syzbot


possible deadlock in map_mft_record

Status: upstream: reported C repro on 2022/10/19 05:29
Labels: ntfs (incorrect?)
Reported-by: syzbot+cb1fdea540b46f0ce394@syzkaller.appspotmail.com
First crash: 225d, last: 4h47m

Cause bisection: failed (error log, bisect log)
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly ntfs report (May 2023) 0 (1) 2023/05/02 07:18
[syzbot] Monthly ntfs report 0 (1) 2023/03/31 15:00
[syzbot] possible deadlock in map_mft_record 0 (2) 2022/12/30 12:29
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in map_mft_record 1 71d 71d 0/3 upstream: reported on 2023/03/21 20:17
linux-4.14 possible deadlock in map_mft_record ntfs C 5 104d 198d 0/1 upstream: reported C repro on 2022/11/15 01:41
linux-5.15 possible deadlock in map_mft_record 9 15h04m 75d 0/3 upstream: reported on 2023/03/17 18:38
linux-4.19 possible deadlock in map_mft_record ntfs C error 11 122d 234d 0/1 upstream: reported C repro on 2022/10/09 19:52

Sample crash report:
loop0: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
======================================================
WARNING: possible circular locking dependency detected
6.2.0-syzkaller-06695-gd8ca6dbb8de7 #0 Not tainted
------------------------------------------------------
syz-executor158/5070 is trying to acquire lock:
ffff888072cf1a50 (&lcnbmp_mrec_lock_key){+.+.}-{3:3}, at: map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154

but task is already holding lock:
ffff888027f099f8 (&vol->lcnbmp_lock){+.+.}-{3:3}, at: ntfs_put_super+0x39c/0x1700 fs/ntfs/super.c:2282

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&vol->lcnbmp_lock){+.+.}-{3:3}:
       down_write+0x92/0x200 kernel/locking/rwsem.c:1573
       __ntfs_cluster_free+0x12d/0xbe0 fs/ntfs/lcnalloc.c:862
       ntfs_cluster_free fs/ntfs/lcnalloc.h:96 [inline]
       ntfs_truncate+0x16c1/0x2a50 fs/ntfs/inode.c:2695
       ntfs_truncate_vfs fs/ntfs/inode.c:2862 [inline]
       ntfs_setattr+0x397/0x560 fs/ntfs/inode.c:2914
       notify_change+0xb2c/0x1180 fs/attr.c:482
       do_truncate+0x143/0x200 fs/open.c:66
       handle_truncate fs/namei.c:3219 [inline]
       do_open fs/namei.c:3564 [inline]
       path_openat+0x2083/0x2750 fs/namei.c:3715
       do_file_open_root+0x2cc/0x590 fs/namei.c:3767
       file_open_root+0x2b1/0x430 fs/open.c:1292
       do_handle_open+0x327/0x8b0 fs/fhandle.c:232
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&lcnbmp_mrec_lock_key){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3098 [inline]
       check_prevs_add kernel/locking/lockdep.c:3217 [inline]
       validate_chain kernel/locking/lockdep.c:3832 [inline]
       __lock_acquire+0x2ec7/0x5d40 kernel/locking/lockdep.c:5056
       lock_acquire kernel/locking/lockdep.c:5669 [inline]
       lock_acquire+0x1e3/0x670 kernel/locking/lockdep.c:5634
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x12f/0x1350 kernel/locking/mutex.c:747
       map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154
       __ntfs_write_inode+0x88/0xc40 fs/ntfs/inode.c:2978
       ntfs_commit_inode fs/ntfs/inode.h:300 [inline]
       ntfs_put_super+0xf43/0x1700 fs/ntfs/super.c:2283
       generic_shutdown_super+0x158/0x480 fs/super.c:491
       kill_block_super+0x9b/0xf0 fs/super.c:1398
       deactivate_locked_super+0x98/0x160 fs/super.c:331
       deactivate_super+0xb1/0xd0 fs/super.c:362
       cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1177
       task_work_run+0x16f/0x270 kernel/task_work.c:179
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0xad3/0x2a40 kernel/exit.c:869
       do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
       __do_sys_exit_group kernel/exit.c:1030 [inline]
       __se_sys_exit_group kernel/exit.c:1028 [inline]
       __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&vol->lcnbmp_lock);
                               lock(&lcnbmp_mrec_lock_key);
                               lock(&vol->lcnbmp_lock);
  lock(&lcnbmp_mrec_lock_key);

 *** DEADLOCK ***

2 locks held by syz-executor158/5070:
 #0: ffff8880293200e0 (&type->s_umount_key#46){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
 #1: ffff888027f099f8 (&vol->lcnbmp_lock){+.+.}-{3:3}, at: ntfs_put_super+0x39c/0x1700 fs/ntfs/super.c:2282

stack backtrace:
CPU: 1 PID: 5070 Comm: syz-executor158 Not tainted 6.2.0-syzkaller-06695-gd8ca6dbb8de7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3098 [inline]
 check_prevs_add kernel/locking/lockdep.c:3217 [inline]
 validate_chain kernel/locking/lockdep.c:3832 [inline]
 __lock_acquire+0x2ec7/0x5d40 kernel/locking/lockdep.c:5056
 lock_acquire kernel/locking/lockdep.c:5669 [inline]
 lock_acquire+0x1e3/0x670 kernel/locking/lockdep.c:5634
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x12f/0x1350 kernel/locking/mutex.c:747
 map_mft_record+0x40/0x6c0 fs/ntfs/mft.c:154
 __ntfs_write_inode+0x88/0xc40 fs/ntfs/inode.c:2978
 ntfs_commit_inode fs/ntfs/inode.h:300 [inline]
 ntfs_put_super+0xf43/0x1700 fs/ntfs/super.c:2283
 generic_shutdown_super+0x158/0x480 fs/super.c:491
 kill_block_super+0x9b/0xf0 fs/super.c:1398
 deactivate_locked_super+0x98/0x160 fs/super.c:331
 deactivate_super+0xb1/0xd0 fs/super.c:362
 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1177
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xad3/0x2a40 kernel/exit.c:869
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
 __do_sys_exit_group kernel/exit.c:1030 [inline]
 __se_sys_exit_group kernel/exit.c:1028 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcf8333da29
Code: Unable to access opcode bytes at 0x7fcf8333d9ff.
RSP: 002b:00007fff4233dbf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fcf833d2330 RCX: 00007fcf8333da29
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fcf833cce40
R10: 000000000001f1b4 R11: 0000000000000246 R12: 00007fcf833d2330
R13: 0000000000000001 R14: 

Crashes (389):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/02/23 17:42 upstream d8ca6dbb8de7 9e2ebb3c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root possible deadlock in map_mft_record
2023/01/02 03:52 upstream e4cf7c25bae5 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs possible deadlock in map_mft_record
2022/12/30 12:29 upstream 2258c2dc850b 44712fbc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs possible deadlock in map_mft_record
2023/03/25 13:17 linux-next e5dbf24e8b9e fbf0499a .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root possible deadlock in map_mft_record
2023/05/31 00:55 upstream afead42fdfca 09898419 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/28 19:14 upstream 7877cb91f108 cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/25 16:25 upstream 933174ae28ba 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in map_mft_record
2023/05/24 16:07 upstream 9d646009f65d 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/24 04:54 upstream 27e462c8fad4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/24 03:31 upstream 27e462c8fad4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/24 02:14 upstream 27e462c8fad4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/23 22:51 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/23 13:10 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in map_mft_record
2023/05/22 15:10 upstream 44c026a73be8 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/22 12:53 upstream 44c026a73be8 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/22 08:54 upstream 44c026a73be8 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in map_mft_record
2023/05/21 16:46 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/21 06:31 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/21 01:28 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in map_mft_record
2023/05/20 06:15 upstream 5565ec4ef4f0 96689200 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/05/18 15:33 upstream 4d6d4c7f541d 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in map_mft_record
2023/04/30 07:00 upstream 1ae78a14516b 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in map_mft_record
2023/02/22 04:37 upstream 4a7d37e824f5 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in map_mft_record
2023/05/31 21:34 upstream 48b1320a674e e2a77acd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/31 09:05 upstream afead42fdfca 09898419 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/31 02:09 upstream afead42fdfca 09898419 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/30 21:24 upstream 8b817fded42d 09898419 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/30 17:46 upstream 8b817fded42d 8d5c7541 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/29 20:49 upstream 8b817fded42d cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/29 20:35 upstream 8b817fded42d cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/29 11:32 upstream e338142b39cf cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/29 00:13 upstream 7877cb91f108 cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/27 23:01 upstream 49572d536129 cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/27 06:36 upstream a92c9ab69f66 cf184559 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/26 16:57 upstream 0d85b27b0cc6 b0e6aca7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/26 14:40 upstream 0d85b27b0cc6 b0e6aca7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/25 20:08 upstream eb03e3181354 54259e6c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/25 12:03 upstream 933174ae28ba 54259e6c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/25 02:05 upstream 933174ae28ba 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/23 22:26 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/23 11:51 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/22 23:55 upstream 421ca22e3138 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/22 10:56 upstream 44c026a73be8 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/22 03:04 upstream e2065b8c1b01 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/21 20:05 upstream e2065b8c1b01 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/21 08:33 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/21 04:25 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/20 18:24 upstream d635f6cc934b 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/20 17:08 upstream d635f6cc934b 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/20 05:12 upstream 5565ec4ef4f0 96689200 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/19 21:31 upstream cbd6ac3837cd e0257275 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/19 16:03 upstream 2d1bcbc6cd70 e0257275 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/19 04:57 upstream 2d1bcbc6cd70 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/19 01:37 upstream 2d1bcbc6cd70 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/18 22:40 upstream 2d1bcbc6cd70 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/18 13:31 upstream 4d6d4c7f541d 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/18 12:55 upstream 4d6d4c7f541d 3bb7af1d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in map_mft_record
2023/05/31 06:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in map_mft_record
2023/04/28 00:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in map_mft_record
2022/10/18 16:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 b31320fc .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 possible deadlock in map_mft_record
* Struck through repros no longer work on HEAD.