block nbd2: shutting down sockets ====================================================== WARNING: possible circular locking dependency detected 5.4.0-rc3+ #0 Not tainted ------------------------------------------------------ syz-executor.2/30491 is trying to acquire lock: ffff8880a01cbd28 ((wq_completion)knbd2-recv){+.+.}, at: flush_workqueue+0xf7/0x14c0 kernel/workqueue.c:2771 but task is already holding lock: ffff8880a3542178 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock lib/refcount.c:319 [inline] ffff8880a3542178 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock+0x56/0x90 lib/refcount.c:314 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&nbd->config_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x156/0x13c0 kernel/locking/mutex.c:1103 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118 refcount_dec_and_mutex_lock lib/refcount.c:319 [inline] refcount_dec_and_mutex_lock+0x56/0x90 lib/refcount.c:314 nbd_config_put+0x31/0x870 drivers/block/nbd.c:1159 recv_work+0x19b/0x200 drivers/block/nbd.c:787 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 -> #1 ((work_completion)(&args->work)){+.+.}: process_one_work+0x91c/0x1740 kernel/workqueue.c:2245 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 -> #0 ((wq_completion)knbd2-recv){+.+.}: check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 flush_workqueue+0x126/0x14c0 kernel/workqueue.c:2774 drain_workqueue+0x1b4/0x470 kernel/workqueue.c:2939 destroy_workqueue+0x21/0x700 kernel/workqueue.c:4329 nbd_config_put+0x3dd/0x870 drivers/block/nbd.c:1181 nbd_release+0x103/0x150 drivers/block/nbd.c:1460 __blkdev_put+0x4d1/0x810 fs/block_dev.c:1867 blkdev_put+0x98/0x560 fs/block_dev.c:1929 blkdev_close+0x8b/0xb0 fs/block_dev.c:1936 __fput+0x2ff/0x890 fs/file_table.c:280 ____fput+0x16/0x20 fs/file_table.c:313 task_work_run+0x145/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:274 [inline] do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: (wq_completion)knbd2-recv --> (work_completion)(&args->work) --> &nbd->config_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&nbd->config_lock); lock((work_completion)(&args->work)); lock(&nbd->config_lock); lock((wq_completion)knbd2-recv); *** DEADLOCK *** 2 locks held by syz-executor.2/30491: #0: ffff88805dc076f8 (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xbb/0x810 fs/block_dev.c:1854 #1: ffff8880a3542178 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock lib/refcount.c:319 [inline] #1: ffff8880a3542178 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock+0x56/0x90 lib/refcount.c:314 stack backtrace: CPU: 0 PID: 30491 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_circular_bug.isra.0.cold+0x163/0x172 kernel/locking/lockdep.c:1685 check_noncircular+0x32e/0x3e0 kernel/locking/lockdep.c:1809 check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 flush_workqueue+0x126/0x14c0 kernel/workqueue.c:2774 drain_workqueue+0x1b4/0x470 kernel/workqueue.c:2939 destroy_workqueue+0x21/0x700 kernel/workqueue.c:4329 nbd_config_put+0x3dd/0x870 drivers/block/nbd.c:1181 nbd_release+0x103/0x150 drivers/block/nbd.c:1460 __blkdev_put+0x4d1/0x810 fs/block_dev.c:1867 blkdev_put+0x98/0x560 fs/block_dev.c:1929 blkdev_close+0x8b/0xb0 fs/block_dev.c:1936 __fput+0x2ff/0x890 fs/file_table.c:280 ____fput+0x16/0x20 fs/file_table.c:313 task_work_run+0x145/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:274 [inline] do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413741 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffea26dc760 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413741 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 RBP: 0000000000000001 R08: ffffffff8100a2f4 R09: 00000000feffb0df R10: 00007ffea26dc840 R11: 0000000000000293 R12: 000000000075c9a0 R13: 000000000075c9a0 R14: 0000000000760f30 R15: 000000000075bfd4