block nbd5: Send disconnect failed -32
block nbd5: Send disconnect failed -32
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Tainted: G L
------------------------------------------------------
syz.5.3064/13612 is trying to acquire lock:
ffff888027b3d940 ((wq_completion)nbd5-recv){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x9c/0x1c0 kernel/workqueue.c:4029
but task is already holding lock:
ffff888027aa6260 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_disconnect_and_put+0x26/0x1c0 drivers/block/nbd.c:2256
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&nbd->config_lock){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:646 [inline]
__mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
refcount_dec_and_mutex_lock+0x51/0x100 lib/refcount.c:118
nbd_config_put+0x31/0x750 drivers/block/nbd.c:1434
recv_work+0x63a/0x8c0 drivers/block/nbd.c:1026
process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
process_scheduled_works kernel/workqueue.c:3397 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
-> #1 ((work_completion)(&args->work)){+.+.}-{0:0}:
process_one_work+0x979/0x1980 kernel/workqueue.c:3290
process_scheduled_works kernel/workqueue.c:3397 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
-> #0 ((wq_completion)nbd5-recv){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
touch_wq_lockdep_map+0xad/0x1c0 kernel/workqueue.c:4029
__flush_workqueue+0x131/0x1200 kernel/workqueue.c:4071
nbd_disconnect_and_put+0x9b/0x1c0 drivers/block/nbd.c:2264
nbd_genl_disconnect+0x34b/0x4e0 drivers/block/nbd.c:2303
genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x585/0x850 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698
___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
__sys_sendmsg+0x170/0x220 net/socket.c:2784
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0xe7/0x950 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x32/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
other info that might help us debug this:
Chain exists of:
(wq_completion)nbd5-recv --> (work_completion)(&args->work) --> &nbd->config_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&nbd->config_lock);
lock((work_completion)(&args->work));
lock(&nbd->config_lock);
lock((wq_completion)nbd5-recv);
*** DEADLOCK ***
3 locks held by syz.5.3064/13612:
#0: ffffffff906bde48 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
#1: ffffffff906bdf00 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
#1: ffffffff906bdf00 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
#1: ffffffff906bdf00 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
#1: ffffffff906bdf00 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800 net/netlink/genetlink.c:1208
#2: ffff888027aa6260 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_disconnect_and_put+0x26/0x1c0 drivers/block/nbd.c:2256
stack backtrace:
CPU: 1 UID: 0 PID: 13612 Comm: syz.5.3064 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
print_circular_bug.cold+0x178/0x1c7 kernel/locking/lockdep.c:2043
check_noncircular+0x146/0x160 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
touch_wq_lockdep_map+0xad/0x1c0 kernel/workqueue.c:4029
__flush_workqueue+0x131/0x1200 kernel/workqueue.c:4071
nbd_disconnect_and_put+0x9b/0x1c0 drivers/block/nbd.c:2264
nbd_genl_disconnect+0x34b/0x4e0 drivers/block/nbd.c:2303
genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x585/0x850 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698
___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
__sys_sendmsg+0x170/0x220 net/socket.c:2784
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0xe7/0x950 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x32/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7fc7fcc
Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
RDX: 0000000004000810 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
----------------
Code disassembly (best guess):
0: d2 74 05 c1 shlb %cl,-0x3f(%rbp,%rax,1)
4: e8 0c 89 02 8b call 0x8b028915
9: 5d pop %rbp
a: fc cld
b: 31 c0 xor %eax,%eax
d: c9 leave
e: c3 ret
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 0f 1f 00 nopl (%rax)
21: 51 push %rcx
22: 52 push %rdx
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
* 2a: 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
36: 00
37: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
3e: 58 pop %rax
3f: b8 .byte 0xb8