./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3422253279

<...>
Warning: Permanently added '10.128.0.190' (ED25519) to the list of known hosts.
execve("./syz-executor3422253279", ["./syz-executor3422253279"], 0x7fff3dead9b0 /* 10 vars */) = 0
brk(NULL)                               = 0x55558e66d000
brk(0x55558e66dd00)                     = 0x55558e66dd00
arch_prctl(ARCH_SET_FS, 0x55558e66d380) = 0
set_tid_address(0x55558e66d650)         = 5839
set_robust_list(0x55558e66d660, 24)     = 0
rseq(0x55558e66dca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3422253279", 4096) = 28
getrandom("\x8c\x94\x3e\xdf\xef\x0f\x69\x4b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558e66dd00
brk(0x55558e68ed00)                     = 0x55558e68ed00
brk(0x55558e68f000)                     = 0x55558e68f000
mprotect(0x7fdfa05fd000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
write(1, "executing program\n", 18executing program
)     = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 28
recvfrom(4, [{nlmsg_len=180, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5839}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x62\x64\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x0a\x00\x00\x00\x54\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 180
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5839}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(4)                                = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
[   93.938293][ T5839] 
[   93.940684][ T5839] ======================================================
[   93.947785][ T5839] WARNING: possible circular locking dependency detected
[   93.955006][ T5839] 6.16.0-syzkaller-06588-g759dfc7d04ba #0 Not tainted
[   93.961887][ T5839] ------------------------------------------------------
[   93.968911][ T5839] syz-executor342/5839 is trying to acquire lock:
[   93.975442][ T5839] ffff88801b2ff188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x30/0x60
[   93.984744][ T5839] 
[   93.984744][ T5839] but task is already holding lock:
[   93.992496][ T5839] ffff888142b058f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   94.002880][ T5839] 
[   94.002880][ T5839] which lock already depends on the new lock.
[   94.002880][ T5839] 
[   94.013293][ T5839] 
[   94.013293][ T5839] the existing dependency chain (in reverse order) is:
[   94.022304][ T5839] 
[   94.022304][ T5839] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[   94.030932][ T5839]        lock_acquire+0x120/0x360
[   94.035967][ T5839]        blk_alloc_queue+0x538/0x620
[   94.041245][ T5839]        __blk_mq_alloc_disk+0x15c/0x340
[   94.046876][ T5839]        nbd_dev_add+0x46c/0xae0
[   94.051827][ T5839]        nbd_init+0x168/0x1f0
[   94.056520][ T5839]        do_one_initcall+0x233/0x820
[   94.061828][ T5839]        do_initcall_level+0x104/0x190
[   94.067313][ T5839]        do_initcalls+0x59/0xa0
[   94.072160][ T5839]        kernel_init_freeable+0x334/0x4a0
[   94.078334][ T5839]        kernel_init+0x1d/0x1d0
[   94.083412][ T5839]        ret_from_fork+0x3fc/0x770
[   94.088578][ T5839]        ret_from_fork_asm+0x1a/0x30
[   94.094082][ T5839] 
[   94.094082][ T5839] -> #1 (fs_reclaim){+.+.}-{0:0}:
[   94.101339][ T5839]        lock_acquire+0x120/0x360
[   94.106417][ T5839]        fs_reclaim_acquire+0x72/0x100
[   94.111894][ T5839]        kmem_cache_alloc_lru_noprof+0x49/0x3d0
[   94.118157][ T5839]        alloc_inode+0xb8/0x1b0
[   94.123022][ T5839]        iget_locked+0xf0/0x570
[   94.127889][ T5839]        kernfs_get_inode+0x4f/0x780
[   94.133265][ T5839]        kernfs_get_tree+0x5a9/0x920
[   94.138548][ T5839]        sysfs_get_tree+0x46/0x110
[   94.143693][ T5839]        vfs_get_tree+0x8f/0x2b0
[   94.148714][ T5839]        do_new_mount+0x2a2/0x9e0
[   94.153849][ T5839]        __se_sys_mount+0x317/0x410
[   94.159059][ T5839]        do_syscall_64+0xfa/0x3b0
[   94.164145][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.170582][ T5839] 
[   94.170582][ T5839] -> #0 (&root->kernfs_rwsem){++++}-{4:4}:
[   94.178608][ T5839]        validate_chain+0xb9b/0x2140
[   94.183982][ T5839]        __lock_acquire+0xab9/0xd20
[   94.189204][ T5839]        lock_acquire+0x120/0x360
[   94.194345][ T5839]        down_write+0x96/0x1f0
[   94.199139][ T5839]        kernfs_remove+0x30/0x60
[   94.204119][ T5839]        __kobject_del+0xe1/0x300
[   94.209153][ T5839]        kobject_del+0x45/0x60
[   94.213955][ T5839]        elevator_change_done+0xf2/0x470
[   94.219672][ T5839]        elevator_set_none+0x42/0xb0
[   94.225050][ T5839]        blk_mq_update_nr_hw_queues+0x68f/0x1890
[   94.231450][ T5839]        nbd_start_device+0x17f/0xb10
[   94.236870][ T5839]        nbd_genl_connect+0x135b/0x18f0
[   94.242443][ T5839]        genl_family_rcv_msg_doit+0x215/0x300
[   94.248658][ T5839]        genl_rcv_msg+0x60e/0x790
[   94.253782][ T5839]        netlink_rcv_skb+0x208/0x470
[   94.259179][ T5839]        genl_rcv+0x28/0x40
[   94.263704][ T5839]        netlink_unicast+0x82c/0x9e0
[   94.269149][ T5839]        netlink_sendmsg+0x805/0xb30
[   94.274536][ T5839]        __sock_sendmsg+0x21c/0x270
[   94.279857][ T5839]        ____sys_sendmsg+0x505/0x830
[   94.285173][ T5839]        ___sys_sendmsg+0x21f/0x2a0
[   94.290670][ T5839]        __x64_sys_sendmsg+0x19b/0x260
[   94.296232][ T5839]        do_syscall_64+0xfa/0x3b0
[   94.301276][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.307699][ T5839] 
[   94.307699][ T5839] other info that might help us debug this:
[   94.307699][ T5839] 
[   94.317962][ T5839] Chain exists of:
[   94.317962][ T5839]   &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#49
[   94.317962][ T5839] 
[   94.331916][ T5839]  Possible unsafe locking scenario:
[   94.331916][ T5839] 
[   94.339386][ T5839]        CPU0                    CPU1
[   94.344863][ T5839]        ----                    ----
[   94.350249][ T5839]   lock(&q->q_usage_counter(io)#49);
[   94.355649][ T5839]                                lock(fs_reclaim);
[   94.362165][ T5839]                                lock(&q->q_usage_counter(io)#49);
[   94.370087][ T5839]   lock(&root->kernfs_rwsem);
[   94.374868][ T5839] 
[   94.374868][ T5839]  *** DEADLOCK ***
[   94.374868][ T5839] 
[   94.383033][ T5839] 6 locks held by syz-executor342/5839:
[   94.388573][ T5839]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   94.396765][ T5839]  #1: ffffffff8f56e208 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   94.405757][ T5839]  #2: ffff888025875988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa6/0x1890
[   94.417293][ T5839]  #3: ffff8880258758d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb9/0x1890
[   94.428301][ T5839]  #4: ffff888142b058f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   94.439036][ T5839]  #5: ffff888142b05930 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10
[   94.449873][ T5839] 
[   94.449873][ T5839] stack backtrace:
[   94.456218][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor342 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[   94.456241][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   94.456257][ T5839] Call Trace:
[   94.456265][ T5839]  <TASK>
[   94.456275][ T5839]  dump_stack_lvl+0x189/0x250
[   94.456299][ T5839]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.456314][ T5839]  ? __pfx__printk+0x10/0x10
[   94.456333][ T5839]  ? print_lock_name+0xde/0x100
[   94.456352][ T5839]  print_circular_bug+0x2ee/0x310
[   94.456369][ T5839]  check_noncircular+0x134/0x160
[   94.456386][ T5839]  validate_chain+0xb9b/0x2140
[   94.456408][ T5839]  __lock_acquire+0xab9/0xd20
[   94.456431][ T5839]  ? kernfs_remove+0x30/0x60
[   94.456450][ T5839]  lock_acquire+0x120/0x360
[   94.456469][ T5839]  ? kernfs_remove+0x30/0x60
[   94.456492][ T5839]  down_write+0x96/0x1f0
[   94.456506][ T5839]  ? kernfs_remove+0x30/0x60
[   94.456524][ T5839]  ? __pfx_down_write+0x10/0x10
[   94.456537][ T5839]  ? kernfs_root+0x1c/0x230
[   94.456553][ T5839]  ? kernfs_root+0x1c/0x230
[   94.456570][ T5839]  ? kernfs_root+0x1ea/0x230
[   94.456587][ T5839]  kernfs_remove+0x30/0x60
[   94.456606][ T5839]  __kobject_del+0xe1/0x300
[   94.456620][ T5839]  kobject_del+0x45/0x60
[   94.456643][ T5839]  elevator_change_done+0xf2/0x470
[   94.456661][ T5839]  elevator_set_none+0x42/0xb0
[   94.456678][ T5839]  blk_mq_update_nr_hw_queues+0x68f/0x1890
[   94.456703][ T5839]  ? __mutex_unlock_slowpath+0x1a1/0x760
[   94.456728][ T5839]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   94.456750][ T5839]  ? sysfs_add_file_mode_ns+0x259/0x300
[   94.456767][ T5839]  nbd_start_device+0x17f/0xb10
[   94.456785][ T5839]  ? device_create_file+0xf4/0x1c0
[   94.456803][ T5839]  nbd_genl_connect+0x135b/0x18f0
[   94.456821][ T5839]  ? __pfx_nbd_genl_connect+0x10/0x10
[   94.456842][ T5839]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   94.456863][ T5839]  genl_family_rcv_msg_doit+0x215/0x300
[   94.456883][ T5839]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   94.456912][ T5839]  ? stack_trace_save+0x9c/0xe0
[   94.456930][ T5839]  genl_rcv_msg+0x60e/0x790
[   94.456948][ T5839]  ? __pfx_genl_rcv_msg+0x10/0x10
[   94.456964][ T5839]  ? __pfx_nbd_genl_connect+0x10/0x10
[   94.456983][ T5839]  netlink_rcv_skb+0x208/0x470
[   94.457004][ T5839]  ? __lock_acquire+0xab9/0xd20
[   94.457024][ T5839]  ? __pfx_genl_rcv_msg+0x10/0x10
[   94.457041][ T5839]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   94.457069][ T5839]  ? down_read+0x1ad/0x2e0
[   94.457082][ T5839]  genl_rcv+0x28/0x40
[   94.457097][ T5839]  netlink_unicast+0x82c/0x9e0
[   94.457119][ T5839]  ? __pfx_netlink_unicast+0x10/0x10
[   94.457139][ T5839]  ? netlink_sendmsg+0x642/0xb30
[   94.457160][ T5839]  ? skb_put+0x11b/0x210
[   94.457174][ T5839]  netlink_sendmsg+0x805/0xb30
[   94.457200][ T5839]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.457223][ T5839]  ? aa_sock_msg_perm+0x94/0x160
[   94.457243][ T5839]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.457260][ T5839]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.457282][ T5839]  __sock_sendmsg+0x21c/0x270
[   94.457302][ T5839]  ____sys_sendmsg+0x505/0x830
[   94.457319][ T5839]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.457337][ T5839]  ? import_iovec+0x74/0xa0
[   94.457358][ T5839]  ___sys_sendmsg+0x21f/0x2a0
[   94.457373][ T5839]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.457390][ T5839]  ? do_raw_spin_lock+0x121/0x290
[   94.457421][ T5839]  __x64_sys_sendmsg+0x19b/0x260
[   94.457436][ T5839]  ? _raw_spin_unlock_irq+0x2e/0x50
[   94.457455][ T5839]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   94.457478][ T5839]  do_syscall_64+0xfa/0x3b0
[   94.457500][ T5839]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.457520][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.457534][ T5839]  ? clear_bhb_loop+0x60/0xb0
[   94.457550][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.457565][ T5839] RIP: 0033:0x7fdfa058a419
[   94.457587][ T5839] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   94.457600][ T5839] RSP: 002b:00007ffca455abd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.457619][ T5839] RAX: ffffffffffffffda RBX: 00007ffca455ada8 RCX: 00007fdfa058a419
[   94.457630][ T5839] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000003
[   94.457640][ T5839] RBP: 00007fdfa05fd610 R08: 0000000000000008 R09: 00007ffca455ada8
[   94.457650][ T5839] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001
[   94.457658][ T5839] R13: 00007ffca455ad98 R14: 0000000000000001 R15: 0000000000000001
[   94.457673][ T5839]  </TASK>
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x68\x00\x00\x00\x29\x00\x01\x00\xfe\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x08\x00\x01\x00\x00\x00\x00\x00\x0c\x00\x05\x00\x1b\x19\x3c\x99\xa8\x77\x2e\xfb\x0c\x00\x02\x00\xff\xff\x00\x00\x00\x00\x00\x00\x28\x00\x07\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x01\x80\x08\x00\x01\x00\x04\x00\x00\x00\x0c\x00\x08\x00\xff\xff\xff\x7f"..., iov_len=104}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_FASTOPEN) = 104
exit_group(0)                           = ?
+++ exited with 0 +++