====================================================== WARNING: possible circular locking dependency detected 5.9.0-rc7-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:5/26493 is trying to acquire lock: ffff888090e5e640 (sb_internal#2){.+.+}-{0:0}, at: sb_start_intwrite include/linux/fs.h:1690 [inline] ffff888090e5e640 (sb_internal#2){.+.+}-{0:0}, at: start_transaction+0x59c/0x1000 fs/btrfs/transaction.c:624 but task is already holding lock: ffffc9000e39fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2244 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}: lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 __flush_work+0x90/0x120 kernel/workqueue.c:3041 wb_shutdown+0x166/0x1b0 mm/backing-dev.c:355 bdi_unregister+0x119/0x480 mm/backing-dev.c:872 del_gendisk+0x611/0xaf0 block/genhd.c:933 loop_remove drivers/block/loop.c:2192 [inline] loop_control_ioctl+0x529/0x640 drivers/block/loop.c:2291 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #4 (loop_ctl_mutex){+.+.}-{3:3}: lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 __mutex_lock_common+0x189/0x2fc0 kernel/locking/mutex.c:956 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_killable_nested+0x1a/0x20 kernel/locking/mutex.c:1133 lo_open+0x1a/0xc0 drivers/block/loop.c:1893 __blkdev_get+0x58d/0x1700 fs/block_dev.c:1507 blkdev_get fs/block_dev.c:1639 [inline] blkdev_open+0x1c5/0x2e0 fs/block_dev.c:1753 do_dentry_open+0x7c8/0x1010 fs/open.c:817 do_open fs/namei.c:3251 [inline] path_openat+0x2794/0x3840 fs/namei.c:3368 do_filp_open+0x191/0x3a0 fs/namei.c:3395 do_sys_openat2+0x463/0x830 fs/open.c:1168 do_sys_open fs/open.c:1184 [inline] __do_sys_open fs/open.c:1192 [inline] __se_sys_open fs/open.c:1188 [inline] __x64_sys_open+0x1af/0x1e0 fs/open.c:1188 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #3 (&bdev->bd_mutex){+.+.}-{3:3}: lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 __mutex_lock_common+0x189/0x2fc0 kernel/locking/mutex.c:956 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 blkdev_put+0x31/0x3d0 fs/block_dev.c:1804 btrfs_close_bdev fs/btrfs/volumes.c:1117 [inline] btrfs_close_one_device fs/btrfs/volumes.c:1133 [inline] close_fs_devices+0x3d3/0x6f0 fs/btrfs/volumes.c:1161 btrfs_close_devices+0x2f/0x130 fs/btrfs/volumes.c:1179 close_ctree+0x5b2/0x6a3 fs/btrfs/disk-io.c:4148 generic_shutdown_super+0x120/0x2a0 fs/super.c:464 kill_anon_super+0x36/0x60 fs/super.c:1108 btrfs_kill_super+0x3d/0x50 fs/btrfs/super.c:2265 deactivate_locked_super+0xa7/0xf0 fs/super.c:335 cleanup_mnt+0x432/0x4e0 fs/namespace.c:1118 task_work_run+0x137/0x1c0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x11a/0x1e0 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x82/0x1d0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #2 (&fs_devs->device_list_mutex){+.+.}-{3:3}: lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 __mutex_lock_common+0x189/0x2fc0 kernel/locking/mutex.c:956 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 btrfs_run_dev_stats+0x89/0xd70 fs/btrfs/volumes.c:7361 commit_cowonly_roots+0x186/0x920 fs/btrfs/transaction.c:1196 btrfs_commit_transaction+0x1a42/0x3320 fs/btrfs/transaction.c:2272 __sync_filesystem fs/sync.c:39 [inline] sync_filesystem+0x19e/0x200 fs/sync.c:67 generic_shutdown_super+0x6b/0x2a0 fs/super.c:448 kill_anon_super+0x36/0x60 fs/super.c:1108 btrfs_kill_super+0x3d/0x50 fs/btrfs/super.c:2265 deactivate_locked_super+0xa7/0xf0 fs/super.c:335 cleanup_mnt+0x432/0x4e0 fs/namespace.c:1118 task_work_run+0x137/0x1c0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x11a/0x1e0 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x82/0x1d0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #1 (&fs_info->tree_log_mutex){+.+.}-{3:3}: reacquire_held_locks+0x291/0x4e0 kernel/locking/lockdep.c:4579 __lock_release kernel/locking/lockdep.c:4767 [inline] lock_release+0x40b/0x750 kernel/locking/lockdep.c:5049 __mutex_unlock_slowpath+0x7b/0x590 kernel/locking/mutex.c:1228 btrfs_commit_transaction+0x276e/0x3320 fs/btrfs/transaction.c:2321 close_ctree+0x271/0x6a3 fs/btrfs/disk-io.c:4083 generic_shutdown_super+0x120/0x2a0 fs/super.c:464 kill_anon_super+0x36/0x60 fs/super.c:1108 btrfs_kill_super+0x3d/0x50 fs/btrfs/super.c:2265 deactivate_locked_super+0xa7/0xf0 fs/super.c:335 cleanup_mnt+0x432/0x4e0 fs/namespace.c:1118 task_work_run+0x137/0x1c0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x11a/0x1e0 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x82/0x1d0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #0 (sb_internal#2){.+.+}-{0:0}: check_prev_add kernel/locking/lockdep.c:2496 [inline] check_prevs_add kernel/locking/lockdep.c:2601 [inline] validate_chain+0x1b0c/0x88a0 kernel/locking/lockdep.c:3218 __lock_acquire+0x110b/0x2ae0 kernel/locking/lockdep.c:4441 lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write+0x14b/0x400 fs/super.c:1672 sb_start_intwrite include/linux/fs.h:1690 [inline] start_transaction+0x59c/0x1000 fs/btrfs/transaction.c:624 find_free_extent_update_loop fs/btrfs/extent-tree.c:3789 [inline] find_free_extent+0x2d2b/0x3b80 fs/btrfs/extent-tree.c:4127 btrfs_reserve_extent+0x171/0x460 fs/btrfs/extent-tree.c:4206 cow_file_range+0x529/0xb50 fs/btrfs/inode.c:1063 btrfs_run_delalloc_range+0x1b6/0xe80 fs/btrfs/inode.c:1838 writepage_delalloc+0x1c0/0x560 fs/btrfs/extent_io.c:3439 __extent_writepage+0x598/0x930 fs/btrfs/extent_io.c:3653 extent_write_cache_pages fs/btrfs/extent_io.c:4249 [inline] extent_writepages+0xbea/0x1430 fs/btrfs/extent_io.c:4370 do_writepages+0xda/0x1f0 mm/page-writeback.c:2352 __writeback_single_inode+0xcc/0x640 fs/fs-writeback.c:1461 writeback_sb_inodes+0x8f3/0x17f0 fs/fs-writeback.c:1721 wb_writeback+0x3c4/0x8f0 fs/fs-writeback.c:1894 wb_do_writeback fs/fs-writeback.c:2039 [inline] wb_workfn+0x2fa/0x11e0 fs/fs-writeback.c:2080 process_one_work+0x789/0xfc0 kernel/workqueue.c:2269 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2415 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 other info that might help us debug this: Chain exists of: sb_internal#2 --> loop_ctl_mutex --> (work_completion)(&(&wb->dwork)->work) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((work_completion)(&(&wb->dwork)->work)); lock(loop_ctl_mutex); lock((work_completion)(&(&wb->dwork)->work)); lock(sb_internal#2); *** DEADLOCK *** 2 locks held by kworker/u4:5/26493: #0: ffff8880a6da1938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2242 #1: ffffc9000e39fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2244 stack backtrace: CPU: 0 PID: 26493 Comm: kworker/u4:5 Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: writeback wb_workfn (flush-btrfs-4) Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d6/0x29e lib/dump_stack.c:118 print_circular_bug+0xc72/0xea0 kernel/locking/lockdep.c:1703 check_noncircular+0x1fb/0x3a0 kernel/locking/lockdep.c:1827 check_prev_add kernel/locking/lockdep.c:2496 [inline] check_prevs_add kernel/locking/lockdep.c:2601 [inline] validate_chain+0x1b0c/0x88a0 kernel/locking/lockdep.c:3218 __lock_acquire+0x110b/0x2ae0 kernel/locking/lockdep.c:4441 lock_acquire+0x148/0x720 kernel/locking/lockdep.c:5029 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write+0x14b/0x400 fs/super.c:1672 sb_start_intwrite include/linux/fs.h:1690 [inline] start_transaction+0x59c/0x1000 fs/btrfs/transaction.c:624 find_free_extent_update_loop fs/btrfs/extent-tree.c:3789 [inline] find_free_extent+0x2d2b/0x3b80 fs/btrfs/extent-tree.c:4127 btrfs_reserve_extent+0x171/0x460 fs/btrfs/extent-tree.c:4206 cow_file_range+0x529/0xb50 fs/btrfs/inode.c:1063 btrfs_run_delalloc_range+0x1b6/0xe80 fs/btrfs/inode.c:1838 writepage_delalloc+0x1c0/0x560 fs/btrfs/extent_io.c:3439 __extent_writepage+0x598/0x930 fs/btrfs/extent_io.c:3653 extent_write_cache_pages fs/btrfs/extent_io.c:4249 [inline] extent_writepages+0xbea/0x1430 fs/btrfs/extent_io.c:4370 do_writepages+0xda/0x1f0 mm/page-writeback.c:2352 __writeback_single_inode+0xcc/0x640 fs/fs-writeback.c:1461 writeback_sb_inodes+0x8f3/0x17f0 fs/fs-writeback.c:1721 wb_writeback+0x3c4/0x8f0 fs/fs-writeback.c:1894 wb_do_writeback fs/fs-writeback.c:2039 [inline] wb_workfn+0x2fa/0x11e0 fs/fs-writeback.c:2080 process_one_work+0x789/0xfc0 kernel/workqueue.c:2269 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2415 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294