./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1841941318 <...> DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03 forked to background, child pid 4658 [ 39.316930][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.329456][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. execve("./syz-executor1841941318", ["./syz-executor1841941318"], 0x7ffc486379c0 /* 10 vars */) = 0 brk(NULL) = 0x5555569ce000 brk(0x5555569cec40) = 0x5555569cec40 arch_prctl(ARCH_SET_FS, 0x5555569ce300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1841941318", 4096) = 28 brk(0x5555569efc40) = 0x5555569efc40 brk(0x5555569f0000) = 0x5555569f0000 mprotect(0x7f4b4d8af000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b453d6000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7f4b453d6000, 2097152) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ntfs3", 0, "discard,gid=0x0000000000000000,force,sparse,iocharset=cp855,gid=0x000000000000ee01,sparse,") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 syzkaller login: [ 71.198143][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor184' [ 71.238164][ T4990] loop0: detected capacity change from 0 to 4096 openat(AT_FDCWD, "./file0", O_RDONLY) = 4 ioctl(4, FS_IOC_FIEMAP, {fm_start=7, fm_length=9223372036854775807, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 creat("./bus", 000) = 5 ftruncate(5, 32768) = 0 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6 [ 71.300151][ T4990] [ 71.302522][ T4990] ====================================================== [ 71.309540][ T4990] WARNING: possible circular locking dependency detected [ 71.316565][ T4990] 6.4.0-rc1-syzkaller-00012-g16a8829130ca #0 Not tainted [ 71.323585][ T4990] ------------------------------------------------------ [ 71.330597][ T4990] syz-executor184/4990 is trying to acquire lock: [ 71.337025][ T4990] ffff888074ae7700 (&ni->ni_lock#2/4){+.+.}-{3:3}, at: attr_data_get_block+0x46d/0x2da0 [ 71.346805][ T4990] [ 71.346805][ T4990] but task is already holding lock: [ 71.354179][ T4990] ffff88802664f668 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x410 [ 71.363151][ T4990] [ 71.363151][ T4990] which lock already depends on the new lock. [ 71.363151][ T4990] [ 71.373551][ T4990] [ 71.373551][ T4990] the existing dependency chain (in reverse order) is: [ 71.382555][ T4990] [ 71.382555][ T4990] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 71.390109][ T4990] lock_acquire+0x1e3/0x520 [ 71.395137][ T4990] __might_fault+0xba/0x120 [ 71.400166][ T4990] _copy_to_user+0x2a/0xa0 [ 71.405103][ T4990] fiemap_fill_next_extent+0x235/0x410 [ 71.411104][ T4990] ni_fiemap+0x100b/0x1230 [ 71.416049][ T4990] ntfs_fiemap+0x132/0x180 [ 71.421021][ T4990] do_vfs_ioctl+0x19ba/0x2b10 [ 71.426227][ T4990] __se_sys_ioctl+0x81/0x160 [ 71.431428][ T4990] do_syscall_64+0x41/0xc0 [ 71.436378][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.442795][ T4990] [ 71.442795][ T4990] -> #0 (&ni->ni_lock#2/4){+.+.}-{3:3}: [ 71.450547][ T4990] validate_chain+0x166b/0x58e0 [ 71.455925][ T4990] __lock_acquire+0x1295/0x2000 [ 71.461301][ T4990] lock_acquire+0x1e3/0x520 [ 71.466330][ T4990] __mutex_lock_common+0x1d8/0x2530 [ 71.472064][ T4990] mutex_lock_nested+0x1b/0x20 [ 71.477358][ T4990] attr_data_get_block+0x46d/0x2da0 [ 71.483076][ T4990] ntfs_file_mmap+0x453/0x7a0 [ 71.488278][ T4990] mmap_region+0xe65/0x2250 [ 71.493303][ T4990] do_mmap+0x8c9/0xf70 [ 71.497885][ T4990] vm_mmap_pgoff+0x1db/0x410 [ 71.502997][ T4990] ksys_mmap_pgoff+0x4f9/0x6d0 [ 71.508296][ T4990] do_syscall_64+0x41/0xc0 [ 71.513240][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.519650][ T4990] [ 71.519650][ T4990] other info that might help us debug this: [ 71.519650][ T4990] [ 71.529866][ T4990] Possible unsafe locking scenario: [ 71.529866][ T4990] [ 71.537307][ T4990] CPU0 CPU1 [ 71.542669][ T4990] ---- ---- [ 71.548030][ T4990] lock(&mm->mmap_lock); [ 71.552364][ T4990] lock(&ni->ni_lock#2/4); [ 71.559402][ T4990] lock(&mm->mmap_lock); [ 71.566250][ T4990] lock(&ni->ni_lock#2/4); [ 71.570768][ T4990] [ 71.570768][ T4990] *** DEADLOCK *** [ 71.570768][ T4990] [ 71.579164][ T4990] 1 lock held by syz-executor184/4990: [ 71.584613][ T4990] #0: ffff88802664f668 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x410 [ 71.594019][ T4990] [ 71.594019][ T4990] stack backtrace: [ 71.599900][ T4990] CPU: 0 PID: 4990 Comm: syz-executor184 Not tainted 6.4.0-rc1-syzkaller-00012-g16a8829130ca #0 [ 71.610309][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 71.620358][ T4990] Call Trace: [ 71.623650][ T4990] [ 71.626597][ T4990] dump_stack_lvl+0x1e7/0x2d0 [ 71.631289][ T4990] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.636758][ T4990] ? print_circular_bug+0x12b/0x1a0 [ 71.641963][ T4990] check_noncircular+0x2fe/0x3b0 [ 71.646914][ T4990] ? is_bpf_text_address+0x253/0x270 [ 71.652207][ T4990] ? is_module_text_address+0x110/0x180 [ 71.657763][ T4990] ? add_chain_block+0x850/0x850 [ 71.662708][ T4990] ? lockdep_lock+0x123/0x2b0 [ 71.667403][ T4990] ? _find_first_zero_bit+0xd4/0x100 [ 71.672686][ T4990] validate_chain+0x166b/0x58e0 [ 71.677536][ T4990] ? check_noncircular+0x1e7/0x3b0 [ 71.682650][ T4990] ? lockdep_unlock+0x169/0x300 [ 71.687502][ T4990] ? reacquire_held_locks+0x660/0x660 [ 71.692890][ T4990] ? add_lock_to_list+0x1de/0x2e0 [ 71.697921][ T4990] ? validate_chain+0x13d5/0x58e0 [ 71.702957][ T4990] ? look_up_lock_class+0x77/0x140 [ 71.708080][ T4990] ? register_lock_class+0x104/0x990 [ 71.713383][ T4990] ? is_dynamic_key+0x1f0/0x1f0 [ 71.718257][ T4990] ? mark_lock+0x9a/0x340 [ 71.722590][ T4990] __lock_acquire+0x1295/0x2000 [ 71.727479][ T4990] lock_acquire+0x1e3/0x520 [ 71.732001][ T4990] ? attr_data_get_block+0x46d/0x2da0 [ 71.737391][ T4990] ? read_lock_is_recursive+0x20/0x20 [ 71.742777][ T4990] ? __might_sleep+0xc0/0xc0 [ 71.747399][ T4990] __mutex_lock_common+0x1d8/0x2530 [ 71.752609][ T4990] ? attr_data_get_block+0x46d/0x2da0 [ 71.757996][ T4990] ? read_lock_is_recursive+0x20/0x20 [ 71.763380][ T4990] ? attr_data_get_block+0x46d/0x2da0 [ 71.768747][ T4990] ? attr_data_get_block+0x34b/0x2da0 [ 71.774112][ T4990] ? mutex_lock_io_nested+0x60/0x60 [ 71.779317][ T4990] ? up_read+0x20/0x20 [ 71.783381][ T4990] ? run_lookup_entry+0x41a/0x560 [ 71.788418][ T4990] mutex_lock_nested+0x1b/0x20 [ 71.793195][ T4990] attr_data_get_block+0x46d/0x2da0 [ 71.798416][ T4990] ? __kasan_slab_alloc+0x66/0x70 [ 71.803448][ T4990] ? ksys_mmap_pgoff+0x4f9/0x6d0 [ 71.808418][ T4990] ? get_pre_allocated+0x130/0x130 [ 71.813535][ T4990] ? __asan_memset+0x23/0x40 [ 71.818224][ T4990] ? lockdep_init_map_type+0xa1/0x8e0 [ 71.823793][ T4990] ntfs_file_mmap+0x453/0x7a0 [ 71.828565][ T4990] ? lockdep_softirqs_off+0x420/0x420 [ 71.833953][ T4990] ? ntfs_compat_ioctl+0x30/0x30 [ 71.838896][ T4990] ? __init_rwsem+0x122/0x160 [ 71.843579][ T4990] mmap_region+0xe65/0x2250 [ 71.848087][ T4990] ? file_mmap_ok+0x150/0x150 [ 71.852769][ T4990] ? cap_mmap_addr+0x162/0x2c0 [ 71.857552][ T4990] do_mmap+0x8c9/0xf70 [ 71.861625][ T4990] ? mlock_future_check+0x110/0x110 [ 71.866839][ T4990] ? ima_file_free+0x3c0/0x3c0 [ 71.871611][ T4990] vm_mmap_pgoff+0x1db/0x410 [ 71.876211][ T4990] ? account_locked_vm+0x220/0x220 [ 71.881331][ T4990] ? __fget_files+0x3cf/0x440 [ 71.886011][ T4990] ksys_mmap_pgoff+0x4f9/0x6d0 [ 71.890775][ T4990] do_syscall_64+0x41/0xc0 [ 71.895203][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.901106][ T4990] RIP: 0033:0x7f4b4d822d19 [ 71.905528][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.925133][ T4990] RSP: 002b:00007ffd50ef9d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 71.933552][ T4990] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f4b4d822d19 [ 71.941524][ T4990] RDX: 0000000000800006 RSI: 000000000000a000 RDI: 0000000020001000 mmap(0x20001000, 40960, PROT_WRITE|PROT_EXEC|0x800000, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20001000 exit_group(0) = ? +++ exited with 0 +++ [ 71.949504][ T4990] RBP: 00007f4b4d7e