./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2137308329

<...>
Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts.
execve("./syz-executor2137308329", ["./syz-executor2137308329"], 0x7ffdbb1ccb50 /* 10 vars */) = 0
brk(NULL)                               = 0x555571106000
brk(0x555571106d00)                     = 0x555571106d00
arch_prctl(ARCH_SET_FS, 0x555571106380) = 0
set_tid_address(0x555571106650)         = 5832
set_robust_list(0x555571106660, 24)     = 0
rseq(0x555571106ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2137308329", 4096) = 28
getrandom("\xc4\x20\x33\x60\xe6\xc9\xd2\xaa", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555571106d00
brk(0x555571127d00)                     = 0x555571127d00
brk(0x555571128000)                     = 0x555571128000
mprotect(0x7f4e3481a000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
write(1, "executing program\n", 18executing program
)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e2c200000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f4e2c200000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file0", 0777)                  = 0
[   81.073217][ T5832] loop0: detected capacity change from 0 to 4096
[   81.114082][ T5832] =======================================================
[   81.114082][ T5832] WARNING: The mand mount option has been deprecated and
[   81.114082][ T5832]          and is ignored by this kernel. Remove the mand
[   81.114082][ T5832]          option from the mount to silence this warning.
[   81.114082][ T5832] =======================================================
[   81.161384][ T5832] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   81.200342][ T5832] ntfs3(loop0): ino=19, mi_enum_attr
[   81.207144][ T5832] ntfs3(loop0): Mark volume as dirty due to NTFS errors
mount("/dev/loop0", "./file0", "ntfs3", MS_MANDLOCK|MS_NODIRATIME|MS_REC|MS_SILENT|MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME, "gid=0x0000000000000000,iocharset=cp865,discard,force,acl,uid=0x000000000000ee01,acl,sparse,force,noh"...) = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
chdir("./file0")                        = 0
openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4
write(4, "\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xea\x09\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 96) = 96
ioctl(4, FS_IOC_FIEMAP, {fm_start=8, fm_length=9223372036854775807, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=131072} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1
openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5
[   81.322205][ T5832] 
[   81.324604][ T5832] ======================================================
[   81.333545][ T5832] WARNING: possible circular locking dependency detected
[   81.341245][ T5832] 6.14.0-rc4-syzkaller #0 Not tainted
[   81.348180][ T5832] ------------------------------------------------------
[   81.355571][ T5832] syz-executor213/5832 is trying to acquire lock:
[   81.363422][ T5832] ffff888076492d10 (&ni->ni_lock/5){+.+.}-{4:4}, at: attr_data_get_block+0x464/0x2fb0
[   81.374168][ T5832] 
[   81.374168][ T5832] but task is already holding lock:
[   81.383211][ T5832] ffff88807f554620 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x182/0x430
[   81.393345][ T5832] 
[   81.393345][ T5832] which lock already depends on the new lock.
[   81.393345][ T5832] 
[   81.406340][ T5832] 
[   81.406340][ T5832] the existing dependency chain (in reverse order) is:
[   81.416406][ T5832] 
[   81.416406][ T5832] -> #1 (&mm->mmap_lock){++++}-{4:4}:
[   81.426123][ T5832]        lock_acquire+0x1ed/0x550
[   81.432063][ T5832]        __might_fault+0xc6/0x120
[   81.438067][ T5832]        _copy_to_user+0x2c/0xb0
[   81.447544][ T5832]        fiemap_fill_next_extent+0x235/0x420
[   81.454774][ T5832]        ni_fiemap+0xfec/0x1270
[   81.463342][ T5832]        ntfs_fiemap+0x132/0x180
[   81.470396][ T5832]        do_vfs_ioctl+0x1981/0x2770
[   81.476366][ T5832]        __se_sys_ioctl+0x80/0x170
[   81.484644][ T5832]        do_syscall_64+0xf3/0x230
[   81.490621][ T5832]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.498338][ T5832] 
[   81.498338][ T5832] -> #0 (&ni->ni_lock/5){+.+.}-{4:4}:
[   81.509335][ T5832]        validate_chain+0x18ef/0x5920
[   81.522166][ T5832]        __lock_acquire+0x1397/0x2100
[   81.531413][ T5832]        lock_acquire+0x1ed/0x550
[   81.537943][ T5832]        __mutex_lock+0x19c/0x1010
[   81.545477][ T5832]        attr_data_get_block+0x464/0x2fb0
[   81.551858][ T5832]        ntfs_file_mmap+0x4f2/0x850
[   81.559549][ T5832]        mmap_region+0x247c/0x2fa0
[   81.568224][ T5832]        do_mmap+0xecc/0x13a0
[   81.575376][ T5832]        vm_mmap_pgoff+0x214/0x430
[   81.586362][ T5832]        ksys_mmap_pgoff+0x4eb/0x720
[   81.594518][ T5832]        do_syscall_64+0xf3/0x230
[   81.606112][ T5832]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.614666][ T5832] 
[   81.614666][ T5832] other info that might help us debug this:
[   81.614666][ T5832] 
[   81.628439][ T5832]  Possible unsafe locking scenario:
[   81.628439][ T5832] 
[   81.638527][ T5832]        CPU0                    CPU1
[   81.645311][ T5832]        ----                    ----
[   81.651148][ T5832]   lock(&mm->mmap_lock);
[   81.655701][ T5832]                                lock(&ni->ni_lock/5);
[   81.664291][ T5832]                                lock(&mm->mmap_lock);
[   81.672311][ T5832]   lock(&ni->ni_lock/5);
[   81.677137][ T5832] 
[   81.677137][ T5832]  *** DEADLOCK ***
[   81.677137][ T5832] 
[   81.687794][ T5832] 1 lock held by syz-executor213/5832:
[   81.693676][ T5832]  #0: ffff88807f554620 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x182/0x430
[   81.704703][ T5832] 
[   81.704703][ T5832] stack backtrace:
[   81.711587][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz-executor213 Not tainted 6.14.0-rc4-syzkaller #0
[   81.711607][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   81.711620][ T5832] Call Trace:
[   81.711632][ T5832]  <TASK>
[   81.711639][ T5832]  dump_stack_lvl+0x241/0x360
[   81.711659][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.711673][ T5832]  ? __pfx__printk+0x10/0x10
[   81.711700][ T5832]  print_circular_bug+0x13a/0x1b0
[   81.711718][ T5832]  check_noncircular+0x36a/0x4a0
[   81.711735][ T5832]  ? __pfx_check_noncircular+0x10/0x10
[   81.711751][ T5832]  ? lockdep_lock+0x123/0x2b0
[   81.711772][ T5832]  ? lockdep_unlock+0x16a/0x300
[   81.711791][ T5832]  ? __pfx_lockdep_unlock+0x10/0x10
[   81.711811][ T5832]  validate_chain+0x18ef/0x5920
[   81.711834][ T5832]  ? __pfx_validate_chain+0x10/0x10
[   81.711850][ T5832]  ? __pfx_validate_chain+0x10/0x10
[   81.711864][ T5832]  ? __pfx_validate_chain+0x10/0x10
[   81.711879][ T5832]  ? __lock_acquire+0x1397/0x2100
[   81.711902][ T5832]  ? look_up_lock_class+0x77/0x170
[   81.711922][ T5832]  ? register_lock_class+0x102/0x980
[   81.711944][ T5832]  ? __pfx_register_lock_class+0x10/0x10
[   81.711967][ T5832]  ? mark_lock+0x9a/0x360
[   81.711991][ T5832]  __lock_acquire+0x1397/0x2100
[   81.712018][ T5832]  lock_acquire+0x1ed/0x550
[   81.712038][ T5832]  ? attr_data_get_block+0x464/0x2fb0
[   81.712066][ T5832]  ? __pfx_lock_acquire+0x10/0x10
[   81.712087][ T5832]  ? __pfx___might_resched+0x10/0x10
[   81.712106][ T5832]  ? __pfx_lock_acquire+0x10/0x10
[   81.712127][ T5832]  ? __pfx___might_resched+0x10/0x10
[   81.712145][ T5832]  ? __pfx_lock_release+0x10/0x10
[   81.712168][ T5832]  __mutex_lock+0x19c/0x1010
[   81.712188][ T5832]  ? attr_data_get_block+0x464/0x2fb0
[   81.712215][ T5832]  ? attr_data_get_block+0x464/0x2fb0
[   81.712245][ T5832]  ? attr_data_get_block+0x356/0x2fb0
[   81.712268][ T5832]  ? __pfx___mutex_lock+0x10/0x10
[   81.712288][ T5832]  ? __up_read+0x2c2/0x6b0
[   81.712303][ T5832]  ? __pfx___up_read+0x10/0x10
[   81.712318][ T5832]  ? run_lookup_entry+0xbd/0x560
[   81.712336][ T5832]  attr_data_get_block+0x464/0x2fb0
[   81.712361][ T5832]  ? __pfx_stack_trace_save+0x10/0x10
[   81.712379][ T5832]  ? vm_area_alloc+0x10e/0x1d0
[   81.712406][ T5832]  ? vm_area_alloc+0x10e/0x1d0
[   81.712432][ T5832]  ? __pfx_attr_data_get_block+0x10/0x10
[   81.712457][ T5832]  ? mas_wr_store_type+0xc22/0x16c0
[   81.712481][ T5832]  ntfs_file_mmap+0x4f2/0x850
[   81.712499][ T5832]  ? __pfx_ntfs_file_mmap+0x10/0x10
[   81.712515][ T5832]  ? __mas_set_range+0x133/0x3c0
[   81.712531][ T5832]  mmap_region+0x247c/0x2fa0
[   81.712565][ T5832]  ? __pfx_mmap_region+0x10/0x10
[   81.712591][ T5832]  ? process_measurement+0x1a33/0x1fb0
[   81.712632][ T5832]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   81.712658][ T5832]  ? rcu_is_watching+0x15/0xb0
[   81.712673][ T5832]  ? cap_capable+0x139/0x450
[   81.712695][ T5832]  ? cap_mmap_addr+0xaa/0xf0
[   81.712716][ T5832]  ? safesetid_security_capable+0xb2/0x1d0
[   81.712739][ T5832]  ? bpf_lsm_capable+0x9/0x10
[   81.712762][ T5832]  ? shmem_mapping+0xd/0x50
[   81.712780][ T5832]  do_mmap+0xecc/0x13a0
[   81.712799][ T5832]  ? __pfx_do_mmap+0x10/0x10
[   81.712814][ T5832]  ? down_write_killable+0x19e/0x260
[   81.712835][ T5832]  ? vm_mmap_pgoff+0x182/0x430
[   81.712853][ T5832]  ? __pfx_down_write_killable+0x10/0x10
[   81.712878][ T5832]  vm_mmap_pgoff+0x214/0x430
[   81.712899][ T5832]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   81.712916][ T5832]  ? __fget_files+0x2a/0x410
[   81.712932][ T5832]  ? __fget_files+0x395/0x410
[   81.712946][ T5832]  ? __fget_files+0x2a/0x410
[   81.712961][ T5832]  ksys_mmap_pgoff+0x4eb/0x720
[   81.712978][ T5832]  ? __x64_sys_mmap+0x7f/0x140
[   81.712999][ T5832]  do_syscall_64+0xf3/0x230
[   81.713019][ T5832]  ? clear_bhb_loop+0x35/0x90
[   81.713042][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.713064][ T5832] RIP: 0033:0x7f4e34788c49
[   81.713083][ T5832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.713096][ T5832] RSP: 002b:00007ffcc0c215c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
mmap(0x400000000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_NONBLOCK|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x400000000000
exit_group(0)                           = ?
+++ exited with 0 +++
[   81.713112][ T5832]