======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc2-next-20241210 #1 Not tainted
------------------------------------------------------
syz-executor.2/147515 is trying to acquire lock:
ffff88800e6786e8 (&q->limits_lock){+.+.}-{4:4}, at: loop_reconfigure_limits+0x2b5/0x8d0

but task is already holding lock:
ffff88800e6780a8 (&q->q_usage_counter(io)#6){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #10 (&q->q_usage_counter(io)#6){++++}-{0:0}:
       blk_mq_submit_bio+0x1ece/0x2590
       __submit_bio+0x180/0x490
       submit_bio_noacct_nocheck+0x63c/0xcd0
       submit_bio_noacct+0x3b3/0x13d0
       mpage_readahead+0x41a/0x590
       read_pages+0x198/0xb10
       page_cache_ra_unbounded+0x353/0x670
       force_page_cache_ra+0x259/0x370
       page_cache_sync_ra+0x123/0xa90
       filemap_get_pages+0x329/0x1880
       filemap_read+0x389/0xbc0
       blkdev_read_iter+0x18a/0x480
       vfs_read+0x861/0xbd0
       ksys_read+0x122/0x240
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #9 (mapping.invalidate_lock#2){.+.+}-{4:4}:
       down_read+0x9a/0x320
       filemap_fault+0xb83/0x27f0
       __do_fault+0x10d/0x480
       __handle_mm_fault+0x1224/0x2d50
       handle_mm_fault+0x2b4/0x6a0
       __get_user_pages+0x59d/0x33d0
       populate_vma_page_range+0x287/0x3b0
       __mm_populate+0x101/0x3a0
       vm_mmap_pgoff+0x2c0/0x390
       ksys_mmap_pgoff+0x3d7/0x520
       __x64_sys_mmap+0x127/0x190
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #8 (&mm->mmap_lock){++++}-{4:4}:
       __might_fault+0x110/0x190
       _copy_from_user+0x2b/0xd0
       memdup_user+0x72/0xd0
       strndup_user+0x78/0xe0
       _perf_ioctl+0x4b0/0x2030
       perf_ioctl+0x74/0xb0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #7 (&cpuctx_mutex){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       perf_event_init_cpu+0x302/0x760
       perf_event_init+0x509/0x720
       start_kernel+0x265/0x530
       x86_64_start_reservations+0x18/0x30
       x86_64_start_kernel+0xcb/0xe0
       common_startup_64+0x12c/0x138

-> #6 (pmus_lock){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       perf_event_init_cpu+0xc3/0x760
       cpuhp_invoke_callback+0x3b9/0x9a0
       __cpuhp_invoke_callback_range+0x104/0x220
       _cpu_up+0x1d7/0x2a0
       cpu_up+0x123/0x190
       cpuhp_bringup_mask+0xd2/0x1f0
       bringup_nonboot_cpus+0x169/0x1b0
       smp_init+0x32/0x160
       kernel_init_freeable+0x394/0x7a0
       kernel_init+0x1e/0x2d0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #5 (cpu_hotplug_lock){++++}-{0:0}:
       cpus_read_lock+0x42/0x160
       __static_call_update+0x8b/0x630
       tracepoint_add_func+0xab9/0xec0
       tracepoint_probe_register+0xa5/0xf0
       trace_event_reg+0x297/0x350
       perf_trace_event_init+0x51d/0xa30
       perf_trace_init+0x1a4/0x2f0
       perf_tp_event_init+0xa6/0x120
       perf_try_init_event+0x13a/0xc40
       perf_event_alloc.part.0+0x10a6/0x3d80
       __do_sys_perf_event_open+0x628/0x2b00
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #4 (tracepoints_mutex){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       tracepoint_probe_register+0x7c/0xf0
       blk_register_tracepoints+0x1b/0x3c0
       do_blk_trace_setup+0xa28/0xc70
       blk_trace_setup+0xdd/0x1b0
       sg_ioctl+0x69f/0x26b0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #3 (blk_probe_mutex){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       do_blk_trace_setup+0x798/0xc70
       blk_trace_setup+0xdd/0x1b0
       sg_ioctl+0x69f/0x26b0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (&q->debugfs_mutex){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       blk_mq_init_sched+0x429/0x670
       elevator_init_mq+0x299/0x3d0
       add_disk_fwnode+0x113/0x1310
       sd_probe+0xa82/0xf20
       really_probe+0x240/0x820
       __driver_probe_device+0x2c4/0x380
       driver_probe_device+0x4e/0x2a0
       __device_attach_driver+0x1d4/0x390
       bus_for_each_drv+0x14c/0x1d0
       __device_attach_async_helper+0x1d1/0x260
       async_run_entry_fn+0x91/0x290
       process_one_work+0x8ee/0x1a10
       worker_thread+0x674/0xe70
       kthread+0x2c2/0x3a0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #1 (&q->q_usage_counter(queue)){++++}-{0:0}:
       blk_queue_enter+0x4d0/0x600
       blk_mq_alloc_request+0x1cd/0x250
       scsi_execute_cmd+0x20a/0xe80
       read_capacity_16+0x1eb/0xe60
       sd_revalidate_disk.isra.0+0x177c/0xa8a0
       sd_probe+0x8f9/0xf20
       really_probe+0x240/0x820
       __driver_probe_device+0x2c4/0x380
       driver_probe_device+0x4e/0x2a0
       __device_attach_driver+0x1d4/0x390
       bus_for_each_drv+0x14c/0x1d0
       __device_attach_async_helper+0x1d1/0x260
       async_run_entry_fn+0x91/0x290
       process_one_work+0x8ee/0x1a10
       worker_thread+0x674/0xe70
       kthread+0x2c2/0x3a0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #0 (&q->limits_lock){+.+.}-{4:4}:
       __lock_acquire+0x292a/0x4360
       lock_acquire.part.0+0xeb/0x320
       __mutex_lock+0x13d/0xac0
       loop_reconfigure_limits+0x2b5/0x8d0
       lo_ioctl+0xb9c/0x18f0
       blkdev_ioctl+0x27e/0x6d0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &q->limits_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#6

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#6);
                               lock(mapping.invalidate_lock#2);
                               lock(&q->q_usage_counter(io)#6);
  lock(&q->limits_lock);

 *** DEADLOCK ***

3 locks held by syz-executor.2/147515:
 #0: ffff88800b552360 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x6d5/0x18f0
 #1: ffff88800e6780a8 (&q->q_usage_counter(io)#6){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20
 #2: ffff88800e6780e0 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20

stack backtrace:
CPU: 1 UID: 0 PID: 147515 Comm: syz-executor.2 Not tainted 6.13.0-rc2-next-20241210 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xca/0x120
 print_circular_bug+0x47b/0x750
 check_noncircular+0x2e9/0x3c0
 __lock_acquire+0x292a/0x4360
 lock_acquire.part.0+0xeb/0x320
 __mutex_lock+0x13d/0xac0
 loop_reconfigure_limits+0x2b5/0x8d0
 lo_ioctl+0xb9c/0x18f0
 blkdev_ioctl+0x27e/0x6d0
 __x64_sys_ioctl+0x1a7/0x210
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4eb2a12b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4eaff88188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4eb2b25f60 RCX: 00007f4eb2a12b19
RDX: ffffffffffffffff RSI: 0000000000004c09 RDI: 0000000000000003
RBP: 00007f4eb2a6cf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc28870c9f R14: 00007f4eaff88300 R15: 0000000000022000
 </TASK>
Invalid logical block size (-1)
Invalid logical block size (-1)
Invalid logical block size (-1)
Invalid logical block size (-1)