======================================================
WARNING: possible circular locking dependency detected
5.15.168-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:0/9 is trying to acquire lock:
ffff88805c168120 (&wnd->rw_lock/1){+.+.}-{3:3}, at: ntfs_mark_rec_free+0x33/0x250 fs/ntfs3/fsntfs.c:711
but task is already holding lock:
ffff88807138bc00 (&ni->ni_lock){+.+.}-{3:3}, at: ni_trylock fs/ntfs3/ntfs_fs.h:1115 [inline]
ffff88807138bc00 (&ni->ni_lock){+.+.}-{3:3}, at: ni_write_inode+0x16b/0x1070 fs/ntfs3/frecord.c:3198
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&ni->ni_lock){+.+.}-{3:3}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
ntfs_set_state+0x1fa/0x660 fs/ntfs3/fsntfs.c:925
ni_find_attr+0x6cf/0x8b0 fs/ntfs3/frecord.c:238
attr_load_runs_vcn+0xd1/0x360 fs/ntfs3/attrib.c:1157
mi_read+0x342/0x5a0 fs/ntfs3/record.c:151
ntfs_read_mft fs/ntfs3/inode.c:69 [inline]
ntfs_iget5+0x472/0x38e0 fs/ntfs3/inode.c:525
ntfs_export_get_inode+0xd8/0x190 fs/ntfs3/super.c:618
generic_fh_to_dentry+0x94/0xe0 fs/libfs.c:1044
exportfs_decode_fh_raw+0x140/0x590 fs/exportfs/expfs.c:436
exportfs_decode_fh+0x38/0x70 fs/exportfs/expfs.c:576
do_handle_to_path fs/fhandle.c:152 [inline]
handle_to_path fs/fhandle.c:207 [inline]
do_handle_open+0x44c/0x960 fs/fhandle.c:223
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
-> #1 (&ni->file.run_lock#2){++++}-{3:3}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
down_read+0x45/0x2e0 kernel/locking/rwsem.c:1498
mi_read+0x17d/0x5a0 fs/ntfs3/record.c:129
mi_format_new+0x1a7/0x5c0 fs/ntfs3/record.c:374
ni_add_subrecord+0xde/0x430 fs/ntfs3/frecord.c:370
ntfs_look_free_mft+0x7f1/0xff0 fs/ntfs3/fsntfs.c:686
ni_create_attr_list+0x9b6/0x1470 fs/ntfs3/frecord.c:848
ni_ins_attr_ext+0x364/0xb30 fs/ntfs3/frecord.c:949
ni_insert_attr+0x38a/0x8e0 fs/ntfs3/frecord.c:1103
ni_insert_resident+0xf4/0x3c0 fs/ntfs3/frecord.c:1477
ntfs_set_ea+0xc61/0x1690 fs/ntfs3/xattr.c:444
ntfs_save_wsl_perm+0x128/0x470 fs/ntfs3/xattr.c:973
ntfs3_setattr+0x961/0xb70 fs/ntfs3/file.c:793
notify_change+0xc6d/0xf50 fs/attr.c:505
chown_common+0x592/0x890 fs/open.c:680
do_fchownat+0x169/0x240 fs/open.c:711
__do_sys_lchown fs/open.c:736 [inline]
__se_sys_lchown fs/open.c:734 [inline]
__x64_sys_lchown+0x81/0x90 fs/open.c:734
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
-> #0 (&wnd->rw_lock/1){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
down_write_nested+0x3b/0x60 kernel/locking/rwsem.c:1667
ntfs_mark_rec_free+0x33/0x250 fs/ntfs3/fsntfs.c:711
ni_write_inode+0x504/0x1070 fs/ntfs3/frecord.c:3293
write_inode fs/fs-writeback.c:1495 [inline]
__writeback_single_inode+0x644/0xe30 fs/fs-writeback.c:1705
writeback_sb_inodes+0xbce/0x1a40 fs/fs-writeback.c:1930
wb_writeback+0x451/0xc50 fs/fs-writeback.c:2104
wb_do_writeback fs/fs-writeback.c:2247 [inline]
wb_workfn+0x46c/0x1130 fs/fs-writeback.c:2288
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
other info that might help us debug this:
Chain exists of:
&wnd->rw_lock/1 --> &ni->file.run_lock#2 --> &ni->ni_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ni->ni_lock);
lock(&ni->file.run_lock#2);
lock(&ni->ni_lock);
lock(&wnd->rw_lock/1);
*** DEADLOCK ***
3 locks held by kworker/u4:0/9:
#0: ffff8881447c4938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90000ce7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffff88807138bc00 (&ni->ni_lock){+.+.}-{3:3}, at: ni_trylock fs/ntfs3/ntfs_fs.h:1115 [inline]
#2: ffff88807138bc00 (&ni->ni_lock){+.+.}-{3:3}, at: ni_write_inode+0x16b/0x1070 fs/ntfs3/frecord.c:3198
stack backtrace:
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 5.15.168-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: writeback wb_workfn (flush-7:1)
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
down_write_nested+0x3b/0x60 kernel/locking/rwsem.c:1667
ntfs_mark_rec_free+0x33/0x250 fs/ntfs3/fsntfs.c:711
ni_write_inode+0x504/0x1070 fs/ntfs3/frecord.c:3293
write_inode fs/fs-writeback.c:1495 [inline]
__writeback_single_inode+0x644/0xe30 fs/fs-writeback.c:1705
writeback_sb_inodes+0xbce/0x1a40 fs/fs-writeback.c:1930
wb_writeback+0x451/0xc50 fs/fs-writeback.c:2104
wb_do_writeback fs/fs-writeback.c:2247 [inline]
wb_workfn+0x46c/0x1130 fs/fs-writeback.c:2288
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
</TASK>