====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc5-next-20241104 #1 Not tainted ------------------------------------------------------ syz-executor.2/65340 is trying to acquire lock: ffff888046976a60 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xe0/0x190 but task is already holding lock: ffff88800e4d08e8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x33/0x70 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&q->debugfs_mutex){+.+.}-{4:4}: __mutex_lock+0x13d/0xac0 blk_mq_init_sched+0x429/0x670 elevator_init_mq+0x299/0x3d0 add_disk_fwnode+0x113/0x1310 sd_probe+0xa82/0xf20 really_probe+0x240/0x820 __driver_probe_device+0x2c4/0x380 driver_probe_device+0x4e/0x2a0 __device_attach_driver+0x1d4/0x390 bus_for_each_drv+0x14c/0x1d0 __device_attach_async_helper+0x1d1/0x260 async_run_entry_fn+0x91/0x290 process_one_work+0x8ee/0x1a00 worker_thread+0x674/0xe70 kthread+0x2c2/0x3a0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 -> #2 (&q->q_usage_counter(io)){++++}-{0:0}: blk_mq_submit_bio+0x1faa/0x26a0 __submit_bio+0x175/0x480 submit_bio_noacct_nocheck+0x641/0xcc0 submit_bio_noacct+0x3b3/0x13b0 ext4_read_bh+0x13d/0x2b0 ext4_read_bh_lock+0x78/0xd0 __ext4_block_zero_page_range+0x3c0/0x710 ext4_truncate+0xebe/0x12d0 ext4_file_write_iter+0x1034/0x1670 vfs_write+0xbdb/0x10a0 ksys_write+0x122/0x250 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (jbd2_handle){++++}-{0:0}: start_this_handle+0xe5a/0x1300 jbd2__journal_start+0x393/0x6b0 __ext4_journal_start_sb+0x183/0x600 ext4_dirty_inode+0xa5/0x130 __mark_inode_dirty+0x1c1/0xd40 generic_update_time+0xcb/0xf0 touch_atime+0x4bb/0x590 ext4_file_mmap+0x1ca/0x250 __mmap_region+0xfa8/0x22b0 mmap_region+0x133/0x300 do_mmap+0xc2c/0x1000 vm_mmap_pgoff+0x1fe/0x390 ksys_mmap_pgoff+0x3d7/0x520 __x64_sys_mmap+0x127/0x190 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&mm->mmap_lock){++++}-{4:4}: __lock_acquire+0x2930/0x4430 lock_acquire.part.0+0xeb/0x320 __might_fault+0x110/0x190 _copy_from_user+0x2b/0xd0 __blk_trace_setup+0x96/0x180 blk_trace_setup+0x47/0x70 sg_ioctl+0x69f/0x26b0 __x64_sys_ioctl+0x1a0/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &mm->mmap_lock --> &q->q_usage_counter(io) --> &q->debugfs_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->debugfs_mutex); lock(&q->q_usage_counter(io)); lock(&q->debugfs_mutex); rlock(&mm->mmap_lock); *** DEADLOCK *** 1 lock held by syz-executor.2/65340: #0: ffff88800e4d08e8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x33/0x70 stack backtrace: CPU: 1 UID: 0 PID: 65340 Comm: syz-executor.2 Not tainted 6.12.0-rc5-next-20241104 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xca/0x120 print_circular_bug+0x53f/0x820 check_noncircular+0x2e9/0x3c0 __lock_acquire+0x2930/0x4430 lock_acquire.part.0+0xeb/0x320 __might_fault+0x110/0x190 _copy_from_user+0x2b/0xd0 __blk_trace_setup+0x96/0x180 blk_trace_setup+0x47/0x70 sg_ioctl+0x69f/0x26b0 __x64_sys_ioctl+0x1a0/0x210 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3b44c56b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3b421cc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3b44d69f60 RCX: 00007f3b44c56b19 RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000003 RBP: 00007f3b44cb0f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1d21674f R14: 00007f3b421cc300 R15: 0000000000022000 tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' netlink: 48 bytes leftover after parsing attributes in process `syz-executor.6'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.6'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.6'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.6'. netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.