syz-executor.1 (11812): drop_caches: 1
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:6/8779 is trying to acquire lock:
000000008c4cdc06 (&rl->lock){++++}, at: ntfs_read_block fs/ntfs/aops.c:265 [inline]
000000008c4cdc06 (&rl->lock){++++}, at: ntfs_readpage+0x1909/0x21b0 fs/ntfs/aops.c:452

but task is already holding lock:
00000000bd747470 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ni->mrec_lock){+.+.}:
       map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168
       ntfs_attr_extend_allocation+0x236/0x34c0 fs/ntfs/attrib.c:1992
       ntfs_prepare_file_for_write fs/ntfs/file.c:412 [inline]
       ntfs_file_write_iter+0x6c9/0x23b0 fs/ntfs/file.c:1949
       call_write_iter include/linux/fs.h:1821 [inline]
       new_sync_write fs/read_write.c:474 [inline]
       __vfs_write+0x51b/0x770 fs/read_write.c:487
       vfs_write+0x1f3/0x540 fs/read_write.c:549
       ksys_write+0x12b/0x2a0 fs/read_write.c:599
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&rl->lock){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ntfs_read_block fs/ntfs/aops.c:265 [inline]
       ntfs_readpage+0x1909/0x21b0 fs/ntfs/aops.c:452
       do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
       read_mapping_page include/linux/pagemap.h:402 [inline]
       ntfs_map_page fs/ntfs/aops.h:89 [inline]
       ntfs_sync_mft_mirror+0x24f/0x1d00 fs/ntfs/mft.c:494
       write_mft_record_nolock+0x13d2/0x16c0 fs/ntfs/mft.c:801
       write_mft_record fs/ntfs/mft.h:109 [inline]
       __ntfs_write_inode+0x609/0xe10 fs/ntfs/inode.c:3064
       write_inode fs/fs-writeback.c:1244 [inline]
       __writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442
       writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647
       wb_writeback+0x28d/0xcc0 fs/fs-writeback.c:1820
       wb_do_writeback fs/fs-writeback.c:1965 [inline]
       wb_workfn+0x29b/0x1250 fs/fs-writeback.c:2006
       process_one_work+0x864/0x1570 kernel/workqueue.c:2153
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ni->mrec_lock);
                               lock(&rl->lock);
                               lock(&ni->mrec_lock);
  lock(&rl->lock);

 *** DEADLOCK ***

3 locks held by kworker/u4:6/8779:
 #0: 00000000a431d6d6 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000008ffb716c ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 00000000bd747470 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168

stack backtrace:
CPU: 0 PID: 8779 Comm: kworker/u4:6 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: writeback wb_workfn (flush-7:2)
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 ntfs_read_block fs/ntfs/aops.c:265 [inline]
 ntfs_readpage+0x1909/0x21b0 fs/ntfs/aops.c:452
 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
 read_mapping_page include/linux/pagemap.h:402 [inline]
 ntfs_map_page fs/ntfs/aops.h:89 [inline]
 ntfs_sync_mft_mirror+0x24f/0x1d00 fs/ntfs/mft.c:494
 write_mft_record_nolock+0x13d2/0x16c0 fs/ntfs/mft.c:801
 write_mft_record fs/ntfs/mft.h:109 [inline]
 __ntfs_write_inode+0x609/0xe10 fs/ntfs/inode.c:3064
 write_inode fs/fs-writeback.c:1244 [inline]
 __writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442
 writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647
 wb_writeback+0x28d/0xcc0 fs/fs-writeback.c:1820
 wb_do_writeback fs/fs-writeback.c:1965 [inline]
 wb_workfn+0x29b/0x1250 fs/fs-writeback.c:2006
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
syz-executor.1 (11812): drop_caches: 1
ntfs: volume version 3.1.
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
ntfs: volume version 3.1.
ntfs: volume version 3.1.
syz-executor.1 (11839): drop_caches: 1
syz-executor.1 (11839): drop_caches: 1
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop2): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syz-executor.1 (11893): drop_caches: 1
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
EXT4-fs error (device loop2): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
syz-executor.1 (11893): drop_caches: 1
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop4): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
EXT4-fs error (device loop2): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop1): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop2): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
EXT4-fs error (device loop4): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop1): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop4): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
nla_parse: 2 callbacks suppressed
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop3): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: './file0' not a directory
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: failed to resolve './bus': -2
overlayfs: failed to resolve './bus': -2
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: failed to resolve './file1': -2
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: './file0' not a directory
9pnet: Insufficient options for proto=fd
overlayfs: './file0' not a directory
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
9pnet: Insufficient options for proto=fd
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
9pnet: Insufficient options for proto=fd
overlayfs: './file0' not a directory
netlink: 'syz-executor.3': attribute type 12 has an invalid length.
netlink: 'syz-executor.3': attribute type 12 has an invalid length.
netlink: 'syz-executor.3': attribute type 12 has an invalid length.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 'syz-executor.3': attribute type 12 has an invalid length.
ldm_validate_privheads(): Disk read failed.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
 loop4: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
loop4: partition table partially beyond EOD, truncated
loop4: p1 start 335762607 is beyond EOD, truncated
loop4: p2 size 2 extends beyond EOD, truncated
loop4: p4 size 2097152 extends beyond EOD, truncated
loop4: p5 start 335762607 is beyond EOD, truncated
loop4: p6 start 335762607 is beyond EOD, truncated
loop4: p7 start 335762607 is beyond EOD, truncated
loop4: p8 start 335762607 is beyond EOD, truncated
loop4: p9 start 335762607 is beyond EOD, truncated
loop4: p10 start 335762607 is beyond EOD, truncated
loop4: p11 start 335762607 is beyond EOD, truncated
loop4: p12 start 335762607 is beyond EOD, truncated
loop4: p13 start 335762607 is beyond EOD, truncated
loop4: p14 start 335762607 is beyond EOD, truncated
loop4: p15 start 335762607 is beyond EOD, truncated
loop4: p16 start 335762607 is beyond EOD, truncated
loop4: p17 start 335762607 is beyond EOD, truncated
loop4: p18 start 335762607 is beyond EOD, truncated
loop4: p19 start 335762607 is beyond EOD, truncated
loop4: p20 start 335762607 is beyond EOD, truncated
loop4: p21 start 335762607 is beyond EOD, truncated
loop4: p22 start 335762607 is beyond EOD, truncated
loop4: p23 start 335762607 is beyond EOD, truncated
loop4: p24 start 335762607 is beyond EOD, truncated
loop4: p25 start 335762607 is beyond EOD, truncated
loop4: p26 start 335762607 is beyond EOD, truncated
loop4: p27 start 335762607 is beyond EOD, truncated
loop4: p28 start 335762607 is beyond EOD, truncated
loop4: p29 start 335762607 is beyond EOD, truncated
loop4: p30 start 335762607 is beyond EOD, truncated
loop4: p31 start 335762607 is beyond EOD, truncated
loop4: p32 start 335762607 is beyond EOD, truncated
loop4: p33 start 335762607 is beyond EOD, truncated
loop4: p34 start 335762607 is beyond EOD, truncated
loop4: p35 start 335762607 is beyond EOD, truncated
loop4: p36 start 335762607 is beyond EOD, truncated
loop4: p37 start 335762607 is beyond EOD, truncated
loop4: p38 start 335762607 is beyond EOD, truncated
loop4: p39 start 335762607 is beyond EOD, truncated
loop4: p40 start 335762607 is beyond EOD, truncated
loop4: p41 start 335762607 is beyond EOD, truncated
loop4: p42 start 335762607 is beyond EOD, truncated
loop4: p43 start 335762607 is beyond EOD, truncated
loop4: p44 start 335762607 is beyond EOD, truncated
loop4: p45 start 335762607 is beyond EOD, truncated
loop4: p46 start 335762607 is beyond EOD, truncated