./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1584947942

<...>
Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts.
execve("./syz-executor1584947942", ["./syz-executor1584947942"], 0x7ffcf012f970 /* 10 vars */) = 0
brk(NULL)                               = 0x555556d03000
brk(0x555556d03c40)                     = 0x555556d03c40
arch_prctl(ARCH_SET_FS, 0x555556d03300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1584947942", 4096) = 28
brk(0x555556d24c40)                     = 0x555556d24c40
brk(0x555556d25000)                     = 0x555556d25000
mprotect(0x7fcf833cc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached
, child_tidptr=0x555556d035d0) = 5070
[pid  5070] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5070] setsid()                    = 1
[pid  5070] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5070] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5070] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5070] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5070] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5070] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5070] unshare(CLONE_NEWNS)        = 0
[pid  5070] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5070] unshare(CLONE_NEWIPC)       = 0
[pid  5070] unshare(CLONE_NEWCGROUP)    = 0
[pid  5070] unshare(CLONE_NEWUTS)       = 0
[pid  5070] unshare(CLONE_SYSVSEM)      = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "16777216", 8)     = 8
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "536870912", 9)    = 9
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1024", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "8192", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1024", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1024", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5070] close(3)                    = 0
[pid  5070] getpid()                    = 1
[pid  5070] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5070] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5070] unshare(CLONE_NEWNET)       = 0
[pid  5070] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "0 65535", 7)      = 7
[pid  5070] close(3)                    = 0
[pid  5070] mkdir("/dev/binderfs", 0777) = 0
[pid  5070] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5070] memfd_create("syzkaller", 0) = 3
[pid  5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf7aef2000
[pid  5070] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid  5070] munmap(0x7fcf7aef2000, 2097152) = 0
[pid  5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5070] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5070] close(3)                    = 0
[pid  5070] mkdir("./file0", 0777)      = 0
[pid  5070] mount("/dev/loop0", "./file0", "ntfs", 0, "") = 0
[pid  5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5070] chdir("./file0")            = 0
[pid  5070] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5070] close(4)                    = 0
[pid  5070] open(".", O_RDONLY)         = 4
[pid  5070] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x06\x00\x00\x00\x06\x00\x00\x00\xff\x01\x00\x00\x01\x00\x00\x00"}, O_RDWR|O_TRUNC) = 5
[pid  5070] exit_group(1)               = ?
[   42.013977][ T5070] loop0: detected capacity change from 0 to 4096
[   42.030395][ T5070] ntfs: volume version 3.1.
[   42.068963][ T5070] 
[   42.071322][ T5070] ======================================================
[   42.078326][ T5070] WARNING: possible circular locking dependency detected
[   42.085316][ T5070] 6.2.0-syzkaller-06695-gd8ca6dbb8de7 #0 Not tainted
[   42.091958][ T5070] ------------------------------------------------------
[   42.099031][ T5070] syz-executor158/5070 is trying to acquire lock:
[   42.105427][ T5070] ffff888072cf1a50 (&lcnbmp_mrec_lock_key){+.+.}-{3:3}, at: map_mft_record+0x40/0x6c0
[   42.115005][ T5070] 
[   42.115005][ T5070] but task is already holding lock:
[   42.122343][ T5070] ffff888027f099f8 (&vol->lcnbmp_lock){+.+.}-{3:3}, at: ntfs_put_super+0x39c/0x1700
[   42.131703][ T5070] 
[   42.131703][ T5070] which lock already depends on the new lock.
[   42.131703][ T5070] 
[   42.142076][ T5070] 
[   42.142076][ T5070] the existing dependency chain (in reverse order) is:
[   42.151062][ T5070] 
[   42.151062][ T5070] -> #1 (&vol->lcnbmp_lock){+.+.}-{3:3}:
[   42.158850][ T5070]        down_write+0x92/0x200
[   42.163597][ T5070]        __ntfs_cluster_free+0x12d/0xbe0
[   42.169210][ T5070]        ntfs_truncate+0x16c1/0x2a50
[   42.174483][ T5070]        ntfs_setattr+0x397/0x560
[   42.179489][ T5070]        notify_change+0xb2c/0x1180
[   42.184679][ T5070]        do_truncate+0x143/0x200
[   42.189605][ T5070]        path_openat+0x2083/0x2750
[   42.194705][ T5070]        do_file_open_root+0x2cc/0x590
[   42.200151][ T5070]        file_open_root+0x2b1/0x430
[   42.205336][ T5070]        do_handle_open+0x327/0x8b0
[   42.210516][ T5070]        do_syscall_64+0x39/0xb0
[   42.215449][ T5070]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.221853][ T5070] 
[   42.221853][ T5070] -> #0 (&lcnbmp_mrec_lock_key){+.+.}-{3:3}:
[   42.230007][ T5070]        __lock_acquire+0x2ec7/0x5d40
[   42.235365][ T5070]        lock_acquire+0x1e3/0x670
[   42.240381][ T5070]        __mutex_lock+0x12f/0x1350
[   42.245567][ T5070]        map_mft_record+0x40/0x6c0
[   42.250661][ T5070]        __ntfs_write_inode+0x88/0xc40
[   42.256105][ T5070]        ntfs_put_super+0xf43/0x1700
[   42.261376][ T5070]        generic_shutdown_super+0x158/0x480
[   42.267350][ T5070]        kill_block_super+0x9b/0xf0
[   42.272536][ T5070]        deactivate_locked_super+0x98/0x160
[   42.278417][ T5070]        deactivate_super+0xb1/0xd0
[   42.283600][ T5070]        cleanup_mnt+0x2ae/0x3d0
[   42.288525][ T5070]        task_work_run+0x16f/0x270
[   42.293627][ T5070]        do_exit+0xad3/0x2a40
[   42.298294][ T5070]        do_group_exit+0xd4/0x2a0
[   42.303301][ T5070]        __x64_sys_exit_group+0x3e/0x50
[   42.308830][ T5070]        do_syscall_64+0x39/0xb0
[   42.313761][ T5070]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.320165][ T5070] 
[   42.320165][ T5070] other info that might help us debug this:
[   42.320165][ T5070] 
[   42.330458][ T5070]  Possible unsafe locking scenario:
[   42.330458][ T5070] 
[   42.337884][ T5070]        CPU0                    CPU1
[   42.343229][ T5070]        ----                    ----
[   42.348572][ T5070]   lock(&vol->lcnbmp_lock);
[   42.353147][ T5070]                                lock(&lcnbmp_mrec_lock_key);
[   42.360582][ T5070]                                lock(&vol->lcnbmp_lock);
[   42.367681][ T5070]   lock(&lcnbmp_mrec_lock_key);
[   42.372600][ T5070] 
[   42.372600][ T5070]  *** DEADLOCK ***
[   42.372600][ T5070] 
[   42.380773][ T5070] 2 locks held by syz-executor158/5070:
[   42.386301][ T5070]  #0: ffff8880293200e0 (&type->s_umount_key#46){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0
[   42.396562][ T5070]  #1: ffff888027f099f8 (&vol->lcnbmp_lock){+.+.}-{3:3}, at: ntfs_put_super+0x39c/0x1700
[   42.406390][ T5070] 
[   42.406390][ T5070] stack backtrace:
[   42.412282][ T5070] CPU: 1 PID: 5070 Comm: syz-executor158 Not tainted 6.2.0-syzkaller-06695-gd8ca6dbb8de7 #0
[   42.422331][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[   42.432371][ T5070] Call Trace:
[   42.435635][ T5070]  <TASK>
[   42.438565][ T5070]  dump_stack_lvl+0xd9/0x150
[   42.443148][ T5070]  check_noncircular+0x25f/0x2e0
[   42.448079][ T5070]  ? print_circular_bug+0x5c0/0x5c0
[   42.453266][ T5070]  ? unwind_next_frame+0xe14/0x1f60
[   42.458451][ T5070]  ? arch_stack_walk+0x60/0xf0
[   42.463204][ T5070]  ? is_bpf_text_address+0x9d/0x1b0
[   42.468402][ T5070]  __lock_acquire+0x2ec7/0x5d40
[   42.473244][ T5070]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   42.479213][ T5070]  ? filter_irq_stacks+0x90/0x90
[   42.484141][ T5070]  lock_acquire+0x1e3/0x670
[   42.488637][ T5070]  ? map_mft_record+0x40/0x6c0
[   42.493389][ T5070]  ? lock_release+0x780/0x780
[   42.498229][ T5070]  ? __lock_acquire+0x27b0/0x5d40
[   42.503246][ T5070]  __mutex_lock+0x12f/0x1350
[   42.507823][ T5070]  ? map_mft_record+0x40/0x6c0
[   42.512578][ T5070]  ? map_mft_record+0x40/0x6c0
[   42.517331][ T5070]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   42.523041][ T5070]  ? lock_release+0x780/0x780
[   42.527707][ T5070]  map_mft_record+0x40/0x6c0
[   42.532285][ T5070]  __ntfs_write_inode+0x88/0xc40
[   42.537213][ T5070]  ntfs_put_super+0xf43/0x1700
[   42.541987][ T5070]  ? ntfs_fill_super+0x9400/0x9400
[   42.547087][ T5070]  generic_shutdown_super+0x158/0x480
[   42.552451][ T5070]  kill_block_super+0x9b/0xf0
[   42.557140][ T5070]  deactivate_locked_super+0x98/0x160
[   42.562499][ T5070]  deactivate_super+0xb1/0xd0
[   42.567166][ T5070]  cleanup_mnt+0x2ae/0x3d0
[   42.571746][ T5070]  task_work_run+0x16f/0x270
[   42.576328][ T5070]  ? task_work_cancel+0x30/0x30
[   42.581169][ T5070]  do_exit+0xad3/0x2a40
[   42.585328][ T5070]  ? mm_update_next_owner+0x7b0/0x7b0
[   42.590695][ T5070]  ? _raw_spin_unlock_irq+0x23/0x50
[   42.595895][ T5070]  do_group_exit+0xd4/0x2a0
[   42.600382][ T5070]  __x64_sys_exit_group+0x3e/0x50
[   42.605387][ T5070]  do_syscall_64+0x39/0xb0
[   42.609806][ T5070]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.615689][ T5070] RIP: 0033:0x7fcf8333da29
[   42.620089][ T5070] Code: Unable to access opcode bytes at 0x7fcf8333d9ff.
[   42.627087][ T5070] RSP: 002b:00007fff4233dbf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.635484][ T5070] RAX: ffffffffffffffda RBX: 00007fcf833d2330 RCX: 00007fcf8333da29
[   42.643460][ T5070] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   42.651416][ T5070] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fcf833cce40
[   42.659374][ T5070] R10: 000000000001f1b4 R11: 0000000000000246 R12: 00007fcf833d2330
[pid  5070] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=1, si_utime=0, si_stime=7 /* 0.07 s */} ---
exit_group(0)                           = ?
+++ exited with 0 +++
[   42.667417][ T5070] R13: 0000000000000001 R14: