syzbot

======================================================
WARNING: possible circular locking dependency detected
4.19.197-syzkaller #0 Not tainted
------------------------------------------------------
kworker/1:0/8184 is trying to acquire lock:
00000000f790aa52 (&sb->s_type->i_mutex_key#17){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
00000000f790aa52 (&sb->s_type->i_mutex_key#17){+.+.}, at: __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989

but task is already holding lock:
000000008ee573ac ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 ((work_completion)(&dio->complete_work)){+.+.}:
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

-> #1 ((wq_completion)"dio/%s"sb->s_id){+.+.}:
       drain_workqueue+0x1a5/0x460 kernel/workqueue.c:2826
       destroy_workqueue+0x75/0x790 kernel/workqueue.c:4177
       __alloc_workqueue_key+0xb76/0xed0 kernel/workqueue.c:4154
       sb_init_dio_done_wq+0x34/0x90 fs/direct-io.c:623
       do_blockdev_direct_IO fs/direct-io.c:1285 [inline]
       __blockdev_direct_IO+0x5f55/0xef40 fs/direct-io.c:1419
       blockdev_direct_IO include/linux/fs.h:3059 [inline]
       fat_direct_IO+0x1d1/0x370 fs/fat/inode.c:282
       generic_file_direct_write+0x208/0x4a0 mm/filemap.c:3073
       __generic_file_write_iter+0x2d0/0x610 mm/filemap.c:3252
       generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
       call_write_iter include/linux/fs.h:1821 [inline]
       aio_write+0x37f/0x5c0 fs/aio.c:1574
       __io_submit_one fs/aio.c:1858 [inline]
       io_submit_one+0xecd/0x20c0 fs/aio.c:1909
       __do_sys_io_submit fs/aio.c:1953 [inline]
       __se_sys_io_submit+0x11b/0x4a0 fs/aio.c:1924
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&sb->s_type->i_mutex_key#17){+.+.}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:70
       inode_lock include/linux/fs.h:748 [inline]
       __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989
       fat_file_fsync+0x73/0x200 fs/fat/file.c:198
       vfs_fsync_range+0x13a/0x220 fs/sync.c:197
       generic_write_sync include/linux/fs.h:2750 [inline]
       dio_complete+0x763/0xac0 fs/direct-io.c:329
       process_one_work+0x864/0x1570 kernel/workqueue.c:2153
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#17 --> (wq_completion)"dio/%s"sb->s_id --> (work_completion)(&dio->complete_work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((work_completion)(&dio->complete_work));
                               lock((wq_completion)"dio/%s"sb->s_id);
                               lock((work_completion)(&dio->complete_work));
  lock(&sb->s_type->i_mutex_key#17);

 *** DEADLOCK ***

2 locks held by kworker/1:0/8184:
 #0: 0000000017e5a9c6 ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000008ee573ac ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128

stack backtrace:
CPU: 1 PID: 8184 Comm: kworker/1:0 Not tainted 4.19.197-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: dio/loop2 dio_aio_complete_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:748 [inline]
 __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989
 fat_file_fsync+0x73/0x200 fs/fat/file.c:198
 vfs_fsync_range+0x13a/0x220 fs/sync.c:197
 generic_write_sync include/linux/fs.h:2750 [inline]
 dio_complete+0x763/0xac0 fs/direct-io.c:329
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415