syzbot

IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
block nbd0: Receive control failed (result -22)
block nbd0: shutting down sockets
============================================
WARNING: possible recursive locking detected
4.14.151 #0 Not tainted
--------------------------------------------
kworker/u5:1/6981 is trying to acquire lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813c88ca>] flush_workqueue+0xda/0x1400 kernel/workqueue.c:2613

but task is already holding lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] work_static include/linux/workqueue.h:199 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] set_work_data kernel/workqueue.c:619 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock("knbd%d-recv"nbd->index);
  lock("knbd%d-recv"nbd->index);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/u5:1/6981:
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] work_static include/linux/workqueue.h:199 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] set_work_data kernel/workqueue.c:619 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813cf8ee>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
 #1:  ((&args->work)){+.+.}, at: [<ffffffff813cf92b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff82d77ed9>] refcount_dec_and_mutex_lock lib/refcount.c:312 [inline]
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff82d77ed9>] refcount_dec_and_mutex_lock+0x49/0x6c lib/refcount.c:307

stack backtrace:
CPU: 0 PID: 6981 Comm: kworker/u5:1 Not tainted 4.14.151 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: knbd0-recv recv_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x197 lib/dump_stack.c:53
 print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
 check_deadlock kernel/locking/lockdep.c:1843 [inline]
 validate_chain kernel/locking/lockdep.c:2444 [inline]
 __lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 flush_workqueue+0x109/0x1400 kernel/workqueue.c:2616
 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2781
 destroy_workqueue+0x21/0x620 kernel/workqueue.c:4088
 nbd_config_put+0x43c/0x7a0 drivers/block/nbd.c:1124
 recv_work+0x18d/0x1f0 drivers/block/nbd.c:724
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
kobject: 'batman_adv' (ffff88808df04280): kobject_uevent_env
kobject: 'batman_adv' (ffff88808df04280): kobject_uevent_env: filter function caused the event to drop!
kobject: 'batman_adv' (ffff88808df04280): kobject_cleanup, parent           (null)
kobject: 'batman_adv' (ffff88808df04280): calling ktype release
kobject: (ffff88808df04280): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (ffff88809ad0ce50): kobject_cleanup, parent ffff8880a1295048
kobject: 'rx-0' (ffff88809ad0ce50): auto cleanup 'remove' event
kobject: 'rx-0' (ffff88809ad0ce50): kobject_uevent_env
kobject: 'rx-0' (ffff88809ad0ce50): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
kobject: 'rx-0' (ffff88809ad0ce50): auto cleanup kobject_del
kobject: 'rx-0' (ffff88809ad0ce50): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff8880917c5058): kobject_cleanup, parent ffff8880a1295048
kobject: 'tx-0' (ffff8880917c5058): auto cleanup 'remove' event
kobject: 'tx-0' (ffff8880917c5058): kobject_uevent_env
kobject: 'tx-0' (ffff8880917c5058): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0'
kobject: 'tx-0' (ffff8880917c5058): auto cleanup kobject_del
kobject: 'tx-0' (ffff8880917c5058): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a1295048): kobject_cleanup, parent           (null)
kobject: 'queues' (ffff8880a1295048): calling ktype release
kobject: 'queues' (ffff8880a1295048): kset_release
kobject: 'queues': free name
kobject: 'syz_tun' (ffff8880a9490a70): kobject_uevent_env
kobject: 'syz_tun' (ffff8880a9490a70): fill_kobj_path: path = '/devices/virtual/net/syz_tun'
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready