Extracting prog: 6m39.617481448s
Minimizing prog: 17m1.897935142s
Simplifying prog options: 4m16.82457969s
Extracting C: 2m5.561836379s
Simplifying C: 21m27.888213105s


extracting reproducer from 12 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_MSG_GETCHAIN
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c010000040a010200000000000000000000000350000480080001400000000108000140000000041400030076657468315f746f5f7465616d0000000800024070bc79490800024027a888ff08000140000000050800014000000002080002401c63ab14340008800c00014000000000000000010c00024000000000000000030c00024000000000000004000c000240000000000000000608000a4000000004b5000c0008bb19fb9d3972e830d1be7d8d354d2572a9dc1a47b87c72c0e8379708932c78ba0f040a5183ca06fce24a54cd796921c81c9c5e7fcb3679bde01464ac63217250c45352a1c3e2d8c1b9c6e40101e5e2afa67bf03df0633ff47d5fdbc758761b54708610ee220fa85d9f653ce7b69dec6791b878a7c3d9a17bf4d95d9e42ab8348bd75f96034b05251809fa54f7c80dce79c38d3c0e3ad6567a9d0c05a28f8c82e369d0e98f544c63abd6988b7519e4e780000000a000700726f75746500000008000b4000000002"], 0x16c}, 0x1, 0x0, 0x0, 0x44040}, 0x44)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-fremovexattr
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
fremovexattr(r0, &(0x7f00000002c0)=@known='system.sockprotoname\x00')

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fe07124081173809499b0102030109022400010000000009040000028b8647000905e8ff00090000000905", @ANYRES8], 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program crashed: possible deadlock in pcpu_alloc_noprof
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd
detailed listing:
executing program 0:
socket(0x2, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, 0x0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
socket(0x2, 0x5, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, 0x0, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
socket(0x2, 0x5, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
socket(0x2, 0x5, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={0x0}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
testing program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
socket(0x2, 0x5, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program did not crash
extracting C reproducer
testing compiled C program (duration=47.230028034s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
simplifying guilty program options
testing program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program crashed: possible deadlock in pcpu_alloc_noprof
extracting C reproducer
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
simplifying C reproducer
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: WARNING: suspicious RCU usage in proc_sys_compare
a never seen crash title: WARNING: suspicious RCU usage in proc_sys_compare, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: WARNING: suspicious RCU usage in proc_sys_compare
a never seen crash title: WARNING: suspicious RCU usage in proc_sys_compare, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: WARNING: suspicious RCU usage in proc_sys_compare
a never seen crash title: WARNING: suspicious RCU usage in proc_sys_compare, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: WARNING: suspicious RCU usage in proc_sys_compare
a never seen crash title: WARNING: suspicious RCU usage in proc_sys_compare, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in nbd_queue_rq
a never seen crash title: possible deadlock in nbd_queue_rq, ignore
testing compiled C program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
program crashed: possible deadlock in pcpu_alloc_noprof
testing program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
validation run: crashed=true
testing program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program crashed: possible deadlock in pcpu_alloc_noprof
validation run: crashed=true
testing program (duration=47.230028034s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket(0x2, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002600), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000700)={0x48, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d6}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x101}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c000)

program crashed: possible deadlock in pcpu_alloc_noprof
validation run: crashed=true
reproducing took 54m33.574166406s
repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.16.0-rc4-next-20250702-syzkaller #0 Not tainted
------------------------------------------------------
syz.3.19/6061 is trying to acquire lock:
ffffffff8e422f88 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782

but task is already holding lock:
ffff8880257a6278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&q->q_usage_counter(io)#50){++++}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       blk_alloc_queue+0x538/0x620 block/blk-core.c:461
       blk_mq_alloc_queue block/blk-mq.c:4398 [inline]
       __blk_mq_alloc_disk+0x162/0x340 block/blk-mq.c:4445
       nbd_dev_add+0x476/0xb00 drivers/block/nbd.c:1933
       nbd_init+0x21a/0x2d0 drivers/block/nbd.c:2670
       do_one_initcall+0x233/0x820 init/main.c:1269
       do_initcall_level+0x137/0x1f0 init/main.c:1331
       do_initcalls+0x69/0xd0 init/main.c:1347
       kernel_init_freeable+0x3d9/0x570 init/main.c:1579
       kernel_init+0x1d/0x1d0 init/main.c:1469
       ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #1 (fs_reclaim){+.+.}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       __fs_reclaim_acquire mm/page_alloc.c:4231 [inline]
       fs_reclaim_acquire+0x72/0x100 mm/page_alloc.c:4245
       might_alloc include/linux/sched/mm.h:318 [inline]
       prepare_alloc_pages+0x153/0x610 mm/page_alloc.c:4913
       __alloc_frozen_pages_noprof+0x123/0x370 mm/page_alloc.c:5134
       __alloc_pages_noprof+0xa/0x30 mm/page_alloc.c:5179
       __alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
       alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
       pcpu_alloc_pages mm/percpu-vm.c:95 [inline]
       pcpu_populate_chunk+0x182/0xb30 mm/percpu-vm.c:285
       pcpu_alloc_noprof+0xcbf/0x16b0 mm/percpu.c:1870
       xt_percpu_counter_alloc+0x161/0x220 net/netfilter/x_tables.c:1931
       find_check_entry net/ipv6/netfilter/ip6_tables.c:545 [inline]
       translate_table+0x1323/0x2040 net/ipv6/netfilter/ip6_tables.c:733
       ip6t_register_table+0x106/0x7d0 net/ipv6/netfilter/ip6_tables.c:1751
       ip6table_raw_table_init+0x54/0x80 net/ipv6/netfilter/ip6table_raw.c:48
       xt_find_table_lock+0x309/0x3e0 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x26/0x100 net/netfilter/x_tables.c:1285
       get_info net/ipv6/netfilter/ip6_tables.c:979 [inline]
       do_ip6t_get_ctl+0x730/0x1180 net/ipv6/netfilter/ip6_tables.c:1668
       nf_getsockopt+0x26b/0x290 net/netfilter/nf_sockopt.c:116
       ipv6_getsockopt+0x1ed/0x290 net/ipv6/ipv6_sockglue.c:1493
       do_sock_getsockopt+0x35d/0x650 net/socket.c:2405
       __sys_getsockopt net/socket.c:2434 [inline]
       __do_sys_getsockopt net/socket.c:2441 [inline]
       __se_sys_getsockopt net/socket.c:2438 [inline]
       __x64_sys_getsockopt+0x1a5/0x250 net/socket.c:2438
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3168 [inline]
       check_prevs_add kernel/locking/lockdep.c:3287 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       __mutex_lock_common kernel/locking/mutex.c:602 [inline]
       __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747
       pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782
       init_alloc_hint lib/sbitmap.c:16 [inline]
       sbitmap_init_node+0x1e1/0x630 lib/sbitmap.c:126
       sbitmap_queue_init_node+0x41/0x660 lib/sbitmap.c:438
       bt_alloc block/blk-mq-tag.c:542 [inline]
       blk_mq_init_tags+0x110/0x280 block/blk-mq-tag.c:565
       blk_mq_alloc_rq_map block/blk-mq.c:3540 [inline]
       blk_mq_alloc_map_and_rqs+0xbd/0x9f0 block/blk-mq.c:4096
       __blk_mq_alloc_map_and_rqs block/blk-mq.c:4118 [inline]
       blk_mq_realloc_tag_set_tags block/blk-mq.c:4757 [inline]
       __blk_mq_update_nr_hw_queues block/blk-mq.c:4997 [inline]
       blk_mq_update_nr_hw_queues+0x76a/0x14c0 block/blk-mq.c:5045
       nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
       nbd_genl_connect+0x1250/0x1930 drivers/block/nbd.c:2201
       genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
       genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
       genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
       netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
       genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
       netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
       netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
       netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
       sock_sendmsg_nosec net/socket.c:714 [inline]
       __sock_sendmsg+0x219/0x270 net/socket.c:729
       ____sys_sendmsg+0x505/0x830 net/socket.c:2614
       ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
       __sys_sendmsg net/socket.c:2700 [inline]
       __do_sys_sendmsg net/socket.c:2705 [inline]
       __se_sys_sendmsg net/socket.c:2703 [inline]
       __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#50

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#50);
                               lock(fs_reclaim);
                               lock(&q->q_usage_counter(io)#50);
  lock(pcpu_alloc_mutex);

 *** DEADLOCK ***

7 locks held by syz.3.19/6061:
 #0: ffffffff8f78e5b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 net/netlink/genetlink.c:1209
 #2: ffff888025d7ca30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930 drivers/block/nbd.c:2111
 #3: ffff888025d7c988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0 block/blk-mq.c:5043
 #4: ffff888025d7c8d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x49/0x14c0 block/blk-mq.c:5044
 #5: ffff8880257a6278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
 #6: ffff8880257a62b0 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476

stack backtrace:
CPU: 1 UID: 0 PID: 6061 Comm: syz.3.19 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2046
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 __mutex_lock_common kernel/locking/mutex.c:602 [inline]
 __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747
 pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782
 init_alloc_hint lib/sbitmap.c:16 [inline]
 sbitmap_init_node+0x1e1/0x630 lib/sbitmap.c:126
 sbitmap_queue_init_node+0x41/0x660 lib/sbitmap.c:438
 bt_alloc block/blk-mq-tag.c:542 [inline]
 blk_mq_init_tags+0x110/0x280 block/blk-mq-tag.c:565
 blk_mq_alloc_rq_map block/blk-mq.c:3540 [inline]
 blk_mq_alloc_map_and_rqs+0xbd/0x9f0 block/blk-mq.c:4096
 __blk_mq_alloc_map_and_rqs block/blk-mq.c:4118 [inline]
 blk_mq_realloc_tag_set_tags block/blk-mq.c:4757 [inline]
 __blk_mq_update_nr_hw_queues block/blk-mq.c:4997 [inline]
 blk_mq_update_nr_hw_queues+0x76a/0x14c0 block/blk-mq.c:5045
 nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
 nbd_genl_connect+0x1250/0x1930 drivers/block/nbd.c:2201
 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc85698e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff2b82a588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fc856bb5fa0 RCX: 00007fc85698e929
RDX: 000000002000c000 RSI: 00002000000027c0 RDI: 0000000000000005
RBP: 00007fc856a10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc856bb5fa0 R14: 00007fc856bb5fa0 R15: 0000000000000003
 </TASK>
nbd0: detected capacity change from 0 to 32

final repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.16.0-rc4-next-20250702-syzkaller #0 Not tainted
------------------------------------------------------
syz.3.19/6061 is trying to acquire lock:
ffffffff8e422f88 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782

but task is already holding lock:
ffff8880257a6278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&q->q_usage_counter(io)#50){++++}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       blk_alloc_queue+0x538/0x620 block/blk-core.c:461
       blk_mq_alloc_queue block/blk-mq.c:4398 [inline]
       __blk_mq_alloc_disk+0x162/0x340 block/blk-mq.c:4445
       nbd_dev_add+0x476/0xb00 drivers/block/nbd.c:1933
       nbd_init+0x21a/0x2d0 drivers/block/nbd.c:2670
       do_one_initcall+0x233/0x820 init/main.c:1269
       do_initcall_level+0x137/0x1f0 init/main.c:1331
       do_initcalls+0x69/0xd0 init/main.c:1347
       kernel_init_freeable+0x3d9/0x570 init/main.c:1579
       kernel_init+0x1d/0x1d0 init/main.c:1469
       ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #1 (fs_reclaim){+.+.}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       __fs_reclaim_acquire mm/page_alloc.c:4231 [inline]
       fs_reclaim_acquire+0x72/0x100 mm/page_alloc.c:4245
       might_alloc include/linux/sched/mm.h:318 [inline]
       prepare_alloc_pages+0x153/0x610 mm/page_alloc.c:4913
       __alloc_frozen_pages_noprof+0x123/0x370 mm/page_alloc.c:5134
       __alloc_pages_noprof+0xa/0x30 mm/page_alloc.c:5179
       __alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
       alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
       pcpu_alloc_pages mm/percpu-vm.c:95 [inline]
       pcpu_populate_chunk+0x182/0xb30 mm/percpu-vm.c:285
       pcpu_alloc_noprof+0xcbf/0x16b0 mm/percpu.c:1870
       xt_percpu_counter_alloc+0x161/0x220 net/netfilter/x_tables.c:1931
       find_check_entry net/ipv6/netfilter/ip6_tables.c:545 [inline]
       translate_table+0x1323/0x2040 net/ipv6/netfilter/ip6_tables.c:733
       ip6t_register_table+0x106/0x7d0 net/ipv6/netfilter/ip6_tables.c:1751
       ip6table_raw_table_init+0x54/0x80 net/ipv6/netfilter/ip6table_raw.c:48
       xt_find_table_lock+0x309/0x3e0 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x26/0x100 net/netfilter/x_tables.c:1285
       get_info net/ipv6/netfilter/ip6_tables.c:979 [inline]
       do_ip6t_get_ctl+0x730/0x1180 net/ipv6/netfilter/ip6_tables.c:1668
       nf_getsockopt+0x26b/0x290 net/netfilter/nf_sockopt.c:116
       ipv6_getsockopt+0x1ed/0x290 net/ipv6/ipv6_sockglue.c:1493
       do_sock_getsockopt+0x35d/0x650 net/socket.c:2405
       __sys_getsockopt net/socket.c:2434 [inline]
       __do_sys_getsockopt net/socket.c:2441 [inline]
       __se_sys_getsockopt net/socket.c:2438 [inline]
       __x64_sys_getsockopt+0x1a5/0x250 net/socket.c:2438
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3168 [inline]
       check_prevs_add kernel/locking/lockdep.c:3287 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
       __mutex_lock_common kernel/locking/mutex.c:602 [inline]
       __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747
       pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782
       init_alloc_hint lib/sbitmap.c:16 [inline]
       sbitmap_init_node+0x1e1/0x630 lib/sbitmap.c:126
       sbitmap_queue_init_node+0x41/0x660 lib/sbitmap.c:438
       bt_alloc block/blk-mq-tag.c:542 [inline]
       blk_mq_init_tags+0x110/0x280 block/blk-mq-tag.c:565
       blk_mq_alloc_rq_map block/blk-mq.c:3540 [inline]
       blk_mq_alloc_map_and_rqs+0xbd/0x9f0 block/blk-mq.c:4096
       __blk_mq_alloc_map_and_rqs block/blk-mq.c:4118 [inline]
       blk_mq_realloc_tag_set_tags block/blk-mq.c:4757 [inline]
       __blk_mq_update_nr_hw_queues block/blk-mq.c:4997 [inline]
       blk_mq_update_nr_hw_queues+0x76a/0x14c0 block/blk-mq.c:5045
       nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
       nbd_genl_connect+0x1250/0x1930 drivers/block/nbd.c:2201
       genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
       genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
       genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
       netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
       genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
       netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
       netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
       netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
       sock_sendmsg_nosec net/socket.c:714 [inline]
       __sock_sendmsg+0x219/0x270 net/socket.c:729
       ____sys_sendmsg+0x505/0x830 net/socket.c:2614
       ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
       __sys_sendmsg net/socket.c:2700 [inline]
       __do_sys_sendmsg net/socket.c:2705 [inline]
       __se_sys_sendmsg net/socket.c:2703 [inline]
       __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#50

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#50);
                               lock(fs_reclaim);
                               lock(&q->q_usage_counter(io)#50);
  lock(pcpu_alloc_mutex);

 *** DEADLOCK ***

7 locks held by syz.3.19/6061:
 #0: ffffffff8f78e5b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff8f78e3c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 net/netlink/genetlink.c:1209
 #2: ffff888025d7ca30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930 drivers/block/nbd.c:2111
 #3: ffff888025d7c988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0 block/blk-mq.c:5043
 #4: ffff888025d7c8d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x49/0x14c0 block/blk-mq.c:5044
 #5: ffff8880257a6278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
 #6: ffff8880257a62b0 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476

stack backtrace:
CPU: 1 UID: 0 PID: 6061 Comm: syz.3.19 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2046
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 __mutex_lock_common kernel/locking/mutex.c:602 [inline]
 __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747
 pcpu_alloc_noprof+0x286/0x16b0 mm/percpu.c:1782
 init_alloc_hint lib/sbitmap.c:16 [inline]
 sbitmap_init_node+0x1e1/0x630 lib/sbitmap.c:126
 sbitmap_queue_init_node+0x41/0x660 lib/sbitmap.c:438
 bt_alloc block/blk-mq-tag.c:542 [inline]
 blk_mq_init_tags+0x110/0x280 block/blk-mq-tag.c:565
 blk_mq_alloc_rq_map block/blk-mq.c:3540 [inline]
 blk_mq_alloc_map_and_rqs+0xbd/0x9f0 block/blk-mq.c:4096
 __blk_mq_alloc_map_and_rqs block/blk-mq.c:4118 [inline]
 blk_mq_realloc_tag_set_tags block/blk-mq.c:4757 [inline]
 __blk_mq_update_nr_hw_queues block/blk-mq.c:4997 [inline]
 blk_mq_update_nr_hw_queues+0x76a/0x14c0 block/blk-mq.c:5045
 nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476
 nbd_genl_connect+0x1250/0x1930 drivers/block/nbd.c:2201
 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc85698e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff2b82a588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fc856bb5fa0 RCX: 00007fc85698e929
RDX: 000000002000c000 RSI: 00002000000027c0 RDI: 0000000000000005
RBP: 00007fc856a10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc856bb5fa0 R14: 00007fc856bb5fa0 R15: 0000000000000003
 </TASK>
nbd0: detected capacity change from 0 to 32