./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2652104396 <...> Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts. execve("./syz-executor2652104396", ["./syz-executor2652104396"], 0x7fff06660250 /* 10 vars */) = 0 brk(NULL) = 0x555555d4c000 brk(0x555555d4cd00) = 0x555555d4cd00 arch_prctl(ARCH_SET_FS, 0x555555d4c380) = 0 set_tid_address(0x555555d4c650) = 5035 set_robust_list(0x555555d4c660, 24) = 0 rseq(0x555555d4cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2652104396", 4096) = 28 getrandom("\x94\x3d\xf4\x30\x38\x18\x78\x50", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555d4cd00 brk(0x555555d6dd00) = 0x555555d6dd00 brk(0x555555d6e000) = 0x555555d6e000 mprotect(0x7f03ad905000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03a5436000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7f03a5436000, 2097152) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 76.816767][ T5035] syz-executor265[5035]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "ntfs3", MS_NODEV|MS_SYNCHRONOUS, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 76.864291][ T5035] loop0: detected capacity change from 0 to 4096 [ 76.878768][ T5035] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 76.924465][ T5035] ntfs3: loop0: ino=1b, "file0" ntfs_iget5 [ 76.931339][ T5035] [ 76.933915][ T5035] ============================================ [ 76.940095][ T5035] WARNING: possible recursive locking detected [ 76.946270][ T5035] 6.6.0-rc2-syzkaller-00027-g5d2f53532ecc #0 Not tainted [ 76.953305][ T5035] -------------------------------------------- [ 76.959980][ T5035] syz-executor265/5035 is trying to acquire lock: [ 76.966384][ T5035] ffff8880761a8100 (&ni->ni_lock#2){+.+.}-{3:3}, at: ntfs_set_state+0x212/0x730 [ 76.975739][ T5035] [ 76.975739][ T5035] but task is already holding lock: [ 76.983115][ T5035] ffff8880761af700 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_write_inode+0x163/0x1080 [ 76.992346][ T5035] [ 76.992346][ T5035] other info that might help us debug this: [ 77.000399][ T5035] Possible unsafe locking scenario: [ 77.000399][ T5035] [ 77.008011][ T5035] CPU0 [ 77.011306][ T5035] ---- [ 77.014575][ T5035] lock(&ni->ni_lock#2); [ 77.018911][ T5035] lock(&ni->ni_lock#2); [ 77.023260][ T5035] [ 77.023260][ T5035] *** DEADLOCK *** [ 77.023260][ T5035] [ 77.031396][ T5035] May be due to missing lock nesting notation [ 77.031396][ T5035] [ 77.039735][ T5035] 3 locks held by syz-executor265/5035: [ 77.045798][ T5035] #0: ffff8880201a2410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 77.054978][ T5035] #1: ffff8880761af9a0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300 [ 77.065357][ T5035] #2: ffff8880761af700 (&ni->ni_lock#2){+.+.}-{3:3}, at: ni_write_inode+0x163/0x1080 [ 77.075040][ T5035] [ 77.075040][ T5035] stack backtrace: [ 77.080925][ T5035] CPU: 0 PID: 5035 Comm: syz-executor265 Not tainted 6.6.0-rc2-syzkaller-00027-g5d2f53532ecc #0 [ 77.091423][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 77.101491][ T5035] Call Trace: [ 77.104879][ T5035] [ 77.107813][ T5035] dump_stack_lvl+0x1e7/0x2d0 [ 77.113043][ T5035] ? nf_tcp_handle_invalid+0x650/0x650 [ 77.118508][ T5035] ? print_deadlock_bug+0x462/0x600 [ 77.123733][ T5035] ? _find_first_zero_bit+0xd4/0x100 [ 77.129117][ T5035] __lock_acquire+0x6a81/0x7f70 [ 77.133985][ T5035] ? verify_lock_unused+0x140/0x140 [ 77.139194][ T5035] ? prb_read_valid+0xa9/0xf0 [ 77.143906][ T5035] ? mark_lock+0x9a/0x340 [ 77.148251][ T5035] ? _printk+0xd5/0x120 [ 77.152459][ T5035] lock_acquire+0x1e3/0x520 [ 77.156987][ T5035] ? ntfs_set_state+0x212/0x730 [ 77.162039][ T5035] ? read_lock_is_recursive+0x20/0x20 [ 77.167461][ T5035] ? __might_sleep+0xc0/0xc0 [ 77.172163][ T5035] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 77.178244][ T5035] ? print_irqtrace_events+0x220/0x220 [ 77.183714][ T5035] __mutex_lock+0x136/0xd60 [ 77.188229][ T5035] ? ntfs_set_state+0x212/0x730 [ 77.193094][ T5035] ? ntfs_set_state+0x212/0x730 [ 77.197957][ T5035] ? mutex_lock_nested+0x20/0x20 [ 77.204312][ T5035] ? inode_set_ctime_current+0x5ff/0x8b0 [ 77.210066][ T5035] ntfs_set_state+0x212/0x730 [ 77.214791][ T5035] ? inode_update_timestamps+0x630/0x630 [ 77.220718][ T5035] ? ntfs_mark_rec_free+0x2b0/0x2b0 [ 77.225925][ T5035] ? make_bad_inode+0xd6/0x170 [ 77.230704][ T5035] ntfs_iget5+0x3b0/0x38e0 [ 77.235137][ T5035] ? verify_lock_unused+0x140/0x140 [ 77.240430][ T5035] ? __lock_acquire+0x7f70/0x7f70 [ 77.245463][ T5035] ? mi_enum_attr+0x54f/0x740 [ 77.250168][ T5035] ? mi_find_attr+0x29b/0x2b0 [ 77.254861][ T5035] ? ni_find_attr+0x390/0x8d0 [ 77.259638][ T5035] ? check_index_root+0x6d0/0x6d0 [ 77.264680][ T5035] ? ni_load_mi+0x110/0x110 [ 77.269203][ T5035] ? print_irqtrace_events+0x220/0x220 [ 77.274688][ T5035] ni_update_parent+0x806/0xc80 [ 77.279551][ T5035] ? ni_write_inode+0x1080/0x1080 [ 77.284751][ T5035] ? mi_find_attr+0x29b/0x2b0 [ 77.289528][ T5035] ni_write_inode+0xe48/0x1080 [ 77.294314][ T5035] ? ni_is_dirty+0x190/0x190 [ 77.298912][ T5035] ? block_truncate_page+0x701/0x9e0 [ 77.304217][ T5035] ntfs3_setattr+0x725/0xae0 [ 77.308822][ T5035] ? ntfs_getattr+0x2e0/0x2e0 [ 77.313532][ T5035] ? evm_inode_setattr+0x100/0x740 [ 77.318742][ T5035] ? bpf_lsm_inode_setattr+0x9/0x10 [ 77.324065][ T5035] ? security_inode_setattr+0xd7/0x130 [ 77.329535][ T5035] ? ntfs_getattr+0x2e0/0x2e0 [ 77.334216][ T5035] notify_change+0xb99/0xe60 [ 77.338833][ T5035] do_truncate+0x220/0x300 [ 77.343445][ T5035] ? put_page_bootmem+0x2e0/0x2e0 [ 77.348487][ T5035] ? bpf_lsm_path_truncate+0x9/0x10 [ 77.353779][ T5035] vfs_truncate+0x2e1/0x3a0 [ 77.358295][ T5035] do_sys_truncate+0xde/0x190 [ 77.362993][ T5035] ? break_lease+0xd0/0xd0 [ 77.367425][ T5035] ? syscall_enter_from_user_mode+0x32/0x230 [ 77.373415][ T5035] ? syscall_enter_from_user_mode+0x8c/0x230 [ 77.379407][ T5035] do_syscall_64+0x41/0xc0 [ 77.383826][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.389726][ T5035] RIP: 0033:0x7f03ad8735f9 [ 77.394243][ T5035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.414027][ T5035] RSP: 002b:00007ffd3e94d2c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c truncate("./file0/file0", 3) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 77.422444][ T5035] RAX: ffffffffffffffda RBX: 000