possible deadlock in ntfs_sync_mft

Title	Replies (including bot)	Last reply
[syzbot] [ntfs?] possible deadlock in ntfs_sync_mft_mirror	0 (1)	2023/03/21 16:42

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	possible deadlock in ntfs_sync_mft_mirror ntfs				1	135d	135d	0/1	upstream: reported on 2023/01/14 12:35

linux-4.19

possible deadlock in ntfs_sync_mft_mirror ntfs

135d

0/1

upstream: reported on 2023/01/14 12:35

====================================================== WARNING: possible circular locking dependency detected 6.4.0-rc2-syzkaller-00163-g2d1bcbc6cd70 #0 Not tainted ------------------------------------------------------ syz-executor.3/5162 is trying to acquire lock: ffff88802a207180 (&rl->lock){++++}-{3:3}, at: ntfs_sync_mft_mirror+0x18bf/0x1ea0 fs/ntfs/mft.c:536 but task is already holding lock: ffff88802a316350 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&ni->mrec_lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x12f/0x1350 kernel/locking/mutex.c:747 map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154 ntfs_truncate+0x243/0x2a50 fs/ntfs/inode.c:2383 ntfs_truncate_vfs fs/ntfs/inode.c:2862 [inline] ntfs_setattr+0x397/0x560 fs/ntfs/inode.c:2914 notify_change+0xb2c/0x1180 fs/attr.c:483 do_truncate+0x143/0x200 fs/open.c:66 handle_truncate fs/namei.c:3295 [inline] do_open fs/namei.c:3640 [inline] path_openat+0x2083/0x2750 fs/namei.c:3791 do_filp_open+0x1ba/0x410 fs/namei.c:3818 do_sys_openat2+0x16d/0x4c0 fs/open.c:1356 do_sys_open fs/open.c:1372 [inline] __do_sys_open fs/open.c:1380 [inline] __se_sys_open fs/open.c:1376 [inline] __x64_sys_open+0x11d/0x1c0 fs/open.c:1376 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (&rl->lock){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x2f21/0x5df0 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 down_read+0x9c/0x480 kernel/locking/rwsem.c:1520 ntfs_sync_mft_mirror+0x18bf/0x1ea0 fs/ntfs/mft.c:536 write_mft_record_nolock+0x1971/0x1cc0 fs/ntfs/mft.c:805 write_mft_record+0x14e/0x3b0 fs/ntfs/mft.h:95 __ntfs_write_inode+0x915/0xc40 fs/ntfs/inode.c:3050 ntfs_commit_inode fs/ntfs/inode.h:300 [inline] ntfs_put_super+0x135e/0x1700 fs/ntfs/super.c:2315 generic_shutdown_super+0x158/0x480 fs/super.c:500 kill_block_super+0xa1/0x100 fs/super.c:1407 deactivate_locked_super+0x98/0x160 fs/super.c:331 deactivate_super+0xb1/0xd0 fs/super.c:362 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1177 task_work_run+0x16f/0x270 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ni->mrec_lock); lock(&rl->lock); lock(&ni->mrec_lock); rlock(&rl->lock); *** DEADLOCK *** 2 locks held by syz-executor.3/5162: #0: ffff88801e8280e0 (&type->s_umount_key#105){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361 #1: ffff88802a316350 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154 stack backtrace: CPU: 1 PID: 5162 Comm: syz-executor.3 Not tainted 6.4.0-rc2-syzkaller-00163-g2d1bcbc6cd70 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2188 check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x2f21/0x5df0 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 down_read+0x9c/0x480 kernel/locking/rwsem.c:1520 ntfs_sync_mft_mirror+0x18bf/0x1ea0 fs/ntfs/mft.c:536 write_mft_record_nolock+0x1971/0x1cc0 fs/ntfs/mft.c:805 write_mft_record+0x14e/0x3b0 fs/ntfs/mft.h:95 __ntfs_write_inode+0x915/0xc40 fs/ntfs/inode.c:3050 ntfs_commit_inode fs/ntfs/inode.h:300 [inline] ntfs_put_super+0x135e/0x1700 fs/ntfs/super.c:2315 generic_shutdown_super+0x158/0x480 fs/super.c:500 kill_block_super+0xa1/0x100 fs/super.c:1407 deactivate_locked_super+0x98/0x160 fs/super.c:331 deactivate_super+0xb1/0xd0 fs/super.c:362 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1177 task_work_run+0x16f/0x270 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff87ee8d5d7 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffea3cccc38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff87ee8d5d7 RDX: 00007ffea3cccd0b RSI: 000000000000000a RDI: 00007ffea3cccd00 RBP: 00007ffea3cccd00 R08: 00000000ffffffff R09: 00007ffea3cccad0 R10: 00005555572bd9e3 R11: 0000000000000246 R12: 00007ff87eee6cdc R13: 00007ffea3ccddc0 R14: 00005555572bd960 R15: 00007ffea3ccde00 </TASK>

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets	Manager	Title
2023/05/19 00:48	upstream	2d1bcbc6cd70	3bb7af1d	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	possible deadlock in ntfs_sync_mft_mirror
2023/05/17 13:27	upstream	f1fcbaa18b28	258520f6	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	possible deadlock in ntfs_sync_mft_mirror
2023/03/21 16:18	upstream	17214b70a159	03fb9538	.config	console log	report	info		ci-qemu-upstream	possible deadlock in ntfs_sync_mft_mirror
2023/05/14 22:44	upstream	31f4104e392a	2b9ba477	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	possible deadlock in ntfs_sync_mft_mirror
2023/05/14 05:58	upstream	bb7c241fae62	2b9ba477	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	possible deadlock in ntfs_sync_mft_mirror
2023/05/12 09:07	upstream	cc3c44c9fda2	adb9a3cd	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	possible deadlock in ntfs_sync_mft_mirror

Crashes (6):