syzbot

         option from the mount to silence this warning.
=======================================================
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
ntfs3(loop0): Mark volume as dirty due to NTFS errors
ntfs3(loop0): Failed to initialize $Extend/$Reparse.
======================================================
WARNING: possible circular locking dependency detected
6.16.0-syzkaller-06699-ge8d780dcd957 #0 Tainted: G        W          
------------------------------------------------------
syz.0.886/7158 is trying to acquire lock:
ffff8880417c3010 (&ni->file.run_lock#2){++++}-{4:4}, at: run_unpack_ex+0x7e5/0xba0 fs/ntfs3/run.c:1119

but task is already holding lock:
ffff888024ade250 (&wnd->rw_lock){++++}-{4:4}, at: run_unpack_ex+0x701/0xba0 fs/ntfs3/run.c:1100

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&wnd->rw_lock){++++}-{4:4}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       down_write_nested+0x3e/0x60 kernel/locking/rwsem.c:1691
       ntfs_look_for_free_space+0xd3/0x600 fs/ntfs3/fsntfs.c:362
       attr_allocate_clusters+0x1c1/0x6d0 fs/ntfs3/attrib.c:159
       attr_set_size+0x14a4/0x2c70 fs/ntfs3/attrib.c:574
       ntfs_extend_mft+0x162/0x450 fs/ntfs3/fsntfs.c:512
       ntfs_look_free_mft+0x5f8/0xd50 fs/ntfs3/fsntfs.c:709
       ntfs_create_inode+0x590/0x32a0 fs/ntfs3/inode.c:1296
       ntfs_symlink+0x112/0x160 fs/ntfs3/namei.c:205
       vfs_symlink+0x140/0x2f0 fs/namei.c:4730
       do_symlinkat+0x1b1/0x3f0 fs/namei.c:4756
       __do_sys_symlink fs/namei.c:4777 [inline]
       __se_sys_symlink fs/namei.c:4775 [inline]
       __x64_sys_symlink+0x7a/0x90 fs/namei.c:4775
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ni->file.run_lock#2){++++}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       down_read+0x97/0x1f0 kernel/locking/rwsem.c:1522
       run_unpack_ex+0x7e5/0xba0 fs/ntfs3/run.c:1119
       ntfs_read_mft fs/ntfs3/inode.c:401 [inline]
       ntfs_iget5+0x232b/0x37c0 fs/ntfs3/inode.c:540
       dir_search_u+0x1df/0x2c0 fs/ntfs3/dir.c:264
       ntfs_lookup+0xfb/0x1f0 fs/ntfs3/namei.c:85
       lookup_open fs/namei.c:3686 [inline]
       open_last_lookups fs/namei.c:3807 [inline]
       path_openat+0x110d/0x3840 fs/namei.c:4043
       do_filp_open+0x1fa/0x410 fs/namei.c:4073
       do_sys_openat2+0x121/0x1c0 fs/open.c:1435
       do_sys_open fs/open.c:1450 [inline]
       __do_sys_openat fs/open.c:1466 [inline]
       __se_sys_openat fs/open.c:1461 [inline]
       __x64_sys_openat+0x138/0x170 fs/open.c:1461
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&wnd->rw_lock);
                               lock(&ni->file.run_lock#2);
                               lock(&wnd->rw_lock);
  rlock(&ni->file.run_lock#2);

 *** DEADLOCK ***

4 locks held by syz.0.886/7158:
 #0: ffff888024adc488 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:557
 #1: ffff8880575af028 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff8880575af028 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: open_last_lookups fs/namei.c:3804 [inline]
 #1: ffff8880575af028 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: path_openat+0x8e6/0x3840 fs/namei.c:4043
 #2: ffff8880575aed70 (&ni->ni_lock#3/6){+.+.}-{4:4}, at: ni_lock_dir fs/ntfs3/ntfs_fs.h:1118 [inline]
 #2: ffff8880575aed70 (&ni->ni_lock#3/6){+.+.}-{4:4}, at: ntfs_lookup+0xee/0x1f0 fs/ntfs3/namei.c:84
 #3: ffff888024ade250 (&wnd->rw_lock){++++}-{4:4}, at: run_unpack_ex+0x701/0xba0 fs/ntfs3/run.c:1100

stack backtrace:
CPU: 1 UID: 0 PID: 7158 Comm: syz.0.886 Tainted: G        W           6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT_{RT,(full)} 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 down_read+0x97/0x1f0 kernel/locking/rwsem.c:1522
 run_unpack_ex+0x7e5/0xba0 fs/ntfs3/run.c:1119
 ntfs_read_mft fs/ntfs3/inode.c:401 [inline]
 ntfs_iget5+0x232b/0x37c0 fs/ntfs3/inode.c:540
 dir_search_u+0x1df/0x2c0 fs/ntfs3/dir.c:264
 ntfs_lookup+0xfb/0x1f0 fs/ntfs3/namei.c:85
 lookup_open fs/namei.c:3686 [inline]
 open_last_lookups fs/namei.c:3807 [inline]
 path_openat+0x110d/0x3840 fs/namei.c:4043
 do_filp_open+0x1fa/0x410 fs/namei.c:4073
 do_sys_openat2+0x121/0x1c0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3665d9e9a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd038c37a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f3665fc5fa0 RCX: 00007f3665d9e9a9
RDX: 0000000000143042 RSI: 00002000000000c0 RDI: ffffffffffffff9c
RBP: 00007f3665e20d69 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000000a0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3665fc5fa0 R14: 00007f3665fc5fa0 R15: 0000000000000004
 </TASK>