Re: [syzbot] [ntfs3?] possible deadlock in ntfs_set_state (2)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+c2ada45c23d98d646118@syzkaller.appspotmail.com>
To: almaz.alexandrovich@paragon-software.com,
	linux-kernel@vger.kernel.org,  syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ntfs3?] possible deadlock in ntfs_set_state (2)
Date: Wed, 17 Jul 2024 00:27:02 -0700	[thread overview]
Message-ID: <000000000000749377061d6c634f@google.com> (raw)
In-Reply-To: <6fb088e7-3385-4c06-945f-0a58da0bf138@paragon-software.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in ntfs_set_state

loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
ntfs3: loop0: ino=5, "/" ntfs_iget5
============================================
WARNING: possible recursive locking detected
6.10.0-rc1-syzkaller-00042-g911daf695a74 #0 Not tainted
--------------------------------------------
syz-executor.0/5460 is trying to acquire lock:
ffff88807a378100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ntfs_set_state+0x1d2/0x6a0 fs/ntfs3/fsntfs.c:947

but task is already holding lock:
ffff88807a1f0100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_trylock fs/ntfs3/ntfs_fs.h:1130 [inline]
ffff88807a1f0100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_write_inode+0x24a/0x2920 fs/ntfs3/frecord.c:3333

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&ni->ni_lock#2);
  lock(&ni->ni_lock#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.0/5460:
 #0: ffff888029f26420 (sb_writers#13){.+.+}-{0:0}, at: do_sys_ftruncate fs/open.c:199 [inline]
 #0: ffff888029f26420 (sb_writers#13){.+.+}-{0:0}, at: __do_sys_ftruncate fs/open.c:207 [inline]
 #0: ffff888029f26420 (sb_writers#13){.+.+}-{0:0}, at: __se_sys_ftruncate fs/open.c:205 [inline]
 #0: ffff888029f26420 (sb_writers#13){.+.+}-{0:0}, at: __x64_sys_ftruncate+0xa9/0x110 fs/open.c:205
 #1: ffff88807a1f03a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:791 [inline]
 #1: ffff88807a1f03a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0x14b/0x220 fs/open.c:63
 #2: ffff88807a1f0100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_trylock fs/ntfs3/ntfs_fs.h:1130 [inline]
 #2: ffff88807a1f0100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_write_inode+0x24a/0x2920 fs/ntfs3/frecord.c:3333

stack backtrace:
CPU: 1 PID: 5460 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00042-g911daf695a74 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain kernel/locking/lockdep.c:3856 [inline]
 __lock_acquire+0x20e6/0x3b30 kernel/locking/lockdep.c:5137
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 ntfs_set_state+0x1d2/0x6a0 fs/ntfs3/fsntfs.c:947
 ntfs_iget5+0x245/0x3880 fs/ntfs3/inode.c:540
 ni_update_parent fs/ntfs3/frecord.c:3286 [inline]
 ni_write_inode+0x1603/0x2920 fs/ntfs3/frecord.c:3392
 ntfs_truncate fs/ntfs3/file.c:473 [inline]
 ntfs3_setattr+0x739/0xc40 fs/ntfs3/file.c:775
 notify_change+0x745/0x11f0 fs/attr.c:497
 do_truncate+0x15c/0x220 fs/open.c:65
 do_ftruncate+0x5e5/0x720 fs/open.c:181
 do_sys_ftruncate fs/open.c:199 [inline]
 __do_sys_ftruncate fs/open.c:207 [inline]
 __se_sys_ftruncate fs/open.c:205 [inline]
 __x64_sys_ftruncate+0xa9/0x110 fs/open.c:205
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fda3c07dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fda3ce450c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007fda3c1abf80 RCX: 00007fda3c07dda9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fda3c0ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fda3c1abf80 R15: 00007ffdbf2e6828
 </TASK>
ntfs3: loop0: Mark volume as dirty due to NTFS errors


Tested on:

commit:         911daf69 fs/ntfs3: Fix formatting, change comments, re..
git tree:       https://github.com/Paragon-Software-Group/linux-ntfs3.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=123b55e9980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bd757510e287aff
dashboard link: https://syzkaller.appspot.com/bug?extid=c2ada45c23d98d646118
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

next      parent reply	other threads:[~2024-07-17  7:27 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <6fb088e7-3385-4c06-945f-0a58da0bf138@paragon-software.com>
2024-07-17  7:27 ` syzbot [this message]
     [not found] <e80cfc67-ff1c-484f-bf42-8c9d72408c36@paragon-software.com>
2024-08-23  9:26 ` [syzbot] [ntfs3?] possible deadlock in ntfs_set_state (2) syzbot
2024-02-13  7:12 syzbot
2024-02-13 10:37 ` Edward Adam Davis
2024-02-13 11:10   ` syzbot
2024-02-13 11:41 ` Hillf Danton
2024-02-26  4:23   ` Boqun Feng
2024-02-26 10:55     ` Hillf Danton
2024-02-26 11:46       ` syzbot
2024-02-26 12:06         ` Hillf Danton
2024-02-26 15:00           ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000749377061d6c634f@google.com \
    --to=syzbot+c2ada45c23d98d646118@syzkaller.appspotmail.com \
    --cc=almaz.alexandrovich@paragon-software.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.