bridge0: port 1(bridge_slave_0) entered disabled state
NILFS (loop4): mounting unchecked fs
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
======================================================
WARNING: possible circular locking dependency detected
4.14.298-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/11212 is trying to acquire lock:
 (&dat_lock_key){.+.+}, at: [<ffffffff826ea688>] nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:707

but task is already holding lock:
 (&nilfs->ns_sem){++++}, at: [<ffffffff826e82e0>] load_nilfs+0x6b0/0x1170 fs/nilfs2/the_nilfs.c:324

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&nilfs->ns_sem){++++}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       nilfs_set_error fs/nilfs2/super.c:95 [inline]
       __nilfs_error+0x176/0x399 fs/nilfs2/super.c:140
       nilfs_bmap_convert_error fs/nilfs2/bmap.c:44 [inline]
       nilfs_bmap_lookup_contig+0x130/0x170 fs/nilfs2/bmap.c:104
       nilfs_get_block+0x1bd/0x7a0 fs/nilfs2/inode.c:93
       do_mpage_readpage+0x615/0x1470 fs/mpage.c:211
       mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383
       read_pages mm/readahead.c:121 [inline]
       __do_page_cache_readahead+0x522/0x940 mm/readahead.c:199
       ra_submit mm/internal.h:66 [inline]
       ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
       page_cache_sync_readahead mm/readahead.c:518 [inline]
       page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
       generic_file_buffered_read mm/filemap.c:2003 [inline]
       generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
       call_read_iter include/linux/fs.h:1774 [inline]
       new_sync_read fs/read_write.c:401 [inline]
       __vfs_read+0x449/0x620 fs/read_write.c:413
       integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
       ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
       ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
       ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
       ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
       process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
       do_last fs/namei.c:3435 [inline]
       path_openat+0x10ad/0x2970 fs/namei.c:3571
       do_filp_open+0x179/0x3c0 fs/namei.c:3605
       do_sys_open+0x296/0x410 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&dat_lock_key){.+.+}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:707
       nilfs_set_log_cursor fs/nilfs2/super.c:248 [inline]
       nilfs_cleanup_super+0x123/0x450 fs/nilfs2/super.c:330
       load_nilfs+0x6e2/0x1170 fs/nilfs2/the_nilfs.c:326
       nilfs_fill_super fs/nilfs2/super.c:1074 [inline]
       nilfs_mount+0x89f/0xd00 fs/nilfs2/super.c:1332
       mount_fs+0x92/0x2a0 fs/super.c:1237
       vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
       vfs_kern_mount fs/namespace.c:1036 [inline]
       do_new_mount fs/namespace.c:2572 [inline]
       do_mount+0xe65/0x2a30 fs/namespace.c:2905
       SYSC_mount fs/namespace.c:3121 [inline]
       SyS_mount+0xa8/0x120 fs/namespace.c:3098
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&nilfs->ns_sem);
                               lock(&dat_lock_key);
                               lock(&nilfs->ns_sem);
  lock(&dat_lock_key);

 *** DEADLOCK ***

2 locks held by syz-executor.4/11212:
 #0:  (&type->s_umount_key#54/1){+.+.}, at: [<ffffffff81878e26>] alloc_super fs/super.c:251 [inline]
 #0:  (&type->s_umount_key#54/1){+.+.}, at: [<ffffffff81878e26>] sget_userns+0x556/0xc10 fs/super.c:516
 #1:  (&nilfs->ns_sem){++++}, at: [<ffffffff826e82e0>] load_nilfs+0x6b0/0x1170 fs/nilfs2/the_nilfs.c:324

stack backtrace:
CPU: 1 PID: 11212 Comm: syz-executor.4 Not tainted 4.14.298-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:707
 nilfs_set_log_cursor fs/nilfs2/super.c:248 [inline]
 nilfs_cleanup_super+0x123/0x450 fs/nilfs2/super.c:330
 load_nilfs+0x6e2/0x1170 fs/nilfs2/the_nilfs.c:326
 nilfs_fill_super fs/nilfs2/super.c:1074 [inline]
 nilfs_mount+0x89f/0xd00 fs/nilfs2/super.c:1332
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2572 [inline]
 do_mount+0xe65/0x2a30 fs/namespace.c:2905
 SYSC_mount fs/namespace.c:3121 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3098
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
NILFS (loop4): recovery complete
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
NILFS (loop4): mounting unchecked fs
NILFS (loop4): recovery complete
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
NILFS (loop4): mounting unchecked fs
NILFS (loop4): recovery complete
NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
Zero length message leads to an empty skb
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
device team0 entered promiscuous mode
device team_slave_0 entered promiscuous mode
device team_slave_1 entered promiscuous mode
batman_adv: batadv0: Adding interface: team0
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Interface activated: team0
batman_adv: batadv0: Interface deactivated: team0
batman_adv: batadv0: Removing interface: team0
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered disabled state
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered forwarding state
bridge0: port 3(team0) entered disabled state
batman_adv: batadv0: Adding interface: team0
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Interface activated: team0
batman_adv: batadv0: Interface deactivated: team0
batman_adv: batadv0: Removing interface: team0
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered disabled state
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered forwarding state
bridge0: port 3(team0) entered disabled state
batman_adv: batadv0: Adding interface: team0
batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Interface activated: team0
batman_adv: batadv0: Interface deactivated: team0
batman_adv: batadv0: Removing interface: team0
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered disabled state
bridge0: port 3(team0) entered blocking state
bridge0: port 3(team0) entered forwarding state
syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET)
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
x_tables: ip6_tables: icmp6 match: only valid for protocol 58
x_tables: ip6_tables: icmp6 match: only valid for protocol 58
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.