audit: type=1804 audit(1674080064.304:289): pid=23666 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/369/file0/bus" dev="loop4" ino=263 res=1
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:2/3687 is trying to acquire lock:
audit: type=1800 audit(1674080064.334:290): pid=23685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file2" dev="sda1" ino=15432 res=0
000000001c1991ac (&sb->s_type->i_mutex_key#23){++++}, at: inode_lock include/linux/fs.h:748 [inline]
000000001c1991ac (&sb->s_type->i_mutex_key#23){++++}, at: __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989

but task is already holding lock:
0000000065fefceb ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 ((work_completion)(&dio->complete_work)){+.+.}:
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

-> #1 ((wq_completion)"dio/%s"sb->s_id){+.+.}:
       drain_workqueue+0x1a5/0x460 kernel/workqueue.c:2826
       destroy_workqueue+0x75/0x790 kernel/workqueue.c:4183
       __alloc_workqueue_key+0xb76/0xed0 kernel/workqueue.c:4160
       sb_init_dio_done_wq+0x34/0x90 fs/direct-io.c:623
       do_blockdev_direct_IO fs/direct-io.c:1285 [inline]
       __blockdev_direct_IO+0x5f55/0xef40 fs/direct-io.c:1419
       blockdev_direct_IO include/linux/fs.h:3059 [inline]
       fat_direct_IO+0x1d1/0x370 fs/fat/inode.c:282
       generic_file_direct_write+0x208/0x4a0 mm/filemap.c:3073
       __generic_file_write_iter+0x2d0/0x610 mm/filemap.c:3252
       generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
       call_write_iter include/linux/fs.h:1821 [inline]
       aio_write+0x37f/0x5c0 fs/aio.c:1574
       __io_submit_one fs/aio.c:1858 [inline]
       io_submit_one+0xecd/0x20c0 fs/aio.c:1909
       __do_sys_io_submit fs/aio.c:1953 [inline]
       __se_sys_io_submit+0x11b/0x4a0 fs/aio.c:1924
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&sb->s_type->i_mutex_key#23){++++}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:70
       inode_lock include/linux/fs.h:748 [inline]
       __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989
       fat_file_fsync+0x73/0x200 fs/fat/file.c:198
       vfs_fsync_range+0x13a/0x220 fs/sync.c:197
       generic_write_sync include/linux/fs.h:2750 [inline]
       dio_complete+0x763/0xac0 fs/direct-io.c:329
       process_one_work+0x864/0x1570 kernel/workqueue.c:2153
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#23 --> (wq_completion)"dio/%s"sb->s_id --> (work_completion)(&dio->complete_work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((work_completion)(&dio->complete_work));
                               lock((wq_completion)"dio/%s"sb->s_id);
                               lock((work_completion)(&dio->complete_work));
  lock(&sb->s_type->i_mutex_key#23);

 *** DEADLOCK ***

2 locks held by kworker/0:2/3687:
 #0: 00000000339a2e2f ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000065fefceb ((work_completion)(&dio->complete_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128

stack backtrace:
CPU: 0 PID: 3687 Comm: kworker/0:2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Workqueue: dio/loop4 dio_aio_complete_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:748 [inline]
 __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989
 fat_file_fsync+0x73/0x200 fs/fat/file.c:198
 vfs_fsync_range+0x13a/0x220 fs/sync.c:197
 generic_write_sync include/linux/fs.h:2750 [inline]
 dio_complete+0x763/0xac0 fs/direct-io.c:329
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
audit: type=1800 audit(1674080065.304:291): pid=23729 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file2" dev="sda1" ino=15482 res=0
audit: type=1800 audit(1674080065.554:292): pid=23730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="sda1" ino=15483 res=0
audit: type=1804 audit(1674080066.244:293): pid=23721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/370/file0/bus" dev="loop4" ino=264 res=1
audit: type=1800 audit(1674080066.434:294): pid=23756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file2" dev="sda1" ino=15401 res=0
attempt to access beyond end of device
audit: type=1800 audit(1674080066.844:295): pid=23771 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="sda1" ino=14849 res=0
loop4: rw=1, want=2064, limit=2048
audit: type=1804 audit(1674080067.394:296): pid=23791 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/371/file0/bus" dev="loop4" ino=265 res=1
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
audit: type=1800 audit(1674080067.764:297): pid=23832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="sda1" ino=14882 res=0
audit: type=1804 audit(1674080068.104:298): pid=23824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir420974002/syzkaller.XmOuNq/476/file0/bus" dev="loop2" ino=266 res=1
attempt to access beyond end of device
loop2: rw=1, want=2064, limit=2048
attempt to access beyond end of device
audit: type=1804 audit(1674080068.124:299): pid=23823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/372/file0/bus" dev="loop4" ino=267 res=1
loop4: rw=1, want=2064, limit=2048
attempt to access beyond end of device
loop5: rw=1, want=2064, limit=2048
audit: type=1804 audit(1674080068.224:300): pid=23842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3691990374/syzkaller.1K8tmb/540/file0/bus" dev="loop5" ino=268 res=1
BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3
hub 9-0:1.0: USB hub found
BTRFS error (device loop3): unsupported checksum algorithm 2
hub 9-0:1.0: 8 ports detected
BTRFS error (device loop3): superblock checksum mismatch
BTRFS error (device loop3): open_ctree failed
attempt to access beyond end of device
loop2: rw=1, want=2064, limit=2048
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
device bridge0 entered promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
BTRFS error (device loop3): unsupported checksum algorithm 2
BTRFS error (device loop3): superblock checksum mismatch
BTRFS error (device loop3): open_ctree failed
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
overlayfs: filesystem on './bus' not supported as upperdir
f2fs_msg: 18 callbacks suppressed
F2FS-fs (loop1): invalid crc value
F2FS-fs (loop1): Found nat_bits in checkpoint
F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
F2FS-fs (loop1): sanity_check_inode: inode (ino=4) has corrupted i_extra_isize: 36, max: 24
F2FS-fs (loop1): sanity_check_inode: inode (ino=4) has corrupted i_extra_isize: 36, max: 24
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
IPVS: ftp: loaded support on port[0] = 21
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
kauditd_printk_skb: 14 callbacks suppressed
audit: type=1804 audit(1674080071.374:315): pid=24048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/379/file0/bus" dev="loop4" ino=276 res=1
device bridge0 entered promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
BTRFS error (device loop3): unsupported checksum algorithm 2
BTRFS error (device loop3): superblock checksum mismatch
BTRFS error (device loop3): open_ctree failed
audit: type=1800 audit(1674080071.734:316): pid=24016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=14371 res=0
audit: type=1804 audit(1674080071.794:317): pid=24079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/380/file0/bus" dev="loop4" ino=277 res=1
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
audit: type=1800 audit(1674080071.944:318): pid=24011 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=13876 res=0
audit: type=1804 audit(1674080071.944:319): pid=24011 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3283613822/syzkaller.R0r2Jv/471/bus" dev="sda1" ino=13876 res=1
audit: type=1804 audit(1674080072.174:320): pid=24105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3211111766/syzkaller.X7Gof6/500/bus" dev="sda1" ino=14036 res=1
F2FS-fs (loop1): invalid crc value
F2FS-fs (loop1): Found nat_bits in checkpoint
F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
audit: type=1804 audit(1674080073.104:321): pid=24137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/381/file0/bus" dev="loop4" ino=278 res=1
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge0 entered promiscuous mode
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
IPVS: ftp: loaded support on port[0] = 21
audit: type=1804 audit(1674080073.514:322): pid=24171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/382/file0/bus" dev="loop4" ino=279 res=1
attempt to access beyond end of device
loop4: rw=1, want=2064, limit=2048
BTRFS error (device loop3): unsupported checksum algorithm 2
BTRFS error (device loop3): superblock checksum mismatch
BTRFS error (device loop3): open_ctree failed
audit: type=1804 audit(1674080074.004:323): pid=24185 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4109049827/syzkaller.4nfMAK/383/file0/bus" dev="loop4" ino=280 res=1
audit: type=1800 audit(1674080074.214:324): pid=24156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14161 res=0