======================================================
WARNING: possible circular locking dependency detected
6.6.0-syzkaller-15365-g305230142ae0 #0 Not tainted
------------------------------------------------------
syz-executor.3/5226 is trying to acquire lock:
ffff888079c92200 (&rl->lock){++++}-{3:3}, at: ntfs_sync_mft_mirror+0x19bb/0x1eb0 fs/ntfs/mft.c:536
but task is already holding lock:
ffff888079c96cd0 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x4a/0x730 fs/ntfs/mft.c:154
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ni->mrec_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747
map_mft_record+0x4a/0x730 fs/ntfs/mft.c:154
ntfs_map_runlist_nolock+0xbbd/0x17a0 fs/ntfs/attrib.c:91
ntfs_map_runlist+0x7b/0xa0 fs/ntfs/attrib.c:292
ntfs_read_block fs/ntfs/aops.c:277 [inline]
ntfs_read_folio+0x1ae8/0x2420 fs/ntfs/aops.c:430
read_pages+0xa76/0xdb0 mm/readahead.c:180
page_cache_ra_unbounded+0x457/0x5e0 mm/readahead.c:269
do_page_cache_ra mm/readahead.c:299 [inline]
page_cache_ra_order+0x72b/0xa80 mm/readahead.c:546
ondemand_readahead+0x493/0x1130 mm/readahead.c:668
page_cache_sync_ra+0x174/0x1d0 mm/readahead.c:695
page_cache_sync_readahead include/linux/pagemap.h:1266 [inline]
filemap_get_pages+0xc06/0x1830 mm/filemap.c:2497
filemap_read+0x39b/0xcf0 mm/filemap.c:2593
generic_file_read_iter+0x346/0x450 mm/filemap.c:2772
__kernel_read+0x301/0x870 fs/read_write.c:428
integrity_kernel_read+0x7f/0xb0 security/integrity/iint.c:221
ima_calc_file_hash_tfm+0x2c5/0x3d0 security/integrity/ima/ima_crypto.c:485
ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
ima_calc_file_hash+0x1c6/0x4a0 security/integrity/ima/ima_crypto.c:573
ima_collect_measurement+0x85e/0xa20 security/integrity/ima/ima_api.c:290
process_measurement+0xe92/0x2260 security/integrity/ima/ima_main.c:359
ima_file_check+0xc2/0x110 security/integrity/ima/ima_main.c:557
do_open fs/namei.c:3624 [inline]
path_openat+0x77b/0x2c40 fs/namei.c:3779
do_filp_open+0x1de/0x430 fs/namei.c:3809
do_sys_openat2+0x176/0x1e0 fs/open.c:1440
do_sys_open fs/open.c:1455 [inline]
__do_compat_sys_open fs/open.c:1506 [inline]
__se_compat_sys_open fs/open.c:1504 [inline]
__ia32_compat_sys_open+0x147/0x1d0 fs/open.c:1504
do_syscall_32_irqs_on arch/x86/entry/common.c:164 [inline]
__do_fast_syscall_32+0x61/0xe0 arch/x86/entry/common.c:230
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:255
entry_SYSENTER_compat_after_hwframe+0x70/0x7a
-> #0 (&rl->lock){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3868 [inline]
__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5136
lock_acquire kernel/locking/lockdep.c:5753 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
down_read+0x9c/0x470 kernel/locking/rwsem.c:1526
ntfs_sync_mft_mirror+0x19bb/0x1eb0 fs/ntfs/mft.c:536
write_mft_record_nolock+0x1a12/0x1d90 fs/ntfs/mft.c:805
write_mft_record+0x14b/0x380 fs/ntfs/mft.h:95
__ntfs_write_inode+0x91b/0xc30 fs/ntfs/inode.c:3052
ntfs_commit_inode fs/ntfs/inode.h:300 [inline]
ntfs_commit_inode fs/ntfs/inode.h:297 [inline]
ntfs_put_super+0x12b4/0x1650 fs/ntfs/super.c:2315
generic_shutdown_super+0x161/0x3c0 fs/super.c:696
kill_block_super+0x3b/0x90 fs/super.c:1667
deactivate_locked_super+0xbc/0x1a0 fs/super.c:484
deactivate_super+0xde/0x100 fs/super.c:517
cleanup_mnt+0x222/0x450 fs/namespace.c:1256
task_work_run+0x14d/0x240 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x215/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
__do_fast_syscall_32+0x6d/0xe0 arch/x86/entry/common.c:233
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:255
entry_SYSENTER_compat_after_hwframe+0x70/0x7a
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ni->mrec_lock);
lock(&rl->lock);
lock(&ni->mrec_lock);
rlock(&rl->lock);
*** DEADLOCK ***
2 locks held by syz-executor.3/5226:
#0: ffff8880008800e0 (&type->s_umount_key#98){+.+.}-{3:3}, at: __super_lock fs/super.c:56 [inline]
#0: ffff8880008800e0 (&type->s_umount_key#98){+.+.}-{3:3}, at: __super_lock_excl fs/super.c:71 [inline]
#0: ffff8880008800e0 (&type->s_umount_key#98){+.+.}-{3:3}, at: deactivate_super+0xd6/0x100 fs/super.c:516
#1: ffff888079c96cd0 (&ni->mrec_lock){+.+.}-{3:3}, at: map_mft_record+0x4a/0x730 fs/ntfs/mft.c:154
stack backtrace:
CPU: 3 PID: 5226 Comm: syz-executor.3 Not tainted 6.6.0-syzkaller-15365-g305230142ae0 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
check_noncircular+0x311/0x3f0 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3868 [inline]
__lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5136
lock_acquire kernel/locking/lockdep.c:5753 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
down_read+0x9c/0x470 kernel/locking/rwsem.c:1526
ntfs_sync_mft_mirror+0x19bb/0x1eb0 fs/ntfs/mft.c:536
write_mft_record_nolock+0x1a12/0x1d90 fs/ntfs/mft.c:805
write_mft_record+0x14b/0x380 fs/ntfs/mft.h:95
__ntfs_write_inode+0x91b/0xc30 fs/ntfs/inode.c:3052
ntfs_commit_inode fs/ntfs/inode.h:300 [inline]
ntfs_commit_inode fs/ntfs/inode.h:297 [inline]
ntfs_put_super+0x12b4/0x1650 fs/ntfs/super.c:2315
generic_shutdown_super+0x161/0x3c0 fs/super.c:696
kill_block_super+0x3b/0x90 fs/super.c:1667
deactivate_locked_super+0xbc/0x1a0 fs/super.c:484
deactivate_super+0xde/0x100 fs/super.c:517
cleanup_mnt+0x222/0x450 fs/namespace.c:1256
task_work_run+0x14d/0x240 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x215/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
__do_fast_syscall_32+0x6d/0xe0 arch/x86/entry/common.c:233
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:255
entry_SYSENTER_compat_after_hwframe+0x70/0x7a
RIP: 0023:0xf7fd7579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000ffbe6278 EFLAGS: 00000292 ORIG_RAX: 0000000000000034
RAX: 0000000000000000 RBX: 00000000ffbe6320 RCX: 000000000000000a
RDX: 00000000f7353ff4 RSI: 00000000f72a53bd RDI: 00000000ffbe73c4
RBP: 00000000ffbe6320 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
0: 10 06 adc %al,(%rsi)
2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
6: 10 07 adc %al,(%rdi)
8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
c: 10 08 adc %cl,(%rax)
e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1e: 00 51 52 add %dl,0x52(%rcx)
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 0f 34 sysenter
26: cd 80 int $0x80
* 28: 5d pop %rbp <-- trapping instruction
29: 5a pop %rdx
2a: 59 pop %rcx
2b: c3 ret
2c: 90 nop
2d: 90 nop
2e: 90 nop
2f: 90 nop
30: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
37: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi