====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/29498 is trying to acquire lock: 0000000014a14256 (&ni->mrec_lock){+.+.}, at: map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 but task is already holding lock: 000000000192cce6 (&rl->lock){++++}, at: ntfs_truncate+0x1a2/0x2820 fs/ntfs/inode.c:2390 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&rl->lock){++++}: ntfs_read_block fs/ntfs/aops.c:265 [inline] ntfs_readpage+0x1909/0x21b0 fs/ntfs/aops.c:452 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] ntfs_map_page fs/ntfs/aops.h:89 [inline] ntfs_sync_mft_mirror+0x24f/0x1d00 fs/ntfs/mft.c:494 write_mft_record_nolock+0x13f1/0x16c0 fs/ntfs/mft.c:819 write_mft_record fs/ntfs/mft.h:109 [inline] __ntfs_write_inode+0x609/0xe10 fs/ntfs/inode.c:3064 ntfs_commit_inode fs/ntfs/inode.h:315 [inline] ntfs_put_super+0x1132/0x16f0 fs/ntfs/super.c:2273 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&ni->mrec_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 ntfs_truncate+0x202/0x2820 fs/ntfs/inode.c:2395 ntfs_truncate_vfs fs/ntfs/inode.c:2875 [inline] ntfs_setattr+0x1b6/0x620 fs/ntfs/inode.c:2925 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rl->lock); lock(&ni->mrec_lock); lock(&rl->lock); lock(&ni->mrec_lock); *** DEADLOCK *** 3 locks held by syz-executor.1/29498: #0: 000000003f31d0f8 (sb_writers#31){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000003f31d0f8 (sb_writers#31){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000ea6d474c (&sb->s_type->i_mutex_key#37){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000ea6d474c (&sb->s_type->i_mutex_key#37){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 000000000192cce6 (&rl->lock){++++}, at: ntfs_truncate+0x1a2/0x2820 fs/ntfs/inode.c:2390 stack backtrace: CPU: 0 PID: 29498 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168 ntfs_truncate+0x202/0x2820 fs/ntfs/inode.c:2395 ntfs_truncate_vfs fs/ntfs/inode.c:2875 [inline] ntfs_setattr+0x1b6/0x620 fs/ntfs/inode.c:2925 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5067014639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5065587168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f5067134f80 RCX: 00007f5067014639 RDX: 0000000000000000 RSI: 0000000000500000 RDI: 0000000020000080 RBP: 00007f506706f7e1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffffed6e59f R14: 00007f5065587300 R15: 0000000000022000 ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). ntfs: (device loop1): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28. libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error xt_CT: You must specify a L4 protocol and not use inversions on it ceph: No mds server is up or the cluster is laggy ntfs: (device loop1): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. xt_CT: You must specify a L4 protocol and not use inversions on it ceph: No mds server is up or the cluster is laggy xt_CT: You must specify a L4 protocol and not use inversions on it libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error libceph: connect [d::]:6789 error -101 ntfs: volume version 3.1. xt_CT: You must specify a L4 protocol and not use inversions on it libceph: mon0 [d::]:6789 connect error ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ntfs: (device loop1): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. ceph: No mds server is up or the cluster is laggy ntfs: (device loop1): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. ceph: No mds server is up or the cluster is laggy libceph: connect [d::]:6789 error -101 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. libceph: mon0 [d::]:6789 connect error ntfs: volume version 3.1. libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ceph: No mds server is up or the cluster is laggy netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 'syz-executor.3': attribute type 10 has an invalid length. bond0: Error: Device is in use and cannot be enslaved netlink: 'syz-executor.3': attribute type 10 has an invalid length. bond0: Error: Device is in use and cannot be enslaved netlink: 'syz-executor.3': attribute type 10 has an invalid length. bond0: Error: Device is in use and cannot be enslaved netlink: 'syz-executor.3': attribute type 10 has an invalid length. bond0: Error: Device is in use and cannot be enslaved IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 Bluetooth: hci1: command 0x0406 tx timeout IPVS: ftp: loaded support on port[0] = 21 9pnet: Insufficient options for proto=fd nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.