Y4`Ҙ: renamed from lo ntfs: volume version 3.1. ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/23854 is trying to acquire lock: 000000004be56e46 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 but task is already holding lock: 00000000e672da82 (&rl->lock){++++}, at: ntfs_attr_extend_allocation+0x22c/0x34c0 fs/ntfs/attrib.c:1991 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: syz-executor.5 (23764): drop_caches: 1 -> #1 (&rl->lock){++++}: ntfs_read_block fs/ntfs/aops.c:265 [inline] ntfs_readpage+0x1909/0x21b0 fs/ntfs/aops.c:452 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] ntfs_map_page fs/ntfs/aops.h:89 [inline] ntfs_sync_mft_mirror+0x24f/0x1d00 fs/ntfs/mft.c:494 write_mft_record_nolock+0x13d2/0x16c0 fs/ntfs/mft.c:801 write_mft_record fs/ntfs/mft.h:109 [inline] __ntfs_write_inode+0x609/0xe10 fs/ntfs/inode.c:3064 write_inode fs/fs-writeback.c:1244 [inline] __writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442 writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647 wb_writeback+0x28d/0xcc0 fs/fs-writeback.c:1820 wb_do_writeback fs/fs-writeback.c:1965 [inline] wb_workfn+0x29b/0x1250 fs/fs-writeback.c:2006 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #0 (&ni->mrec_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 ntfs_attr_extend_allocation+0x236/0x34c0 fs/ntfs/attrib.c:1992 ntfs_prepare_file_for_write fs/ntfs/file.c:412 [inline] ntfs_file_write_iter+0x6c9/0x23b0 fs/ntfs/file.c:1949 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 syz-executor.5 (23764): drop_caches: 1 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rl->lock); lock(&ni->mrec_lock); lock(&rl->lock); lock(&ni->mrec_lock); *** DEADLOCK *** 4 locks held by syz-executor.1/23854: #0: 000000004d2b7fcd (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000049189886 (sb_writers#20){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #1: 0000000049189886 (sb_writers#20){.+.+}, at: vfs_write+0x463/0x540 fs/read_write.c:548 #2: 00000000d599332e (&sb->s_type->i_mutex_key#25){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #2: 00000000d599332e (&sb->s_type->i_mutex_key#25){+.+.}, at: ntfs_file_write_iter+0x79/0x23b0 fs/ntfs/file.c:1946 #3: 00000000e672da82 (&rl->lock){++++}, at: ntfs_attr_extend_allocation+0x22c/0x34c0 fs/ntfs/attrib.c:1991 stack backtrace: CPU: 0 PID: 23854 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 syz-executor.5 (23764): drop_caches: 1 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 syz-executor.5 (23764): drop_caches: 1 map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 ntfs_attr_extend_allocation+0x236/0x34c0 fs/ntfs/attrib.c:1992 ntfs_prepare_file_for_write fs/ntfs/file.c:412 [inline] ntfs_file_write_iter+0x6c9/0x23b0 fs/ntfs/file.c:1949 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe0065ca5a9 syz-executor.5 (23764): drop_caches: 1 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe004f3e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fe0066ebf80 RCX: 00007fe0065ca5a9 RDX: 0000000000000070 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fe006625580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe36b87fdf R14: 00007fe004f3e300 R15: 0000000000022000 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 syz-executor.5 (23764): drop_caches: 1 ntfs: volume version 3.1. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. mmap: syz-executor.3 (24147) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored (unnamed net_device) (uninitialized): Device bond_slave_1 is not our slave (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) caif:caif_disconnect_client(): nothing to disconnect EXT4-fs warning (device sda1): ext4_group_add:1682: No reserved GDT blocks, can't resize (unnamed net_device) (uninitialized): Device bond_slave_1 is not our slave (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) EXT4-fs warning (device sda1): ext4_group_add:1682: No reserved GDT blocks, can't resize FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) caif:caif_disconnect_client(): nothing to disconnect caif:caif_disconnect_client(): nothing to disconnect EXT4-fs warning (device sda1): ext4_group_add:1682: No reserved GDT blocks, can't resize FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) EXT4-fs warning (device sda1): ext4_group_add:1682: No reserved GDT blocks, can't resize FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ff c3 inc %ebx 2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 9: 00 00 00 c: 0f 1f 40 00 nopl 0x0(%rax) 10: 48 89 f8 mov %rdi,%rax 13: 48 89 f7 mov %rsi,%rdi 16: 48 89 d6 mov %rdx,%rsi 19: 48 89 ca mov %rcx,%rdx 1c: 4d 89 c2 mov %r8,%r10 1f: 4d 89 c8 mov %r9,%r8 22: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 27: 0f 05 syscall * 29: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 2f: 73 01 jae 0x32 31: c3 retq 32: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 39: f7 d8 neg %eax 3b: 64 89 01 mov %eax,%fs:(%rcx) 3e: 48 rex.W