055603][T11482] __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240 *I41=[ 235.055617][T11482] lock_acquire kernel/locking/lockdep.c:5871 [inline] *I41=[ 235.055617][T11482] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828 E0AϝPn][ 235.055645][T11482] ? __pfx___might_resched+0x10/0x10 kernel/sched/core.c:5899 -Y͌@z=[ 235.055677][T11482] down_write+0x92/0x200 kernel/locking/rwsem.c:1577 8ސ[ 235.055690][T11482] ? blk_mq_update_nr_hw_queues+0x32/0xcb0 block/blk-mq.c:5041 [w+ؿbMU[ 235.055718][T11482] ? __mutex_lock_common kernel/locking/mutex.c:611 [inline] [w+ؿbMU[ 235.055718][T11482] ? __mutex_lock+0x1ca/0xb90 kernel/locking/mutex.c:746 le*4x [ 235.055752][T11482] blk_mq_update_nr_hw_queues+0x32/0xcb0 block/blk-mq.c:5041 8Xp|&d_[ 235.055767][T11482] ? __pfx___mutex_lock+0x10/0x10 usercopy_64.c:-1 ʚֵ->E[ 235.055797][T11482] nbd_start_device+0x172/0xcd0 drivers/block/nbd.c:1476 k]Pת _pv[ 235.055814][T11482] ? bpf_lsm_capable+0x9/0x10 include/linux/lsm_hook_defs.h:44 S.R^fx,^[ 235.055843][T11482] ? __pfx_nbd_ioctl+0x10/0x10 drivers/block/nbd.c:828 }mV5p/ӯY[ 235.055862][T11482] ? find_held_lock+0x2b/0x80 kernel/locking/lockdep.c:5353 NǐS9i`P[ 235.055891][T11482] compat_blkdev_ioctl+0x2ee/0x7a0 block/ioctl.c:760 !(m[,|"F[ 235.055904][T11482] ? __pfx_compat_blkdev_ioctl+0x10/0x10 block/ioctl.c:702 w]e4w~h[ 235.055931][T11482] __do_compat_sys_ioctl fs/ioctl.c:1005 [inline] w]e4w~h[ 235.055931][T11482] __se_compat_sys_ioctl fs/ioctl.c:948 [inline] w]e4w~h[ 235.055931][T11482] __ia32_compat_sys_ioctl+0x23f/0x370 fs/ioctl.c:948 29bڬ[ 235.055950][T11482] do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] 29bڬ[ 235.055950][T11482] __do_fast_syscall_32+0x7c/0x3a0 arch/x86/entry/syscall_32.c:306 @ׯ?T[ 235.055964][T11482] do_fast_syscall_32+0x32/0x80 arch/x86/entry/syscall_32.c:331 R>KyZ+bt[ 235.055977][T11482] entry_SYSENTER_compat_after_hwframe+0x84/0x8e ڞW-bQՊ [ 235.055992][T11482] RIP: 0023:0xf7fc5579 ~fihv^|/[ 235.056012][T11482] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 x$,Y 㣖[ 235.056023][T11482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ab03 AɴVGHL[ 235.056030][T11482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 SMK*Su[ 235.056036][T11482] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 Lݭ8*1m&Q[ 235.056049][T11482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 pϿ5=X :==B>];oF j+XsmogIOP瀎p=w姩!z[ȭׂG$[niUJ\B԰ǯJz䐲GYE]Apaxe&1]/hKDRkZ*Ek7ܪc , k*u?'rϓkV}'reSJަkpᄔR $H$.ā`{^DY ۆIdmy/kQmң9tFVܐ|A\`KGJ%.R Dh)T"/0KhB&ƈJ+a z9Y2z dX[E SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) EJiVAoUm4T[->`g-;3e-4$녋6#<[ 235.199512][T11481] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1727'.