UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
syz-executor.2 (9984): drop_caches: 1
ntfs: volume version 3.1.
======================================================
WARNING: possible circular locking dependency detected
4.14.297-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:2/34 is trying to acquire lock:
 (&rl->lock){++++}, at: [<ffffffff82102586>] ntfs_read_block fs/ntfs/aops.c:269 [inline]
 (&rl->lock){++++}, at: [<ffffffff82102586>] ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456

but task is already holding lock:
 (&ni->mrec_lock){+.+.}, at: [<ffffffff8213d58b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ni->mrec_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166
       ntfs_truncate+0x1a6/0x22d0 fs/ntfs/inode.c:2408
       ntfs_truncate_vfs fs/ntfs/inode.c:2888 [inline]
       ntfs_setattr+0x148/0x580 fs/ntfs/inode.c:2938
       notify_change+0x56b/0xd10 fs/attr.c:315
       do_truncate+0xff/0x1a0 fs/open.c:63
       vfs_truncate+0x456/0x680 fs/open.c:120
       do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
       do_sys_truncate fs/open.c:137 [inline]
       SYSC_truncate fs/open.c:155 [inline]
       SyS_truncate+0x23/0x40 fs/open.c:153
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&rl->lock){++++}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ntfs_read_block fs/ntfs/aops.c:269 [inline]
       ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
       do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
       read_mapping_page include/linux/pagemap.h:398 [inline]
       ntfs_map_page fs/ntfs/aops.h:89 [inline]
       ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
       write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
       write_mft_record fs/ntfs/mft.h:109 [inline]
       __ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3077
       write_inode fs/fs-writeback.c:1241 [inline]
       __writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
       writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
       wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
       wb_do_writeback fs/fs-writeback.c:1952 [inline]
       wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ni->mrec_lock);
                               lock(&rl->lock);
                               lock(&ni->mrec_lock);
  lock(&rl->lock);

 *** DEADLOCK ***

3 locks held by kworker/u4:2/34:
 #0:  ("writeback"){+.+.}, at: [<ffffffff81365eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffff81365ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (&ni->mrec_lock){+.+.}, at: [<ffffffff8213d58b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166

stack backtrace:
CPU: 0 PID: 34 Comm: kworker/u4:2 Not tainted 4.14.297-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Workqueue: writeback wb_workfn (flush-7:5)
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 ntfs_read_block fs/ntfs/aops.c:269 [inline]
 ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
 do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
 read_mapping_page include/linux/pagemap.h:398 [inline]
 ntfs_map_page fs/ntfs/aops.h:89 [inline]
 ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
 write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
 write_mft_record fs/ntfs/mft.h:109 [inline]
 __ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3077
 write_inode fs/fs-writeback.c:1241 [inline]
 __writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
 writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
 wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
 wb_do_writeback fs/fs-writeback.c:1952 [inline]
 wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
syz-executor.2 (9984): drop_caches: 1
UDF-fs: error (device loop3): udf_process_sequence: Block 100 of volume descriptor sequence is corrupted or we could not read it
UDF-fs: error (device loop3): udf_process_sequence: Block 2016 of volume descriptor sequence is corrupted or we could not read it
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
ntfs: volume version 3.1.
ntfs: volume version 3.1.
syz-executor.2 (10038): drop_caches: 1
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_process_sequence: Block 100 of volume descriptor sequence is corrupted or we could not read it
UDF-fs: error (device loop3): udf_process_sequence: Block 2016 of volume descriptor sequence is corrupted or we could not read it
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
syz-executor.2 (10038): drop_caches: 1
ntfs: volume version 3.1.
ntfs: volume version 3.1.
ntfs: volume version 3.1.
syz-executor.2 (10102): drop_caches: 1
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_process_sequence: Block 100 of volume descriptor sequence is corrupted or we could not read it
UDF-fs: error (device loop3): udf_process_sequence: Block 2016 of volume descriptor sequence is corrupted or we could not read it
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
ntfs: volume version 3.1.
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1063, location=1063
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
ntfs: volume version 3.1.
syz-executor.2 (10102): drop_caches: 1
ntfs: volume version 3.1.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
attempt to access beyond end of device
loop3: rw=2049, want=65, limit=64
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
ebtables: ebtables: counters copy to user failed while replacing table
ebtables: ebtables: counters copy to user failed while replacing table
ebtables: ebtables: counters copy to user failed while replacing table
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
ebtables: ebtables: counters copy to user failed while replacing table
ebtables: ebtables: counters copy to user failed while replacing table
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
new mount options do not match the existing superblock, will be ignored
ebtables: ebtables: counters copy to user failed while replacing table
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
kauditd_printk_skb: 3 callbacks suppressed
audit: type=1800 audit(1667460122.516:16): pid=10335 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=13989 res=0
REISERFS (device loop2): checking transaction log (loop2)
audit: type=1804 audit(1667460122.626:17): pid=10345 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3256312046/syzkaller.oHjfmL/22/bus" dev="sda1" ino=13989 res=1
REISERFS (device loop2): Using rupasov hash to sort names
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
audit: type=1800 audit(1667460122.956:18): pid=10389 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14029 res=0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop2): Using rupasov hash to sort names
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
audit: type=1804 audit(1667460123.126:19): pid=10366 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3256312046/syzkaller.oHjfmL/23/bus" dev="sda1" ino=14029 res=1
REISERFS error (device loop2): reiserfs-2025 reiserfs_cache_bitmap_metadata: bitmap block 17 is corrupted: first bit must be 1
REISERFS (device loop2): Remounting filesystem read-only
REISERFS warning (device loop2): clm-6006 reiserfs_dirty_inode: writing inode 1207963652 on readonly FS
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop1 is unclean, continuing
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
new mount options do not match the existing superblock, will be ignored
audit: type=1800 audit(1667460123.486:20): pid=10442 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14037 res=0
REISERFS (device loop2): using ordered data mode
BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
new mount options do not match the existing superblock, will be ignored
audit: type=1804 audit(1667460123.536:21): pid=10447 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3256312046/syzkaller.oHjfmL/24/bus" dev="sda1" ino=14037 res=1
reiserfs: using flush barriers
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
REISERFS (device loop2): checking transaction log (loop2)
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): Using rupasov hash to sort names
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
BFS-fs: bfs_fill_super(): loop1 is unclean, continuing
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
new mount options do not match the existing superblock, will be ignored
reiserfs: using flush barriers
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
BFS-fs: bfs_fill_super(): loop1 is unclean, continuing
audit: type=1800 audit(1667460124.376:22): pid=10538 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14045 res=0
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): checking transaction log (loop2)
audit: type=1804 audit(1667460124.486:23): pid=10542 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3256312046/syzkaller.oHjfmL/25/bus" dev="sda1" ino=14045 res=1
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
REISERFS (device loop2): Using rupasov hash to sort names
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
EXT4-fs (loop1): group descriptors corrupted!
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
XFS (loop5): unknown mount option [Ÿ$übœ±\xß=õì™À?÷gš%Rÿ’	vÅ…‚Éš©½	=¹6‘2=‡4<|i˜Æ~.)ꓧ{}¤àÞY™½*Цþõ&×l].
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
print_req_error: I/O error, dev loop1, sector 0
Buffer I/O error on dev loop1, logical block 0, async page read
print_req_error: I/O error, dev loop1, sector 6
Buffer I/O error on dev loop1, logical block 3, async page read
ucma_write: process 117 (syz-executor.0) changed security contexts after opening file descriptor, this is not allowed.
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
xt_connlimit: cannot load conntrack support for address family 10
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
EXT4-fs (loop1): group descriptors corrupted!
print_req_error: I/O error, dev loop1, sector 0
Buffer I/O error on dev loop1, logical block 0, async page read
XFS (loop5): unknown mount option [Ÿ$übœ±\xß=õì™À?÷gš%Rÿ’	vÅ…‚Éš©½	=¹6‘2=‡4<|i˜Æ~.)ꓧ{}¤àÞY™½*Цþõ&×l].
print_req_error: I/O error, dev loop1, sector 6
Buffer I/O error on dev loop1, logical block 3, async page read
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
xt_connlimit: cannot load conntrack support for address family 10
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
EXT4-fs (loop1): group descriptors corrupted!
xt_connlimit: cannot load conntrack support for address family 10
xt_connlimit: cannot load conntrack support for address family 10
EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
EXT4-fs (loop3): group descriptors corrupted!
EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
EXT4-fs (loop1): group descriptors corrupted!
XFS (loop5): unknown mount option [Ÿ$übœ±\xß=õì™À?÷gš%Rÿ’	vÅ…‚Éš©½	=¹6‘2=‡4<|i˜Æ~.)ꓧ{}¤àÞY™½*Цþõ&×l].
print_req_error: I/O error, dev loop3, sector 0
Buffer I/O error on dev loop3, logical block 0, async page read
print_req_error: I/O error, dev loop3, sector 6
Buffer I/O error on dev loop3, logical block 3, async page read
print_req_error: I/O error, dev loop1, sector 0
Buffer I/O error on dev loop1, logical block 0, async page read
XFS (loop0): unknown mount option [Ÿ$übœ±\xß=õì™À?÷gš%Rÿ’	vÅ…‚Éš©½	=¹6‘2=‡4<|i˜Æ~.)ꓧ{}¤àÞY™½*Цþõ&×l].