last executing test programs:

54.265907277s ago: executing program 1 (id=5):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25d7dbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x10, 0x8, 0x8, 0x8, 0x81}, 0x103, 0x0, 0x7, 0x7, 0x7, 0xa, 0x12, 0x7, 0x7, 0x3, {0x3, 0x2, 0x3, 0x35db, 0x2, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40188c0}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r6, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r4)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r3, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="27030200000314000e00003c000300000000ff8400000000000000000000000000010000000085dc9d9839dc1336", 0x2e}], 0x1}, 0x4005)

44.303866907s ago: executing program 0 (id=7):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x70bd2c, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x55ebfcb85e78e904}, 0x4)

37.180897144s ago: executing program 1 (id=8):
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0xfffd, 0x0, 0x9, 0x7}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa4, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

35.742591426s ago: executing program 0 (id=9):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x10}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1d4}, 0x8840)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0, 0x34}], 0x1}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)

29.390254249s ago: executing program 1 (id=10):
r0 = io_uring_setup(0x8d7, &(0x7f0000000240)={0x0, 0x50e, 0x800, 0x1, 0x221})
r1 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), r1)
close_range(r0, 0xffffffffffffffff, 0x0)

27.265267721s ago: executing program 0 (id=11):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x4206, r0)
ptrace(0x4208, r0)
ptrace$peek(0xffffffffffffffff, r0, 0x0)

18.062911867s ago: executing program 1 (id=12):
eventfd2(0xbfb, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f00000006c0)='ns/uts\x00')
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

12.078205659s ago: executing program 0 (id=13):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000680)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0x4c841}, 0x802)

8.890214492s ago: executing program 1 (id=14):
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {0x0, 0x6}, {0xffe0, 0xa}, {0x1, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x50, 0x5, 0x9, 0x8000, 0x0, 0xab93}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x55}, 0xc010)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

6.189913956s ago: executing program 0 (id=15):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYBLOB='\a'], 0x10)
close(0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000003840)=[{{0x0, 0x0, 0x0}}], 0x1, 0xc4)

175.10029ms ago: executing program 0 (id=16):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000000209000200737997310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20004000)

0s ago: executing program 1 (id=17):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000000000000001, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x8000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xfffffffffffffff3)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
prctl$PR_SET_MM(0x22, 0x0, &(0x7f0000000000/0x4000)=nil)
close_range(r2, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:22054' (ED25519) to the list of known hosts.
syzkaller login: [  592.570560][ T3197] cgroup: Unknown subsys name 'net'
[  593.721686][ T3197] cgroup: Unknown subsys name 'cpuset'
[  593.930124][ T3197] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  671.054402][ T3197] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  808.558451][ T3206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  809.023813][ T3206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  809.148612][ T3204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  809.909327][ T3204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  828.140799][ T3204] hsr_slave_0: entered promiscuous mode
[  828.234061][ T3204] hsr_slave_1: entered promiscuous mode
[  828.563947][ T3206] hsr_slave_0: entered promiscuous mode
[  828.641692][ T3206] hsr_slave_1: entered promiscuous mode
[  828.674856][ T3206] debugfs: 'hsr0' already exists in 'hsr'
[  828.681565][ T3206] Cannot create hsr debugfs directory
[  843.212023][ T3204] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  843.519969][ T3204] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  843.778403][ T3204] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  844.132625][ T3204] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  846.053122][ T3206] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  847.020258][ T3206] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  847.192838][ T3206] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  847.389678][ T3206] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  863.684368][ T3204] 8021q: adding VLAN 0 to HW filter on device bond0
[  865.727241][ T3206] 8021q: adding VLAN 0 to HW filter on device bond0
[  935.512371][ T3204] veth0_vlan: entered promiscuous mode
[  936.669476][ T3206] veth0_vlan: entered promiscuous mode
[  937.170812][ T3204] veth1_vlan: entered promiscuous mode
[  937.566223][ T3206] veth1_vlan: entered promiscuous mode
[  940.111515][ T3204] veth0_macvtap: entered promiscuous mode
[  940.829826][ T3204] veth1_macvtap: entered promiscuous mode
[  942.212265][ T3206] veth0_macvtap: entered promiscuous mode
[  943.781012][ T3206] veth1_macvtap: entered promiscuous mode
[  946.844393][ T3761] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  947.146442][ T3761] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  947.308715][ T3761] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  947.471684][   T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  949.790114][ T3761] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  949.909031][ T3761] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  950.000613][ T3761] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  950.050375][ T3761] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  957.134611][ T3204] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  957.134603][ T3206] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  971.998692][ T3825] nbd: must specify a size in bytes for the device
[  978.073748][ T3829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3'.
[  978.261930][    C1] vcan0: j1939_tp_rxtimer: 0xffffaf801a136000: rx timeout, send abort
[  996.078235][ T3841] syzkaller0: entered promiscuous mode
[  996.082164][ T3841] syzkaller0: entered allmulticast mode
[ 1006.020604][ T3857] nbd: must specify a size in bytes for the device
[ 1010.214605][ T3859] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1027.320244][   T31] audit: type=1326 audit(1023.870:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3865 comm="syz.0.11" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff88d33282 code=0x0
[ 1049.745078][ T3884] 
[ 1049.746409][ T3884] ======================================================
[ 1049.747431][ T3884] WARNING: possible circular locking dependency detected
[ 1049.749198][ T3884] syzkaller #0 Not tainted
[ 1049.750627][ T3884] ------------------------------------------------------
[ 1049.751742][ T3884] syz.1.17/3884 is trying to acquire lock:
[ 1049.752973][ T3884] ffffffff88780f08 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x20a/0x2204
[ 1049.758731][ T3884] 
[ 1049.758731][ T3884] but task is already holding lock:
[ 1049.760012][ T3884] ffffaf801aa3afe0 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4
[ 1049.764378][ T3884] 
[ 1049.764378][ T3884] which lock already depends on the new lock.
[ 1049.764378][ T3884] 
[ 1049.766865][ T3884] 
[ 1049.766865][ T3884] the existing dependency chain (in reverse order) is:
[ 1049.768199][ T3884] 
[ 1049.768199][ T3884] -> #2 (&q->q_usage_counter(io)#20){++++}-{0:0}:
[ 1049.771148][ T3884]        lock_acquire+0x1d2/0x44c
[ 1049.773005][ T3884]        blk_alloc_queue+0x5b4/0x6c0
[ 1049.774382][ T3884]        blk_mq_alloc_queue+0x15e/0x250
[ 1049.775961][ T3884]        __blk_mq_alloc_disk+0x2a/0xd8
[ 1049.777664][ T3884]        nbd_dev_add+0x426/0xaec
[ 1049.779068][ T3884]        nbd_init+0x3d4/0x3f8
[ 1049.780725][ T3884]        do_one_initcall+0x194/0xaa0
[ 1049.782019][ T3884]        kernel_init_freeable+0x6ca/0x78c
[ 1049.783289][ T3884]        kernel_init+0x28/0x240
[ 1049.784773][ T3884]        ret_from_fork_kernel+0x2a/0xbbc
[ 1049.786153][ T3884]        ret_from_fork_kernel_asm+0x16/0x18
[ 1049.787827][ T3884] 
[ 1049.787827][ T3884] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 1049.790043][ T3884]        lock_acquire+0x1d2/0x44c
[ 1049.791357][ T3884]        fs_reclaim_acquire+0xc6/0x100
[ 1049.793106][ T3884]        prepare_alloc_pages+0x146/0x51c
[ 1049.794577][ T3884]        __alloc_frozen_pages_noprof+0x158/0x20c8
[ 1049.796324][ T3884]        __alloc_pages_noprof+0xe/0x138
[ 1049.797785][ T3884]        pcpu_populate_chunk+0x16c/0xd00
[ 1049.799283][ T3884]        pcpu_alloc_noprof+0x50e/0x2204
[ 1049.800822][ T3884]        xt_percpu_counter_alloc+0x138/0x194
[ 1049.802322][ T3884]        find_check_entry.isra.0+0xe8/0x880
[ 1049.803627][ T3884]        translate_table+0xb0c/0x142c
[ 1049.804921][ T3884]        ip6t_register_table+0x11a/0x3f8
[ 1049.806331][ T3884]        ip6table_mangle_table_init+0x46/0x70
[ 1049.808650][ T3884]        xt_find_table_lock+0x294/0x4c0
[ 1049.810159][ T3884]        xt_request_find_table_lock+0x28/0xfc
[ 1049.811749][ T3884]        get_info+0x164/0x52c
[ 1049.813001][ T3884]        do_ip6t_get_ctl+0x16a/0x900
[ 1049.814243][ T3884]        nf_getsockopt+0x6e/0xd4
[ 1049.815794][ T3884]        ipv6_getsockopt+0x412/0x954
[ 1049.817057][ T3884]        tcp_getsockopt+0x84/0xd8
[ 1049.818346][ T3884]        sock_common_getsockopt+0x86/0xb8
[ 1049.819688][ T3884]        do_sock_getsockopt+0x34e/0x5d4
[ 1049.821188][ T3884]        __sys_getsockopt+0xd6/0x170
[ 1049.822669][ T3884]        __riscv_sys_getsockopt+0xa6/0x114
[ 1049.824261][ T3884]        syscall_handler+0x92/0x114
[ 1049.825983][ T3884]        do_trap_ecall_u+0x3d2/0x58c
[ 1049.827454][ T3884]        handle_exception+0x15e/0x16a
[ 1049.829206][ T3884] 
[ 1049.829206][ T3884] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
[ 1049.831489][ T3884]        check_noncircular+0x138/0x14c
[ 1049.832869][ T3884]        __lock_acquire+0xe9c/0x25ac
[ 1049.834059][ T3884]        lock_acquire+0x1d2/0x44c
[ 1049.835302][ T3884]        __mutex_lock+0x164/0x1890
[ 1049.836685][ T3884]        _mutex_lock_killable+0x16/0x20
[ 1049.837980][ T3884]        pcpu_alloc_noprof+0x20a/0x2204
[ 1049.839436][ T3884]        sbitmap_init_node+0x298/0x748
[ 1049.840769][ T3884]        sbitmap_queue_init_node+0x3a/0x3fc
[ 1049.842140][ T3884]        blk_mq_init_tags+0x15a/0x2d8
[ 1049.843500][ T3884]        blk_mq_alloc_map_and_rqs+0x1d2/0xda8
[ 1049.845082][ T3884]        blk_mq_update_nr_hw_queues+0xa4a/0x11e4
[ 1049.846584][ T3884]        nbd_start_device+0x156/0xb74
[ 1049.847899][ T3884]        nbd_ioctl+0x4b4/0xbd4
[ 1049.850666][ T3884]        blkdev_ioctl+0x4cc/0x12e4
[ 1049.852289][ T3884]        __riscv_sys_ioctl+0x17c/0x1e4
[ 1049.853655][ T3884]        syscall_handler+0x92/0x114
[ 1049.854942][ T3884]        do_trap_ecall_u+0x3d2/0x58c
[ 1049.856590][ T3884]        handle_exception+0x15e/0x16a
[ 1049.858043][ T3884] 
[ 1049.858043][ T3884] other info that might help us debug this:
[ 1049.858043][ T3884] 
[ 1049.859326][ T3884] Chain exists of:
[ 1049.859326][ T3884]   pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#20
[ 1049.859326][ T3884] 
[ 1049.862689][ T3884]  Possible unsafe locking scenario:
[ 1049.862689][ T3884] 
[ 1049.863742][ T3884]        CPU0                    CPU1
[ 1049.864672][ T3884]        ----                    ----
[ 1049.865667][ T3884]   lock(&q->q_usage_counter(io)#20);
[ 1049.867358][ T3884]                                lock(fs_reclaim);
[ 1049.869385][ T3884]                                lock(&q->q_usage_counter(io)#20);
[ 1049.872623][ T3884]   lock(pcpu_alloc_mutex);
[ 1049.874864][ T3884] 
[ 1049.874864][ T3884]  *** DEADLOCK ***
[ 1049.874864][ T3884] 
[ 1049.876752][ T3884] 4 locks held by syz.1.17/3884:
[ 1049.878587][ T3884]  #0: ffffaf801a8b91d0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x9e/0x11e4
[ 1049.882081][ T3884]  #1: ffffaf801a8b90d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb2/0x11e4
[ 1049.885334][ T3884]  #2: ffffaf801aa3afe0 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4
[ 1049.888957][ T3884]  #3: ffffaf801aa3b018 (&q->q_usage_counter(queue)#4){+.+.}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4
[ 1049.892832][ T3884] 
[ 1049.892832][ T3884] stack backtrace:
[ 1049.894517][ T3884] CPU: 0 UID: 0 PID: 3884 Comm: syz.1.17 Not tainted syzkaller #0 PREEMPT 
[ 1049.895398][ T3884] Hardware name: riscv-virtio,qemu (DT)
[ 1049.896075][ T3884] Call Trace:
[ 1049.896488][ T3884] [<ffffffff8007afc2>] dump_backtrace+0x2e/0x3c
[ 1049.897224][ T3884] [<ffffffff800032f8>] show_stack+0x30/0x3c
[ 1049.897785][ T3884] [<ffffffff80060e34>] dump_stack_lvl+0x114/0x1ac
[ 1049.898600][ T3884] [<ffffffff80060ee8>] dump_stack+0x1c/0x28
[ 1049.899436][ T3884] [<ffffffff802d9bfc>] print_circular_bug+0x250/0x29c
[ 1049.900088][ T3884] [<ffffffff802d9d80>] check_noncircular+0x138/0x14c
[ 1049.900658][ T3884] [<ffffffff802dcbac>] __lock_acquire+0xe9c/0x25ac
[ 1049.901391][ T3884] [<ffffffff802de48e>] lock_acquire+0x1d2/0x44c
[ 1049.901963][ T3884] [<ffffffff863a7134>] __mutex_lock+0x164/0x1890
[ 1049.902615][ T3884] [<ffffffff863a88ae>] _mutex_lock_killable+0x16/0x20
[ 1049.903294][ T3884] [<ffffffff80947596>] pcpu_alloc_noprof+0x20a/0x2204
[ 1049.904120][ T3884] [<ffffffff81a8db28>] sbitmap_init_node+0x298/0x748
[ 1049.904751][ T3884] [<ffffffff81a8e012>] sbitmap_queue_init_node+0x3a/0x3fc
[ 1049.905442][ T3884] [<ffffffff8160f54a>] blk_mq_init_tags+0x15a/0x2d8
[ 1049.906168][ T3884] [<ffffffff81603916>] blk_mq_alloc_map_and_rqs+0x1d2/0xda8
[ 1049.906860][ T3884] [<ffffffff81607636>] blk_mq_update_nr_hw_queues+0xa4a/0x11e4
[ 1049.907569][ T3884] [<ffffffff82c9dc9e>] nbd_start_device+0x156/0xb74
[ 1049.908357][ T3884] [<ffffffff82c9eb70>] nbd_ioctl+0x4b4/0xbd4
[ 1049.909184][ T3884] [<ffffffff8162013c>] blkdev_ioctl+0x4cc/0x12e4
[ 1049.909990][ T3884] [<ffffffff80ca9130>] __riscv_sys_ioctl+0x17c/0x1e4
[ 1049.910707][ T3884] [<ffffffff80078192>] syscall_handler+0x92/0x114
[ 1049.911446][ T3884] [<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c
[ 1049.912313][ T3884] [<ffffffff863bb61e>] handle_exception+0x15e/0x16a
[ 1050.078814][   T31] audit: type=1326 audit(1046.670:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3883 comm="syz.1.17" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffab933282 code=0x0
[ 1051.072750][  T869] block nbd1: Receive control failed (result -32)
[ 1051.081619][  T869] block nbd1: Receive control failed (result -32)
[ 1051.111194][ T3884] block nbd1: shutting down sockets