====================================================== WARNING: possible circular locking dependency detected 6.16.0-syzkaller #0 Not tainted ------------------------------------------------------ kworker/0:6/5982 is trying to acquire lock: ffff88803129c358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 block/genhd.c:710 but task is already holding lock: ffff88802bc2c380 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 block/genhd.c:822 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1577 blk_mq_update_nr_hw_queues+0x3b/0x14c0 block/blk-mq.c:5041 nbd_start_device+0x16c/0xac0 drivers/block/nbd.c:1476 nbd_start_device_ioctl drivers/block/nbd.c:1527 [inline] __nbd_ioctl drivers/block/nbd.c:1602 [inline] nbd_ioctl+0x636/0xeb0 drivers/block/nbd.c:1642 blkdev_ioctl+0x5a8/0x6d0 block/ioctl.c:704 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&nbd->config_lock){+.+.}-{4:4}: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747 refcount_dec_and_mutex_lock+0x30/0xa0 lib/refcount.c:118 nbd_config_put+0x2c/0x790 drivers/block/nbd.c:1423 nbd_release+0xfe/0x140 drivers/block/nbd.c:1735 bdev_release+0x533/0x650 block/bdev.c:-1 blkdev_release+0x15/0x20 block/fops.c:684 __fput+0x449/0xa70 fs/file_table.c:465 fput_close_sync+0x119/0x200 fs/file_table.c:570 __do_sys_close fs/open.c:1589 [inline] __se_sys_close fs/open.c:1574 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1574 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&disk->open_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747 __del_gendisk+0x129/0x9e0 block/genhd.c:710 del_gendisk+0xe8/0x160 block/genhd.c:823 sd_remove+0x8d/0x110 drivers/scsi/sd.c:4066 device_remove drivers/base/dd.c:569 [inline] __device_release_driver drivers/base/dd.c:1272 [inline] device_release_driver_internal+0x4d9/0x7c0 drivers/base/dd.c:1295 bus_remove_device+0x34d/0x410 drivers/base/bus.c:579 device_del+0x511/0x8e0 drivers/base/core.c:3881 __scsi_remove_device+0x1a7/0x3b0 drivers/scsi/scsi_sysfs.c:1499 scsi_forget_host+0xd0/0x110 drivers/scsi/scsi_scan.c:2088 scsi_remove_host+0x1b7/0x710 drivers/scsi/hosts.c:181 quiesce_and_remove_host drivers/usb/storage/usb.c:949 [inline] usb_stor_disconnect+0x14f/0x1f0 drivers/usb/storage/usb.c:1186 usb_unbind_interface+0x26b/0x8f0 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:569 [inline] __device_release_driver drivers/base/dd.c:1272 [inline] device_release_driver_internal+0x4d9/0x7c0 drivers/base/dd.c:1295 bus_remove_device+0x34d/0x410 drivers/base/bus.c:579 device_del+0x511/0x8e0 drivers/base/core.c:3881 usb_disable_device+0x3e9/0x8a0 drivers/usb/core/message.c:1418 usb_disconnect+0x330/0x950 drivers/usb/core/hub.c:2344 hub_port_connect drivers/usb/core/hub.c:5406 [inline] hub_port_connect_change drivers/usb/core/hub.c:5706 [inline] port_event drivers/usb/core/hub.c:5870 [inline] hub_event+0x1cf5/0x4a20 drivers/usb/core/hub.c:5952 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(&set->update_nr_hwq_lock); lock(&nbd->config_lock); lock(&set->update_nr_hwq_lock); lock(&disk->open_mutex); *** DEADLOCK *** 8 locks held by kworker/0:6/5982: #0: ffff8880216a7148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline] #0: ffff8880216a7148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321 #1: ffffc9000a947bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline] #1: ffffc9000a947bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321 #2: ffff888027fa2198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline] #2: ffff888027fa2198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20 drivers/usb/core/hub.c:5898 #3: ffff8880645e6198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline] #3: ffff8880645e6198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950 drivers/usb/core/hub.c:2335 #4: ffff8880342a2160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline] #4: ffff8880342a2160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1094 [inline] #4: ffff8880342a2160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 drivers/base/dd.c:1292 #5: ffff88802bc2c0e0 (&shost->scan_mutex){+.+.}-{4:4}, at: scsi_remove_host+0x32/0x710 drivers/scsi/hosts.c:169 #6: ffff888077080380 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline] #6: ffff888077080380 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1094 [inline] #6: ffff888077080380 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 drivers/base/dd.c:1292 #7: ffff88802bc2c380 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 block/genhd.c:822 stack backtrace: CPU: 0 UID: 0 PID: 5982 Comm: kworker/0:6 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: usb_hub_wq hub_event Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2046 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2178 check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x182/0xe80 kernel/locking/mutex.c:747 __del_gendisk+0x129/0x9e0 block/genhd.c:710 del_gendisk+0xe8/0x160 block/genhd.c:823 sd_remove+0x8d/0x110 drivers/scsi/sd.c:4066 device_remove drivers/base/dd.c:569 [inline] __device_release_driver drivers/base/dd.c:1272 [inline] device_release_driver_internal+0x4d9/0x7c0 drivers/base/dd.c:1295 bus_remove_device+0x34d/0x410 drivers/base/bus.c:579 device_del+0x511/0x8e0 drivers/base/core.c:3881 __scsi_remove_device+0x1a7/0x3b0 drivers/scsi/scsi_sysfs.c:1499 scsi_forget_host+0xd0/0x110 drivers/scsi/scsi_scan.c:2088 scsi_remove_host+0x1b7/0x710 drivers/scsi/hosts.c:181 quiesce_and_remove_host drivers/usb/storage/usb.c:949 [inline] usb_stor_disconnect+0x14f/0x1f0 drivers/usb/storage/usb.c:1186 usb_unbind_interface+0x26b/0x8f0 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:569 [inline] __device_release_driver drivers/base/dd.c:1272 [inline] device_release_driver_internal+0x4d9/0x7c0 drivers/base/dd.c:1295 bus_remove_device+0x34d/0x410 drivers/base/bus.c:579 device_del+0x511/0x8e0 drivers/base/core.c:3881 usb_disable_device+0x3e9/0x8a0 drivers/usb/core/message.c:1418 usb_disconnect+0x330/0x950 drivers/usb/core/hub.c:2344 hub_port_connect drivers/usb/core/hub.c:5406 [inline] hub_port_connect_change drivers/usb/core/hub.c:5706 [inline] port_event drivers/usb/core/hub.c:5870 [inline] hub_event+0x1cf5/0x4a20 drivers/usb/core/hub.c:5952 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 usb 5-1: new high-speed USB device number 43 using dummy_hcd usb 5-1: Using ep0 maxpacket: 16 usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 usb 5-1: Product: syz usb 5-1: Manufacturer: syz usb 5-1: SerialNumber: syz usb 5-1: config 0 descriptor?? usb 5-1: NFC: intf ffff88802a66b000 id ffffffff8eb3fac0 nfcmrvl 5-1:0.0: NFC: registered with nci successfully usb 5-1: USB disconnect, device number 43 usb 5-1: NFC: intf ffff88802a66b000