====================================================== WARNING: possible circular locking dependency detected 6.1.119-syzkaller #0 Not tainted ------------------------------------------------------ syz.0.18/5155 is trying to acquire lock: ffff0000e4b0dc20 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline] ffff0000e4b0dc20 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}, at: ntfs_file_mmap+0x4b0/0x688 fs/ntfs3/file.c:399 but task is already holding lock: ffff0000d9791348 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline] ffff0000d9791348 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:518 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&mm->mmap_lock){++++}-{3:3}: __might_fault+0xc4/0x124 mm/memory.c:5851 fault_in_readable+0x188/0x5f0 mm/gup.c:1891 fault_in_iov_iter_readable+0x1a0/0x22c lib/iov_iter.c:370 generic_perform_write+0x1c8/0x55c mm/filemap.c:3835 __generic_file_write_iter+0x168/0x388 mm/filemap.c:3973 ntfs_file_write_iter+0x4d4/0x580 fs/ntfs3/file.c:1165 do_iter_write+0x534/0x964 fs/read_write.c:861 vfs_writev fs/read_write.c:934 [inline] do_pwritev+0x1ec/0x334 fs/read_write.c:1031 __do_sys_pwritev2 fs/read_write.c:1090 [inline] __se_sys_pwritev2 fs/read_write.c:1081 [inline] __arm64_sys_pwritev2+0xd4/0x108 fs/read_write.c:1081 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 -> #0 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x3338/0x7680 kernel/locking/lockdep.c:5049 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662 down_write+0x5c/0x88 kernel/locking/rwsem.c:1573 inode_lock include/linux/fs.h:758 [inline] ntfs_file_mmap+0x4b0/0x688 fs/ntfs3/file.c:399 call_mmap include/linux/fs.h:2270 [inline] mmap_file+0x6c/0xc8 mm/util.c:1109 __mmap_region mm/mmap.c:2760 [inline] mmap_region+0x128c/0x2208 mm/mmap.c:2904 do_mmap+0x9ac/0x110c mm/mmap.c:1424 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:520 ksys_mmap_pgoff+0x3c8/0x5b0 mm/mmap.c:1470 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mm->mmap_lock); lock(&sb->s_type->i_mutex_key#20); lock(&mm->mmap_lock); lock(&sb->s_type->i_mutex_key#20); *** DEADLOCK *** 1 lock held by syz.0.18/5155: #0: ffff0000d9791348 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline] #0: ffff0000d9791348 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:518 stack backtrace: CPU: 0 PID: 5155 Comm: syz.0.18 Not tainted 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2048 check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2170 check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x3338/0x7680 kernel/locking/lockdep.c:5049 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662 down_write+0x5c/0x88 kernel/locking/rwsem.c:1573 inode_lock include/linux/fs.h:758 [inline] ntfs_file_mmap+0x4b0/0x688 fs/ntfs3/file.c:399 call_mmap include/linux/fs.h:2270 [inline] mmap_file+0x6c/0xc8 mm/util.c:1109 __mmap_region mm/mmap.c:2760 [inline] mmap_region+0x128c/0x2208 mm/mmap.c:2904 do_mmap+0x9ac/0x110c mm/mmap.c:1424 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:520 ksys_mmap_pgoff+0x3c8/0x5b0 mm/mmap.c:1470 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5155 at fs/ntfs3/file.c:113 ntfs_extend_initialized_size+0x6cc/0x6f4 fs/ntfs3/file.c:113 Modules linked in: CPU: 0 PID: 5155 Comm: syz.0.18 Not tainted 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ntfs_extend_initialized_size+0x6cc/0x6f4 fs/ntfs3/file.c:113 lr : ntfs_extend_initialized_size+0x6cc/0x6f4 fs/ntfs3/file.c:113 sp : ffff8000216a75a0 x29: ffff8000216a76a0 x28: ffff0000e4b0d9a8 x27: ffff8000216a7640 x26: ffff7000042d4ec4 x25: ffff0000dfaa0000 x24: 0000000000000221 x23: ffff0000e4b0dcf8 x22: ffff8000216a7620 x21: dfff800000000000 x20: 00000000000ff800 x19: 0000000000090000 x18: ffff8000216a7400 x17: 0000000000000000 x16: ffff8000082fbba8 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009726ac0 x8 : ffff0000cf398000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000216a6838 x4 : ffff800015b630e0 x3 : 0000000000090000 x2 : 00000000000ff800 x1 : 0000000000090000 x0 : 00000000000ff800 Call trace: ntfs_extend_initialized_size+0x6cc/0x6f4 fs/ntfs3/file.c:113 ntfs_file_mmap+0x4d8/0x688 fs/ntfs3/file.c:400 call_mmap include/linux/fs.h:2270 [inline] mmap_file+0x6c/0xc8 mm/util.c:1109 __mmap_region mm/mmap.c:2760 [inline] mmap_region+0x128c/0x2208 mm/mmap.c:2904 do_mmap+0x9ac/0x110c mm/mmap.c:1424 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:520 ksys_mmap_pgoff+0x3c8/0x5b0 mm/mmap.c:1470 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 irq event stamp: 255 hardirqs last enabled at (255): [] kmem_cache_alloc_bulk+0x3c4/0x4fc mm/slub.c:3847 hardirqs last disabled at (254): [] kmem_cache_alloc_bulk+0x250/0x4fc mm/slub.c:3838 softirqs last enabled at (94): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (92): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ kernel BUG at fs/buffer.c:1967! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 5155 Comm: syz.0.18 Tainted: G W 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __block_write_begin_int+0x13a8/0x13b4 fs/buffer.c:1967 lr : __block_write_begin_int+0x13a8/0x13b4 fs/buffer.c:1967 sp : ffff8000216a7360 x29: ffff8000216a7490 x28: fffffc0003ab6280 x27: 1ffff000042d4ec8 x26: fffffc0003ab6288 x25: 0000000000000800 x24: ffff8000097473f4 x23: 1ffff000042d4e84 x22: 00000000fff91000 x21: 00000000000ff800 x20: 00000000fff90800 x19: dfff800000000000 x18: ffff8000216a7400 x17: 0000000000000000 x16: ffff800012272dc0 x15: 0000000000000000 x14: 0000000000000406 x13: ffff0000cf398000 x12: 0000000000000002 x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800008b3adc0 x8 : ffff0000cf398000 x7 : 0000000000000000 x6 : ffff80000875aa44 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010 x2 : 0000000000000000 x1 : 00000000fff91000 x0 : 0000000000001000 Call trace: __block_write_begin_int+0x13a8/0x13b4 fs/buffer.c:1967 __block_write_begin fs/buffer.c:2041 [inline] block_write_begin+0x98/0x11c fs/buffer.c:2102 ntfs_write_begin+0xb8/0x300 fs/ntfs3/inode.c:928 ntfs_extend_initialized_size+0x2f0/0x6f4 fs/ntfs3/file.c:159 ntfs_file_mmap+0x4d8/0x688 fs/ntfs3/file.c:400 call_mmap include/linux/fs.h:2270 [inline] mmap_file+0x6c/0xc8 mm/util.c:1109 __mmap_region mm/mmap.c:2760 [inline] mmap_region+0x128c/0x2208 mm/mmap.c:2904 do_mmap+0x9ac/0x110c mm/mmap.c:1424 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:520 ksys_mmap_pgoff+0x3c8/0x5b0 mm/mmap.c:1470 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Code: d4210000 97e6de96 d4210000 97e6de94 (d4210000) ---[ end trace 0000000000000000 ]---