======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.2.19/5964 is trying to acquire lock:
ffffffff8e025728 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x286/0x1720 mm/percpu.c:1782

but task is already holding lock:
ffff8881098758f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10 drivers/block/nbd.c:1492

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       blk_alloc_queue+0x538/0x620 block/blk-core.c:461
       blk_mq_alloc_queue block/blk-mq.c:4399 [inline]
       __blk_mq_alloc_disk+0x15c/0x340 block/blk-mq.c:4446
       nbd_dev_add+0x46c/0xae0 drivers/block/nbd.c:1957
       nbd_init+0x1c6/0x240 drivers/block/nbd.c:2702
       do_one_initcall+0x236/0x820 init/main.c:1283
       do_initcall_level+0x104/0x190 init/main.c:1345
       do_initcalls+0x59/0xa0 init/main.c:1361
       kernel_init_freeable+0x334/0x4b0 init/main.c:1593
       kernel_init+0x1d/0x1d0 init/main.c:1483
       ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #1 (fs_reclaim){+.+.}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __fs_reclaim_acquire mm/page_alloc.c:4306 [inline]
       fs_reclaim_acquire+0x72/0x100 mm/page_alloc.c:4320
       might_alloc include/linux/sched/mm.h:317 [inline]
       prepare_alloc_pages+0x152/0x650 mm/page_alloc.c:4983
       __alloc_frozen_pages_noprof+0x123/0x370 mm/page_alloc.c:5199
       __alloc_pages_noprof+0xa/0x30 mm/page_alloc.c:5244
       __alloc_pages_node_noprof include/linux/gfp.h:285 [inline]
       alloc_pages_node_noprof include/linux/gfp.h:312 [inline]
       pcpu_alloc_pages mm/percpu-vm.c:95 [inline]
       pcpu_populate_chunk+0x182/0xb30 mm/percpu-vm.c:285
       pcpu_alloc_noprof+0xcbf/0x1720 mm/percpu.c:1870
       xt_percpu_counter_alloc+0x161/0x220 net/netfilter/x_tables.c:1934
       find_check_entry net/ipv4/netfilter/ip_tables.c:526 [inline]
       translate_table+0x12e9/0x2000 net/ipv4/netfilter/ip_tables.c:716
       ipt_register_table+0x106/0x7c0 net/ipv4/netfilter/ip_tables.c:1742
       iptable_filter_table_init+0x75/0xb0 net/ipv4/netfilter/iptable_filter.c:49
       xt_find_table_lock+0x30c/0x3e0 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x26/0x100 net/netfilter/x_tables.c:1285
       get_info net/ipv4/netfilter/ip_tables.c:963 [inline]
       do_ipt_get_ctl+0x730/0x1180 net/ipv4/netfilter/ip_tables.c:1659
       nf_getsockopt+0x26e/0x290 net/netfilter/nf_sockopt.c:116
       ip_getsockopt+0x1c4/0x220 net/ipv4/ip_sockglue.c:1777
       do_sock_getsockopt+0x372/0x450 net/socket.c:2421
       __sys_getsockopt net/socket.c:2450 [inline]
       __do_sys_getsockopt net/socket.c:2457 [inline]
       __se_sys_getsockopt net/socket.c:2454 [inline]
       __x64_sys_getsockopt+0x1a5/0x250 net/socket.c:2454
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __mutex_lock_common kernel/locking/mutex.c:598 [inline]
       __mutex_lock+0x187/0x1350 kernel/locking/mutex.c:760
       pcpu_alloc_noprof+0x286/0x1720 mm/percpu.c:1782
       init_alloc_hint lib/sbitmap.c:16 [inline]
       sbitmap_init_node+0x1e1/0x640 lib/sbitmap.c:126
       sbitmap_queue_init_node+0x3e/0x4d0 lib/sbitmap.c:454
       bt_alloc block/blk-mq-tag.c:546 [inline]
       blk_mq_init_tags+0x15c/0x2d0 block/blk-mq-tag.c:571
       blk_mq_alloc_rq_map block/blk-mq.c:3534 [inline]
       blk_mq_alloc_map_and_rqs+0xbb/0x9c0 block/blk-mq.c:4097
       __blk_mq_alloc_map_and_rqs block/blk-mq.c:4119 [inline]
       blk_mq_realloc_tag_set_tags block/blk-mq.c:4758 [inline]
       __blk_mq_update_nr_hw_queues block/blk-mq.c:5081 [inline]
       blk_mq_update_nr_hw_queues+0xa90/0x1ae0 block/blk-mq.c:5133
       nbd_start_device+0x17f/0xb10 drivers/block/nbd.c:1492
       nbd_genl_connect+0x135b/0x18f0 drivers/block/nbd.c:2242
       genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
       genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
       genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
       netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552
       genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
       netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
       netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1346
       netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
       sock_sendmsg_nosec net/socket.c:727 [inline]
       __sock_sendmsg+0x21c/0x270 net/socket.c:742
       ____sys_sendmsg+0x505/0x830 net/socket.c:2630
       ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
       __sys_sendmsg net/socket.c:2716 [inline]
       __do_sys_sendmsg net/socket.c:2721 [inline]
       __se_sys_sendmsg net/socket.c:2719 [inline]
       __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#49

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#49);
                               lock(fs_reclaim);
                               lock(&q->q_usage_counter(io)#49);
  lock(pcpu_alloc_mutex);

 *** DEADLOCK ***

6 locks held by syz.2.19/5964:
 #0: ffffffff8f332690 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8f3324a8 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff8f3324a8 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff8f3324a8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 net/netlink/genetlink.c:1209
 #2: ffff8881099319c8 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa7/0x1ae0 block/blk-mq.c:5131
 #3: ffff8881099318d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xba/0x1ae0 block/blk-mq.c:5132
 #4: ffff8881098758f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10 drivers/block/nbd.c:1492
 #5: ffff888109875930 (&q->q_usage_counter(queue)#33){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10 drivers/block/nbd.c:1492

stack backtrace:
CPU: 1 UID: 0 PID: 5964 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __mutex_lock_common kernel/locking/mutex.c:598 [inline]
 __mutex_lock+0x187/0x1350 kernel/locking/mutex.c:760
 pcpu_alloc_noprof+0x286/0x1720 mm/percpu.c:1782
 init_alloc_hint lib/sbitmap.c:16 [inline]
 sbitmap_init_node+0x1e1/0x640 lib/sbitmap.c:126
 sbitmap_queue_init_node+0x3e/0x4d0 lib/sbitmap.c:454
 bt_alloc block/blk-mq-tag.c:546 [inline]
 blk_mq_init_tags+0x15c/0x2d0 block/blk-mq-tag.c:571
 blk_mq_alloc_rq_map block/blk-mq.c:3534 [inline]
 blk_mq_alloc_map_and_rqs+0xbb/0x9c0 block/blk-mq.c:4097
 __blk_mq_alloc_map_and_rqs block/blk-mq.c:4119 [inline]
 blk_mq_realloc_tag_set_tags block/blk-mq.c:4758 [inline]
 __blk_mq_update_nr_hw_queues block/blk-mq.c:5081 [inline]
 blk_mq_update_nr_hw_queues+0xa90/0x1ae0 block/blk-mq.c:5133
 nbd_start_device+0x17f/0xb10 drivers/block/nbd.c:1492
 nbd_genl_connect+0x135b/0x18f0 drivers/block/nbd.c:2242
 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x21c/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x830 net/socket.c:2630
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbb5158f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbb52474038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fbb517e5fa0 RCX: 00007fbb5158f749
RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
RBP: 00007fbb51613f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbb517e6038 R14: 00007fbb517e5fa0 R15: 00007fff5f2a8ae8
 </TASK>
