syzbot


possible deadlock in ntfs_fallocate

Status: upstream: reported C repro on 2022/12/09 08:57
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+adacb2b0c896bc427962@syzkaller.appspotmail.com
First crash: 801d, last: 3d02h
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly ntfs3 report (Sep 2024) 0 (1) 2024/09/12 08:11
[syzbot] possible deadlock in ntfs_fallocate 0 (2) 2024/09/11 02:39
[syzbot] Monthly ntfs3 report (Jul 2024) 0 (1) 2024/07/12 10:05
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in ntfs_fallocate origin:lts-only C error 27 21h07m 453d 0/3 upstream: reported C repro on 2023/11/22 18:34
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/02/05 15:19 22m retest repro upstream OK log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0 Not tainted
------------------------------------------------------
syz.9.675/10537 is trying to acquire lock:
ffff88804e310100 (&ni->ni_lock/5){+.+.}-{4:4}, at: ni_lock fs/ntfs3/ntfs_fs.h:1111 [inline]
ffff88804e310100 (&ni->ni_lock/5){+.+.}-{4:4}, at: ntfs_fallocate+0x93e/0x1270 fs/ntfs3/file.c:684

but task is already holding lock:
ffff88804e310538 (mapping.invalidate_lock#15){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:922 [inline]
ffff88804e310538 (mapping.invalidate_lock#15){++++}-{4:4}, at: ntfs_fallocate+0x3c4/0x1270 fs/ntfs3/file.c:596

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (mapping.invalidate_lock#15){++++}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
       down_read+0xb1/0xa40 kernel/locking/rwsem.c:1524
       filemap_invalidate_lock_shared include/linux/fs.h:932 [inline]
       filemap_fault+0x7f8/0x16c0 mm/filemap.c:3435
       __do_fault+0x135/0x390 mm/memory.c:4977
       do_read_fault mm/memory.c:5392 [inline]
       do_fault mm/memory.c:5526 [inline]
       do_pte_missing mm/memory.c:4047 [inline]
       handle_pte_fault mm/memory.c:5889 [inline]
       __handle_mm_fault+0x4c44/0x70f0 mm/memory.c:6032
       handle_mm_fault+0x2c1/0x7e0 mm/memory.c:6201
       do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
       handle_page_fault arch/x86/mm/fault.c:1480 [inline]
       exc_page_fault+0x2b9/0x8b0 arch/x86/mm/fault.c:1538
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
       fault_in_readable+0x173/0x2d0
       fault_in_iov_iter_readable+0x229/0x280 lib/iov_iter.c:94
       generic_perform_write+0x260/0x990 mm/filemap.c:4179
       ntfs_file_write_iter+0x6e9/0x7e0 fs/ntfs3/file.c:1267
       new_sync_write fs/read_write.c:586 [inline]
       vfs_write+0xacf/0xd10 fs/read_write.c:679
       ksys_pwrite64 fs/read_write.c:786 [inline]
       __do_sys_pwrite64 fs/read_write.c:794 [inline]
       __se_sys_pwrite64 fs/read_write.c:791 [inline]
       __x64_sys_pwrite64+0x1ac/0x240 fs/read_write.c:791
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&mm->mmap_lock){++++}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
       __might_fault+0xc6/0x120 mm/memory.c:6840
       _inline_copy_to_user include/linux/uaccess.h:192 [inline]
       _copy_to_user+0x2c/0xb0 lib/usercopy.c:26
       copy_to_user include/linux/uaccess.h:225 [inline]
       fiemap_fill_next_extent+0x235/0x420 fs/ioctl.c:145
       ni_fiemap+0xfec/0x1270 fs/ntfs3/frecord.c:1953
       ntfs_fiemap+0x132/0x180 fs/ntfs3/file.c:1360
       ioctl_fiemap fs/ioctl.c:220 [inline]
       do_vfs_ioctl+0x1981/0x2770 fs/ioctl.c:840
       __do_sys_ioctl fs/ioctl.c:904 [inline]
       __se_sys_ioctl+0x80/0x170 fs/ioctl.c:892
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ni->ni_lock/5){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3163 [inline]
       check_prevs_add kernel/locking/lockdep.c:3282 [inline]
       validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
       __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
       ni_lock fs/ntfs3/ntfs_fs.h:1111 [inline]
       ntfs_fallocate+0x93e/0x1270 fs/ntfs3/file.c:684
       vfs_fallocate+0x623/0x7a0 fs/open.c:338
       ksys_fallocate fs/open.c:362 [inline]
       __do_sys_fallocate fs/open.c:367 [inline]
       __se_sys_fallocate fs/open.c:365 [inline]
       __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &ni->ni_lock/5 --> &mm->mmap_lock --> mapping.invalidate_lock#15

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(mapping.invalidate_lock#15);
                               lock(&mm->mmap_lock);
                               lock(mapping.invalidate_lock#15);
  lock(&ni->ni_lock/5);

 *** DEADLOCK ***

3 locks held by syz.9.675/10537:
 #0: ffff888042e28420 (sb_writers#15){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3035 [inline]
 #0: ffff888042e28420 (sb_writers#15){.+.+}-{0:0}, at: vfs_fallocate+0x59d/0x7a0 fs/open.c:337
 #1: ffff88804e310398 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:877 [inline]
 #1: ffff88804e310398 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: ntfs_fallocate+0x2dd/0x1270 fs/ntfs3/file.c:582
 #2: ffff88804e310538 (mapping.invalidate_lock#15){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:922 [inline]
 #2: ffff88804e310538 (mapping.invalidate_lock#15){++++}-{4:4}, at: ntfs_fallocate+0x3c4/0x1270 fs/ntfs3/file.c:596

stack backtrace:
CPU: 0 UID: 0 PID: 10537 Comm: syz.9.675 Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
 check_prev_add kernel/locking/lockdep.c:3163 [inline]
 check_prevs_add kernel/locking/lockdep.c:3282 [inline]
 validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
 ni_lock fs/ntfs3/ntfs_fs.h:1111 [inline]
 ntfs_fallocate+0x93e/0x1270 fs/ntfs3/file.c:684
 vfs_fallocate+0x623/0x7a0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f856078cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f855e5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f85609a5fa0 RCX: 00007f856078cde9
RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000000000007
RBP: 00007f856080e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f85609a5fa0 R15: 00007ffedd745648
 </TASK>

Crashes (399):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/14 17:07 upstream 128c8f96eb86 1022af74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/14 08:52 upstream 68763b29e0a6 d9a046cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/09 11:54 upstream 9946eaf552b1 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/08 03:13 upstream 7ee983c850b4 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/22 14:09 upstream c4b9570cfb63 da72ac06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/22 11:49 upstream c4b9570cfb63 da72ac06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/18 11:29 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/18 00:18 upstream 9bffa1ad25b8 953d1c45 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/11 20:31 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/11 06:23 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/10 19:45 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/08 15:38 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/08 12:22 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/07 23:22 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/06 10:04 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 18:49 upstream 0bc21e701a6f f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 13:39 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 04:40 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 00:09 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/01 18:01 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/01 00:10 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/26 01:30 upstream 9b2ffa6148b1 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/24 23:40 upstream 9b2ffa6148b1 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/24 11:53 upstream f07044dd0df0 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/20 10:13 upstream 8faabc041a00 0f61b415 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/20 02:28 upstream baaa2567a712 5905cb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/19 04:54 upstream eabcdba3ad40 1432fc84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/18 22:45 upstream aef25be35d23 a0626d3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/17 23:45 upstream 59dbb9d81adf a0626d3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/15 15:19 upstream 2d8308bf5b67 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/14 14:34 upstream a446e965a188 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/13 06:25 upstream 150b567e0d57 530e80f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/10 04:33 upstream 7cb1b4663150 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/07 16:46 upstream b5f217084ab3 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2024/12/07 16:45 upstream b5f217084ab3 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2024/12/06 17:09 upstream b8f52214c61a 946d28f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/05 14:51 upstream feffde684ac2 29f61fce .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/29 02:03 upstream 7af08b57bcb9 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/28 11:46 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/26 09:29 upstream 7eef7e306d3c 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/26 07:48 upstream 9f16d5e6f220 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/25 07:03 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2024/11/24 19:32 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/11/24 12:11 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/09/11 02:38 upstream 8d8d276ba2fb 86aa7bd7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/05/08 13:25 upstream dccb07f2914c 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in ntfs_fallocate
2024/04/24 11:03 upstream 9d1ddab261f3 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in ntfs_fallocate
2024/05/07 13:03 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in ntfs_fallocate
2022/12/09 03:02 upstream f3e8416619ce 1034e5fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/05 13:17 linux-next 8155b4ef3466 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in ntfs_fallocate
2025/01/20 18:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1950a0af2d55 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2025/01/02 01:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 573067a5a685 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2024/12/10 14:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fac04efc5c79 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2024/12/07 11:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2024/12/04 09:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2024/12/02 21:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 bb326ffb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2024/11/29 14:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
* Struck through repros no longer work on HEAD.