syzbot


possible deadlock in ntfs_fallocate

Status: upstream: reported C repro on 2022/12/09 08:57
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+adacb2b0c896bc427962@syzkaller.appspotmail.com
First crash: 886d, last: 3d06h
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly ntfs3 report (Sep 2024) 0 (1) 2024/09/12 08:11
[syzbot] possible deadlock in ntfs_fallocate 0 (2) 2024/09/11 02:39
[syzbot] Monthly ntfs3 report (Jul 2024) 0 (1) 2024/07/12 10:05
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in ntfs_fallocate origin:lts-only C error 41 3d21h 537d 0/3 upstream: reported C repro on 2023/11/22 18:34
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/02/05 15:19 22m retest repro upstream OK log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 Not tainted
------------------------------------------------------
syz-executor500/5830 is trying to acquire lock:
ffff888076420100 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ni_lock fs/ntfs3/ntfs_fs.h:1105 [inline]
ffff888076420100 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ntfs_fallocate+0x864/0x1310 fs/ntfs3/file.c:685

but task is already holding lock:
ffff888076420538 (mapping.invalidate_lock#3){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:912 [inline]
ffff888076420538 (mapping.invalidate_lock#3){++++}-{4:4}, at: ntfs_fallocate+0x3e9/0x1310 fs/ntfs3/file.c:615

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (mapping.invalidate_lock#3){++++}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_read+0xb3/0xa50 kernel/locking/rwsem.c:1524
       filemap_invalidate_lock_shared include/linux/fs.h:922 [inline]
       filemap_fault+0x66b/0x13d0 mm/filemap.c:3391
       __do_fault+0x135/0x390 mm/memory.c:5098
       do_read_fault mm/memory.c:5518 [inline]
       do_fault mm/memory.c:5652 [inline]
       do_pte_missing mm/memory.c:4160 [inline]
       handle_pte_fault+0x3f0c/0x61c0 mm/memory.c:5997
       __handle_mm_fault mm/memory.c:6140 [inline]
       handle_mm_fault+0x1030/0x1aa0 mm/memory.c:6309
       faultin_page mm/gup.c:1193 [inline]
       __get_user_pages+0x1adc/0x4180 mm/gup.c:1491
       __get_user_pages_locked mm/gup.c:1757 [inline]
       __gup_longterm_locked+0xec1/0x1850 mm/gup.c:2523
       pin_user_pages_remote+0x130/0x1f0 mm/gup.c:3560
       process_vm_rw_single_vec mm/process_vm_access.c:106 [inline]
       process_vm_rw_core mm/process_vm_access.c:216 [inline]
       process_vm_rw+0x68c/0xc80 mm/process_vm_access.c:284
       __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline]
       __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline]
       __x64_sys_process_vm_readv+0xe0/0x100 mm/process_vm_access.c:292
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&mm->mmap_lock){++++}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       __might_fault+0xc6/0x120 mm/memory.c:7151
       _inline_copy_to_user include/linux/uaccess.h:192 [inline]
       _copy_to_user+0x2c/0xb0 lib/usercopy.c:26
       copy_to_user include/linux/uaccess.h:225 [inline]
       fiemap_fill_next_extent+0x237/0x420 fs/ioctl.c:145
       ni_fiemap+0x1009/0x12a0 fs/ntfs3/frecord.c:1896
       ntfs_fiemap+0x134/0x180 fs/ntfs3/file.c:1380
       ioctl_fiemap fs/ioctl.c:220 [inline]
       do_vfs_ioctl+0x1975/0x2750 fs/ioctl.c:840
       __do_sys_ioctl fs/ioctl.c:904 [inline]
       __se_sys_ioctl+0x80/0x160 fs/ioctl.c:892
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ni->ni_lock#3/5){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3166 [inline]
       check_prevs_add kernel/locking/lockdep.c:3285 [inline]
       validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
       __lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       __mutex_lock_common kernel/locking/mutex.c:601 [inline]
       __mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
       ni_lock fs/ntfs3/ntfs_fs.h:1105 [inline]
       ntfs_fallocate+0x864/0x1310 fs/ntfs3/file.c:685
       vfs_fallocate+0x627/0x7a0 fs/open.c:338
       ksys_fallocate fs/open.c:362 [inline]
       __do_sys_fallocate fs/open.c:367 [inline]
       __se_sys_fallocate fs/open.c:365 [inline]
       __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &ni->ni_lock#3/5 --> &mm->mmap_lock --> mapping.invalidate_lock#3

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(mapping.invalidate_lock#3);
                               lock(&mm->mmap_lock);
                               lock(mapping.invalidate_lock#3);
  lock(&ni->ni_lock#3/5);

 *** DEADLOCK ***

3 locks held by syz-executor500/5830:
 #0: ffff88807f386420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3041 [inline]
 #0: ffff88807f386420 (sb_writers#8){.+.+}-{0:0}, at: vfs_fallocate+0x5a1/0x7a0 fs/open.c:337
 #1: ffff888076420398 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888076420398 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: ntfs_fallocate+0x303/0x1310 fs/ntfs3/file.c:601
 #2: ffff888076420538 (mapping.invalidate_lock#3){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:912 [inline]
 #2: ffff888076420538 (mapping.invalidate_lock#3){++++}-{4:4}, at: ntfs_fallocate+0x3e9/0x1310 fs/ntfs3/file.c:615

stack backtrace:
CPU: 0 UID: 0 PID: 5830 Comm: syz-executor500 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x2e1/0x300 kernel/locking/lockdep.c:2079
 check_noncircular+0x142/0x160 kernel/locking/lockdep.c:2211
 check_prev_add kernel/locking/lockdep.c:3166 [inline]
 check_prevs_add kernel/locking/lockdep.c:3285 [inline]
 validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
 __lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
 lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
 __mutex_lock_common kernel/locking/mutex.c:601 [inline]
 __mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
 ni_lock fs/ntfs3/ntfs_fs.h:1105 [inline]
 ntfs_fallocate+0x864/0x1310 fs/ntfs3/file.c:685
 vfs_fallocate+0x627/0x7a0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb1ffcf7259
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcbd00c98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb1ffcf7259
RDX: 0000000000004000 RSI: 0000000000000008 RDI: 0000000000000006
RBP: 0000000000000000 R08: 00007ffdcbd00cd0 R09: 00007ffdcbd00cd0
R10: 0000000000004000 R11: 0000000000000246 R12: 00007ffdcbd00cd0
R13: 00007ffdcbd00f58 R14: 431bde82d7b634db R15: 00007fb1ffd4003b
 </TASK>

Crashes (433):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/22 19:18 upstream a33b5a08cbbd 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/09 21:58 upstream 9c69f8884904 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/08 21:08 upstream 2c89c1b655c0 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/06 22:12 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/30 22:21 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/24 04:17 upstream a79be02bba5c 73a168d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/23 16:40 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/23 09:24 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/23 07:02 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/22 20:35 upstream a33b5a08cbbd 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/22 16:57 upstream a33b5a08cbbd 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/21 21:45 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/21 14:39 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/21 00:35 upstream 6fea5fabd332 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/09 07:34 upstream bec7dcbc242c a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/26 00:13 upstream 2df0c02dab82 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/21 01:29 upstream 5fc319360819 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/18 13:24 upstream fc444ada1310 ce3352cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/16 04:43 upstream 3571e8b091f4 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/09 12:20 upstream b7c90e3e717a 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/07 11:58 upstream 0f52fd4f67c6 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/03/06 08:17 upstream bb2281fb05e5 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/26 18:06 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/25 09:31 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/14 17:07 upstream 128c8f96eb86 1022af74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/14 08:52 upstream 68763b29e0a6 d9a046cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/09 11:54 upstream 9946eaf552b1 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/02/08 03:13 upstream 7ee983c850b4 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/22 14:09 upstream c4b9570cfb63 da72ac06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/22 11:49 upstream c4b9570cfb63 da72ac06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/18 11:29 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/18 00:18 upstream 9bffa1ad25b8 953d1c45 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/11 20:31 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/11 06:23 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/10 19:45 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/08 15:38 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/08 12:22 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/07 23:22 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/06 10:04 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 18:49 upstream 0bc21e701a6f f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 13:39 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 04:40 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/03 00:09 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/12/07 16:46 upstream b5f217084ab3 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2024/09/11 02:38 upstream 8d8d276ba2fb 86aa7bd7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/05/08 13:25 upstream dccb07f2914c 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in ntfs_fallocate
2024/04/24 11:03 upstream 9d1ddab261f3 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in ntfs_fallocate
2024/05/07 13:03 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in ntfs_fallocate
2022/12/09 03:02 upstream f3e8416619ce 1034e5fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/01/05 13:17 linux-next 8155b4ef3466 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in ntfs_fallocate
2025/05/06 03:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2025/03/03 23:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e056da87c780 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2025/01/20 18:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1950a0af2d55 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
* Struck through repros no longer work on HEAD.