======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0 Not tainted
------------------------------------------------------
syz-executor.3/17248 is trying to acquire lock:
ffff0001112f5820 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
ffff0001112f5820 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x104/0x7fc mm/filemap.c:3127

but task is already holding lock:
ffff00011234f5c8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
ffff00011234f5c8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:593

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&mm->mmap_lock){++++}-{3:3}:
       __might_fault+0x7c/0xb4 mm/memory.c:5646
       _copy_to_user include/linux/uaccess.h:143 [inline]
       copy_to_user include/linux/uaccess.h:169 [inline]
       fiemap_fill_next_extent+0xc4/0x1f8 fs/ioctl.c:144
       ni_fiemap+0x4cc/0x620 fs/ntfs3/frecord.c:2051
       ntfs_fiemap+0x9c/0xdc fs/ntfs3/file.c:1245
       ioctl_fiemap fs/ioctl.c:219 [inline]
       do_vfs_ioctl+0x10f0/0x16a4 fs/ioctl.c:810
       __do_sys_ioctl fs/ioctl.c:868 [inline]
       __se_sys_ioctl fs/ioctl.c:856 [inline]
       __arm64_sys_ioctl+0x98/0x140 fs/ioctl.c:856
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

-> #1 (&ni->file.run_lock#3){++++}-{3:3}:
       down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
       attr_data_get_block+0x84/0xa54 fs/ntfs3/attrib.c:899
       ntfs_get_block_vbo+0x130/0x6bc fs/ntfs3/inode.c:564
       ntfs_get_block+0x44/0x58 fs/ntfs3/inode.c:660
       do_mpage_readpage+0x474/0xd38 fs/mpage.c:208
       mpage_readahead+0xf0/0x1b8 fs/mpage.c:361
       ntfs_readahead+0xf4/0x10c fs/ntfs3/inode.c:733
       read_pages+0x8c/0x4f0 mm/readahead.c:161
       page_cache_ra_unbounded+0x374/0x400 mm/readahead.c:270
       do_page_cache_ra mm/readahead.c:300 [inline]
       page_cache_ra_order+0x348/0x380 mm/readahead.c:560
       ondemand_readahead+0x340/0x720 mm/readahead.c:682
       page_cache_sync_ra+0xc4/0xdc mm/readahead.c:709
       page_cache_sync_readahead include/linux/pagemap.h:1213 [inline]
       filemap_get_pages+0x118/0x598 mm/filemap.c:2581
       filemap_read+0x14c/0x6f4 mm/filemap.c:2675
       generic_file_read_iter+0x6c/0x25c mm/filemap.c:2821
       ntfs_file_read_iter+0xe4/0x118 fs/ntfs3/file.c:853
       call_read_iter include/linux/fs.h:2185 [inline]
       generic_file_splice_read+0xa0/0x1c8 fs/splice.c:309
       do_splice_to fs/splice.c:793 [inline]
       splice_direct_to_actor+0x16c/0x3e4 fs/splice.c:865
       do_splice_direct+0xc4/0x14c fs/splice.c:974
       do_sendfile+0x298/0x68c fs/read_write.c:1255
       __do_sys_sendfile64 fs/read_write.c:1323 [inline]
       __se_sys_sendfile64 fs/read_write.c:1309 [inline]
       __arm64_sys_sendfile64+0xb0/0x230 fs/read_write.c:1309
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

-> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3097 [inline]
       check_prevs_add kernel/locking/lockdep.c:3216 [inline]
       validate_chain kernel/locking/lockdep.c:3831 [inline]
       __lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
       lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
       down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
       filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
       filemap_fault+0x104/0x7fc mm/filemap.c:3127
       __do_fault+0x60/0x358 mm/memory.c:4203
       do_read_fault mm/memory.c:4554 [inline]
       do_fault+0x338/0x550 mm/memory.c:4683
       handle_pte_fault mm/memory.c:4955 [inline]
       __handle_mm_fault mm/memory.c:5097 [inline]
       handle_mm_fault+0x78c/0xa48 mm/memory.c:5218
       __do_page_fault arch/arm64/mm/fault.c:512 [inline]
       do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:612
       do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:695
       do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:831
       el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
       el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
       el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
       fault_in_readable+0x230/0x2ec mm/gup.c:1895
       fault_in_iov_iter_readable+0x74/0x16c lib/iov_iter.c:356
       generic_perform_write+0x88/0x2cc mm/filemap.c:3743
       __generic_file_write_iter+0xd8/0x21c mm/filemap.c:3881
       generic_file_write_iter+0x6c/0x168 mm/filemap.c:3913
       call_write_iter include/linux/fs.h:2191 [inline]
       new_sync_write fs/read_write.c:491 [inline]
       vfs_write+0x2dc/0x46c fs/read_write.c:584
       ksys_pwrite64 fs/read_write.c:699 [inline]
       __do_sys_pwrite64 fs/read_write.c:709 [inline]
       __se_sys_pwrite64 fs/read_write.c:706 [inline]
       __arm64_sys_pwrite64+0xbc/0x11c fs/read_write.c:706
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

other info that might help us debug this:

Chain exists of:
  mapping.invalidate_lock#3 --> &ni->file.run_lock#3 --> &mm->mmap_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_lock);
                               lock(&ni->file.run_lock#3);
                               lock(&mm->mmap_lock);
  lock(mapping.invalidate_lock#3);

 *** DEADLOCK ***

3 locks held by syz-executor.3/17248:
 #0: ffff0000c0139460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x180/0x46c fs/read_write.c:580
 #1: ffff0000c6db9418 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
 #1: ffff0000c6db9418 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: generic_file_write_iter+0x3c/0x168 mm/filemap.c:3910
 #2: ffff00011234f5c8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #2: ffff00011234f5c8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:593

stack backtrace:
CPU: 1 PID: 17248 Comm: syz-executor.3 Not tainted 6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2055
 check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2177
 check_prev_add kernel/locking/lockdep.c:3097 [inline]
 check_prevs_add kernel/locking/lockdep.c:3216 [inline]
 validate_chain kernel/locking/lockdep.c:3831 [inline]
 __lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
 down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
 filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
 filemap_fault+0x104/0x7fc mm/filemap.c:3127
 __do_fault+0x60/0x358 mm/memory.c:4203
 do_read_fault mm/memory.c:4554 [inline]
 do_fault+0x338/0x550 mm/memory.c:4683
 handle_pte_fault mm/memory.c:4955 [inline]
 __handle_mm_fault mm/memory.c:5097 [inline]
 handle_mm_fault+0x78c/0xa48 mm/memory.c:5218
 __do_page_fault arch/arm64/mm/fault.c:512 [inline]
 do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:612
 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:695
 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:831
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
 fault_in_readable+0x230/0x2ec mm/gup.c:1895
 fault_in_iov_iter_readable+0x74/0x16c lib/iov_iter.c:356
 generic_perform_write+0x88/0x2cc mm/filemap.c:3743
 __generic_file_write_iter+0xd8/0x21c mm/filemap.c:3881
 generic_file_write_iter+0x6c/0x168 mm/filemap.c:3913
 call_write_iter include/linux/fs.h:2191 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x2dc/0x46c fs/read_write.c:584
 ksys_pwrite64 fs/read_write.c:699 [inline]
 __do_sys_pwrite64 fs/read_write.c:709 [inline]
 __se_sys_pwrite64 fs/read_write.c:706 [inline]
 __arm64_sys_pwrite64+0xbc/0x11c fs/read_write.c:706
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584