======================================================
WARNING: possible circular locking dependency detected
4.14.288-syzkaller #0 Not tainted
------------------------------------------------------
kworker/1:3/9014 is trying to acquire lock:
 (&sb->s_type->i_mutex_key#21){+.+.}, at: [<ffffffff818f96de>] inode_lock include/linux/fs.h:719 [inline]
 (&sb->s_type->i_mutex_key#21){+.+.}, at: [<ffffffff818f96de>] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989

but task is already holding lock:
 ((&dio->complete_work)){+.+.}, at: [<ffffffff81364f26>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 ((&dio->complete_work)){+.+.}:
       process_one_work+0x736/0x14a0 kernel/workqueue.c:2093
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #1 ("dio/%s"sb->s_id){+.+.}:
       flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
       drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790
       destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116
       __alloc_workqueue_key+0xd50/0x1080 kernel/workqueue.c:4093
       sb_init_dio_done_wq+0x34/0x80 fs/direct-io.c:624
       do_blockdev_direct_IO fs/direct-io.c:1287 [inline]
       __blockdev_direct_IO+0x3df1/0xdcb0 fs/direct-io.c:1423
       blockdev_direct_IO include/linux/fs.h:2994 [inline]
       fat_direct_IO+0x19b/0x320 fs/fat/inode.c:275
       generic_file_direct_write+0x1df/0x420 mm/filemap.c:2958
       __generic_file_write_iter+0x2a2/0x590 mm/filemap.c:3137
       generic_file_write_iter+0x36f/0x650 mm/filemap.c:3208
       call_write_iter include/linux/fs.h:1780 [inline]
       aio_write+0x2ed/0x560 fs/aio.c:1553
       io_submit_one fs/aio.c:1641 [inline]
       do_io_submit+0x847/0x1570 fs/aio.c:1709
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (&sb->s_type->i_mutex_key#21){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:719 [inline]
       __generic_file_fsync+0x9e/0x190 fs/libfs.c:989
       fat_file_fsync+0x73/0x1f0 fs/fat/file.c:165
       vfs_fsync_range+0x103/0x260 fs/sync.c:196
       generic_write_sync include/linux/fs.h:2684 [inline]
       dio_complete+0x561/0x8d0 fs/direct-io.c:330
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#21 --> "dio/%s"sb->s_id --> (&dio->complete_work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&dio->complete_work));
                               lock("dio/%s"sb->s_id);
                               lock((&dio->complete_work));
  lock(&sb->s_type->i_mutex_key#21);

 *** DEADLOCK ***

2 locks held by kworker/1:3/9014:
 #0:  ("dio/%s"sb->s_id){+.+.}, at: [<ffffffff81364ef0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&dio->complete_work)){+.+.}, at: [<ffffffff81364f26>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092

stack backtrace:
CPU: 1 PID: 9014 Comm: kworker/1:3 Not tainted 4.14.288-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Workqueue: dio/loop2 dio_aio_complete_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 down_write+0x34/0x90 kernel/locking/rwsem.c:54
 inode_lock include/linux/fs.h:719 [inline]
 __generic_file_fsync+0x9e/0x190 fs/libfs.c:989
 fat_file_fsync+0x73/0x1f0 fs/fat/file.c:165
 vfs_fsync_range+0x103/0x260 fs/sync.c:196
 generic_write_sync include/linux/fs.h:2684 [inline]
 dio_complete+0x561/0x8d0 fs/direct-io.c:330
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
BTRFS: device fsid 8f4fd83b-e4d2-4ea6-880e-94fa3abb6d08 devid 1 transid 7 /dev/loop1
BTRFS error (device loop1): unsupported checksum algorithm 1
BTRFS error (device loop1): superblock checksum mismatch
BTRFS error (device loop1): open_ctree failed
BTRFS error (device loop1): unsupported checksum algorithm 1
BTRFS error (device loop1): superblock checksum mismatch
BTRFS error (device loop1): open_ctree failed
BTRFS error (device loop1): unsupported checksum algorithm 1
BTRFS error (device loop1): superblock checksum mismatch
IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready
BTRFS error (device loop1): open_ctree failed
8021q: adding VLAN 0 to HW filter on device bond1
bond1: The slave device specified does not support setting the MAC address
BTRFS error (device loop1): unsupported checksum algorithm 1
BTRFS error (device loop1): superblock checksum mismatch
IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready
8021q: adding VLAN 0 to HW filter on device bond2
BTRFS error (device loop1): open_ctree failed
bond2: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready
8021q: adding VLAN 0 to HW filter on device bond3
bond3: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready
8021q: adding VLAN 0 to HW filter on device bond1
bond1: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready
8021q: adding VLAN 0 to HW filter on device bond1
bond1: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond4: link is not ready
8021q: adding VLAN 0 to HW filter on device bond4
bond4: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready
8021q: adding VLAN 0 to HW filter on device bond2
bond2: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond2: link is not ready
8021q: adding VLAN 0 to HW filter on device bond2
bond2: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready
8021q: adding VLAN 0 to HW filter on device bond3
bond3: The slave device specified does not support setting the MAC address
IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready
8021q: adding VLAN 0 to HW filter on device bond3
bond3: The slave device specified does not support setting the MAC address
FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 245)
FAT-fs (loop3): Filesystem has been set read-only
FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 245)
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
print_req_error: I/O error, dev loop0, sector 0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
print_req_error: I/O error, dev loop5, sector 0
print_req_error: I/O error, dev loop0, sector 0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
print_req_error: I/O error, dev loop1, sector 0
print_req_error: I/O error, dev loop5, sector 0
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
print_req_error: I/O error, dev loop1, sector 0
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
print_req_error: I/O error, dev loop3, sector 0
print_req_error: I/O error, dev loop3, sector 0
Buffer I/O error on dev loop3, logical block 0, async page read
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff
ISO 9660 Extensions: Microsoft Joliet Level 3
ISOFS: Interleaved files not (yet) supported.
ISOFS: File unit size != 0 for ISO file (0).
ISOFS: changing to secondary root
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
device gretap0 entered promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
0ªX: renamed from gretap0
device 
00ªX left promiscuous mode
syz-executor.3 (10776) used greatest stack depth: 25552 bytes left
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
ISO 9660 Extensions: Microsoft Joliet Level 3
ISOFS: Interleaved files not (yet) supported.
ISOFS: File unit size != 0 for ISO file (0).
ISOFS: changing to secondary root
device 
00ªX entered promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
1ªX: renamed from 
00ªX
device 
01ªX left promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
device 
01ªX entered promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
0ªX: renamed from 
01ªX
device 
00ªX left promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
device 
00ªX entered promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'.
1ªX: renamed from 
00ªX
device 
01ªX left promiscuous mode
syz-executor.1 (10794) used greatest stack depth: 25280 bytes left
syz-executor.1 (10821) used greatest stack depth: 25152 bytes left