syzbot


possible deadlock in ntfs_fallocate

Status: upstream: reported C repro on 2022/12/09 08:57
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+adacb2b0c896bc427962@syzkaller.appspotmail.com
First crash: 982d, last: 15d
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly ntfs3 report (Sep 2024) 0 (1) 2024/09/12 08:11
[syzbot] possible deadlock in ntfs_fallocate 0 (2) 2024/09/11 02:39
[syzbot] Monthly ntfs3 report (Jul 2024) 0 (1) 2024/07/12 10:05
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in ntfs_fallocate origin:lts-only 4 C error 54 6d23h 633d 0/3 upstream: reported C repro on 2023/11/22 18:34
linux-6.6 possible deadlock in ntfs_fallocate 4 1 16d 16d 0/2 upstream: reported on 2025/08/01 09:06
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/08/16 03:44 22m retest repro upstream OK log
2025/02/05 15:19 22m retest repro upstream OK log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.16.0-syzkaller-10910-g0905809b38bd #0 Tainted: G        W          
------------------------------------------------------
syz.5.19/7261 is trying to acquire lock:
ffff88805c32e5b0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ni_lock fs/ntfs3/ntfs_fs.h:1113 [inline]
ffff88805c32e5b0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ntfs_fallocate+0x580/0x10b0 fs/ntfs3/file.c:561

but task is already holding lock:
ffff88805c32ea38 (mapping.invalidate_lock#10){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:924 [inline]
ffff88805c32ea38 (mapping.invalidate_lock#10){++++}-{4:4}, at: ntfs_fallocate+0x3be/0x10b0 fs/ntfs3/file.c:546

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (mapping.invalidate_lock#10){++++}-{4:4}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       down_read+0x97/0x1f0 kernel/locking/rwsem.c:1522
       filemap_invalidate_lock_shared include/linux/fs.h:934 [inline]
       filemap_fault+0x551/0x1210 mm/filemap.c:3433
       __do_fault+0x135/0x390 mm/memory.c:5152
       do_read_fault mm/memory.c:5573 [inline]
       do_fault mm/memory.c:5707 [inline]
       do_pte_missing mm/memory.c:4234 [inline]
       handle_pte_fault mm/memory.c:6052 [inline]
       __handle_mm_fault mm/memory.c:6195 [inline]
       handle_mm_fault+0x23c6/0x3400 mm/memory.c:6364
       do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387
       handle_page_fault arch/x86/mm/fault.c:1476 [inline]
       exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
       rep_movs_alternative+0x30/0x90 arch/x86/lib/copy_user_64.S:53
       copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
       raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline]
       _inline_copy_from_user include/linux/uaccess.h:178 [inline]
       _copy_from_user+0x7a/0xb0 lib/usercopy.c:18
       copy_from_user include/linux/uaccess.h:212 [inline]
       ioctl_fiemap fs/ioctl.c:210 [inline]
       do_vfs_ioctl+0x77d/0x1440 fs/ioctl.c:532
       __do_sys_ioctl fs/ioctl.c:596 [inline]
       __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&mm->mmap_lock){++++}-{4:4}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __might_fault+0xcc/0x130 mm/memory.c:6958
       _inline_copy_to_user include/linux/uaccess.h:192 [inline]
       _copy_to_user+0x2c/0xb0 lib/usercopy.c:26
       copy_to_user include/linux/uaccess.h:225 [inline]
       fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145
       ni_fiemap+0x391/0xbf0 fs/ntfs3/frecord.c:1896
       ntfs_fiemap+0x11d/0x1a0 fs/ntfs3/file.c:1326
       ioctl_fiemap fs/ioctl.c:220 [inline]
       do_vfs_ioctl+0x1185/0x1440 fs/ioctl.c:532
       __do_sys_ioctl fs/ioctl.c:596 [inline]
       __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ni->ni_lock#3/5){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline]
       mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547
       ni_lock fs/ntfs3/ntfs_fs.h:1113 [inline]
       ntfs_fallocate+0x580/0x10b0 fs/ntfs3/file.c:561
       vfs_fallocate+0x66f/0x7f0 fs/open.c:342
       ksys_fallocate fs/open.c:366 [inline]
       __do_sys_fallocate fs/open.c:371 [inline]
       __se_sys_fallocate fs/open.c:369 [inline]
       __x64_sys_fallocate+0xc0/0x110 fs/open.c:369
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &ni->ni_lock#3/5 --> &mm->mmap_lock --> mapping.invalidate_lock#10

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(mapping.invalidate_lock#10);
                               lock(&mm->mmap_lock);
                               lock(mapping.invalidate_lock#10);
  lock(&ni->ni_lock#3/5);

 *** DEADLOCK ***

3 locks held by syz.5.19/7261:
 #0: ffff888034934488 (sb_writers#12){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3107 [inline]
 #0: ffff888034934488 (sb_writers#12){.+.+}-{0:0}, at: vfs_fallocate+0x5f9/0x7f0 fs/open.c:341
 #1: ffff88805c32e868 (&sb->s_type->i_mutex_key#31){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:869 [inline]
 #1: ffff88805c32e868 (&sb->s_type->i_mutex_key#31){+.+.}-{4:4}, at: ntfs_fallocate+0x2f1/0x10b0 fs/ntfs3/file.c:532
 #2: ffff88805c32ea38 (mapping.invalidate_lock#10){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:924 [inline]
 #2: ffff88805c32ea38 (mapping.invalidate_lock#10){++++}-{4:4}, at: ntfs_fallocate+0x3be/0x10b0 fs/ntfs3/file.c:546

stack backtrace:
CPU: 1 UID: 0 PID: 7261 Comm: syz.5.19 Tainted: G        W           6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT_{RT,(full)} 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline]
 mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547
 ni_lock fs/ntfs3/ntfs_fs.h:1113 [inline]
 ntfs_fallocate+0x580/0x10b0 fs/ntfs3/file.c:561
 vfs_fallocate+0x66f/0x7f0 fs/open.c:342
 ksys_fallocate fs/open.c:366 [inline]
 __do_sys_fallocate fs/open.c:371 [inline]
 __se_sys_fallocate fs/open.c:369 [inline]
 __x64_sys_fallocate+0xc0/0x110 fs/open.c:369
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa2b407eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa2b1ebd038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fa2b42a6080 RCX: 00007fa2b407eb69
RDX: 0000000000000009 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007fa2b4101df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa2b42a6080 R15: 00007ffcb30031d8
 </TASK>

Crashes (486):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/02 02:45 upstream 0905809b38bd 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/08/01 07:18 upstream f2d282e1dfb3 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/08/01 00:10 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/27 06:50 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/27 02:12 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/24 15:26 upstream 25fae0b93d1d 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/24 09:16 upstream 01a412d06bc5 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2025/07/23 03:07 upstream 89be9a83ccf1 8e9d1dc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/20 19:53 upstream f4a40a4282f4 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/19 20:48 upstream 4871b7cb27f4 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/19 05:45 upstream d786aba32000 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/19 04:44 upstream d786aba32000 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/16 22:39 upstream 155a3c003e55 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/16 13:25 upstream 155a3c003e55 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/15 21:50 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/15 16:06 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/14 23:12 upstream 347e9f5043c8 d8fc7335 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/13 01:41 upstream 3f31a806a62e 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/12 14:56 upstream 379f604cc3dc 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/07/06 09:16 upstream 05df91921da6 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/25 07:10 upstream 7595b66ae9de 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/21 11:02 upstream 11313e2f7812 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/16 22:55 upstream e04c78d86a96 d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/14 02:55 upstream 02adc1490e6d 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/09 03:18 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2025/06/08 00:35 upstream 5b032cac6225 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/06 14:05 upstream e271ed52b344 f61267d4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2025/06/05 19:29 upstream ec7714e49479 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/06/04 05:07 upstream 5abc7438f1e9 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in ntfs_fallocate
2025/06/02 02:13 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/31 10:32 upstream 8477ab143069 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/26 09:04 upstream 0f8c0258bf04 2d4582d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/24 16:38 upstream 4856ebd99715 ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/23 19:46 upstream eccf6f2f6ab9 f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/19 13:56 upstream a5806cd506af b84f0537 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/17 12:34 upstream 172a9d94339c f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/17 08:38 upstream 3c21441eeffc f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/15 20:20 upstream 088d13246a46 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/09 21:58 upstream 9c69f8884904 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/08 21:08 upstream 2c89c1b655c0 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/05/06 22:12 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/30 22:21 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/24 04:17 upstream a79be02bba5c 73a168d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/04/22 19:18 upstream a33b5a08cbbd 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/09/11 02:38 upstream 8d8d276ba2fb 86aa7bd7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in ntfs_fallocate
2024/05/08 13:25 upstream dccb07f2914c 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in ntfs_fallocate
2024/04/24 11:03 upstream 9d1ddab261f3 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in ntfs_fallocate
2024/05/07 13:03 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in ntfs_fallocate
2022/12/09 03:02 upstream f3e8416619ce 1034e5fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in ntfs_fallocate
2025/08/01 09:28 linux-next 84b92a499e7e 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in ntfs_fallocate
2025/08/01 08:18 linux-next 84b92a499e7e 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in ntfs_fallocate
2025/01/05 13:17 linux-next 8155b4ef3466 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in ntfs_fallocate
2025/06/22 08:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9aa9b43d689e d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
2025/05/06 03:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in ntfs_fallocate
* Struck through repros no longer work on HEAD.