syzbot

======================================================
WARNING: possible circular locking dependency detected
5.15.186-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:3/1384 is trying to acquire lock:
ffff8880685ccb40 (&rl->lock){++++}-{3:3}, at: ntfs_read_block fs/ntfs/aops.c:248 [inline]
ffff8880685ccb40 (&rl->lock){++++}-{3:3}, at: ntfs_readpage+0x1277/0x2220 fs/ntfs/aops.c:435

but task is already holding lock:
ffff8880685cf510 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x4e/0x620 fs/ntfs/mft.c:154

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ni->mrec_lock){+.+.}-{3:3}:
       __mutex_lock_common+0x1eb/0x2390 kernel/locking/mutex.c:596
       __mutex_lock kernel/locking/mutex.c:729 [inline]
       mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
       map_mft_record+0x4e/0x620 fs/ntfs/mft.c:154
       ntfs_truncate+0x280/0x27c0 fs/ntfs/inode.c:2383
       ntfs_truncate_vfs fs/ntfs/inode.c:2862 [inline]
       ntfs_setattr+0x2bc/0x3a0 fs/ntfs/inode.c:2914
       notify_change+0xbcd/0xee0 fs/attr.c:505
       do_truncate+0x197/0x220 fs/open.c:65
       handle_truncate fs/namei.c:3265 [inline]
       do_open fs/namei.c:3612 [inline]
       path_openat+0x28af/0x2f30 fs/namei.c:3742
       do_filp_open+0x1b3/0x3e0 fs/namei.c:3769
       do_sys_openat2+0x142/0x4a0 fs/open.c:1253
       do_sys_open fs/open.c:1269 [inline]
       __do_sys_creat fs/open.c:1345 [inline]
       __se_sys_creat fs/open.c:1339 [inline]
       __x64_sys_creat+0x8c/0xb0 fs/open.c:1339
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (&rl->lock){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
       lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
       down_read+0x44/0x2e0 kernel/locking/rwsem.c:1498
       ntfs_read_block fs/ntfs/aops.c:248 [inline]
       ntfs_readpage+0x1277/0x2220 fs/ntfs/aops.c:435
       do_read_cache_page+0x8a1/0x1030 mm/filemap.c:-1
       read_mapping_page include/linux/pagemap.h:515 [inline]
       ntfs_map_page+0x24/0x390 fs/ntfs/aops.h:75
       ntfs_sync_mft_mirror+0x24a/0x19e0 fs/ntfs/mft.c:480
       write_mft_record_nolock+0x1223/0x17e0 fs/ntfs/mft.c:787
       write_mft_record fs/ntfs/mft.h:95 [inline]
       __ntfs_write_inode+0x7cb/0xdc0 fs/ntfs/inode.c:3050
       write_inode fs/fs-writeback.c:1495 [inline]
       __writeback_single_inode+0x6c3/0xda0 fs/fs-writeback.c:1705
       writeback_sb_inodes+0x9fe/0x1610 fs/fs-writeback.c:1930
       wb_writeback+0x443/0xb90 fs/fs-writeback.c:2104
       wb_do_writeback fs/fs-writeback.c:2247 [inline]
       wb_workfn+0x423/0xe60 fs/fs-writeback.c:2288
       process_one_work+0x863/0x1000 kernel/workqueue.c:2310
       worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
       kthread+0x436/0x520 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ni->mrec_lock);
                               lock(&rl->lock);
                               lock(&ni->mrec_lock);
  lock(&rl->lock);

 *** DEADLOCK ***

3 locks held by kworker/u4:3/1384:
 #0: ffff888018988938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90005317d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffff8880685cf510 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x4e/0x620 fs/ntfs/mft.c:154

stack backtrace:
CPU: 0 PID: 1384 Comm: kworker/u4:3 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: writeback wb_workfn (flush-7:1)
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 check_noncircular+0x274/0x310 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 down_read+0x44/0x2e0 kernel/locking/rwsem.c:1498
 ntfs_read_block fs/ntfs/aops.c:248 [inline]
 ntfs_readpage+0x1277/0x2220 fs/ntfs/aops.c:435
 do_read_cache_page+0x8a1/0x1030 mm/filemap.c:-1
 read_mapping_page include/linux/pagemap.h:515 [inline]
 ntfs_map_page+0x24/0x390 fs/ntfs/aops.h:75
 ntfs_sync_mft_mirror+0x24a/0x19e0 fs/ntfs/mft.c:480
 write_mft_record_nolock+0x1223/0x17e0 fs/ntfs/mft.c:787
 write_mft_record fs/ntfs/mft.h:95 [inline]
 __ntfs_write_inode+0x7cb/0xdc0 fs/ntfs/inode.c:3050
 write_inode fs/fs-writeback.c:1495 [inline]
 __writeback_single_inode+0x6c3/0xda0 fs/fs-writeback.c:1705
 writeback_sb_inodes+0x9fe/0x1610 fs/fs-writeback.c:1930
 wb_writeback+0x443/0xb90 fs/fs-writeback.c:2104
 wb_do_writeback fs/fs-writeback.c:2247 [inline]
 wb_workfn+0x423/0xe60 fs/fs-writeback.c:2288
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50