bisecting fixing commit since 3af409ca278d4a8d50e91f9f7c4c33b175645cf3
building syzkaller on 3e5ed8b45e7a561d6344a4d3d7bf3bfb8f24a7b3
testing commit 3af409ca278d4a8d50e91f9f7c4c33b175645cf3 with gcc (GCC) 10.2.1 20210217
kernel signature: 20c455d8a58ab564b3d2acb25c1b998aa7a1929f4ff4fed292c78b6985cb6102
run #0: crashed: KASAN: use-after-free Read in nbd_release
run #1: crashed: KASAN: use-after-free Read in nbd_release
run #2: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #3: crashed: WARNING: refcount bug in nbd_config_put
run #4: crashed: KASAN: use-after-free Write in nbd_release
run #5: crashed: WARNING: refcount bug in nbd_config_put
run #6: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #7: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #8: crashed: WARNING: refcount bug in nbd_config_put
run #9: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #10: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #11: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #12: crashed: KASAN: use-after-free Read in nbd_release
run #13: crashed: WARNING: refcount bug in nbd_config_put
run #14: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #15: crashed: KASAN: use-after-free Write in nbd_release
run #16: crashed: WARNING: refcount bug in nbd_config_put
run #17: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #18: crashed: KASAN: use-after-free Read in nbd_genl_connect
run #19: crashed: WARNING: refcount bug in nbd_config_put
testing current HEAD 297c4de6f780b63b6d2af75a730720483bf1904a
testing commit 297c4de6f780b63b6d2af75a730720483bf1904a with gcc (GCC) 10.2.1 20210217
kernel signature: d130d4e6382bf8cd86c19ef1b79ba6d9894194de76cb7e013754672d8f061a73
all runs: crashed: possible deadlock in del_gendisk
revisions tested: 2, total time: 21m22.437577264s (build: 13m29.154032651s, test: 7m5.434466275s)
the crash still happens on HEAD
commit msg: net: dsa: felix: re-enable TAS guard band mode
crash: possible deadlock in del_gendisk
============================================
WARNING: possible recursive locking detected
5.12.0-syzkaller #0 Not tainted
--------------------------------------------
systemd-udevd/10152 is trying to acquire lock:
ffff8881423380a0 (&bdev->bd_mutex){+.+.}-{3:3}, at: del_gendisk+0x225/0x960 block/genhd.c:618

but task is already holding lock:
ffff8881423380a0 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_put+0xd7/0x670 fs/block_dev.c:1571

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&bdev->bd_mutex);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by systemd-udevd/10152:
 #0: ffff8881423380a0
 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_put+0xd7/0x670 fs/block_dev.c:1571
 #1: ffffffff8b3f3e88 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock lib/refcount.c:118 [inline]
 #1: ffffffff8b3f3e88 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x2b/0xd0 lib/refcount.c:113
 #2: ffffffff8b184770 (bdev_lookup_sem){++++}-{3:3}, at: del_gendisk+0x1f7/0x960 block/genhd.c:616

stack backtrace:
CPU: 0 PID: 10152 Comm: systemd-udevd Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x93/0xc2 lib/dump_stack.c:120
 print_deadlock_bug kernel/locking/lockdep.c:2831 [inline]
 check_deadlock kernel/locking/lockdep.c:2874 [inline]
 validate_chain kernel/locking/lockdep.c:3663 [inline]
 __lock_acquire.cold+0x149/0x399 kernel/locking/lockdep.c:4902
 lock_acquire kernel/locking/lockdep.c:5512 [inline]
 lock_acquire+0x1ab/0x730 kernel/locking/lockdep.c:5477
 __mutex_lock_common kernel/locking/mutex.c:949 [inline]
 __mutex_lock+0x139/0x1120 kernel/locking/mutex.c:1096
 del_gendisk+0x225/0x960 block/genhd.c:618
 nbd_dev_remove drivers/block/nbd.c:226 [inline]
 nbd_put.part.0+0xa4/0x1b0 drivers/block/nbd.c:250
 __blkdev_put+0x4f8/0x670 fs/block_dev.c:1585
 blkdev_put+0x75/0x480 fs/block_dev.c:1638
 blkdev_close+0x8b/0xd0 fs/block_dev.c:1646
 __fput+0x209/0x870 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x272/0x280 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:301
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fc1802a9270
Code: 73 01 c3 48 8b 0d 38 7d 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 59 c1 20 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ee fb ff ff 48 89 04 24
RSP: 002b:00007ffdb8717f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fc1802a9270
RDX: 000000000aba9500 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007fc181163710 R08: 000000000000004a R09: 0000000000000008
R10: 000055d788a0c758 R11: 0000000000000246 R12: 0000000000000000
R13: 000055d788a0f880 R14: 0000000000000003 R15: 000000000000000e