./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1401824247 <...> Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. execve("./syz-executor1401824247", ["./syz-executor1401824247"], 0x7ffcd1753040 /* 10 vars */) = 0 brk(NULL) = 0x55558191b000 brk(0x55558191bd00) = 0x55558191bd00 arch_prctl(ARCH_SET_FS, 0x55558191b380) = 0 set_tid_address(0x55558191b650) = 5088 set_robust_list(0x55558191b660, 24) = 0 rseq(0x55558191bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1401824247", 4096) = 28 getrandom("\xea\xe7\xe6\x7f\xc6\x65\xbd\x21", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558191bd00 brk(0x55558193cd00) = 0x55558193cd00 brk(0x55558193d000) = 0x55558193d000 mprotect(0x7f6d6af08000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d62a00000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7f6d62a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ntfs3", 0, "showmeta,umask=00000000000000000000001,force,uid=0x0000000000000000,discard,dmask=000000000000000000"...) = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 62.238903][ T5088] loop0: detected capacity change from 0 to 4096 [ 62.265239][ T5088] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). ftruncate(4, 2844) = 0 mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 open(0x20000180, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 62.334802][ T29] audit: type=1800 audit(1713498588.460:2): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor140" name="bus" dev="loop0" ino=34 res=0 errno=0 [ 62.355813][ T5088] [ 62.358147][ T5088] ====================================================== [ 62.365151][ T5088] WARNING: possible circular locking dependency detected [ 62.372151][ T5088] 6.9.0-rc4-next-20240418-syzkaller #0 Not tainted [ 62.378634][ T5088] ------------------------------------------------------ [ 62.385633][ T5088] syz-executor140/5088 is trying to acquire lock: [ 62.392029][ T5088] ffff888077776a18 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0xaa/0x120 [ 62.400908][ T5088] [ 62.400908][ T5088] but task is already holding lock: [ 62.408261][ T5088] ffff88807ea0e0e0 (&ni->ni_lock/4){+.+.}-{3:3}, at: ntfs_fiemap+0xff/0x180 [ 62.416962][ T5088] [ 62.416962][ T5088] which lock already depends on the new lock. [ 62.416962][ T5088] [ 62.427347][ T5088] [ 62.427347][ T5088] the existing dependency chain (in reverse order) is: [ 62.436344][ T5088] [ 62.436344][ T5088] -> #1 (&ni->ni_lock/4){+.+.}-{3:3}: [ 62.443895][ T5088] lock_acquire+0x1ed/0x550 [ 62.448992][ T5088] __mutex_lock+0x136/0xd70 [ 62.454016][ T5088] attr_data_get_block+0x444/0x2e10 [ 62.459727][ T5088] ntfs_file_mmap+0x505/0x880 [ 62.464921][ T5088] mmap_region+0xe23/0x2060 [ 62.469936][ T5088] do_mmap+0x8ad/0xfa0 [ 62.474522][ T5088] vm_mmap_pgoff+0x1dd/0x3d0 [ 62.479641][ T5088] ksys_mmap_pgoff+0x4f1/0x720 [ 62.484918][ T5088] do_syscall_64+0xf5/0x240 [ 62.489948][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.496359][ T5088] [ 62.496359][ T5088] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 62.503905][ T5088] validate_chain+0x18cb/0x58e0 [ 62.509268][ T5088] __lock_acquire+0x1346/0x1fd0 [ 62.514633][ T5088] lock_acquire+0x1ed/0x550 [ 62.519652][ T5088] __might_fault+0xc6/0x120 [ 62.524673][ T5088] _copy_to_user+0x2a/0xb0 [ 62.529615][ T5088] fiemap_fill_next_extent+0x235/0x410 [ 62.535593][ T5088] ni_fiemap+0x100b/0x1230 [ 62.540526][ T5088] ntfs_fiemap+0x132/0x180 [ 62.545462][ T5088] do_vfs_ioctl+0x1c07/0x2e50 [ 62.550656][ T5088] __se_sys_ioctl+0x81/0x170 [ 62.555759][ T5088] do_syscall_64+0xf5/0x240 [ 62.560787][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.567198][ T5088] [ 62.567198][ T5088] other info that might help us debug this: [ 62.567198][ T5088] [ 62.577412][ T5088] Possible unsafe locking scenario: [ 62.577412][ T5088] [ 62.584847][ T5088] CPU0 CPU1 [ 62.590196][ T5088] ---- ---- [ 62.595549][ T5088] lock(&ni->ni_lock/4); [ 62.599874][ T5088] lock(&mm->mmap_lock); [ 62.606723][ T5088] lock(&ni->ni_lock/4); [ 62.613568][ T5088] rlock(&mm->mmap_lock); [ 62.617972][ T5088] [ 62.617972][ T5088] *** DEADLOCK *** [ 62.617972][ T5088] [ 62.626100][ T5088] 1 lock held by syz-executor140/5088: [ 62.631544][ T5088] #0: ffff88807ea0e0e0 (&ni->ni_lock/4){+.+.}-{3:3}, at: ntfs_fiemap+0xff/0x180 [ 62.640683][ T5088] [ 62.640683][ T5088] stack backtrace: [ 62.646557][ T5088] CPU: 0 PID: 5088 Comm: syz-executor140 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0 [ 62.656432][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.666484][ T5088] Call Trace: [ 62.669757][ T5088] [ 62.672679][ T5088] dump_stack_lvl+0x241/0x360 [ 62.677352][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.682554][ T5088] ? print_circular_bug+0x130/0x1a0 [ 62.687755][ T5088] check_noncircular+0x36a/0x4a0 [ 62.692703][ T5088] ? __pfx_check_noncircular+0x10/0x10 [ 62.698157][ T5088] ? lockdep_lock+0x123/0x2b0 [ 62.702827][ T5088] ? __pfx_lock_acquire+0x10/0x10 [ 62.707840][ T5088] ? _find_first_zero_bit+0xd4/0x100 [ 62.713114][ T5088] validate_chain+0x18cb/0x58e0 [ 62.717978][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 62.723176][ T5088] ? is_bpf_text_address+0x26/0x2a0 [ 62.728365][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 62.733578][ T5088] ? lockdep_unlock+0x16a/0x300 [ 62.738432][ T5088] ? __pfx_lockdep_unlock+0x10/0x10 [ 62.743625][ T5088] ? arch_stack_walk+0x16d/0x1b0 [ 62.748565][ T5088] ? _find_first_zero_bit+0xd4/0x100 [ 62.753852][ T5088] ? validate_chain+0x15a2/0x58e0 [ 62.758886][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 62.764089][ T5088] ? mark_lock+0x9a/0x350 [ 62.768420][ T5088] __lock_acquire+0x1346/0x1fd0 [ 62.773273][ T5088] lock_acquire+0x1ed/0x550 [ 62.777770][ T5088] ? __might_fault+0xaa/0x120 [ 62.782445][ T5088] ? __pfx_lock_acquire+0x10/0x10 [ 62.787464][ T5088] ? __pfx___might_resched+0x10/0x10 [ 62.792745][ T5088] ? mark_lock+0x9a/0x350 [ 62.797070][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 62.802265][ T5088] ? __lock_acquire+0x1346/0x1fd0 [ 62.807287][ T5088] ? __might_fault+0xaa/0x120 [ 62.811957][ T5088] __might_fault+0xc6/0x120 [ 62.816453][ T5088] ? __might_fault+0xaa/0x120 [ 62.821127][ T5088] _copy_to_user+0x2a/0xb0 [ 62.825565][ T5088] fiemap_fill_next_extent+0x235/0x410 [ 62.831023][ T5088] ? __pfx_fiemap_fill_next_extent+0x10/0x10 [ 62.837006][ T5088] ? __pfx___mutex_trylock_common+0x10/0x10 [ 62.842893][ T5088] ni_fiemap+0x100b/0x1230 [ 62.847301][ T5088] ? __mutex_lock+0x2ef/0xd70 [ 62.851978][ T5088] ? __pfx_ni_fiemap+0x10/0x10 [ 62.856739][ T5088] ? __pfx___might_resched+0x10/0x10 [ 62.862031][ T5088] ? fiemap_prep+0x19e/0x240 [ 62.866618][ T5088] ntfs_fiemap+0x132/0x180 [ 62.871028][ T5088] ? __pfx_ntfs_fiemap+0x10/0x10 [ 62.875960][ T5088] ? __might_fault+0xc6/0x120 [ 62.880655][ T5088] ? __pfx_ntfs_fiemap+0x10/0x10 [ 62.885604][ T5088] do_vfs_ioctl+0x1c07/0x2e50 [ 62.890287][ T5088] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 62.895324][ T5088] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.901645][ T5088] ? tomoyo_path_number_perm+0x208/0x880 [ 62.907279][ T5088] ? __pfx_lock_release+0x10/0x10 [ 62.912310][ T5088] ? kfree+0x149/0x350 [ 62.916381][ T5088] ? tomoyo_path_number_perm+0x71a/0x880 [ 62.922014][ T5088] ? tomoyo_path_number_perm+0x208/0x880 [ 62.927651][ T5088] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 62.933653][ T5088] ? __pfx_ptrace_notify+0x10/0x10 [ 62.938774][ T5088] ? bpf_lsm_file_ioctl+0x9/0x10 [ 62.943708][ T5088] ? security_file_ioctl+0x87/0xb0 [ 62.948819][ T5088] __se_sys_ioctl+0x81/0x170 [ 62.953420][ T5088] do_syscall_64+0xf5/0x240 [ 62.957925][ T5088] ? clear_bhb_loop+0x35/0x90 [ 62.962599][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.968501][ T5088] RIP: 0033:0x7f6d6ae769b9 [ 62.972916][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.992519][ T5088] RSP: 002b:00007ffef5dde5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.000939][ T5088] RAX: ffffffffffffffda RBX: 00007ffef5dde7c8 RCX: 00007f6d6ae769b9 [ 63.008911][ T5088] RDX: 0000000020000280 RSI: 00000000c020660b RDI: 0000000000000005 [ 63.016878][ T5088] RBP: 00007f6d6af08610 R08: 0000000000000000 R09: 00007ffef5dde7c8 [ 63.024846][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 ioctl(5, FS_IOC_FIEMAP, 0x20000280) = 1 exit_group(0) = ? +++ exited with 0 +++ [ 63.032812][ T5088] R13: 00007ffef5dde7b8 R14: 0000000000