ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: lock_acquire+0x298/0x334 CPU: 1 PID: 31612 Comm: syz-executor.2 Not tainted 6.2.0-rc7-syzkaller-00119-geaed33698e35 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 panic+0x20c/0x4d8 kernel/panic.c:318 warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:746 lock_acquire+0x298/0x334 SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x000000,10380201,32017203 Memory Limit: none ===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.2.0-rc7-syzkaller-00119-geaed33698e35 #0 Not tainted ----------------------------------------------------- syz-executor.2/31612 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff80000d3825d8 (efi_rt_lock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline] ffff80000d3825d8 (efi_rt_lock){+...}-{2:2}, at: virt_efi_set_variable_nonblocking+0x74/0x16c drivers/firmware/efi/runtime-wrappers.c:357 and this task is already holding: ffff0000d550c9a8 (&xa->xa_lock#7){-.-.}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:375 [inline] ffff0000d550c9a8 (&xa->xa_lock#7){-.-.}-{2:2}, at: truncate_inode_pages_final+0x44/0x9c mm/truncate.c:479 which would create a new lock dependency: (&xa->xa_lock#7){-.-.}-{2:2} -> (efi_rt_lock){+...}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&xa->xa_lock#7){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x68/0x88 kernel/locking/spinlock.c:162 __folio_end_writeback+0xb4/0x6c4 mm/page-writeback.c:3035 folio_end_writeback+0xc0/0x420 mm/filemap.c:1614 end_page_writeback+0x3c/0xbc mm/folio-compat.c:26 end_buffer_async_write+0x24c/0x4e4 fs/buffer.c:375 end_bio_bh_io_sync+0x5c/0xfc fs/buffer.c:2655 bio_endio+0x44c/0x490 block/bio.c:1615 blk_complete_request block/blk-mq.c:854 [inline] blk_mq_end_request_batch+0x18c/0x674 block/blk-mq.c:1091 nvme_complete_batch drivers/nvme/host/nvme.h:729 [inline] nvme_pci_complete_batch+0x134/0x150 drivers/nvme/host/pci.c:1036 nvme_irq+0x64/0xa8 drivers/nvme/host/pci.c:1137 __handle_irq_event_percpu+0x168/0x6ac kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x4c/0xcc kernel/irq/handle.c:210 handle_fasteoi_irq+0x1b4/0x324 kernel/irq/chip.c:714 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:651 [inline] generic_handle_domain_irq+0x4c/0x6c kernel/irq/irqdesc.c:707 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:687 [inline] __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:738 [inline] gic_handle_irq+0x70/0x1bc drivers/irqchip/irq-gic-v3.c:782 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899 do_interrupt_handler+0x7c/0xc0 arch/arm64/kernel/entry-common.c:274 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline] el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:587 lock_acquire+0x44/0x334 kernel/locking/lockdep.c:5636 rcu_lock_acquire+0x3c/0x48 include/linux/rcupdate.h:325 rcu_read_lock include/linux/rcupdate.h:764 [inline] folio_memcg_lock+0x28/0x164 mm/memcontrol.c:2102 lock_page_memcg+0x1c/0x4c mm/memcontrol.c:2138 page_add_file_rmap+0xd8/0x7a4 mm/rmap.c:1332 do_set_pte+0x1f0/0x308 mm/memory.c:4307 filemap_map_pages+0x5a8/0xb64 mm/filemap.c:3407 do_fault_around mm/memory.c:4483 [inline] do_read_fault mm/memory.c:4509 [inline] do_fault mm/memory.c:4643 [inline] handle_pte_fault mm/memory.c:4931 [inline] __handle_mm_fault mm/memory.c:5073 [inline] handle_mm_fault+0xff4/0x241c mm/memory.c:5219 __do_page_fault arch/arm64/mm/fault.c:512 [inline] do_page_fault+0x4b4/0x808 arch/arm64/mm/fault.c:612 do_translation_fault+0x78/0xac arch/arm64/mm/fault.c:695 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:831 el0_ia+0x9c/0x1d0 arch/arm64/kernel/entry-common.c:533 el0t_64_sync_handler+0xb4/0xf0 arch/arm64/kernel/entry-common.c:661 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 to a HARDIRQ-irq-unsafe lock: (efi_rt_lock){+...}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] efi_call_rts+0x2e8/0x9d8 drivers/firmware/efi/runtime-wrappers.c:218 process_one_work+0x3ac/0x9d0 kernel/workqueue.c:2289 worker_thread+0x340/0x608 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(efi_rt_lock); local_irq_disable(); lock(&xa->xa_lock#7); lock(efi_rt_lock); lock(&xa->xa_lock#7); *** DEADLOCK *** 4 locks held by syz-executor.2/31612: #0: ffff0000d60170e0 (&type->s_umount_key#48/1){+.+.}-{3:3}, at: alloc_super+0xf8/0x430 fs/super.c:228 #1: ffff0000d550c9a8 (&xa->xa_lock#7){-.-.}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:375 [inline] #1: ffff0000d550c9a8 (&xa->xa_lock#7){-.-.}-{2:2}, at: truncate_inode_pages_final+0x44/0x9c mm/truncate.c:479 #2: ffff80000d4854a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324 #3: ffff80000d7e9fd0 (&psinfo->buf_lock){....}-{2:2}, at: pstore_dump+0xec/0x53c fs/pstore/platform.c:402 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&xa->xa_lock#7){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x68/0x88 kernel/locking/spinlock.c:162 __folio_end_writeback+0xb4/0x6c4 mm/page-writeback.c:3035 folio_end_writeback+0xc0/0x420 mm/filemap.c:1614 end_page_writeback+0x3c/0xbc mm/folio-compat.c:26 end_buffer_async_write+0x24c/0x4e4 fs/buffer.c:375 end_bio_bh_io_sync+0x5c/0xfc fs/buffer.c:2655 bio_endio+0x44c/0x490 block/bio.c:1615 blk_complete_request block/blk-mq.c:854 [inline] blk_mq_end_request_batch+0x18c/0x674 block/blk-mq.c:1091 nvme_complete_batch drivers/nvme/host/nvme.h:729 [inline] nvme_pci_complete_batch+0x134/0x150 drivers/nvme/host/pci.c:1036 nvme_irq+0x64/0xa8 drivers/nvme/host/pci.c:1137 __handle_irq_event_percpu+0x168/0x6ac kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x4c/0xcc kernel/irq/handle.c:210 handle_fasteoi_irq+0x1b4/0x324 kernel/irq/chip.c:714 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:651 [inline] generic_handle_domain_irq+0x4c/0x6c kernel/irq/irqdesc.c:707 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:687 [inline] __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:738 [inline] gic_handle_irq+0x70/0x1bc drivers/irqchip/irq-gic-v3.c:782 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899 do_interrupt_handler+0x7c/0xc0 arch/arm64/kernel/entry-common.c:274 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline] el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:587 lock_acquire+0x44/0x334 kernel/locking/lockdep.c:5636 rcu_lock_acquire+0x3c/0x48 include/linux/rcupdate.h:325 rcu_read_lock include/linux/rcupdate.h:764 [inline] folio_memcg_lock+0x28/0x164 mm/memcontrol.c:2102 lock_page_memcg+0x1c/0x4c mm/memcontrol.c:2138 page_add_file_rmap+0xd8/0x7a4 mm/rmap.c:1332 do_set_pte+0x1f0/0x308 mm/memory.c:4307 filemap_map_pages+0x5a8/0xb64 mm/filemap.c:3407 do_fault_around mm/memory.c:4483 [inline] do_read_fault mm/memory.c:4509 [inline] do_fault mm/memory.c:4643 [inline] handle_pte_fault mm/memory.c:4931 [inline] __handle_mm_fault mm/memory.c:5073 [inline] handle_mm_fault+0xff4/0x241c mm/memory.c:5219 __do_page_fault arch/arm64/mm/fault.c:512 [inline] do_page_fault+0x4b4/0x808 arch/arm64/mm/fault.c:612 do_translation_fault+0x78/0xac arch/arm64/mm/fault.c:695 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:831 el0_ia+0x9c/0x1d0 arch/arm64/kernel/entry-common.c:533 el0t_64_sync_handler+0xb4/0xf0 arch/arm64/kernel/entry-common.c:661 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 IN-SOFTIRQ-W at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x68/0x88 kernel/locking/spinlock.c:162 __folio_end_writeback+0xb4/0x6c4 mm/page-writeback.c:3035 folio_end_writeback+0xc0/0x420 mm/filemap.c:1614 end_page_writeback+0x3c/0xbc mm/folio-compat.c:26 end_buffer_async_write+0x24c/0x4e4 fs/buffer.c:375 end_bio_bh_io_sync+0x5c/0xfc fs/buffer.c:2655 bio_endio+0x44c/0x490 block/bio.c:1615 req_bio_endio block/blk-mq.c:794 [inline] blk_update_request+0x250/0x53c block/blk-mq.c:926 blk_mq_end_request+0x2c/0x58 block/blk-mq.c:1053 lo_complete_rq+0xb8/0x138 drivers/block/loop.c:370 blk_complete_reqs block/blk-mq.c:1131 [inline] blk_done_softirq+0x70/0xa4 block/blk-mq.c:1136 _stext+0x1d8/0x5e4 run_ksoftirqd+0x40/0xf8 kernel/softirq.c:934 smpboot_thread_fn+0x248/0x3ec kernel/smpboot.c:164 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 INITIAL USE at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0x64/0x7c kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:375 [inline] shmem_add_to_page_cache+0x43c/0xf14 mm/shmem.c:726 shmem_get_folio_gfp+0xb3c/0x18e0 mm/shmem.c:1950 shmem_read_mapping_page_gfp+0x70/0x2b8 mm/shmem.c:4331 shmem_read_mapping_page include/linux/shmem_fs.h:122 [inline] drm_gem_get_pages+0xfc/0x358 drivers/gpu/drm/drm_gem.c:556 drm_gem_shmem_get_pages_locked drivers/gpu/drm/drm_gem_shmem_helper.c:174 [inline] drm_gem_shmem_get_pages drivers/gpu/drm/drm_gem_shmem_helper.c:215 [inline] drm_gem_shmem_vmap_locked drivers/gpu/drm/drm_gem_shmem_helper.c:314 [inline] drm_gem_shmem_vmap+0x180/0x32c drivers/gpu/drm/drm_gem_shmem_helper.c:367 drm_gem_shmem_object_vmap+0x28/0x38 include/drm/drm_gem_shmem_helper.h:238 drm_gem_vmap drivers/gpu/drm/drm_gem.c:1166 [inline] drm_gem_vmap_unlocked+0x8c/0x100 drivers/gpu/drm/drm_gem.c:1196 drm_client_buffer_vmap+0x30/0x70 drivers/gpu/drm/drm_client.c:326 drm_fbdev_fb_probe+0x1fc/0x25c drivers/gpu/drm/drm_fbdev_generic.c:230 drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1909 [inline] __drm_fb_helper_initial_config_and_unlock+0x634/0x8ac drivers/gpu/drm/drm_fb_helper.c:2091 drm_fb_helper_initial_config+0x54/0x74 drivers/gpu/drm/drm_fb_helper.c:2186 drm_fbdev_client_hotplug+0x144/0x1a8 drivers/gpu/drm/drm_fbdev_generic.c:407 drm_fbdev_generic_setup+0xe0/0x1fc drivers/gpu/drm/drm_fbdev_generic.c:489 vkms_create drivers/gpu/drm/vkms/vkms_drv.c:208 [inline] vkms_init+0x290/0x29c drivers/gpu/drm/vkms/vkms_drv.c:233 do_one_initcall+0x1c0/0x708 init/main.c:1306 do_initcall_level+0xa4/0xdc init/main.c:1379 do_initcalls+0x58/0xa8 init/main.c:1395 do_basic_setup+0x20/0x2c init/main.c:1414 kernel_init_freeable+0x1f4/0x2a8 init/main.c:1634 kernel_init+0x24/0x290 init/main.c:1522 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 } ... key at: [] xa_init_flags.__key+0x0/0x10 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (efi_rt_lock){+...}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] efi_call_rts+0x2e8/0x9d8 drivers/firmware/efi/runtime-wrappers.c:218 process_one_work+0x3ac/0x9d0 kernel/workqueue.c:2289 worker_thread+0x340/0x608 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 INITIAL USE at: lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] efi_call_rts+0x2e8/0x9d8 drivers/firmware/efi/runtime-wrappers.c:218 process_one_work+0x3ac/0x9d0 kernel/workqueue.c:2289 worker_thread+0x340/0x608 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 } ... key at: [] efi_rt_lock+0x18/0x40 ... acquired at: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] virt_efi_set_variable_nonblocking+0x74/0x16c drivers/firmware/efi/runtime-wrappers.c:357 efivar_set_variable_locked+0x158/0x180 drivers/firmware/efi/vars.c:219 efi_pstore_write+0x164/0x1bc drivers/firmware/efi/efi-pstore.c:190 pstore_dump+0x33c/0x53c fs/pstore/platform.c:463 kmsg_dump+0x120/0x1e4 kernel/printk/printk.c:3943 panic+0x25c/0x4d8 kernel/panic.c:362 warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:746 lock_acquire+0x298/0x334 stack backtrace: CPU: 1 PID: 31612 Comm: syz-executor.2 Not tainted 6.2.0-rc7-syzkaller-00119-geaed33698e35 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 __lock_acquire+0x808/0x2f48 lock_acquire+0x164/0x334 kernel/locking/lockdep.c:5668 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] virt_efi_set_variable_nonblocking+0x74/0x16c drivers/firmware/efi/runtime-wrappers.c:357 efivar_set_variable_locked+0x158/0x180 drivers/firmware/efi/vars.c:219 efi_pstore_write+0x164/0x1bc drivers/firmware/efi/efi-pstore.c:190 pstore_dump+0x33c/0x53c fs/pstore/platform.c:463 kmsg_dump+0x120/0x1e4 kernel/printk/printk.c:3943 panic+0x25c/0x4d8 kernel/panic.c:362 warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:746 lock_acquire+0x298/0x334 Rebooting in 86400 seconds..