======================================================
WARNING: possible circular locking dependency detected
4.14.157-syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:1/22 is trying to acquire lock:
 (&sb->s_type->i_mutex_key#9){++++}, at: [<0000000087596904>] inode_lock include/linux/fs.h:724 [inline]
 (&sb->s_type->i_mutex_key#9){++++}, at: [<0000000087596904>] __generic_file_fsync+0x9e/0x190 fs/libfs.c:985

but task is already holding lock:
 ((&dio->complete_work)){+.+.}, at: [<0000000038c70dda>] process_one_work+0x735/0x1580 kernel/workqueue.c:2109

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 ((&dio->complete_work)){+.+.}:
       process_one_work+0x789/0x1580 kernel/workqueue.c:2110
       worker_thread+0xdd/0xdf0 kernel/workqueue.c:2271
       kthread+0x31f/0x430 kernel/kthread.c:232
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404

-> #1 ("dio/%s"sb->s_id){+.+.}:
       flush_workqueue+0x118/0x13b0 kernel/workqueue.c:2639
       drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2804
       destroy_workqueue+0x22/0x5e0 kernel/workqueue.c:4111
       sb_init_dio_done_wq+0x72/0x90 fs/direct-io.c:635
       dio_set_defer_completion fs/direct-io.c:647 [inline]
       get_more_blocks fs/direct-io.c:725 [inline]
       do_direct_IO fs/direct-io.c:1003 [inline]
       do_blockdev_direct_IO fs/direct-io.c:1336 [inline]
       __blockdev_direct_IO+0x31cc/0xe24e fs/direct-io.c:1422
       ext4_direct_IO_write fs/ext4/inode.c:3730 [inline]
       ext4_direct_IO+0xa4f/0x2820 fs/ext4/inode.c:3885
       generic_file_direct_write+0x1e4/0x430 mm/filemap.c:3036
       __generic_file_write_iter+0x209/0x550 mm/filemap.c:3215
       ext4_file_write_iter+0x68a/0xdb0 fs/ext4/file.c:268
       call_write_iter include/linux/fs.h:1798 [inline]
       aio_write+0x2ea/0x530 fs/aio.c:1553
       io_submit_one fs/aio.c:1641 [inline]
       do_io_submit+0x8e7/0x13e0 fs/aio.c:1709
       do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&sb->s_type->i_mutex_key#9){++++}:
       lock_acquire+0x12b/0x360 kernel/locking/lockdep.c:3994
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:724 [inline]
       __generic_file_fsync+0x9e/0x190 fs/libfs.c:985
       ext4_sync_file+0x3ac/0x1250 fs/ext4/fsync.c:120
       vfs_fsync_range+0x106/0x260 fs/sync.c:196
       generic_write_sync include/linux/fs.h:2713 [inline]
       dio_complete+0x37e/0x860 fs/direct-io.c:330
       process_one_work+0x7f1/0x1580 kernel/workqueue.c:2134
       worker_thread+0xdd/0xdf0 kernel/workqueue.c:2271
       kthread+0x31f/0x430 kernel/kthread.c:232
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#9 --> "dio/%s"sb->s_id --> (&dio->complete_work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&dio->complete_work));
                               lock("dio/%s"sb->s_id);
                               lock((&dio->complete_work));
  lock(&sb->s_type->i_mutex_key#9);

 *** DEADLOCK ***

2 locks held by kworker/0:1/22:
 #0:  ("dio/%s"sb->s_id){+.+.}, at: [<0000000039a622b0>] process_one_work+0x6ff/0x1580 kernel/workqueue.c:2105
 #1:  ((&dio->complete_work)){+.+.}, at: [<0000000038c70dda>] process_one_work+0x735/0x1580 kernel/workqueue.c:2109

stack backtrace:
CPU: 0 PID: 22 Comm: kworker/0:1 Not tainted 4.14.157-syzkaller #0
Workqueue: dio/sda1 dio_aio_complete_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe5/0x154 lib/dump_stack.c:58
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2f5f/0x4320 kernel/locking/lockdep.c:3487
 lock_acquire+0x12b/0x360 kernel/locking/lockdep.c:3994
 down_write+0x34/0x90 kernel/locking/rwsem.c:54
 inode_lock include/linux/fs.h:724 [inline]
 __generic_file_fsync+0x9e/0x190 fs/libfs.c:985
 ext4_sync_file+0x3ac/0x1250 fs/ext4/fsync.c:120
 vfs_fsync_range+0x106/0x260 fs/sync.c:196
 generic_write_sync include/linux/fs.h:2713 [inline]
 dio_complete+0x37e/0x860 fs/direct-io.c:330
 process_one_work+0x7f1/0x1580 kernel/workqueue.c:2134
 worker_thread+0xdd/0xdf0 kernel/workqueue.c:2271
 kthread+0x31f/0x430 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
Mem-Info:
active_anon:92188 inactive_anon:4608 isolated_anon:0
 active_file:9539 inactive_file:13427 isolated_file:0
 unevictable:0 dirty:152 writeback:0 unstable:0
 slab_reclaimable:6110 slab_unreclaimable:60701
 mapped:50839 shmem:49 pagetables:1822 bounce:0
 free:1399109 free_pcp:524 free_cma:0
Node 0 active_anon:368752kB inactive_anon:18432kB active_file:38156kB inactive_file:53708kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:203356kB dirty:608kB writeback:0kB shmem:196kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3011252kB min:4684kB low:7692kB high:10700kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3011992kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:740kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 3505 3505
Normal free:2586280kB min:5584kB low:9172kB high:12760kB active_anon:367588kB inactive_anon:18432kB active_file:38128kB inactive_file:53740kB unevictable:0kB writepending:604kB present:4718592kB managed:3589220kB mlocked:0kB kernel_stack:4864kB pagetables:7176kB bounce:0kB free_pcp:1416kB local_pcp:644kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 5*4kB (UM) 2*8kB (M) 5*16kB (M) 2*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 733*4096kB (M) = 3011252kB
Normal: 6630*4kB (UME) 2377*8kB (UME) 3777*16kB (UME) 2003*32kB (UME) 681*64kB (UME) 100*128kB (UME) 77*256kB (UME) 77*512kB (UME) 22*1024kB (UME) 5*2048kB (UME) 554*4096kB (M) = 2587536kB
22991 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315676 pages reserved
syz-executor.5: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 1 PID: 7722 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe5/0x154 lib/dump_stack.c:58
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a679
RSP: 002b:00007fdd6f55bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd6f55c6d4
R13: 00000000004cba0b R14: 00000000004e5428 R15: 00000000ffffffff
Mem-Info:
active_anon:92603 inactive_anon:4769 isolated_anon:0
 active_file:9532 inactive_file:13436 isolated_file:0
 unevictable:0 dirty:196 writeback:0 unstable:0
 slab_reclaimable:6112 slab_unreclaimable:61667
 mapped:59671 shmem:213 pagetables:1915 bounce:0
 free:1388650 free_pcp:331 free_cma:0
Node 0 active_anon:370512kB inactive_anon:19376kB active_file:38128kB inactive_file:53744kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:239084kB dirty:784kB writeback:0kB shmem:1152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3011252kB min:4684kB low:7692kB high:10700kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3011992kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:740kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 3505 3505
Normal free:2541656kB min:5584kB low:9172kB high:12760kB active_anon:370612kB inactive_anon:20876kB active_file:38128kB inactive_file:53744kB unevictable:0kB writepending:784kB present:4718592kB managed:3589220kB mlocked:0kB kernel_stack:5120kB pagetables:7660kB bounce:0kB free_pcp:1192kB local_pcp:508kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 5*4kB (UM) 2*8kB (M) 5*16kB (M) 2*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 733*4096kB (M) = 3011252kB
Normal: 4523*4kB (UME) 2332*8kB (UME) 2309*16kB (UME) 1644*32kB (UME) 632*64kB (UME) 99*128kB (UME) 78*256kB (UME) 77*512kB (UME) 22*1024kB (UME) 5*2048kB (UME) 554*4096kB (M) = 2540764kB
24031 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315676 pages reserved
syz-executor.5: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
CPU: 0 PID: 7770 Comm: syz-executor.5 Not tainted 4.14.157-syzkaller #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe5/0x154 lib/dump_stack.c:58
 warn_alloc.cold+0x91/0x1ab mm/page_alloc.c:3319
 __vmalloc_node_range mm/vmalloc.c:1796 [inline]
 __vmalloc_node_range+0x3b5/0x6d0 mm/vmalloc.c:1756
 __vmalloc_node mm/vmalloc.c:1825 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1839 [inline]
 vmalloc+0x60/0x80 mm/vmalloc.c:1861
 sel_write_load+0x199/0xfb0 security/selinux/selinuxfs.c:495
 __vfs_write+0xf9/0x5a0 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:546
 SYSC_write fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 fs/read_write.c:586
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a679
RSP: 002b:00007fdd6f55bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd6f55c6d4
R13: 00000000004cba0b R14: 00000000004e5428 R15: 00000000ffffffff
Mem-Info:
active_anon:92840 inactive_anon:4608 isolated_anon:0
 active_file:9534 inactive_file:13439 isolated_file:0
 unevictable:0 dirty:225 writeback:0 unstable:0
 slab_reclaimable:6096 slab_unreclaimable:61591
 mapped:59508 shmem:49 pagetables:1892 bounce:0
 free:1388881 free_pcp:318 free_cma:0
Node 0 active_anon:371360kB inactive_anon:19632kB active_file:38136kB inactive_file:53756kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:239332kB dirty:900kB writeback:0kB shmem:1496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
DMA32 free:3011252kB min:4684kB low:7692kB high:10700kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3011992kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:740kB local_pcp:740kB free_cma:0kB
lowmem_reserve[]: 0 3505 3505
Normal free:2540424kB min:5584kB low:9172kB high:12760kB active_anon:371460kB inactive_anon:21832kB active_file:38136kB inactive_file:53756kB unevictable:0kB writepending:900kB present:4718592kB managed:3589220kB mlocked:0kB kernel_stack:5248kB pagetables:7864kB bounce:0kB free_pcp:580kB local_pcp:364kB free_cma:0kB
lowmem_reserve[]: 0 0 0
DMA32: 5*4kB (UM) 2*8kB (M) 5*16kB (M) 2*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 733*4096kB (M) = 3011252kB
Normal: 4140*4kB (UME) 2242*8kB (UME) 2314*16kB (UME) 1656*32kB (UME) 633*64kB (UME) 99*128kB (UME) 79*256kB (UME) 77*512kB (UME) 22*1024kB (UME) 5*2048kB (UME) 554*4096kB (M) = 2539296kB
24222 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
315676 pages reserved
sel_write_load: 2 callbacks suppressed
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy
SELinux: failed to load policy