======================================================
WARNING: possible circular locking dependency detected
6.12.0-next-20241119 #1 Not tainted
------------------------------------------------------
syz-executor.7/15456 is trying to acquire lock:
ffff8880166b14e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xe0/0x190

but task is already holding lock:
ffff88800e7c0900 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x99/0x270

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #5 (&q->debugfs_mutex){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       blk_mq_init_sched+0x429/0x670
       elevator_init_mq+0x2cc/0x410
       add_disk_fwnode+0x113/0x1310
       sd_probe+0xa82/0xf20
       really_probe+0x240/0x820
       __driver_probe_device+0x2c4/0x380
       driver_probe_device+0x4e/0x2a0
       __device_attach_driver+0x1d4/0x390
       bus_for_each_drv+0x14c/0x1d0
       __device_attach_async_helper+0x1d1/0x260
       async_run_entry_fn+0x91/0x290
       process_one_work+0x8ee/0x1a00
       worker_thread+0x674/0xe70
       kthread+0x2c2/0x3a0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #4 (&q->q_usage_counter(queue)){++++}-{0:0}:
       blk_queue_enter+0x4d0/0x600
       blk_mq_alloc_request+0x1cd/0x250
       scsi_execute_cmd+0x20a/0xe80
       read_capacity_16+0x1eb/0xe60
       sd_revalidate_disk.isra.0+0x177c/0xa8a0
       sd_probe+0x8f9/0xf20
       really_probe+0x240/0x820
       __driver_probe_device+0x2c4/0x380
       driver_probe_device+0x4e/0x2a0
       __device_attach_driver+0x1d4/0x390
       bus_for_each_drv+0x14c/0x1d0
       __device_attach_async_helper+0x1d1/0x260
       async_run_entry_fn+0x91/0x290
       process_one_work+0x8ee/0x1a00
       worker_thread+0x674/0xe70
       kthread+0x2c2/0x3a0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #3 (&q->limits_lock){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xac0
       loop_reconfigure_limits+0x1eb/0x8e0
       lo_ioctl+0xb9c/0x18f0
       blkdev_ioctl+0x27e/0x6d0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (&q->q_usage_counter(io)#3){++++}-{0:0}:
       blk_mq_submit_bio+0x1ecf/0x2580
       __submit_bio+0x180/0x490
       submit_bio_noacct_nocheck+0x641/0xcc0
       submit_bio_noacct+0x3b3/0x13a0
       mpage_readahead+0x41a/0x590
       read_pages+0x19e/0xc70
       page_cache_ra_unbounded+0x353/0x670
       force_page_cache_ra+0x259/0x370
       page_cache_sync_ra+0x104/0xa60
       filemap_get_pages+0x329/0x1880
       filemap_read+0x389/0xbc0
       blkdev_read_iter+0x18a/0x480
       vfs_read+0x85a/0xbd0
       ksys_read+0x122/0x240
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (mapping.invalidate_lock#2){.+.+}-{4:4}:
       down_read+0x9a/0x320
       filemap_fault+0xc66/0x2cb0
       __do_fault+0x10d/0x480
       __handle_mm_fault+0x122b/0x2f50
       handle_mm_fault+0x2b4/0x6a0
       do_user_addr_fault+0x395/0xf40
       exc_page_fault+0x9c/0x1a0
       asm_exc_page_fault+0x26/0x30

-> #0 (&mm->mmap_lock){++++}-{4:4}:
       __lock_acquire+0x2930/0x4430
       lock_acquire.part.0+0xeb/0x320
       __might_fault+0x110/0x190
       _copy_from_user+0x2b/0xd0
       __blk_trace_setup+0x96/0x180
       blk_trace_ioctl+0x137/0x270
       blkdev_ioctl+0x108/0x6d0
       __x64_sys_ioctl+0x1a7/0x210
       do_syscall_64+0xbf/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &mm->mmap_lock --> &q->q_usage_counter(queue) --> &q->debugfs_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->debugfs_mutex);
                               lock(&q->q_usage_counter(queue));
                               lock(&q->debugfs_mutex);
  rlock(&mm->mmap_lock);

 *** DEADLOCK ***

1 lock held by syz-executor.7/15456:
 #0: ffff88800e7c0900 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x99/0x270

stack backtrace:
CPU: 1 UID: 0 PID: 15456 Comm: syz-executor.7 Not tainted 6.12.0-next-20241119 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xca/0x120
 print_circular_bug+0x53f/0x820
 check_noncircular+0x2e9/0x3c0
 __lock_acquire+0x2930/0x4430
 lock_acquire.part.0+0xeb/0x320
 __might_fault+0x110/0x190
 _copy_from_user+0x2b/0xd0
 __blk_trace_setup+0x96/0x180
 blk_trace_ioctl+0x137/0x270
 blkdev_ioctl+0x108/0x6d0
 __x64_sys_ioctl+0x1a7/0x210
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f24ffb10b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f24fd086188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f24ffc23f60 RCX: 00007f24ffb10b19
RDX: 0000000000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007f24ffb6af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcbff7c46f R14: 00007f24fd086300 R15: 0000000000022000
 </TASK>