DUID 00:04:e4:c6:50:7c:d0:20:e3:9c:0b:ff:93:a0:6d:15:c2:87 forked to background, child pid 3835 [ 37.857214][ T3836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.867317][ T3836] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. executing program syzkaller login: [ 62.359184][ T4160] loop0: detected capacity change from 0 to 4096 [ 62.468033][ T26] audit: type=1800 audit(1737356921.431:2): pid=4160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor307" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 62.491240][ T4160] [ 62.493601][ T4160] ====================================================== [ 62.494087][ T26] audit: type=1800 audit(1737356921.451:3): pid=4160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor307" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 62.500714][ T4160] WARNING: possible circular locking dependency detected [ 62.500724][ T4160] 5.15.176-syzkaller #0 Not tainted [ 62.533839][ T4160] ------------------------------------------------------ [ 62.540857][ T4160] syz-executor307/4160 is trying to acquire lock: [ 62.547255][ T4160] ffff88801746b928 (&mm->mmap_lock){++++}-{3:3}, at: internal_get_user_pages_fast+0x1c7/0x2810 [ 62.557654][ T4160] [ 62.557654][ T4160] but task is already holding lock: [ 62.565180][ T4160] ffff88806fa803a0 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: __blockdev_direct_IO+0x3db/0x4f40 [ 62.575965][ T4160] [ 62.575965][ T4160] which lock already depends on the new lock. [ 62.575965][ T4160] [ 62.586353][ T4160] [ 62.586353][ T4160] the existing dependency chain (in reverse order) is: [ 62.595367][ T4160] [ 62.595367][ T4160] -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}: [ 62.604064][ T4160] lock_acquire+0x1db/0x4f0 [ 62.609077][ T4160] down_write+0x38/0x60 [ 62.613764][ T4160] ntfs_file_mmap+0x589/0x7e0 [ 62.618948][ T4160] mmap_file+0x5a/0xb0 [ 62.623531][ T4160] mmap_region+0x1035/0x1870 [ 62.628714][ T4160] do_mmap+0x78d/0xe00 [ 62.633289][ T4160] vm_mmap_pgoff+0x1ca/0x2d0 [ 62.639883][ T4160] ksys_mmap_pgoff+0x559/0x780 [ 62.645160][ T4160] do_syscall_64+0x3b/0xb0 [ 62.650083][ T4160] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.656515][ T4160] [ 62.656515][ T4160] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 62.664060][ T4160] validate_chain+0x1649/0x5930 [ 62.669432][ T4160] __lock_acquire+0x1295/0x1ff0 [ 62.674806][ T4160] lock_acquire+0x1db/0x4f0 [ 62.679817][ T4160] internal_get_user_pages_fast+0x212/0x2810 [ 62.686305][ T4160] iov_iter_get_pages+0x25a/0x570 [ 62.691840][ T4160] __blockdev_direct_IO+0x1419/0x4f40 [ 62.697723][ T4160] ntfs_direct_IO+0x193/0x360 [ 62.702917][ T4160] generic_file_read_iter+0x28d/0x460 [ 62.708931][ T4160] vfs_read+0xa93/0xe10 [ 62.713611][ T4160] ksys_read+0x1a2/0x2c0 [ 62.718368][ T4160] do_syscall_64+0x3b/0xb0 [ 62.723316][ T4160] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.729722][ T4160] [ 62.729722][ T4160] other info that might help us debug this: [ 62.729722][ T4160] [ 62.739937][ T4160] Possible unsafe locking scenario: [ 62.739937][ T4160] [ 62.747369][ T4160] CPU0 CPU1 [ 62.752717][ T4160] ---- ---- [ 62.758064][ T4160] lock(&sb->s_type->i_mutex_key#15); [ 62.763518][ T4160] lock(&mm->mmap_lock); [ 62.770347][ T4160] lock(&sb->s_type->i_mutex_key#15); [ 62.778337][ T4160] lock(&mm->mmap_lock); [ 62.782653][ T4160] [ 62.782653][ T4160] *** DEADLOCK *** [ 62.782653][ T4160] [ 62.790776][ T4160] 1 lock held by syz-executor307/4160: [ 62.796215][ T4160] #0: ffff88806fa803a0 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: __blockdev_direct_IO+0x3db/0x4f40 [ 62.807435][ T4160] [ 62.807435][ T4160] stack backtrace: [ 62.813315][ T4160] CPU: 1 PID: 4160 Comm: syz-executor307 Not tainted 5.15.176-syzkaller #0 [ 62.821884][ T4160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 62.831930][ T4160] Call Trace: [ 62.835196][ T4160] [ 62.838111][ T4160] dump_stack_lvl+0x1e3/0x2d0 [ 62.842780][ T4160] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 62.848398][ T4160] ? print_circular_bug+0x12b/0x1a0 [ 62.853598][ T4160] check_noncircular+0x2f8/0x3b0 [ 62.858540][ T4160] ? add_chain_block+0x850/0x850 [ 62.863490][ T4160] ? lockdep_lock+0x11f/0x2a0 [ 62.868239][ T4160] validate_chain+0x1649/0x5930 [ 62.873169][ T4160] ? do_raw_spin_unlock+0x137/0x8b0 [ 62.878373][ T4160] ? mark_lock+0x98/0x340 [ 62.882697][ T4160] ? __lock_acquire+0x1295/0x1ff0 [ 62.887704][ T4160] ? reacquire_held_locks+0x660/0x660 [ 62.893069][ T4160] ? mark_lock+0x98/0x340 [ 62.897412][ T4160] ? __lock_acquire+0x1295/0x1ff0 [ 62.902429][ T4160] ? mark_lock+0x98/0x340 [ 62.906770][ T4160] __lock_acquire+0x1295/0x1ff0 [ 62.911613][ T4160] lock_acquire+0x1db/0x4f0 [ 62.916102][ T4160] ? internal_get_user_pages_fast+0x1c7/0x2810 [ 62.922245][ T4160] ? print_irqtrace_events+0x210/0x210 [ 62.927692][ T4160] ? read_lock_is_recursive+0x10/0x10 [ 62.933046][ T4160] ? do_raw_spin_unlock+0x137/0x8b0 [ 62.938241][ T4160] ? reacquire_held_locks+0x660/0x660 [ 62.943602][ T4160] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 62.949483][ T4160] ? _raw_spin_unlock+0x40/0x40 [ 62.954320][ T4160] ? stack_trace_save+0x113/0x1c0 [ 62.959335][ T4160] ? stack_trace_snprint+0xe0/0xe0 [ 62.964449][ T4160] internal_get_user_pages_fast+0x212/0x2810 [ 62.970419][ T4160] ? internal_get_user_pages_fast+0x1c7/0x2810 [ 62.976569][ T4160] ? __kasan_slab_alloc+0xa5/0xc0 [ 62.981588][ T4160] ? __kasan_slab_alloc+0x8e/0xc0 [ 62.986601][ T4160] ? mark_lock+0x98/0x340 [ 62.990922][ T4160] ? do_syscall_64+0x3b/0xb0 [ 62.995523][ T4160] ? __lock_acquire+0x1295/0x1ff0 [ 63.000544][ T4160] ? get_user_pages_fast_only+0x40/0x40 [ 63.006086][ T4160] ? memset+0x1f/0x40 [ 63.010058][ T4160] ? lockdep_init_map_type+0x9d/0x8d0 [ 63.015424][ T4160] ? lockdep_softirqs_off+0x420/0x420 [ 63.020810][ T4160] ? rwsem_write_trylock+0x166/0x210 [ 63.026095][ T4160] ? clear_nonspinnable+0x60/0x60 [ 63.031115][ T4160] iov_iter_get_pages+0x25a/0x570 [ 63.036134][ T4160] __blockdev_direct_IO+0x1419/0x4f40 [ 63.041508][ T4160] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 63.047238][ T4160] ? sb_init_dio_done_wq+0x80/0x80 [ 63.052351][ T4160] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 63.058075][ T4160] ? rcu_read_lock_bh_held+0x110/0x110 [ 63.063547][ T4160] ? rcu_is_watching+0x11/0xa0 [ 63.068308][ T4160] ? generic_file_read_iter+0x235/0x460 [ 63.073840][ T4160] ? generic_file_read_iter+0x235/0x460 [ 63.079373][ T4160] ? touch_atime+0x50f/0x680 [ 63.083967][ T4160] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 63.089699][ T4160] ntfs_direct_IO+0x193/0x360 [ 63.094369][ T4160] generic_file_read_iter+0x28d/0x460 [ 63.099737][ T4160] vfs_read+0xa93/0xe10 [ 63.103899][ T4160] ? kernel_read+0x1f0/0x1f0 [ 63.108493][ T4160] ? read_lock_is_recursive+0x10/0x10 [ 63.113874][ T4160] ? __fget_files+0x413/0x480 [ 63.118540][ T4160] ? __fdget_pos+0x2d2/0x380 [ 63.123132][ T4160] ksys_read+0x1a2/0x2c0 [ 63.127368][ T4160] ? print_irqtrace_events+0x210/0x210 [ 63.132812][ T4160] ? vfs_write+0xe50/0xe50 [ 63.137214][ T4160] ? syscall_enter_from_user_mode+0x2e/0x240 [ 63.143186][ T4160] ? lockdep_hardirqs_on+0x94/0x130 [ 63.148370][ T4160] ? syscall_enter_from_user_mode+0x2e/0x240 [ 63.154342][ T4160] do_syscall_64+0x3b/0xb0 [ 63.158759][ T4160] ? clear_bhb_loop+0x15/0x70 [ 63.163428][ T4160] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.169334][ T4160] RIP: 0033:0x7f9a36964739 [ 63.173840][ T4160] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.193440][ T4160] RSP: 002b:00007ffc3040f258 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 63.201873][ T4160] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f9a36964739 [ 63.209834][ T4160] RDX: 0000000000002000 RSI: 0000000020000000 RDI: 0000000000000005 [ 63.217792][ T4160] RBP: 00007f9a369f7610