======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.4.646/11294 is trying to acquire lock:
ffff88805e721c88 (mapping.invalidate_lock#15){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1092 [inline]
ffff88805e721c88 (mapping.invalidate_lock#15){++++}-{4:4}, at: page_cache_ra_unbounded+0x193/0x8c0 mm/readahead.c:233
but task is already holding lock:
ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:410 [inline]
ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: get_mmap_lock_carefully mm/mmap_lock.c:390 [inline]
ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x300 mm/mmap_lock.c:450
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&mm->mmap_lock){++++}-{4:4}:
__might_fault+0xcc/0x130 mm/memory.c:7174
_inline_copy_to_user include/linux/uaccess.h:201 [inline]
_copy_to_user+0x2c/0xb0 lib/usercopy.c:26
copy_to_user include/linux/uaccess.h:236 [inline]
fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:144
ni_fiemap+0x89c/0xbf0 fs/ntfs3/frecord.c:2009
ntfs_fiemap+0x11d/0x1a0 fs/ntfs3/file.c:1419
ioctl_fiemap fs/ioctl.c:219 [inline]
do_vfs_ioctl+0x1188/0x1440 fs/ioctl.c:531
__do_sys_ioctl fs/ioctl.c:595 [inline]
__se_sys_ioctl+0x82/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&ni->ni_lock#2/5){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:552
ni_lock fs/ntfs3/ntfs_fs.h:1127 [inline]
ntfs_fallocate+0x8ec/0x10b0 fs/ntfs3/file.c:707
vfs_fallocate+0x672/0x7f0 fs/open.c:339
ksys_fallocate fs/open.c:363 [inline]
__do_sys_fallocate fs/open.c:368 [inline]
__se_sys_fallocate fs/open.c:366 [inline]
__x64_sys_fallocate+0xc0/0x110 fs/open.c:366
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (mapping.invalidate_lock#15){++++}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
down_read+0x97/0x1f0 kernel/locking/rwsem.c:1537
filemap_invalidate_lock_shared include/linux/fs.h:1092 [inline]
page_cache_ra_unbounded+0x193/0x8c0 mm/readahead.c:233
do_sync_mmap_readahead+0x554/0x670 mm/filemap.c:3400
filemap_fault+0x6b5/0x12b0 mm/filemap.c:3549
__do_fault+0x138/0x390 mm/memory.c:5320
do_shared_fault mm/memory.c:5819 [inline]
do_fault mm/memory.c:5893 [inline]
do_pte_missing+0x69d/0x27a0 mm/memory.c:4401
handle_pte_fault mm/memory.c:6273 [inline]
__handle_mm_fault mm/memory.c:6411 [inline]
handle_mm_fault+0xcc1/0x1330 mm/memory.c:6580
do_user_addr_fault+0x764/0x1380 arch/x86/mm/fault.c:1387
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x71/0xd0 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
other info that might help us debug this:
Chain exists of:
mapping.invalidate_lock#15 --> &ni->ni_lock#2/5 --> &mm->mmap_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(&mm->mmap_lock);
lock(&ni->ni_lock#2/5);
lock(&mm->mmap_lock);
rlock(mapping.invalidate_lock#15);
*** DEADLOCK ***
1 lock held by syz.4.646/11294:
#0: ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:410 [inline]
#0: ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: get_mmap_lock_carefully mm/mmap_lock.c:390 [inline]
#0: ffff88803619c370 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x300 mm/mmap_lock.c:450
stack backtrace:
CPU: 1 UID: 0 PID: 11294 Comm: syz.4.646 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_circular_bug+0x2e2/0x300 kernel/locking/lockdep.c:2043
check_noncircular+0x12e/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
down_read+0x97/0x1f0 kernel/locking/rwsem.c:1537
filemap_invalidate_lock_shared include/linux/fs.h:1092 [inline]
page_cache_ra_unbounded+0x193/0x8c0 mm/readahead.c:233
do_sync_mmap_readahead+0x554/0x670 mm/filemap.c:3400
filemap_fault+0x6b5/0x12b0 mm/filemap.c:3549
__do_fault+0x138/0x390 mm/memory.c:5320
do_shared_fault mm/memory.c:5819 [inline]
do_fault mm/memory.c:5893 [inline]
do_pte_missing+0x69d/0x27a0 mm/memory.c:4401
handle_pte_fault mm/memory.c:6273 [inline]
__handle_mm_fault mm/memory.c:6411 [inline]
handle_mm_fault+0xcc1/0x1330 mm/memory.c:6580
do_user_addr_fault+0x764/0x1380 arch/x86/mm/fault.c:1387
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x71/0xd0 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7ff367357398
Code: fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 c5
RSP: 002b:00007ffcee10ed18 EFLAGS: 00010202
RAX: 00002000000010c0 RBX: 0000000000000004 RCX: 706f6f6c2f766564
RDX: 0000000000000009 RSI: 6f6f6c2f7665642f RDI: 00002000000010c0
RBP: 00007ff3675e7da0 R08: 0000001b2ee20000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007ff3675e627c
R13: 00007ff3675e6270 R14: fffffffffffffffe R15: 00007ffcee10ee30
</TASK>