[syzbot] [ntfs3?] INFO: trying to register non-static key in ntfs_setattr
6 views
Skip to first unread message
syzbot
Oct 13, 2025, 5:58:32 PM (7 days ago) Oct 13
to almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, nt...@lists.linux.dev, penguin...@i-love.sakura.ne.jp, penguin...@i-love.sakura.ne.jp, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 98906f9d850e Merge tag 'rtc-6.18' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=179e3304580000
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f4e542580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e5e9e2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1c918547df44/disk-98906f9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/df9f47b0003d/vmlinux-98906f9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65c9f6594bf8/bzImage-98906f9d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/3d759f242cbe/mount_0.gz
The issue was bisected to:
commit 4e8011ffec79717e5fdac43a7e79faf811a384b7
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Tue Sep 2 10:43:24 2025 +0000
ntfs3: pretend $Extend records as regular files
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=101de542580000
final oops: https://syzkaller.appspot.com/x/report.txt?x=121de542580000
console output: https://syzkaller.appspot.com/x/log.txt?x=141de542580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Fixes: 4e8011ffec79 ("ntfs3: pretend $Extend records as regular files")
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6070 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x70e/0xbe0 fs/ntfs3/file.c:806
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcea7abeec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3bd27e48 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fcea7d15fa0 RCX: 00007fcea7abeec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007fcea7b41f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcea7d15fa0 R14: 00007fcea7d15fa0 R15: 0000000000000002
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 98906f9d850e Merge tag 'rtc-6.18' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=179e3304580000
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f4e542580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e5e9e2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1c918547df44/disk-98906f9d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/df9f47b0003d/vmlinux-98906f9d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65c9f6594bf8/bzImage-98906f9d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/3d759f242cbe/mount_0.gz
The issue was bisected to:
commit 4e8011ffec79717e5fdac43a7e79faf811a384b7
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Tue Sep 2 10:43:24 2025 +0000
ntfs3: pretend $Extend records as regular files
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=101de542580000
final oops: https://syzkaller.appspot.com/x/report.txt?x=121de542580000
console output: https://syzkaller.appspot.com/x/log.txt?x=141de542580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Fixes: 4e8011ffec79 ("ntfs3: pretend $Extend records as regular files")
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6070 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x70e/0xbe0 fs/ntfs3/file.c:806
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcea7abeec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3bd27e48 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fcea7d15fa0 RCX: 00007fcea7abeec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007fcea7b41f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcea7d15fa0 R14: 00007fcea7d15fa0 R15: 0000000000000002
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 14, 2025, 2:41:27 AM (7 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: initialize run_lock for MFT inode in ntfs_read_mft
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
The run_lock rwsem was not being initialized for MFT inodes when
accessed outside the initial mount path. This caused lockdep warnings
when operations like truncate tried to acquire the uninitialized lock.
During initial mount (!sb->s_root), the MFT inode's run_lock is
correctly initialized. However, if the MFT inode is accessed later
through the regular S_ISREG path in ntfs_read_mft, the condition
"if (ino != MFT_REC_MFT)" skips initialization, leading to an
uninitialized lock being used.
Remove the MFT check so run_lock is always initialized for regular
files, ensuring the lock is properly initialized in all code paths.
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/inode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 3959f23c487a..80d80dfad308 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -461,8 +461,7 @@ static struct inode *ntfs_read_mft(struct inode *inode,
&ntfs_file_operations;
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
- if (ino != MFT_REC_MFT)
- init_rwsem(&ni->file.run_lock);
+ init_rwsem(&ni->file.run_lock);
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
--
2.34.1
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: initialize run_lock for MFT inode in ntfs_read_mft
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
The run_lock rwsem was not being initialized for MFT inodes when
accessed outside the initial mount path. This caused lockdep warnings
when operations like truncate tried to acquire the uninitialized lock.
During initial mount (!sb->s_root), the MFT inode's run_lock is
correctly initialized. However, if the MFT inode is accessed later
through the regular S_ISREG path in ntfs_read_mft, the condition
"if (ino != MFT_REC_MFT)" skips initialization, leading to an
uninitialized lock being used.
Remove the MFT check so run_lock is always initialized for regular
files, ensuring the lock is properly initialized in all code paths.
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/inode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 3959f23c487a..80d80dfad308 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -461,8 +461,7 @@ static struct inode *ntfs_read_mft(struct inode *inode,
&ntfs_file_operations;
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
- if (ino != MFT_REC_MFT)
- init_rwsem(&ni->file.run_lock);
+ init_rwsem(&ni->file.run_lock);
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
--
2.34.1
syzbot
Oct 14, 2025, 3:17:05 AM (7 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6530 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
RAX: ffffffffffffffda RBX: 00007fd3798d5fa0 RCX: 00007fd37967eec9
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1140bb34580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x70e/0xbe0 fs/ntfs3/file.c:806
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd37967eec9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x70e/0xbe0 fs/ntfs3/file.c:806
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd378cee038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fd3798d5fa0 RCX: 00007fd37967eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007fd379701f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fd3798d6038 R14: 00007fd3798d5fa0 R15: 00007ffe10a7c298
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1140bb34580000
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=1569467c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 3:38:47 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: prevent MFT inode resize operations
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
The MFT (Master File Table) inode does not have its run_lock rwsem
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
initialized, as noted in ntfs_file_release(). When a truncate operation
is attempted on the MFT inode, ntfs_truncate() tries to acquire the
uninitialized run_lock, triggering a lockdep warning about using a
non-static key.
The MFT is a special system file that should not be resized by user
operations. Add a check in ntfs_setattr() to reject any size change
attempts on the MFT inode with -EPERM before reaching ntfs_truncate().
This is consistent with the existing design where ntfs_file_release()
explicitly skips operations on MFT due to the missing run_lock
initialization.
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
fs/ntfs3/file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..2555850483c4 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -792,7 +792,13 @@ int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
if (ia_valid & ATTR_SIZE) {
loff_t newsize, oldsize;
-
+ ntfs_warn(inode->i_sb,
+ "DEBUG: Truncating inode %lu (MFT_REC_MFT is %d)",
+ inode->i_ino, MFT_REC_MFT);
+ if (inode->i_ino == MFT_REC_MFT) {
+ err = -EPERM;
+ goto out;
+ }
if (WARN_ON(ni->ni_flags & NI_FLAG_COMPRESSED_MASK)) {
/* Should never be here, see ntfs_file_open(). */
err = -EOPNOTSUPP;
--
2.34.1
syzbot
Oct 14, 2025, 4:13:05 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
ntfs3(loop0): DEBUG: Truncating inode 25 (MFT_REC_MFT is 0)
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6662 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x72e/0xbb0 fs/ntfs3/file.c:812
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fedf2b5eec9
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fedf21c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fedf2db5fa0 RCX: 00007fedf2b5eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007fedf2be1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fedf2db6038 R14: 00007fedf2db5fa0 R15: 00007ffc4a35b2f8
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16c615e2580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=161c25e2580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 5:06:04 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
files to help diagnose lockdep warnings.
fs/ntfs3/file.c | 1 +
fs/ntfs3/inode.c | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..0eb218a2b999 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -773,6 +773,7 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len)
int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
+ printk(KERN_WARNING "ntfs_setattr: testing by deepanshu \n");
struct inode *inode = d_inode(dentry);
struct ntfs_inode *ni = ntfs_i(inode);
u32 ia_valid = attr->ia_valid;
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 3959f23c487a..e4ba37c3cf72 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -462,7 +462,11 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
&ntfs_aops;
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
@@ -1180,6 +1184,7 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
umode_t mode, dev_t dev, const char *symname, u32 size,
struct ntfs_fnd *fnd)
{
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1604,6 +1609,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
init_rwsem(&ni->file.run_lock);
&ntfs_aops;
+ ntfs_warn(sb, "DEBUG: Created regular file inode %lu, run_lock initialized",
+ inode->i_ino);
} else {
inode->i_op = &ntfs_special_inode_operations;
init_special_inode(inode, mode, dev);
--
2.43.0
syzbot
Oct 14, 2025, 5:29:08 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
ntfs3(loop0): DEBUG: deepanshu Read inode 2, S_ISREG=1, run_lock_init=1
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
ntfs3(loop0): DEBUG: deepanshu Read inode 6, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 8, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 4, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 10, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 9, S_ISREG=1, run_lock_init=1
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6640 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8a9079eec9
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8a8fe06038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f8a909f5fa0 RCX: 00007f8a9079eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007f8a90821f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8a909f6038 R14: 00007f8a909f5fa0 R15: 00007fff603a7228
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13e905e2580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=17d225e2580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 5:43:17 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
fs/ntfs3/inode.c | 11 ++++++++++-
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..0eb218a2b999 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -773,6 +773,7 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len)
int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
+ printk(KERN_WARNING "ntfs_setattr: testing by deepanshu \n");
struct inode *inode = d_inode(dentry);
struct ntfs_inode *ni = ntfs_i(inode);
u32 ia_valid = attr->ia_valid;
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
@@ -462,7 +462,11 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
@@ -1180,6 +1184,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
umode_t mode, dev_t dev, const char *symname, u32 size,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
struct ntfs_fnd *fnd)
{
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1597,6 +1603,7 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
inode->i_size = size;
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
@@ -1604,6 +1611,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
syzbot
Oct 14, 2025, 6:09:46 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
fs/ntfs3/inode.c | 57 ++++++++++++++++++++++++++++++++++++++++++------
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
2 files changed, 51 insertions(+), 7 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..0eb218a2b999 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -773,6 +773,7 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len)
int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
+ printk(KERN_WARNING "ntfs_setattr: testing by deepanshu \n");
struct inode *inode = d_inode(dentry);
struct ntfs_inode *ni = ntfs_i(inode);
u32 ia_valid = attr->ia_valid;
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
@@ -50,7 +50,10 @@ static struct inode *ntfs_read_mft(struct inode *inode,
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
/* Setup 'uid' and 'gid' */
inode->i_uid = sbi->options->fs_uid;
inode->i_gid = sbi->options->fs_gid;
-
+ if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: ntfs_read_mft ENTERED for inode 25");
+ dump_stack();
+ }
err = mi_init(&ni->mi, sbi, ino);
if (err)
goto out;
@@ -462,7 +465,11 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
@@ -529,27 +536,58 @@ static int ntfs_set_inode(struct inode *inode, void *data)
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
struct inode *ntfs_iget5(struct super_block *sb, const struct MFT_REF *ref,
const struct cpu_str *name)
{
+
struct inode *inode;
-
+ unsigned long ino = ino_get(ref);
+ if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: ntfs_iget5 called for inode 25");
+ dump_stack();
+ }
inode = iget5_locked(sb, ino_get(ref), ntfs_test_inode, ntfs_set_inode,
(void *)ref);
if (unlikely(!inode))
return ERR_PTR(-ENOMEM);
-
+ if (ino == 25)
+ ntfs_warn(sb, "DEBUG: inode 25 - I_NEW=%d", !!(inode->i_state & I_NEW));
/* If this is a freshly allocated inode, need to read it now. */
- if (inode->i_state & I_NEW)
+ if (inode->i_state & I_NEW){
+ if (ino == 25)
+ ntfs_warn(sb, "DEBUG: Calling ntfs_read_mft for inode 25");
inode = ntfs_read_mft(inode, name, ref);
+ if (ino == 25 && IS_ERR(inode)) {
+ ntfs_warn(sb, "DEBUG: ntfs_read_mft FAILED for inode 25, error=%ld",
+ PTR_ERR(inode));
+ dump_stack();
+ }
+ }
else if (ref->seq != ntfs_i(inode)->mi.mrec->seq) {
/*
* Sequence number is not expected.
* Looks like inode was reused but caller uses the old reference
*/
+ if (ino == 25 && IS_ERR(inode)) {
+ ntfs_warn(sb, "DEBUG: ntfs_read_mft FAILED for inode 25, error=%ld",
+ PTR_ERR(inode));
+ dump_stack();
+ }
iput(inode);
inode = ERR_PTR(-ESTALE);
}
- if (IS_ERR(inode))
- ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
+ else if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: inode 25 found in cache, skipping ntfs_read_mft!");
+ dump_stack();
+ }
+
+ /*if (IS_ERR(inode))
+ ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);*/
+ if (IS_ERR(inode)) {
+ if (ino == 25)
+ ntfs_warn(sb, "DEBUG: inode 25 IS_ERR, setting DIRTY_ERROR");
+ ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
+ } else if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: inode 25 returning successfully");
+ }
return inode;
}
@@ -1180,6 +1218,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
umode_t mode, dev_t dev, const char *symname, u32 size,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1597,6 +1637,7 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
inode->i_size = size;
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
@@ -1604,6 +1645,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
syzbot
Oct 14, 2025, 6:12:04 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
ntfs3(loop0): DEBUG: deepanshu Read inode 2, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 6, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 8, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 4, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 10, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 9, S_ISREG=1, run_lock_init=1
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6558 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
ntfs3(loop0): DEBUG: deepanshu Read inode 2, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 6, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 8, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 4, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 10, S_ISREG=1, run_lock_init=1
ntfs3(loop0): DEBUG: deepanshu Read inode 9, S_ISREG=1, run_lock_init=1
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8c2e81eec9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8c2de86038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f8c2ea75fa0 RCX: 00007f8c2e81eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007f8c2e8a1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8c2ea76038 R14: 00007f8c2ea75fa0 R15: 00007fff37c0d8a8
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10785542580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=13d905e2580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 6:30:06 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
RSP: 002b:00007f1742abe038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
RAX: ffffffffffffffda RBX: 00007f17436a5fa0 RCX: 00007f174344eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007f17434d1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f17436a6038 R14: 00007f17436a5fa0 R15: 00007ffe27f6bb68
</TASK>
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6674 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f174344eec9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1742abe038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f17436a5fa0 RCX: 00007f174344eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007f17434d1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f17436a6038 R14: 00007f17436a5fa0 R15: 00007ffe27f6bb68
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12fbcc58580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=14dbcc58580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 7:02:28 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
fs/ntfs3/inode.c | 83 +++++++++++++++++++++++++++++++++---------------
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
2 files changed, 58 insertions(+), 26 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..0eb218a2b999 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -773,6 +773,7 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len)
int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
+ printk(KERN_WARNING "ntfs_setattr: testing by deepanshu \n");
struct inode *inode = d_inode(dentry);
struct ntfs_inode *ni = ntfs_i(inode);
u32 ia_valid = attr->ia_valid;
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
@@ -50,7 +50,10 @@ static struct inode *ntfs_read_mft(struct inode *inode,
/* Setup 'uid' and 'gid' */
inode->i_uid = sbi->options->fs_uid;
inode->i_gid = sbi->options->fs_gid;
-
+ if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: ntfs_read_mft ENTERED for inode 25");
+ //dump_stack();
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
@@ -50,7 +50,10 @@ static struct inode *ntfs_read_mft(struct inode *inode,
/* Setup 'uid' and 'gid' */
inode->i_uid = sbi->options->fs_uid;
inode->i_gid = sbi->options->fs_gid;
-
+ if (ino == 25) {
+ ntfs_warn(sb, "DEBUG: ntfs_read_mft ENTERED for inode 25");
+ }
err = mi_init(&ni->mi, sbi, ino);
if (err)
goto out;
@@ -462,7 +465,11 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
@@ -527,33 +534,52 @@ static int ntfs_set_inode(struct inode *inode, void *data)
err = mi_init(&ni->mi, sbi, ino);
if (err)
goto out;
@@ -462,7 +465,11 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
if (ino != MFT_REC_MFT)
+ {
+ ntfs_warn(sb, "DEBUG: deepanshu Read inode %lu, S_ISREG=%d, run_lock_init=%d",
+ ino, S_ISREG(mode), (ino != MFT_REC_MFT));
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
inode->i_op = &ntfs_special_inode_operations;
}
struct inode *ntfs_iget5(struct super_block *sb, const struct MFT_REF *ref,
- const struct cpu_str *name)
struct inode *ntfs_iget5(struct super_block *sb, const struct MFT_REF *ref,
+ const struct cpu_str *name)
{
- struct inode *inode;
-
- inode = iget5_locked(sb, ino_get(ref), ntfs_test_inode, ntfs_set_inode,
- (void *)ref);
- if (unlikely(!inode))
- return ERR_PTR(-ENOMEM);
-
- /* If this is a freshly allocated inode, need to read it now. */
- if (inode->i_state & I_NEW)
- inode = ntfs_read_mft(inode, name, ref);
- else if (ref->seq != ntfs_i(inode)->mi.mrec->seq) {
- /*
- * Sequence number is not expected.
- * Looks like inode was reused but caller uses the old reference
- */
- iput(inode);
- inode = ERR_PTR(-ESTALE);
- }
-
- if (IS_ERR(inode))
- ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
-
- ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
- return inode;
+ struct inode *inode;
+ unsigned long ino = ino_get(ref);
+
+
+ if (ino == 25) {
+ printk(KERN_ERR "DEEPANSHU: ntfs_iget5 START for inode 25\n");
+ //dump_stack();
+ }
+
+ inode = iget5_locked(sb, ino, ntfs_test_inode, ntfs_set_inode,
+ (void *)ref);
+
+ if (unlikely(!inode))
+ return ERR_PTR(-ENOMEM);
+
+ if (inode->i_ino == 25) {
+ printk(KERN_ERR "DEEPANSHU: After iget5_locked for inode 25, I_NEW=%d, i_state=0x%x\n",
+ !!(inode->i_state & I_NEW), inode->i_state);
+ //dump_stack();
+ }
+
+ /* If this is a freshly allocated inode, need to read it now. */
+ if (inode->i_state & I_NEW) {
+ if (inode->i_ino == 25)
+ printk(KERN_ERR "DEEPANSHU: Calling ntfs_read_mft for inode 25\n");
+ inode = ntfs_read_mft(inode, name, ref);
+ if (inode->i_ino == 25 && IS_ERR(inode))
+ printk(KERN_ERR "DEEPANSHU: ntfs_read_mft FAILED for inode 25\n");
+ } else if (ref->seq != ntfs_i(inode)->mi.mrec->seq) {
+ if (inode->i_ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 seq mismatch\n");
+ iput(inode);
+ inode = ERR_PTR(-ESTALE);
+ } else if (inode->i_ino == 25) {
+ printk(KERN_ERR "DEEPANSHU: inode 25 found in CACHE, skipping ntfs_read_mft!\n");
+ //dump_stack();
+ }
+
+ if (IS_ERR(inode))
+ ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
+
+ return inode;
}
+
enum get_block_ctx {
GET_BLOCK_GENERAL = 0,
GET_BLOCK_WRITE_BEGIN = 1,
@@ -1180,6 +1206,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
umode_t mode, dev_t dev, const char *symname, u32 size,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1597,6 +1625,7 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
inode->i_size = size;
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
@@ -1604,6 +1633,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
syzbot
Oct 14, 2025, 7:36:06 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
DEEPANSHU: ntfs_iget5 START for inode 25
DEEPANSHU: After iget5_locked for inode 25, I_NEW=1, i_state=0x1
DEEPANSHU: Calling ntfs_read_mft for inode 25
ntfs3(loop0): DEBUG: ntfs_read_mft ENTERED for inode 25
DEEPANSHU: ntfs_iget5 START for inode 25
DEEPANSHU: After iget5_locked for inode 25, I_NEW=0, i_state=0x0
DEEPANSHU: inode 25 found in CACHE, skipping ntfs_read_mft!
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6475 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9d5ed0eec9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9d5e37e038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f9d5ef65fa0 RCX: 00007f9d5ed0eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007f9d5ed91f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9d5ef66038 R14: 00007f9d5ef65fa0 R15: 00007fffa6e46398
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=170e25e2580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=10d505e2580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 7:49:11 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
fs/ntfs3/inode.c | 115 +++++++++++++++++++++++++++++++++++------------
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: add debug warnings for run_lock initialization
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Add debug messages to track when run_lock is initialized for regular
files to help diagnose lockdep warnings.
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
fs/ntfs3/file.c | 1 +
2 files changed, 87 insertions(+), 29 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..0eb218a2b999 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -773,6 +773,7 @@ static long ntfs_fallocate(struct file *file, int mode, loff_t vbo, loff_t len)
int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
+ printk(KERN_WARNING "ntfs_setattr: testing by deepanshu \n");
struct inode *inode = d_inode(dentry);
struct ntfs_inode *ni = ntfs_i(inode);
u32 ia_valid = attr->ia_valid;
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
@@ -50,10 +50,17 @@ static struct inode *ntfs_read_mft(struct inode *inode,
+++ b/fs/ntfs3/inode.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// Created regular file inode// SPDX-License-Identifier: GPL-2.0
/*
*
* Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
/* Setup 'uid' and 'gid' */
inode->i_uid = sbi->options->fs_uid;
inode->i_gid = sbi->options->fs_gid;
-
+
inode->i_uid = sbi->options->fs_uid;
inode->i_gid = sbi->options->fs_gid;
-
+
+ if (ino == 25) {
+ printk(KERN_ERR "DEEPANSHU: ntfs_read_mft ENTERED for inode 25\n");
+ }
+
err = mi_init(&ni->mi, sbi, ino);
- if (err)
err = mi_init(&ni->mi, sbi, ino);
+ if (err) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 - mi_init FAILED, err=%d\n", err);
goto out;
+ }
if (!sbi->mft.ni && ino == MFT_REC_MFT && !sb->s_root) {
t64 = sbi->mft.lbo >> sbi->cluster_bits;
@@ -407,8 +414,14 @@ static struct inode *ntfs_read_mft(struct inode *inode,
end_enum:
- if (!std5)
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 reached end_enum, mode=0%o\n", mode);
+
+ if (!std5) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 - NO std5, going to out\n");
goto out;
+ }
if (is_bad_inode(inode))
goto out;
@@ -436,6 +449,8 @@ static struct inode *ntfs_read_mft(struct inode *inode,
set_nlink(inode, links);
if (S_ISDIR(mode)) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 is DIR\n");
ni->std_fa |= FILE_ATTRIBUTE_DIRECTORY;
/*
@@ -449,11 +464,15 @@ static struct inode *ntfs_read_mft(struct inode *inode,
&ntfs_dir_operations;
ni->i_valid = 0;
} else if (S_ISLNK(mode)) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 is SYMLINK\n");
ni->std_fa &= ~FILE_ATTRIBUTE_DIRECTORY;
inode->i_op = &ntfs_link_inode_operations;
inode->i_fop = NULL;
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 is REGULAR FILE, about to init lock\n");
ni->std_fa &= ~FILE_ATTRIBUTE_DIRECTORY;
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
@@ -461,18 +480,27 @@ static struct inode *ntfs_read_mft(struct inode *inode,
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_file_operations;
inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
&ntfs_aops;
- if (ino != MFT_REC_MFT)
&ntfs_aops;
+ if (ino != MFT_REC_MFT) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 - INITIALIZING run_lock NOW\n");
init_rwsem(&ni->file.run_lock);
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
+ }
} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
S_ISSOCK(mode)) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 is SPECIAL\n");
inode->i_op = &ntfs_special_inode_operations;
init_special_inode(inode, mode, inode->i_rdev);
} else if (fname && fname->home.low == cpu_to_le32(MFT_REC_EXTEND) &&
fname->home.seq == cpu_to_le16(MFT_REC_EXTEND)) {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 is EXTEND record\n");
/* Records in $Extend are not a files or general directories. */
inode->i_op = &ntfs_file_inode_operations;
mode = S_IFREG;
} else {
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 - INVALID mode, going to out\n");
err = -EINVAL;
goto out;
}
@@ -494,11 +522,16 @@ static struct inode *ntfs_read_mft(struct inode *inode,
if (ino == MFT_REC_MFT && !sb->s_root)
sbi->mft.ni = NULL;
+ if (ino == 25)
+
unlock_new_inode(inode);
return inode;
out:
+ if (ino == 25)
+ printk(KERN_ERR "DEEPANSHU: inode 25 - ERROR PATH, err=%d\n", err);
if (ino == MFT_REC_MFT && !sb->s_root)
sbi->mft.ni = NULL;
@@ -527,33 +560,52 @@ static int ntfs_set_inode(struct inode *inode, void *data)
umode_t mode, dev_t dev, const char *symname, u32 size,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
@@ -1597,6 +1651,7 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
struct ntfs_fnd *fnd)
{
+ printk(KERN_WARNING "GET THE MESSAGE deepanshu \n");
+ //ntfs_warn(sb, "DEBUG: In inodde function");
int err;
struct super_block *sb = dir->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info;
inode->i_size = size;
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
@@ -1604,6 +1659,8 @@ int ntfs_create_inode(struct mnt_idmap *idmap, struct inode *dir,
inode_nohighmem(inode);
} else if (S_ISREG(mode)) {
+ ntfs_warn(dir->i_sb, "DEBUG: Setting up regular file inode %lu", inode->i_ino);
inode->i_op = &ntfs_file_inode_operations;
inode->i_fop = unlikely(is_legacy_ntfs(sb)) ?
&ntfs_legacy_file_operations :
syzbot
Oct 14, 2025, 8:14:07 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in ntfs_setattr
DEEPANSHU: ntfs_read_mft ENTERED for inode 25
DEEPANSHU: inode 25 reached end_enum, mode=00
DEEPANSHU: inode 25 is EXTEND record
DEEPANSHU: inode 25 - SUCCESS, about to unlock_new_inode
DEEPANSHU: ntfs_iget5 START for inode 25
DEEPANSHU: After iget5_locked for inode 25, I_NEW=0, i_state=0x0
DEEPANSHU: inode 25 found in CACHE, skipping ntfs_read_mft!
ntfs_setattr: testing by deepanshu
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6686 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faadec4eec9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
__lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ntfs_truncate fs/ntfs3/file.c:483 [inline]
ntfs_setattr+0x71a/0xbf0 fs/ntfs3/file.c:807
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faade2be038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007faadeea5fa0 RCX: 00007faadec4eec9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
RBP: 00007faadecd1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faadeea6038 R14: 00007faadeea5fa0 R15: 00007ffe8c5e50a8
</TASK>
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=133915e2580000
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=16bb467c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Oct 14, 2025, 8:53:29 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: initialize run_lock for $Extend inode records
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Inodes from the $Extend directory (NTFS system metadata files) were not
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
having their run_lock rwsem initialized. These inodes are assigned
ntfs_file_inode_operations but skip the normal S_ISREG initialization
path where run_lock is initialized.
When operations like truncate are called on these inodes, the code
attempts to acquire the uninitialized run_lock, triggering lockdep
warnings about using non-static keys.
Initialize run_lock for $Extend records to match the initialization done
for regular files.
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
fs/ntfs3/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 3959f23c487a..180cd984339b 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -472,6 +472,7 @@ static struct inode *ntfs_read_mft(struct inode *inode,
/* Records in $Extend are not a files or general directories. */
inode->i_op = &ntfs_file_inode_operations;
mode = S_IFREG;
+ init_rwsem(&ni->file.run_lock);
inode->i_op = &ntfs_file_inode_operations;
mode = S_IFREG;
} else {
err = -EINVAL;
goto out;
--
goto out;
2.43.0
syzbot
Oct 14, 2025, 9:25:13 AM (6 days ago) Oct 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ntfs3: prevent operations on NTFS system files
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Commit 4e8011ffec79 ("ntfs3: pretend $Extend records as regular files")
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
set the mode for $Extend records to S_IFREG to satisfy VFS requirements.
This made system metadata files appear as regular files, allowing
operations like truncate to be attempted on them.
NTFS system files (inode numbers below MFT_REC_FREE) should not have
their size modified by userspace as this can corrupt the filesystem.
Additionally, the run_lock was not initialized for $Extend records,
causing lockdep warnings when such operations were attempted.
Fix both issues by:
1. Initializing run_lock for $Extend records to prevent crashes
2. Blocking size-change operations on all NTFS system files to prevent
filesystem corruption
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Fixes: 4e8011ffec79 ("ntfs3: pretend $Extend records as regular files")
fs/ntfs3/inode.c | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 4c90ec2fa2ea..c5b2bddb0cee 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -792,7 +792,11 @@ int ntfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
if (ia_valid & ATTR_SIZE) {
loff_t newsize, oldsize;
-
+ if (ni->mi.rno < MFT_REC_FREE) {
+ err = -EPERM;
+ goto out;
+ }
if (WARN_ON(ni->ni_flags & NI_FLAG_COMPRESSED_MASK)) {
/* Should never be here, see ntfs_file_open(). */
err = -EOPNOTSUPP;
+ goto out;
+ }
if (WARN_ON(ni->ni_flags & NI_FLAG_COMPRESSED_MASK)) {
/* Should never be here, see ntfs_file_open(). */
err = -EOPNOTSUPP;
syzbot
Oct 14, 2025, 9:34:06 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1125f304580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=17ffcc58580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: testing is done by a robot and is best-effort only.
syzbot
Oct 14, 2025, 9:57:05 AM (6 days ago) Oct 14
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11cb05e2580000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested-by: syzbot+3e58a7...@syzkaller.appspotmail.com
Tested on:
commit: 3a866087 Linux 6.18-rc1
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=af9170887d81dea1
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=164f467c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3e58a7dc1a8c00243999
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Dan Carpenter
Oct 16, 2025, 1:59:07 PM (4 days ago) Oct 16
to oe-k...@lists.linux.dev, syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com, karti...@gmail.com, l...@intel.com, oe-kbu...@lists.linux.dev
Hi syzbot,
kernel test robot noticed the following build warnings:
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/syzbot/Forwarded-PATCH-ntfs3-add-debug-warnings-for-run_lock-initialization/20251014-195051
base: v6.18-rc1
patch link: https://lore.kernel.org/r/68ee38b5.050a0220.ac43.00fd.GAE%40google.com
patch subject: Forwarded: [PATCH] ntfs3: add debug warnings for run_lock initialization
config: i386-randconfig-141-20251015 (https://download.01.org/0day-ci/archive/20251017/202510170051...@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <l...@intel.com>
| Reported-by: Dan Carpenter <dan.ca...@linaro.org>
| Closes: https://lore.kernel.org/r/202510170051...@intel.com/
smatch warnings:
fs/ntfs3/inode.c:590 ntfs_iget5() warn: variable dereferenced before IS_ERR check 'inode' (see line 590)
vim +/inode +590 fs/ntfs3/inode.c
82cae269cfa9530 Konstantin Komarov 2021-08-13 562 struct inode *ntfs_iget5(struct super_block *sb, const struct MFT_REF *ref,
82cae269cfa9530 Konstantin Komarov 2021-08-13 563 const struct cpu_str *name)
82cae269cfa9530 Konstantin Komarov 2021-08-13 564 {
82cae269cfa9530 Konstantin Komarov 2021-08-13 565 struct inode *inode;
9ca11d2cd5f563e syzbot 2025-10-14 566 unsigned long ino = ino_get(ref);
82cae269cfa9530 Konstantin Komarov 2021-08-13 567
9ca11d2cd5f563e syzbot 2025-10-14 568 if (ino == 25) {
9ca11d2cd5f563e syzbot 2025-10-14 569 printk(KERN_ERR "DEEPANSHU: ntfs_iget5 START for inode 25\n");
9ca11d2cd5f563e syzbot 2025-10-14 570 //dump_stack();
9ca11d2cd5f563e syzbot 2025-10-14 571 }
9ca11d2cd5f563e syzbot 2025-10-14 572
9ca11d2cd5f563e syzbot 2025-10-14 573 inode = iget5_locked(sb, ino, ntfs_test_inode, ntfs_set_inode,
82cae269cfa9530 Konstantin Komarov 2021-08-13 574 (void *)ref);
9ca11d2cd5f563e syzbot 2025-10-14 575
82cae269cfa9530 Konstantin Komarov 2021-08-13 576 if (unlikely(!inode))
82cae269cfa9530 Konstantin Komarov 2021-08-13 577 return ERR_PTR(-ENOMEM);
82cae269cfa9530 Konstantin Komarov 2021-08-13 578
9ca11d2cd5f563e syzbot 2025-10-14 579 if (inode->i_ino == 25) {
9ca11d2cd5f563e syzbot 2025-10-14 580 printk(KERN_ERR "DEEPANSHU: After iget5_locked for inode 25, I_NEW=%d, i_state=0x%x\n",
9ca11d2cd5f563e syzbot 2025-10-14 581 !!(inode->i_state & I_NEW), inode->i_state);
9ca11d2cd5f563e syzbot 2025-10-14 582 //dump_stack();
9ca11d2cd5f563e syzbot 2025-10-14 583 }
9ca11d2cd5f563e syzbot 2025-10-14 584
82cae269cfa9530 Konstantin Komarov 2021-08-13 585 /* If this is a freshly allocated inode, need to read it now. */
9ca11d2cd5f563e syzbot 2025-10-14 586 if (inode->i_state & I_NEW) {
9ca11d2cd5f563e syzbot 2025-10-14 587 if (inode->i_ino == 25)
9ca11d2cd5f563e syzbot 2025-10-14 588 printk(KERN_ERR "DEEPANSHU: Calling ntfs_read_mft for inode 25\n");
82cae269cfa9530 Konstantin Komarov 2021-08-13 589 inode = ntfs_read_mft(inode, name, ref);
9ca11d2cd5f563e syzbot 2025-10-14 @590 if (inode->i_ino == 25 && IS_ERR(inode))
^^^^^^^^^^^^ ^^^^^
"inode" dereferenced before an IS_ERR() check...
9ca11d2cd5f563e syzbot 2025-10-14 591 printk(KERN_ERR "DEEPANSHU: ntfs_read_mft FAILED for inode 25\n");
9ca11d2cd5f563e syzbot 2025-10-14 592 } else if (ref->seq != ntfs_i(inode)->mi.mrec->seq) {
9ca11d2cd5f563e syzbot 2025-10-14 593 if (inode->i_ino == 25)
9ca11d2cd5f563e syzbot 2025-10-14 594 printk(KERN_ERR "DEEPANSHU: inode 25 seq mismatch\n");
1fd21919de6de24 Konstantin Komarov 2024-08-22 595 iput(inode);
1fd21919de6de24 Konstantin Komarov 2024-08-22 596 inode = ERR_PTR(-ESTALE);
9ca11d2cd5f563e syzbot 2025-10-14 597 } else if (inode->i_ino == 25) {
9ca11d2cd5f563e syzbot 2025-10-14 598 printk(KERN_ERR "DEEPANSHU: inode 25 found in CACHE, skipping ntfs_read_mft!\n");
9ca11d2cd5f563e syzbot 2025-10-14 599 //dump_stack();
82cae269cfa9530 Konstantin Komarov 2021-08-13 600 }
82cae269cfa9530 Konstantin Komarov 2021-08-13 601
1fd21919de6de24 Konstantin Komarov 2024-08-22 602 if (IS_ERR(inode))
0e8235d28f3a0e9 Konstantin Komarov 2022-10-10 603 ntfs_set_state(sb->s_fs_info, NTFS_DIRTY_ERROR);
0e8235d28f3a0e9 Konstantin Komarov 2022-10-10 604
82cae269cfa9530 Konstantin Komarov 2021-08-13 605 return inode;
82cae269cfa9530 Konstantin Komarov 2021-08-13 606 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Reply all
Reply to author
Forward
0 new messages