device bridge6 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31378 ... ====================================================== WARNING: possible circular locking dependency detected 4.14.212-syzkaller #0 Not tainted ------------------------------------------------------ kworker/0:2/3624 is trying to acquire lock: (&sb->s_type->i_mutex_key#10){++++}, at: [] inode_lock include/linux/fs.h:719 [inline] (&sb->s_type->i_mutex_key#10){++++}, at: [] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 but task is already holding lock: ((&dio->complete_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((&dio->complete_work)){+.+.}: process_one_work+0x736/0x14a0 kernel/workqueue.c:2092 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #1 ("dio/%s"sb->s_id){+.+.}: flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2624 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2789 destroy_workqueue+0x71/0x710 kernel/workqueue.c:4102 sb_init_dio_done_wq+0x61/0x80 fs/direct-io.c:635 dio_set_defer_completion fs/direct-io.c:647 [inline] get_more_blocks fs/direct-io.c:725 [inline] do_direct_IO fs/direct-io.c:1003 [inline] do_blockdev_direct_IO fs/direct-io.c:1336 [inline] __blockdev_direct_IO+0x77db/0xdc60 fs/direct-io.c:1422 ext4_direct_IO_write fs/ext4/inode.c:3716 [inline] ext4_direct_IO+0x888/0x1b80 fs/ext4/inode.c:3857 generic_file_direct_write+0x1df/0x420 mm/filemap.c:2958 __generic_file_write_iter+0x2a2/0x590 mm/filemap.c:3137 ext4_file_write_iter+0x276/0xd20 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1778 [inline] aio_write+0x2ed/0x560 fs/aio.c:1553 io_submit_one fs/aio.c:1641 [inline] do_io_submit+0x847/0x1570 fs/aio.c:1709 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&sb->s_type->i_mutex_key#10){++++}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 ext4_sync_file+0x8ed/0x12c0 fs/ext4/fsync.c:118 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2682 [inline] dio_complete+0x561/0x8d0 fs/direct-io.c:330 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#10 --> "dio/%s"sb->s_id --> (&dio->complete_work) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&dio->complete_work)); lock("dio/%s"sb->s_id); lock((&dio->complete_work)); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 2 locks held by kworker/0:2/3624: #0: ("dio/%s"sb->s_id){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&dio->complete_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 stack backtrace: CPU: 0 PID: 3624 Comm: kworker/0:2 Not tainted 4.14.212-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: dio/sda1 dio_aio_complete_work Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 ext4_sync_file+0x8ed/0x12c0 fs/ext4/fsync.c:118 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2682 [inline] dio_complete+0x561/0x8d0 fs/direct-io.c:330 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 IPVS: stopping master sync thread 31397 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. device bridge7 entered promiscuous mode IPVS: stopping master sync thread 31410 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. device bridge8 entered promiscuous mode IPVS: stopping master sync thread 31426 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. device bridge9 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31507 ... netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. device bridge7 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31521 ... netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. device bridge8 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31536 ... netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. device bridge8 entered promiscuous mode IPVS: stopping master sync thread 31547 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31548 ... netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. device bridge9 entered promiscuous mode netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31556 ... device bridge7 entered promiscuous mode device bridge9 entered promiscuous mode IPVS: stopping master sync thread 31573 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31578 ... IPVS: stopping master sync thread 31579 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 device bridge10 entered promiscuous mode device bridge10 entered promiscuous mode device bridge8 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31591 ... device bridge11 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31614 ... IPVS: stopping master sync thread 31613 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31615 ... device bridge12 entered promiscuous mode device bridge11 entered promiscuous mode device bridge9 entered promiscuous mode IPVS: stopping master sync thread 31632 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 device bridge13 entered promiscuous mode IPVS: stopping master sync thread 31638 ... device bridge12 entered promiscuous mode IPVS: stopping master sync thread 31655 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31660 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 device bridge14 entered promiscuous mode device bridge10 entered promiscuous mode IPVS: stopping master sync thread 31679 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 device bridge11 entered promiscuous mode device bridge15 entered promiscuous mode IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 IPVS: stopping master sync thread 31722 ... IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 0, id = 0 f2fs_msg: 25 callbacks suppressed F2FS-fs (loop4): Found nat_bits in checkpoint IPVS: stopping master sync thread 31706 ... kauditd_printk_skb: 4 callbacks suppressed audit: type=1804 audit(1609215150.367:182): pid=31721 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir223905185/syzkaller.GLfbTV/560/file1/file0" dev="loop1" ino=265 res=1 device bridge12 entered promiscuous mode device bridge16 entered promiscuous mode audit: type=1804 audit(1609215150.527:183): pid=31750 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir223905185/syzkaller.GLfbTV/561/file1/file0" dev="loop1" ino=266 res=1 F2FS-fs (loop4): Mounted with checkpoint version = 15213551 audit: type=1804 audit(1609215150.687:184): pid=31770 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir223905185/syzkaller.GLfbTV/562/file1/file0" dev="loop1" ino=267 res=1 audit: type=1804 audit(1609215150.747:185): pid=31800 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir386598685/syzkaller.FXzL4V/717/file1/file0" dev="loop5" ino=268 res=1 audit: type=1804 audit(1609215150.817:186): pid=31796 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir439863758/syzkaller.bWguqW/762/file1/file0" dev="loop0" ino=269 res=1 F2FS-fs (loop4): Found nat_bits in checkpoint audit: type=1804 audit(1609215150.857:187): pid=31810 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir642298711/syzkaller.JbGasZ/674/file1/file0" dev="loop3" ino=270 res=1 audit: type=1804 audit(1609215150.917:188): pid=31820 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir223905185/syzkaller.GLfbTV/563/file1/file0" dev="sda1" ino=17414 res=1 F2FS-fs (loop4): Mounted with checkpoint version = 15213551 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1609215151.107:189): pid=31837 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir386598685/syzkaller.FXzL4V/718/file1/file0" dev="loop5" ino=271 res=1 F2FS-fs (loop4): Found nat_bits in checkpoint audit: type=1804 audit(1609215151.157:190): pid=31836 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir439863758/syzkaller.bWguqW/763/file1/file0" dev="loop0" ino=272 res=1 audit: type=1804 audit(1609215151.197:191): pid=31834 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir642298711/syzkaller.JbGasZ/675/file0" dev="sda1" ino=17444 res=1 F2FS-fs (loop4): Mounted with checkpoint version = 15213551 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored F2FS-fs (loop4): Found nat_bits in checkpoint new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored F2FS-fs (loop4): Mounted with checkpoint version = 15213551 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected