Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.92' (ECDSA) to the list of known hosts. syzkaller login: [ 32.342508] IPVS: ftp: loaded support on port[0] = 21 executing program [ 32.442744] ntfs: volume version 3.1. [ 32.544221] syz-executor101 (8102): drop_caches: 1 [ 32.592922] syz-executor101 (8102): drop_caches: 1 [ 32.602070] [ 32.603697] ====================================================== [ 32.609985] WARNING: possible circular locking dependency detected [ 32.616275] 4.19.211-syzkaller #0 Not tainted [ 32.620741] ------------------------------------------------------ [ 32.627031] kworker/u4:3/94 is trying to acquire lock: [ 32.632276] 000000002cccfa1e (&rl->lock){++++}, at: ntfs_readpage+0x1909/0x21b0 [ 32.639708] [ 32.639708] but task is already holding lock: [ 32.645650] 0000000011abde22 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 [ 32.653343] [ 32.653343] which lock already depends on the new lock. [ 32.653343] [ 32.661630] [ 32.661630] the existing dependency chain (in reverse order) is: [ 32.669224] [ 32.669224] -> #1 (&ni->mrec_lock){+.+.}: [ 32.674884] map_mft_record+0x3c/0xc70 [ 32.679272] ntfs_truncate+0x202/0x2820 [ 32.683740] ntfs_setattr+0x1b6/0x620 [ 32.688035] notify_change+0x70b/0xfc0 [ 32.692417] do_truncate+0x134/0x1f0 [ 32.696626] path_openat+0x2308/0x2df0 [ 32.701008] do_filp_open+0x18c/0x3f0 [ 32.705306] do_sys_open+0x3b3/0x520 [ 32.709517] do_syscall_64+0xf9/0x620 [ 32.713827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.719512] [ 32.719512] -> #0 (&rl->lock){++++}: [ 32.724690] down_read+0x36/0x80 [ 32.728550] ntfs_readpage+0x1909/0x21b0 [ 32.733108] do_read_cache_page+0x533/0x1170 [ 32.738014] ntfs_sync_mft_mirror+0x24f/0x1d00 [ 32.743091] write_mft_record_nolock+0x13d2/0x16c0 [ 32.748515] __ntfs_write_inode+0x609/0xe10 [ 32.753335] __writeback_single_inode+0x733/0x11d0 [ 32.758760] writeback_sb_inodes+0x537/0xef0 [ 32.763666] wb_writeback+0x28d/0xcc0 [ 32.767963] wb_workfn+0x29b/0x1250 [ 32.772104] process_one_work+0x864/0x1570 [ 32.776836] worker_thread+0x64c/0x1130 [ 32.781308] kthread+0x33f/0x460 [ 32.785172] ret_from_fork+0x24/0x30 [ 32.789463] [ 32.789463] other info that might help us debug this: [ 32.789463] [ 32.797582] Possible unsafe locking scenario: [ 32.797582] [ 32.803614] CPU0 CPU1 [ 32.808255] ---- ---- [ 32.812891] lock(&ni->mrec_lock); [ 32.816498] lock(&rl->lock); [ 32.822178] lock(&ni->mrec_lock); [ 32.828293] lock(&rl->lock); [ 32.831460] [ 32.831460] *** DEADLOCK *** [ 32.831460] [ 32.837497] 3 locks held by kworker/u4:3/94: [ 32.841874] #0: 00000000d9403b77 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0x767/0x1570 [ 32.851391] #1: 00000000bfc8ed16 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0x79c/0x1570 [ 32.861946] #2: 0000000011abde22 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 [ 32.870066] [ 32.870066] stack backtrace: [ 32.874541] CPU: 0 PID: 94 Comm: kworker/u4:3 Not tainted 4.19.211-syzkaller #0 [ 32.881957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.891295] Workqueue: writeback wb_workfn (flush-7:0) [ 32.896541] Call Trace: [ 32.899106] dump_stack+0x1fc/0x2ef [ 32.902710] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 32.908486] __lock_acquire+0x30c9/0x3ff0 [ 32.912614] ? mark_held_locks+0xf0/0xf0 [ 32.916650] ? get_mem_cgroup_from_page+0x7a/0x3b0 [ 32.921558] ? check_preemption_disabled+0x41/0x280 [ 32.926552] ? alloc_buffer_head+0x20/0x130 [ 32.930848] ? ntfs_readpage+0xe0b/0x21b0 [ 32.934973] lock_acquire+0x170/0x3c0 [ 32.938750] ? ntfs_readpage+0x1909/0x21b0 [ 32.942961] down_read+0x36/0x80 [ 32.946303] ? ntfs_readpage+0x1909/0x21b0 [ 32.950509] ntfs_readpage+0x1909/0x21b0 [ 32.954553] ? ntfs_end_buffer_async_read+0x1210/0x1210 [ 32.959897] ? add_to_page_cache_lru+0x259/0x680 [ 32.964630] ? add_to_page_cache_locked+0x40/0x40 [ 32.969449] do_read_cache_page+0x533/0x1170 [ 32.973833] ? ntfs_end_buffer_async_read+0x1210/0x1210 [ 32.979170] ntfs_sync_mft_mirror+0x24f/0x1d00 [ 32.983729] ? submit_bio+0xb1/0x430 [ 32.987419] ? generic_make_request+0xdf0/0xdf0 [ 32.992064] ? ntfs_mft_bitmap_extend_allocation_nolock+0x2600/0x2600 [ 32.998616] ? guard_bio_eod+0x2a0/0x650 [ 33.002653] ? submit_bh_wbc+0x5a7/0x760 [ 33.006693] write_mft_record_nolock+0x13d2/0x16c0 [ 33.011600] ? ntfs_sync_mft_mirror+0x1d00/0x1d00 [ 33.016417] ? debug_check_no_obj_freed+0x201/0x490 [ 33.021407] ? check_preemption_disabled+0x41/0x280 [ 33.026398] __ntfs_write_inode+0x609/0xe10 [ 33.030698] __writeback_single_inode+0x733/0x11d0 [ 33.035605] writeback_sb_inodes+0x537/0xef0 [ 33.039990] ? wbc_detach_inode+0x840/0x840 [ 33.044290] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.049282] ? queue_io+0x448/0x590 [ 33.052884] wb_writeback+0x28d/0xcc0 [ 33.056661] ? writeback_inodes_wb.constprop.0+0x1d0/0x1d0 [ 33.062262] wb_workfn+0x29b/0x1250 [ 33.065866] ? inode_wait_for_writeback+0x30/0x30 [ 33.070686] ? check_preemption_disabled+0x41/0x280 [ 33.075679] process_one_work+0x864/0x1570 [ 33.079896] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 33.084543] worker_thread+0x64c/0x1130 [ 33.088499] ? __kthread_parkme+0x133/0x1e0 [ 33.092794] ? process_o