audit: type=1804 audit(1672173570.272:2): pid=9637 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir2478219930/syzkaller.UbkW09/4/file0/file2" dev="loop5" ino=68 res=1
======================================================
audit: type=1804 audit(1672173570.312:3): pid=9602 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir2478219930/syzkaller.UbkW09/4/file0/file2" dev="loop5" ino=68 res=1
WARNING: possible circular locking dependency detected
4.14.302-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:1/8071 is trying to acquire lock:
 (&rl->lock){++++}, at: [<ffffffff82102a96>] ntfs_read_block fs/ntfs/aops.c:269 [inline]
 (&rl->lock){++++}, at: [<ffffffff82102a96>] ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456

but task is already holding lock:
 (&ni->mrec_lock){+.+.}, at: [<ffffffff8213da7b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ni->mrec_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166
       ntfs_map_runlist_nolock+0xab3/0x1630 fs/ntfs/attrib.c:105
       ntfs_map_runlist+0x64/0x90 fs/ntfs/attrib.c:306
       ntfs_read_block fs/ntfs/aops.c:304 [inline]
       ntfs_readpage+0x13e8/0x1ad0 fs/ntfs/aops.c:456
       read_pages mm/readahead.c:131 [inline]
       __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199
       ra_submit mm/internal.h:66 [inline]
       ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
       page_cache_sync_readahead mm/readahead.c:518 [inline]
       page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
       generic_file_buffered_read mm/filemap.c:2003 [inline]
       generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
       call_read_iter include/linux/fs.h:1774 [inline]
       new_sync_read fs/read_write.c:401 [inline]
       __vfs_read+0x449/0x620 fs/read_write.c:413
       integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
       ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
       ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
       ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
       ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
       process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
       do_last fs/namei.c:3435 [inline]
       path_openat+0x10ad/0x2970 fs/namei.c:3571
       do_filp_open+0x179/0x3c0 fs/namei.c:3605
       do_sys_open+0x296/0x410 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&rl->lock){++++}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ntfs_read_block fs/ntfs/aops.c:269 [inline]
       ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
       do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
       read_mapping_page include/linux/pagemap.h:398 [inline]
       ntfs_map_page fs/ntfs/aops.h:89 [inline]
       ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
       write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
       write_mft_record fs/ntfs/mft.h:109 [inline]
       __ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3084
       write_inode fs/fs-writeback.c:1241 [inline]
       __writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
       writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
       wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
       wb_do_writeback fs/fs-writeback.c:1952 [inline]
       wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ni->mrec_lock);
                               lock(&rl->lock);
                               lock(&ni->mrec_lock);
  lock(&rl->lock);

 *** DEADLOCK ***

3 locks held by kworker/u4:1/8071:
 #0:  ("writeback"){+.+.}, at: [<ffffffff81366130>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffff81366166>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (&ni->mrec_lock){+.+.}, at: [<ffffffff8213da7b>] map_mft_record+0x2b/0xbe0 fs/ntfs/mft.c:166

stack backtrace:
CPU: 1 PID: 8071 Comm: kworker/u4:1 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: writeback wb_workfn (flush-7:5)
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 ntfs_read_block fs/ntfs/aops.c:269 [inline]
 ntfs_readpage+0x1396/0x1ad0 fs/ntfs/aops.c:456
 do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
 read_mapping_page include/linux/pagemap.h:398 [inline]
 ntfs_map_page fs/ntfs/aops.h:89 [inline]
 ntfs_sync_mft_mirror+0x1f4/0x1560 fs/ntfs/mft.c:490
 write_mft_record_nolock+0xece/0x1240 fs/ntfs/mft.c:793
 write_mft_record fs/ntfs/mft.h:109 [inline]
 __ntfs_write_inode+0x58d/0xcc0 fs/ntfs/inode.c:3084
 write_inode fs/fs-writeback.c:1241 [inline]
 __writeback_single_inode+0x6a4/0x1010 fs/fs-writeback.c:1439
 writeback_sb_inodes+0x48b/0xd30 fs/fs-writeback.c:1645
 wb_writeback+0x243/0xb80 fs/fs-writeback.c:1820
 wb_do_writeback fs/fs-writeback.c:1952 [inline]
 wb_workfn+0x2bd/0xf50 fs/fs-writeback.c:1988
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
BTRFS error (device loop1): unsupported checksum algorithm 3
BTRFS error (device loop1): superblock checksum mismatch
ntfs: (device loop5): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
BTRFS error (device loop1): open_ctree failed
syz-executor.2 (9636): drop_caches: 1
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
device batadv0 left promiscuous mode
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
device batadv0 left promiscuous mode
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device macsec1 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
Zero length message leads to an empty skb
device macsec1 entered promiscuous mode
device batadv0 left promiscuous mode
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
bond0: ipip0 ether type (768) is different from other slaves (1), can not enslave it
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): invalid segment: Checksum error in segment payload
NILFS (loop4): trying rollback from an earlier position
NILFS (loop4): recovery complete
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): invalid segment: Checksum error in segment payload
NILFS (loop4): trying rollback from an earlier position
NILFS (loop4): recovery complete
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop4): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop4): trying rollback from an earlier position
dccp_close: ABORT with 115 bytes unread
NILFS (loop2): recovery complete
NILFS (loop4): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop2): invalid segment: Checksum error in segment payload
NILFS (loop2): trying rollback from an earlier position
NILFS (loop2): recovery complete
NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
dccp_close: ABORT with 115 bytes unread
dccp_close: ABORT with 115 bytes unread
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 0
FAT-fs (nbd0): unable to read boot sector
BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0
BTRFS info (device loop0): enabling inode map caching
BTRFS warning (device loop0): excessive commit interval 622039222
BTRFS info (device loop0): force zlib compression
BTRFS info (device loop0): using free space tree
BTRFS info (device loop0): has skinny extents
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.