====================================================== WARNING: possible circular locking dependency detected 5.17.0-rc6-next-20220303 #1 Not tainted ------------------------------------------------------ syz-executor.0/127456 is trying to acquire lock: ffff88803a04f138 ((wq_completion)loop0){+.+.}-{0:0}, at: flush_workqueue+0x11c/0x11a0 but task is already holding lock: ffff88803a258918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x98/0x990 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #7 (&disk->open_mutex){+.+.}-{3:3}: __mutex_lock+0x136/0x1480 bd_register_pending_holders+0x2c/0x480 device_add_disk+0x5e5/0xd70 loop_add+0x6e5/0x8e0 loop_probe+0x48/0x50 blk_request_module+0x10e/0x1c0 blkdev_get_no_open+0x77/0xc0 blkdev_get_by_dev+0x22/0xc70 blkdev_open+0x154/0x2e0 do_dentry_open+0x4b7/0x1110 path_openat+0x1a3e/0x28a0 do_filp_open+0x1aa/0x400 do_sys_openat2+0x16d/0x4d0 __x64_sys_openat+0x13f/0x1f0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #6 (major_names_lock){+.+.}-{3:3}: __mutex_lock+0x136/0x1480 blk_request_module+0x29/0x1c0 blkdev_get_no_open+0x77/0xc0 blkdev_get_by_dev+0x22/0xc70 swsusp_check+0x97/0x3e0 software_resume.part.0+0x161/0x240 resume_store+0x161/0x190 kobj_attr_store+0x53/0x80 sysfs_kf_write+0x113/0x170 kernfs_fop_write_iter+0x3fa/0x610 new_sync_write+0x437/0x660 vfs_write+0x7c2/0xad0 ksys_write+0x12d/0x250 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #5 (system_transition_mutex/1){+.+.}-{3:3}: __mutex_lock+0x136/0x1480 software_resume.part.0+0x19/0x240 resume_store+0x161/0x190 kobj_attr_store+0x53/0x80 sysfs_kf_write+0x113/0x170 kernfs_fop_write_iter+0x3fa/0x610 new_sync_write+0x437/0x660 vfs_write+0x7c2/0xad0 ksys_write+0x12d/0x250 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #4 (&of->mutex){+.+.}-{3:3}: __mutex_lock+0x136/0x1480 kernfs_seq_start+0x47/0x440 seq_read_iter+0x2c9/0x12b0 kernfs_fop_read_iter+0x516/0x6f0 new_sync_read+0x42f/0x6f0 vfs_read+0x499/0x5e0 ksys_read+0x12d/0x250 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #3 (&p->lock){+.+.}-{3:3}: __mutex_lock+0x136/0x1480 seq_read_iter+0xdf/0x12b0 kernfs_fop_read_iter+0x516/0x6f0 generic_file_splice_read+0x460/0x6d0 do_splice_to+0x1c2/0x240 splice_direct_to_actor+0x2c7/0x8f0 do_splice_direct+0x1c4/0x290 vfs_copy_file_range+0x57b/0x1270 __do_sys_copy_file_range+0x176/0x410 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #2 (sb_writers#8){.+.+}-{0:0}: loop_process_work+0x1324/0x1e30 process_one_work+0xa1c/0x16a0 worker_thread+0x637/0x1250 kthread+0x2f0/0x3a0 ret_from_fork+0x22/0x30 -> #1 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}: process_one_work+0x9a0/0x16a0 worker_thread+0x637/0x1250 kthread+0x2f0/0x3a0 ret_from_fork+0x22/0x30 -> #0 ((wq_completion)loop0){+.+.}-{0:0}: __lock_acquire+0x2c2f/0x6120 lock_acquire+0x1a2/0x4d0 flush_workqueue+0x144/0x11a0 drain_workqueue+0x1a5/0x3c0 destroy_workqueue+0x71/0x790 __loop_clr_fd+0x1ab/0xd90 lo_release+0x1ac/0x1f0 blkdev_put+0x2e2/0x990 blkdev_close+0x6a/0x80 __fput+0x281/0x9e0 task_work_run+0xe2/0x1a0 do_exit+0xaf2/0x2820 do_group_exit+0xd2/0x2f0 __x64_sys_exit_group+0x3a/0x50 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: (wq_completion)loop0 --> major_names_lock --> &disk->open_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&disk->open_mutex); lock(major_names_lock); lock(&disk->open_mutex); lock((wq_completion)loop0); *** DEADLOCK *** 1 lock held by syz-executor.0/127456: #0: ffff88803a258918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x98/0x990 stack backtrace: CPU: 1 PID: 127456 Comm: syz-executor.0 Not tainted 5.17.0-rc6-next-20220303 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x8b/0xb3 check_noncircular+0x25f/0x2e0 __lock_acquire+0x2c2f/0x6120 lock_acquire+0x1a2/0x4d0 flush_workqueue+0x144/0x11a0 drain_workqueue+0x1a5/0x3c0 destroy_workqueue+0x71/0x790 __loop_clr_fd+0x1ab/0xd90 lo_release+0x1ac/0x1f0 blkdev_put+0x2e2/0x990 blkdev_close+0x6a/0x80 __fput+0x281/0x9e0 task_work_run+0xe2/0x1a0 do_exit+0xaf2/0x2820 do_group_exit+0xd2/0x2f0 __x64_sys_exit_group+0x3a/0x50 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f0d68cf6b19 Code: Unable to access opcode bytes at RIP 0x7f0d68cf6aef. RSP: 002b:00007fff98d6f4e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f0d68e0a02c RCX: 00007f0d68cf6b19 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 00007f0d68d50259 R08: 000000000000000c R09: 00007f0d68e09f60 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b R13: 00007fff98d6f700 R14: 00007f0d68e09f60 R15: 0000000000000001 loop0: detected capacity change from 0 to 4097 loop0: detected capacity change from 0 to 4097 mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 Buffer I/O error on dev sr0, logical block 0, lost async page write Buffer I/O error on dev sr0, logical block 1, lost async page write Buffer I/O error on dev sr0, logical block 2, lost async page write Buffer I/O error on dev sr0, logical block 3, lost async page write Buffer I/O error on dev sr0, logical block 4, lost async page write Buffer I/O error on dev sr0, logical block 5, lost async page write Buffer I/O error on dev sr0, logical block 6, lost async page write Buffer I/O error on dev sr0, logical block 7, lost async page write Buffer I/O error on dev sr0, logical block 8, lost async page write Buffer I/O error on dev sr0, logical block 9, lost async page write sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 254 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 508 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 762 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 1016 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 1270 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 1524 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 1778 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 2032 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer I/O error, dev sr0, sector 2286 op 0x1:(WRITE) flags 0x104000 phys_seg 127 prio class 0 sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 unaligned transfer sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=1s sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 1f c0 00 00 3e 00 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. block device autoloading is deprecated and will be removed. block device autoloading is deprecated and will be removed. block device autoloading is deprecated and will be removed. tmpfs: Unsupported parameter 'huge' rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled tmpfs: Unsupported parameter 'huge' rfkill: input handler enabled tmpfs: Unsupported parameter 'huge' rfkill: input handler disabled rfkill: input handler enabled