Hello,
syzbot found the following issue on:
HEAD commit: 4edbf74132a4 Linux 4.14.294
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=168dfee4880000
kernel config:
https://syzkaller.appspot.com/x/.config?x=94d4cf9c4e23980f
dashboard link:
https://syzkaller.appspot.com/bug?extid=6071b03fe6fdd40331b7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=147112a8880000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=10618c04880000
Downloadable assets:
disk image:
https://storage.googleapis.com/b40da19b4827/disk-4edbf741.raw.xz
vmlinux:
https://storage.googleapis.com/a36e39677c18/vmlinux-4edbf741.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+6071b0...@syzkaller.appspotmail.com
IPVS: ftp: loaded support on port[0] = 21
ntfs: volume version 3.1.
syz-executor110 (7999): drop_caches: 1
syz-executor110 (7999): drop_caches: 1
======================================================
WARNING: possible circular locking dependency detected
4.14.294-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:4/2880 is trying to acquire lock:
(&rl->lock){++++}, at: [<ffffffff82100e96>] ntfs_read_block fs/ntfs/aops.c:269 [inline]
(&rl->lock){++++}, at: [<ffffffff82100e96>] ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
but task is already holding lock:
(&ni->mrec_lock){+.+.}, at: [<ffffffff8213be9b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ni->mrec_lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166
ntfs_map_runlist_nolock+0xab3/0x1630 fs/ntfs/attrib.c:105
ntfs_map_runlist+0x64/0x90 fs/ntfs/attrib.c:306
ntfs_read_block fs/ntfs/aops.c:304 [inline]
ntfs_readpage+0x13e8/0x1ad0 fs/ntfs/aops.c:456
read_pages mm/readahead.c:131 [inline]
__do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199
ra_submit mm/internal.h:66 [inline]
ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
page_cache_sync_readahead mm/readahead.c:518 [inline]
page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
generic_file_buffered_read mm/filemap.c:2003 [inline]
generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
call_read_iter include/linux/fs.h:1774 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x449/0x620 fs/read_write.c:413
integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
-> #0 (&rl->lock){++++}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
ntfs_read_block fs/ntfs/aops.c:269 [inline]
ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
read_mapping_page include/linux/pagemap.h:398 [inline]
ntfs_map_page fs/ntfs/aops.h:89 [inline]
ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
write_mft_record fs/ntfs/mft.h:109 [inline]
__ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3077
write_inode fs/fs-writeback.c:1241 [inline]
__writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
wb_do_writeback fs/fs-writeback.c:1952 [inline]
wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ni->mrec_lock);
lock(&rl->lock);
lock(&ni->mrec_lock);
lock(&rl->lock);
*** DEADLOCK ***
3 locks held by kworker/u4:4/2880:
#0: ("writeback"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&ni->mrec_lock){+.+.}, at: [<ffffffff8213be9b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166
stack backtrace:
CPU: 0 PID: 2880 Comm: kworker/u4:4 Not tainted 4.14.294-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
down_read+0x36/0x80 kernel/locking/rwsem.c:24
ntfs_read_block fs/ntfs/aops.c:269 [inline]
ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
read_mapping_page include/linux/pagemap.h:398 [inline]
ntfs_map_page fs/ntfs/aops.h:89 [inline]
ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
write_mft_record fs/ntfs/mft.h:109 [inline]
__ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3077
write_inode fs/fs-writeback.c:1241 [inline]
__writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
wb_do_writeback fs/fs-writeback.c:1952 [inline]
wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches