audit: type=1804 audit(1577220825.981:91): pid=12475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir339298454/syzkaller.tXTZO2/133/file0" dev="sda1" ino=17011 res=1
block nbd3: Receive control failed (result -107)
block nbd3: shutting down sockets
============================================
WARNING: possible recursive locking detected
4.14.160-syzkaller #0 Not tainted
--------------------------------------------
kworker/u5:0/1179 is trying to acquire lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813ce7fa>] flush_workqueue+0xda/0x1400 kernel/workqueue.c:2619

but task is already holding lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] work_static include/linux/workqueue.h:199 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_data kernel/workqueue.c:619 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock("knbd%d-recv"nbd->index);
  lock("knbd%d-recv"nbd->index);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/u5:0/1179:
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] work_static include/linux/workqueue.h:199 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_data kernel/workqueue.c:619 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
 #1:  ((&args->work)){+.+.}, at: [<ffffffff813d585b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff830a14f1>] refcount_dec_and_mutex_lock lib/refcount.c:312 [inline]
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff830a14f1>] refcount_dec_and_mutex_lock+0x41/0x5f lib/refcount.c:307

stack backtrace:
CPU: 0 PID: 1179 Comm: kworker/u5:0 Not tainted 4.14.160-syzkaller #0
kobject: 'loop1' (ffff8880a4046360): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'loop1' (ffff8880a4046360): fill_kobj_path: path = '/devices/virtual/block/loop1'
Workqueue: knbd3-recv recv_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
 check_deadlock kernel/locking/lockdep.c:1843 [inline]
 validate_chain kernel/locking/lockdep.c:2444 [inline]
 __lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 flush_workqueue+0x109/0x1400 kernel/workqueue.c:2622
 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2787
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
 destroy_workqueue+0x75/0x670 kernel/workqueue.c:4100
 nbd_config_put+0x43c/0x7a0 drivers/block/nbd.c:1151
 recv_work+0x18d/0x1f0 drivers/block/nbd.c:730
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop1' (ffff8880a4046360): kobject_uevent_env
kobject: 'loop1' (ffff8880a4046360): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'