====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc2-next-20241211 #1 Not tainted ------------------------------------------------------ syz-executor.7/49751 is trying to acquire lock: ffff88803b919a48 (&q->limits_lock){+.+.}-{4:4}, at: loop_reconfigure_limits+0x2b5/0x8d0 but task is already holding lock: ffff88803b919408 (&q->q_usage_counter(io)#3){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #11 (&q->q_usage_counter(io)#3){++++}-{0:0}: blk_mq_submit_bio+0x1ece/0x2590 __submit_bio+0x180/0x490 submit_bio_noacct_nocheck+0x63c/0xcd0 submit_bio_noacct+0x3b3/0x13d0 ext4_read_bh_nowait+0x156/0x240 ext4_read_block_bitmap_nowait+0x1201/0x1da0 ext4_mb_prefetch+0x28d/0x360 ext4_mb_regular_allocator+0x98c/0x3b10 ext4_mb_new_blocks+0x252f/0x45d0 ext4_new_meta_blocks+0x1e5/0x320 ext4_xattr_block_set+0x1884/0x3680 ext4_xattr_set_handle+0xd48/0x14c0 ext4_xattr_set+0x144/0x350 __vfs_setxattr+0x175/0x1e0 __vfs_setxattr_noperm+0x129/0x670 __vfs_setxattr_locked+0x1d7/0x260 vfs_setxattr+0x143/0x360 do_setxattr+0x147/0x190 filename_setxattr+0x15b/0x1c0 path_setxattrat+0x1ce/0x280 __x64_sys_setxattr+0xc6/0x140 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #10 (&ei->xattr_sem){++++}-{4:4}: down_write+0x92/0x1f0 ext4_xattr_set_handle+0x154/0x14c0 ext4_initxattrs+0xb9/0x120 security_inode_init_security+0x26e/0x390 __ext4_new_inode+0x33d0/0x4b20 ext4_create+0x2e3/0x4e0 lookup_open.isra.0+0x11c1/0x1620 path_openat+0xc91/0x2990 do_filp_open+0x1e9/0x450 do_sys_openat2+0x164/0x1d0 __x64_sys_openat+0x143/0x200 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #9 (jbd2_handle){++++}-{0:0}: start_this_handle+0xe5a/0x1300 jbd2__journal_start+0x393/0x6b0 __ext4_journal_start_sb+0x331/0x600 ext4_dirty_inode+0xa5/0x130 __mark_inode_dirty+0x1b6/0xd50 generic_update_time+0xcb/0xf0 touch_atime+0x4bb/0x590 ext4_file_mmap+0x1ca/0x250 __mmap_region+0xf7b/0x21e0 mmap_region+0x133/0x300 do_mmap+0xd12/0x1100 vm_mmap_pgoff+0x1fe/0x390 ksys_mmap_pgoff+0x3d7/0x520 __x64_sys_mmap+0x127/0x190 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #8 (&mm->mmap_lock){++++}-{4:4}: __might_fault+0x110/0x190 _copy_from_user+0x2b/0xd0 memdup_user+0x72/0xd0 strndup_user+0x78/0xe0 _perf_ioctl+0x4b0/0x2030 perf_ioctl+0x74/0xb0 __x64_sys_ioctl+0x1a7/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #7 (&cpuctx_mutex){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 perf_event_init_cpu+0x302/0x760 perf_event_init+0x509/0x720 start_kernel+0x265/0x530 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0xcb/0xe0 common_startup_64+0x12c/0x138 -> #6 (pmus_lock){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 perf_event_init_cpu+0xc3/0x760 cpuhp_invoke_callback+0x3b9/0x9a0 __cpuhp_invoke_callback_range+0x104/0x220 _cpu_up+0x1d7/0x2a0 cpu_up+0x123/0x190 cpuhp_bringup_mask+0xd2/0x1f0 bringup_nonboot_cpus+0x169/0x1b0 smp_init+0x32/0x160 kernel_init_freeable+0x394/0x7a0 kernel_init+0x1e/0x2d0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 -> #5 (cpu_hotplug_lock){++++}-{0:0}: cpus_read_lock+0x42/0x160 __static_call_update+0x8b/0x630 tracepoint_add_func+0xab9/0xec0 tracepoint_probe_register+0xa5/0xf0 trace_event_reg+0x297/0x350 perf_trace_event_init+0x51d/0xa30 perf_trace_init+0x1a4/0x2f0 perf_tp_event_init+0xa6/0x120 perf_try_init_event+0x13a/0xc40 perf_event_alloc.part.0+0x10a6/0x3d80 __do_sys_perf_event_open+0x628/0x2b00 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #4 (tracepoints_mutex){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 tracepoint_probe_register+0x7c/0xf0 blk_register_tracepoints+0x1b/0x3c0 do_blk_trace_setup+0xa28/0xc70 blk_trace_setup+0xdd/0x1b0 sg_ioctl+0x69f/0x26b0 __x64_sys_ioctl+0x1a7/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #3 (blk_probe_mutex){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 do_blk_trace_setup+0x798/0xc70 blk_trace_setup+0xdd/0x1b0 sg_ioctl+0x69f/0x26b0 __x64_sys_ioctl+0x1a7/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (&q->debugfs_mutex){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 blk_mq_init_sched+0x429/0x670 elevator_init_mq+0x299/0x3d0 add_disk_fwnode+0x113/0x1310 sd_probe+0xa82/0xf20 really_probe+0x240/0x820 __driver_probe_device+0x2c4/0x380 driver_probe_device+0x4e/0x2a0 __device_attach_driver+0x1d4/0x390 bus_for_each_drv+0x14c/0x1d0 __device_attach_async_helper+0x1d1/0x260 async_run_entry_fn+0x91/0x290 process_one_work+0x8ee/0x1a10 worker_thread+0x674/0xe70 kthread+0x2c2/0x3a0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 -> #1 (&q->q_usage_counter(queue)){++++}-{0:0}: blk_queue_enter+0x4d0/0x600 blk_mq_alloc_request+0x1cd/0x250 scsi_execute_cmd+0x20a/0xe80 read_capacity_16+0x1eb/0xe60 sd_revalidate_disk.isra.0+0x177c/0xa8a0 sd_probe+0x8f9/0xf20 really_probe+0x240/0x820 __driver_probe_device+0x2c4/0x380 driver_probe_device+0x4e/0x2a0 __device_attach_driver+0x1d4/0x390 bus_for_each_drv+0x14c/0x1d0 __device_attach_async_helper+0x1d1/0x260 async_run_entry_fn+0x91/0x290 process_one_work+0x8ee/0x1a10 worker_thread+0x674/0xe70 kthread+0x2c2/0x3a0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 -> #0 (&q->limits_lock){+.+.}-{4:4}: __lock_acquire+0x292a/0x4360 lock_acquire.part.0+0xeb/0x320 __mutex_lock+0x13d/0xac0 loop_reconfigure_limits+0x2b5/0x8d0 lo_ioctl+0xb9c/0x18f0 blkdev_ioctl+0x27e/0x6d0 __x64_sys_ioctl+0x1a7/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &q->limits_lock --> &ei->xattr_sem --> &q->q_usage_counter(io)#3 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->q_usage_counter(io)#3); lock(&ei->xattr_sem); lock(&q->q_usage_counter(io)#3); lock(&q->limits_lock); *** DEADLOCK *** 3 locks held by syz-executor.7/49751: #0: ffff88803bf10360 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x6d5/0x18f0 #1: ffff88803b919408 (&q->q_usage_counter(io)#3){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 #2: ffff88803b919440 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 stack backtrace: CPU: 0 UID: 0 PID: 49751 Comm: syz-executor.7 Not tainted 6.13.0-rc2-next-20241211 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xca/0x120 print_circular_bug+0x47b/0x750 check_noncircular+0x2e9/0x3c0 __lock_acquire+0x292a/0x4360 lock_acquire.part.0+0xeb/0x320 __mutex_lock+0x13d/0xac0 loop_reconfigure_limits+0x2b5/0x8d0 lo_ioctl+0xb9c/0x18f0 blkdev_ioctl+0x27e/0x6d0 __x64_sys_ioctl+0x1a7/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f013d10cb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f013a682188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f013d21ff60 RCX: 00007f013d10cb19 RDX: ffffffffffffffff RSI: 0000000000004c09 RDI: 0000000000000003 RBP: 00007f013d166f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffebf3bb32f R14: 00007f013a682300 R15: 0000000000022000 Invalid logical block size (-1) Invalid logical block size (-1) Invalid logical block size (-1) Invalid logical block size (-1) EXT4-fs: Invalid want_extra_isize 0 EXT4-fs: Invalid want_extra_isize 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs: Invalid want_extra_isize 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. cgroup: fork rejected by pids controller in /syz1 EXT4-fs: Invalid want_extra_isize 0 EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs: Invalid want_extra_isize 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. cgroup: fork rejected by pids controller in /syz6 EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. EXT4-fs warning (device sda): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.