IPVS: ftp: loaded support on port[0] = 21
======================================================
WARNING: possible circular locking dependency detected
4.14.259-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/10053 is trying to acquire lock:
 ("dio/%s"sb->s_id){+.+.}, at: [<ffffffff8135b5bb>] flush_workqueue+0xcb/0x1310 kernel/workqueue.c:2622

but task is already holding lock:
 (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81691649>] inode_lock include/linux/fs.h:719 [inline]
 (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81691649>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sb->s_type->i_mutex_key#22){+.+.}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:719 [inline]
       __generic_file_fsync+0x9e/0x190 fs/libfs.c:989
       fat_file_fsync+0x73/0x1f0 fs/fat/file.c:165
       vfs_fsync_range+0x103/0x260 fs/sync.c:196
       generic_write_sync include/linux/fs.h:2684 [inline]
       dio_complete+0x561/0x8d0 fs/direct-io.c:330
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #1 ((&dio->complete_work)){+.+.}:
       process_one_work+0x736/0x14a0 kernel/workqueue.c:2093
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 ("dio/%s"sb->s_id){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
       drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790
       destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116
       __alloc_workqueue_key+0xd50/0x1080 kernel/workqueue.c:4093
       sb_init_dio_done_wq+0x34/0x80 fs/direct-io.c:624
       do_blockdev_direct_IO fs/direct-io.c:1287 [inline]
       __blockdev_direct_IO+0x3df1/0xdcb0 fs/direct-io.c:1423
       blockdev_direct_IO include/linux/fs.h:2994 [inline]
       fat_direct_IO+0x19b/0x320 fs/fat/inode.c:275
       generic_file_direct_write+0x1df/0x420 mm/filemap.c:2958
       __generic_file_write_iter+0x2a2/0x590 mm/filemap.c:3137
       generic_file_write_iter+0x36f/0x650 mm/filemap.c:3208
       call_write_iter include/linux/fs.h:1780 [inline]
       aio_write+0x2ed/0x560 fs/aio.c:1553
       io_submit_one fs/aio.c:1641 [inline]
       do_io_submit+0x847/0x1570 fs/aio.c:1709
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

Chain exists of:
  "dio/%s"sb->s_id --> (&dio->complete_work) --> &sb->s_type->i_mutex_key#22

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#22);
                               lock((&dio->complete_work));
                               lock(&sb->s_type->i_mutex_key#22);
  lock("dio/%s"sb->s_id);

 *** DEADLOCK ***

2 locks held by syz-executor.1/10053:
 #0:  (sb_writers#14){.+.+}, at: [<ffffffff81982518>] file_start_write include/linux/fs.h:2714 [inline]
 #0:  (sb_writers#14){.+.+}, at: [<ffffffff81982518>] aio_write+0x408/0x560 fs/aio.c:1552
 #1:  (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81691649>] inode_lock include/linux/fs.h:719 [inline]
 #1:  (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81691649>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205

stack backtrace:
CPU: 1 PID: 10053 Comm: syz-executor.1 Not tainted 4.14.259-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790
 destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116
 __alloc_workqueue_key+0xd50/0x1080 kernel/workqueue.c:4093
 sb_init_dio_done_wq+0x34/0x80 fs/direct-io.c:624
 do_blockdev_direct_IO fs/direct-io.c:1287 [inline]
 __blockdev_direct_IO+0x3df1/0xdcb0 fs/direct-io.c:1423
 blockdev_direct_IO include/linux/fs.h:2994 [inline]
 fat_direct_IO+0x19b/0x320 fs/fat/inode.c:275
 generic_file_direct_write+0x1df/0x420 mm/filemap.c:2958
 __generic_file_write_iter+0x2a2/0x590 mm/filemap.c:3137
 generic_file_write_iter+0x36f/0x650 mm/filemap.c:3208
 call_write_iter include/linux/fs.h:1780 [inline]
 aio_write+0x2ed/0x560 fs/aio.c:1553
 io_submit_one fs/aio.c:1641 [inline]
 do_io_submit+0x847/0x1570 fs/aio.c:1709
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f996e28ee99
RSP: 002b:00007f996cc04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007f996e3a1f60 RCX: 00007f996e28ee99
RDX: 0000000020000540 RSI: 0000000000001801 RDI: 00007f996e37d000
RBP: 00007f996e2e8ff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff9334494f R14: 00007f996cc04300 R15: 0000000000022000
A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
EXT4-fs (loop5): group descriptors corrupted!
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop5): group descriptors corrupted!
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
EXT4-fs (loop0): group descriptors corrupted!
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
EXT4-fs (loop0): group descriptors corrupted!
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
EXT4-fs (loop5): group descriptors corrupted!
chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19
Zero length message leads to an empty skb
caif:caif_disconnect_client(): nothing to disconnect
chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
chnl_net:chnl_net_open(): state disconnected
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
FAT-fs (loop1): Unrecognized mount option "./bus" or missing value
kauditd_printk_skb: 2 callbacks suppressed
audit: type=1804 audit(1640232373.010:14): pid=10392 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir022380101/syzkaller.PWrOsc/12/bus" dev="sda1" ino=13989 res=1
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
sd 0:0:1:0: [sg0] tag#3715 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#3715 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: [sg0] tag#3715 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: [sg0] tag#3715 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: [sg0] tag#3715 CDB[20]: ba
audit: type=1804 audit(1640232373.250:15): pid=10445 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir022380101/syzkaller.PWrOsc/13/bus" dev="sda1" ino=13991 res=1
sd 0:0:1:0: [sg0] tag#3715 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#3715 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: [sg0] tag#3715 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: [sg0] tag#3692 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#3715 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: [sg0] tag#3692 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: [sg0] tag#3715 CDB[20]: ba
sd 0:0:1:0: [sg0] tag#3692 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
audit: type=1804 audit(1640232373.400:16): pid=10474 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir022380101/syzkaller.PWrOsc/14/bus" dev="sda1" ino=13990 res=1
sd 0:0:1:0: [sg0] tag#3692 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: [sg0] tag#3692 CDB[20]: ba
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
audit: type=1804 audit(1640232373.640:17): pid=10540 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir931917586/syzkaller.6Fa8wp/13/bus" dev="sda1" ino=13976 res=1
sd 0:0:1:0: [sg0] tag#3692 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#3692 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: [sg0] tag#3692 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: [sg0] tag#3692 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: [sg0] tag#3692 CDB[20]: ba
EXT4-fs (loop2): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
print_req_error: I/O error, dev loop5, sector 0
Buffer I/O error on dev loop5, logical block 0, async page read
print_req_error: I/O error, dev loop5, sector 4
Buffer I/O error on dev loop5, logical block 2, async page read
print_req_error: I/O error, dev loop5, sector 6
Buffer I/O error on dev loop5, logical block 3, async page read
futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
print_req_error: I/O error, dev loop5, sector 0
Buffer I/O error on dev loop5, logical block 0, async page read
print_req_error: I/O error, dev loop5, sector 4
Buffer I/O error on dev loop5, logical block 2, async page read
print_req_error: I/O error, dev loop5, sector 6
Buffer I/O error on dev loop5, logical block 3, async page read
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
print_req_error: I/O error, dev loop4, sector 0
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop5): Unrecognized mount option "./bus/file0" or missing value
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop5): group descriptors corrupted!
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
EXT4-fs (loop3): group descriptors corrupted!
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program
EXT4-fs (loop0): group descriptors corrupted!
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
futex_wake_op: syz-executor.5 tries to shift op by -1; fix this program
futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program
EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
print_req_error: I/O error, dev loop4, sector 0
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop0): group descriptors corrupted!
EXT4-fs (loop1): group descriptors corrupted!
EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop2): group descriptors corrupted!
EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop2): group descriptors corrupted!
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 268435521)!
EXT4-fs (loop1): group descriptors corrupted!
*** Guest State ***
CR0: actual=0xeb709f408ed399f9, shadow=0xeb709f40aed399d9, gh_mask=fffffffffffffff7
CR4: actual=0x0000000000202764, shadow=0x0000000000200724, gh_mask=ffffffffffffe871
CR3 = 0x0000000000100000
PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
RSP = 0x0000000000000000  RIP = 0x000000000000fff0
RFLAGS=0x00000002         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS:   sel=0x0000, attr=0x10000, limit=0x0000d000, base=0x0000000000000000
DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000005801
GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
GDTR:                           limit=0x00000000, base=0x0000000000000000
LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
IDTR:                           limit=0x00000000, base=0x0000000000000000
TR:   sel=0x000a, attr=0x00001, limit=0x00000000, base=0x0000000000000000
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff81160b1e  RSP = 0xffff888049bb79b8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f996cc04700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=000000009c69c000 CR4=00000000003426f0
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401690
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000e2
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff977f2074be
EPT pointer = 0x00000000972e601e
Virtual processor ID = 0x0002
cgroup: cgroup2: unknown option "io"
kvm: emulating exchange as write
cgroup: cgroup2: unknown option "io"
print_req_error: I/O error, dev loop2, sector 56