======================================================
WARNING: possible circular locking dependency detected
5.0.0-rc7+ #80 Not tainted
------------------------------------------------------
kworker/1:4/7579 is trying to acquire lock:
0000000031158ff7 (&sb->s_type->i_mutex_key#10){++++}, at: inode_lock include/linux/fs.h:757 [inline]
0000000031158ff7 (&sb->s_type->i_mutex_key#10){++++}, at: __generic_file_fsync+0xb5/0x200 fs/libfs.c:981

but task is already holding lock:
00000000f2cccab7 ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 ((work_completion)(&dio->complete_work)){+.+.}:
       process_one_work+0x90f/0x1790 kernel/workqueue.c:2149
       worker_thread+0x98/0xe40 kernel/workqueue.c:2319
       kthread+0x357/0x430 kernel/kthread.c:246
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

-> #1 ((wq_completion)"dio/%s"sb->s_id){+.+.}:
       flush_workqueue+0x126/0x14c0 kernel/workqueue.c:2678
       drain_workqueue+0x1b4/0x470 kernel/workqueue.c:2843
       destroy_workqueue+0x21/0x6f0 kernel/workqueue.c:4178
       sb_init_dio_done_wq+0x77/0x90 fs/direct-io.c:634
       dio_set_defer_completion fs/direct-io.c:646 [inline]
       get_more_blocks fs/direct-io.c:724 [inline]
       do_direct_IO fs/direct-io.c:1002 [inline]
       do_blockdev_direct_IO+0x27b7/0x8db0 fs/direct-io.c:1334
       __blockdev_direct_IO+0xa1/0xca fs/direct-io.c:1420
       ext4_direct_IO_write fs/ext4/inode.c:3775 [inline]
       ext4_direct_IO+0xe6c/0x1c10 fs/ext4/inode.c:3902
       generic_file_direct_write+0x214/0x4b0 mm/filemap.c:3111
       __generic_file_write_iter+0x2ee/0x630 mm/filemap.c:3290
       ext4_file_write_iter+0x33f/0x1160 fs/ext4/file.c:266
       call_write_iter include/linux/fs.h:1863 [inline]
       aio_write+0x358/0x570 fs/aio.c:1582
       __io_submit_one fs/aio.c:1861 [inline]
       io_submit_one+0x10ea/0x1cf0 fs/aio.c:1909
       __do_sys_io_submit fs/aio.c:1954 [inline]
       __se_sys_io_submit fs/aio.c:1924 [inline]
       __x64_sys_io_submit+0x1bd/0x580 fs/aio.c:1924
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&sb->s_type->i_mutex_key#10){++++}:
       lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3841
       down_write+0x38/0x90 kernel/locking/rwsem.c:70
       inode_lock include/linux/fs.h:757 [inline]
       __generic_file_fsync+0xb5/0x200 fs/libfs.c:981
       ext4_sync_file+0x867/0x14d0 fs/ext4/fsync.c:120
       vfs_fsync_range+0x144/0x230 fs/sync.c:197
       generic_write_sync include/linux/fs.h:2787 [inline]
       dio_complete+0x498/0x9f0 fs/direct-io.c:329
       dio_aio_complete_work+0x20/0x30 fs/direct-io.c:341
       process_one_work+0x98e/0x1790 kernel/workqueue.c:2173
       worker_thread+0x98/0xe40 kernel/workqueue.c:2319
       kthread+0x357/0x430 kernel/kthread.c:246
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#10 --> (wq_completion)"dio/%s"sb->s_id --> (work_completion)(&dio->complete_work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((work_completion)(&dio->complete_work));
                               lock((wq_completion)"dio/%s"sb->s_id);
                               lock((work_completion)(&dio->complete_work));
  lock(&sb->s_type->i_mutex_key#10);

 *** DEADLOCK ***

2 locks held by kworker/1:4/7579:
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 00000000c07bfece ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: process_one_work+0x87e/0x1790 kernel/workqueue.c:2144
 #1: 00000000f2cccab7 ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148

stack backtrace:
CPU: 1 PID: 7579 Comm: kworker/1:4 Not tainted 5.0.0-rc7+ #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: dio/sda1 dio_aio_complete_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1224
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2350 [inline]
 __lock_acquire+0x2f00/0x4700 kernel/locking/lockdep.c:3338
 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3841
 down_write+0x38/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:757 [inline]
 __generic_file_fsync+0xb5/0x200 fs/libfs.c:981
 ext4_sync_file+0x867/0x14d0 fs/ext4/fsync.c:120
 vfs_fsync_range+0x144/0x230 fs/sync.c:197
 generic_write_sync include/linux/fs.h:2787 [inline]
 dio_complete+0x498/0x9f0 fs/direct-io.c:329
 dio_aio_complete_work+0x20/0x30 fs/direct-io.c:341
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173
 worker_thread+0x98/0xe40 kernel/workqueue.c:2319
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
net_ratelimit: 26 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:0000.000A' (00000000c48268f6): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:0000.000A' (00000000c48268f6): kobject_uevent_env
kobject: '0000:0000:0000.000A' (00000000c48268f6): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000A'
hid-generic 0000:0000:0000.000A: item fetching failed at offset -1918995327
hid-generic: probe of 0000:0000:0000.000A failed with error -22
kobject: '0000:0000:0000.000A' (00000000c48268f6): kobject_uevent_env
kobject: '0000:0000:0000.000A' (00000000c48268f6): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000A'
kobject: '0000:0000:0000.000A' (00000000c48268f6): kobject_cleanup, parent           (null)
kobject: '0000:0000:0000.000A' (00000000c48268f6): calling ktype release
kobject: '0000:0000:0000.000A': free name
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:0000.000B' (0000000099869cfd): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:0000.000B' (0000000099869cfd): kobject_uevent_env
kobject: '0000:0000:0000.000B' (0000000099869cfd): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000B'
hid-generic 0000:0000:0000.000B: item fetching failed at offset -1909790975
hid-generic: probe of 0000:0000:0000.000B failed with error -22
kobject: '0000:0000:0000.000B' (0000000099869cfd): kobject_uevent_env
kobject: '0000:0000:0000.000B' (0000000099869cfd): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000B'
kobject: '0000:0000:0000.000B' (0000000099869cfd): kobject_cleanup, parent           (null)
kobject: '0000:0000:0000.000B' (0000000099869cfd): calling ktype release
kobject: '0000:0000:0000.000B': free name
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:0000.000C' (000000002033c58f): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:0000.000C' (000000002033c58f): kobject_uevent_env
kobject: '0000:0000:0000.000C' (000000002033c58f): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000C'
hid-generic 0000:0000:0000.000C: item fetching failed at offset -1803923647
hid-generic: probe of 0000:0000:0000.000C failed with error -22
kobject: '0000:0000:0000.000C' (000000002033c58f): kobject_uevent_env
kobject: '0000:0000:0000.000C' (000000002033c58f): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.000C'
kobject: '0000:0000:0000.000C' (000000002033c58f): kobject_cleanup, parent           (null)
kobject: '0000:0000:0000.000C' (000000002033c58f): calling ktype release
kobject: '0000:0000:0000.000C': free name
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
net_ratelimit: 26 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
caif:caif_disconnect_client(): nothing to disconnect
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
caif:caif_disconnect_client(): nothing to disconnect
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
kobject: 'loop5' (0000000057d83878): kobject_uevent_env
kobject: 'loop5' (0000000057d83878): fill_kobj_path: path = '/devices/virtual/block/loop5'