From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ua1-f46.google.com (mail-ua1-f46.google.com [209.85.222.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F7D329827E
	for <linux-kernel@vger.kernel.org>; Mon, 25 May 2026 15:19:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.46
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779722364; cv=none; b=eUo9oVRM3FDNEOqlBo0gJtiMmtLyw0KihI6b4gsVg9zVfSU/ZsslQqHDSTLmMl85ieknG8kh8RgNgYidhMp65WloqkpiCHnjYs050vmdspqFBN/ArRv/1I80GLwPRUNIoBRGLzmRDSEOogsGBa4/4ERwQa810XqAmxpr+uXNwOs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779722364; c=relaxed/simple;
	bh=XOdc5iMVgm3fwPRjW36/67m/FdoDannz+z0kjVgka+Q=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=mkaBQPdzSTYhjmQpYuqjwP/t1KlUUNNgzVAL6tS6f3hOMgkdg4xgtHIkabkFCgZghBdSXRyrdc2xg/L2zhjA105AIII/NiNuvE5bNPXNFlgZ/6qJgWaMj6Usl4ies4vONcMJoez3zmmobWMYaqXQOz0uR9shlm1iojzqcAa7wn8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nVvyphC0; arc=none smtp.client-ip=209.85.222.46
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nVvyphC0"
Received: by mail-ua1-f46.google.com with SMTP id a1e0cc1a2514c-961780b0b98so2807322241.0
        for <linux-kernel@vger.kernel.org>; Mon, 25 May 2026 08:19:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779722362; x=1780327162; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=y3yt+51trvfb+bLWNvAxAG3tVigP6A4cl269ZrADQ/U=;
        b=nVvyphC0GhTWhQ5U4sZu8LA7x4fa3k81r+DPWeNConFOLcZL7+xv+38qXAr3jsouQ0
         BvfA58PiczMv0Y3+EcmKr1gnA5ETdXBKkzJTW4ve22BgoiuoNQ6WxNKZh0dzqJnuL3na
         hTKHZgC+J3FrjZo9g2jFELsp1HhVQokfUR9Cfl4VGxv2OBBPf3G1VRb7Wgn94YVndici
         Gow73V5N0b3zUrSWEDolLgGukpvbt1729mB+Sws/jx/hX+NvNZuyMR+zgjcDyM7JZVDz
         QHB+GsTVnMmIbNVDDFu21fOXRJoj42b0sXGNpbAOQ9as0xWqZOVzHzs8l/Cjv4ou8rQ1
         txRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779722362; x=1780327162;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y3yt+51trvfb+bLWNvAxAG3tVigP6A4cl269ZrADQ/U=;
        b=jxm+GK3j1/Zk+l3LvtI2BxqEBnmqv5341aqXCiOgfxh727cTN7lUK6bTdqyhPzuFuE
         eVUjq7LBRvroLgjwZE2v2tHEAbpbWJO1s66aQau5gqI7emBUCKGMW6xsXn6WLpllVM2h
         JFkzXcHVNeMoQjvpyMkcs9KDWJOaTDspcV0V1Lf9vGLUlhz8KEfXqtYbvKmVUrYjbcwb
         EC8iJxW7lsnSGw7e9esjZwv07vLMOr5W7hYeSveeHLLvHTowKJD2bcXR+7AD4cjvu1KY
         kSU7+2CVqCcWiMLxK3wjk+ou8gEJ1o+8ATgWrIa6GyRvpQZ7K7KPxfJuFQv7ctGPhPZQ
         zgOA==
X-Forwarded-Encrypted: i=1; AFNElJ/I35FHmxM0kZBp9mH0lUyI4yYopE14rJUUp8nnBEcomP7UAq8psOtoz+2/QCVlEIo+lH2c05RgcTVl8zA=@vger.kernel.org
X-Gm-Message-State: AOJu0YxScVzJhczRL9TBc8kbZXPozc4v+2q4Eme5vJvfGUq5ale1AVG4
	aFowE13M+sbtcwx6PJEVVAnePODEusuFkMyMWG0zEOgi7/Bc8AQERJEb
X-Gm-Gg: Acq92OEvxNOMxVBw4him4ggcX1PX+FJ7NzgZDExLsNX05cR6hZqE4tu15EcWdDrCqFQ
	eSZj7LoF+iTgkfoyRvsGlFbNDZMI0vcg9/VtX4HINKwOLlsmwaFn3cz0SdUCsP2usuF7oQShvLe
	Ss24/Klpp/p/er88kM6upLfN7fTGs3GAS4G15v9Bpwqc2MxvMH5LN0sX6CV/o3Q2BUwNCptEOoH
	Rhq7X69kdl905/BPPj/JHeLW6q7ISVhG6YUJNRM/5EDicFSTt3qiuJUaDXtsMEZIuKWz6b9bJOA
	YJcQhJgJOfQAKxprvuJmvNMzu9T2rpVDb3sBlgpZ0VJT4AlPvHkzsOy2JteC7YOjxd/E0eTR/wZ
	d24H1eHAs+zTriWRnkyuyncKIAXbWq4/zBXWVhOZB50nda420sKKd1jMHgjwp7XfRNyt+iP2vWM
	WZC4dP54IZDwR/w5rjcPdYxWdfWHOxolGQP9IQe2ZENLwK4Ahz18/MgxzV0vfJzfKpMpTMSiWuG
	KnAAdaSZk4eeTBH2rDHQ+J2J46EnbOq
X-Received: by 2002:a05:6102:2b96:b0:65b:47:2c8 with SMTP id ada2fe7eead31-67c80b74c05mr8029524137.10.1779722362480;
        Mon, 25 May 2026 08:19:22 -0700 (PDT)
Received: from fedora ([172.245.82.59])
        by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8cc80dcd81esm111398076d6.9.2026.05.25.08.19.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 May 2026 08:19:21 -0700 (PDT)
Date: Mon, 25 May 2026 10:19:13 -0500
From: Ming Lei <tom.leiming@gmail.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Jens Axboe <axboe@kernel.dk>, Bart Van Assche <bvanassche@acm.org>,
	Christoph Hellwig <hch@lst.de>, Damien Le Moal <dlemoal@kernel.org>,
	linux-block <linux-block@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v3] loop: Fix NULL pointer dereference in lo_rw_aio()
Message-ID: <ahRocb0Vs_m6RF_O@fedora>
References: <af2205e3-205e-4743-a767-8593c2c4747a@I-love.SAKURA.ne.jp>
 <9b2032d6-3f36-4d2b-8128-985c08a4fa37@I-love.SAKURA.ne.jp>
 <20260518174013.4b72dd50a5bcb89daaed1f62@linux-foundation.org>
 <d43125ff-cc66-49b7-b16d-1b2650c68c23@I-love.SAKURA.ne.jp>
 <ag0lS_CbKO9R5CV8@fedora>
 <94076bc9-2c09-4bb6-8468-b6b8af419cb9@I-love.SAKURA.ne.jp>
 <ag1nfIFcykmQHbkk@fedora>
 <1ab8c579-eb76-4227-8a72-6ec819135219@I-love.SAKURA.ne.jp>
 <ag1223nAa0wZ8ALC@fedora>
 <fda8abc8-6aa2-463b-bf72-865f6b838034@I-love.SAKURA.ne.jp>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <fda8abc8-6aa2-463b-bf72-865f6b838034@I-love.SAKURA.ne.jp>

On Mon, May 25, 2026 at 12:40:19PM +0900, Tetsuo Handa wrote:
> Some commit which was merged in the merge window for 7.1 broke the loop
> driver; a race window where lo_release() clears the backing file via
> __loop_clr_fd() despite some I/O requests are pending was introduced [1][2].
> 
> The exact commit which changed the behavior is not known due to lack of
> reproducer and timing dependent behavior, but it seems that we need to
> solve this problem in the loop driver despite there was no change for the
> loop driver during this merge window.
> 
> To close this race, try to flush pending I/O requests. However, calling
> drain_workqueue() from __loop_clr_fd() with disk->open_mutex held causes
> lockdep warnings [3][4]. We need to flush pending I/O requests without
> disk->open_mutex held.

No, please don't workaround before root cause.

No proof shows that the issue is in block layer or loop driver, the IO isn't
expected, you need to figure out why btrfs still issues IO after this loop
disk is closed by everyone and writeback is done.

https://syzkaller.appspot.com/x/log.txt?x=101e4702580000


Thanks,
Ming