./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2027829262 <...> Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts. execve("./syz-executor2027829262", ["./syz-executor2027829262"], 0x7fff0782b1b0 /* 10 vars */) = 0 brk(NULL) = 0x55558a70a000 brk(0x55558a70ad00) = 0x55558a70ad00 arch_prctl(ARCH_SET_FS, 0x55558a70a380) = 0 set_tid_address(0x55558a70a650) = 5088 set_robust_list(0x55558a70a660, 24) = 0 rseq(0x55558a70aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2027829262", 4096) = 28 getrandom("\x8d\x4b\xb8\x98\x74\x80\x24\x50", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558a70ad00 brk(0x55558a72bd00) = 0x55558a72bd00 brk(0x55558a72c000) = 0x55558a72c000 mprotect(0x7fa5089d8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a70a650) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x55558a70a660, 24) = 0 [pid 5089] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setsid() = 1 [pid 5089] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5089] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5089] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5089] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5089] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5089] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5089] unshare(CLONE_NEWNS) = 0 [pid 5089] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5089] unshare(CLONE_NEWIPC) = 0 [pid 5089] unshare(CLONE_NEWCGROUP) = 0 [pid 5089] unshare(CLONE_NEWUTS) = 0 [pid 5089] unshare(CLONE_SYSVSEM) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "16777216", 8) = 8 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "536870912", 9) = 9 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1024", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "8192", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1024", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1024", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5089] close(3) = 0 [pid 5089] getpid() = 1 [pid 5089] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x13e/0x1d0 [ 75.727061][ C1] [ 75.727061][ C1] but task is already holding lock: [ 75.734410][ C1] ffff8880116d0e00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x27a/0xce0 [ 75.744665][ C1] [ 75.744665][ C1] other info that might help us debug this: [ 75.752702][ C1] Possible unsafe locking scenario: [ 75.752702][ C1] [ 75.760136][ C1] CPU0 [ 75.763398][ C1] ---- [ 75.766661][ C1] lock(&hsr->seqnr_lock); [ 75.771148][ C1] lock(&hsr->seqnr_lock); [ 75.775651][ C1] [ 75.775651][ C1] *** DEADLOCK *** [ 75.775651][ C1] [ 75.783791][ C1] May be due to missing lock nesting notation [ 75.783791][ C1] [ 75.792094][ C1] 7 locks held by swapper/1/0: [ 75.796839][ C1] #0: ffffc90000a08c00 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 75.806834][ C1] #1: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0xa3/0x370 [ 75.815960][ C1] #2: ffff8880116d0e00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x27a/0xce0 [ 75.826657][ C1] #3: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xae/0x2680 [ 75.836136][ C1] #4: ffffffff8e334f00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30 [ 75.846067][ C1] #5: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x1b9/0x1a10 [ 75.855293][ C1] #6: ffffffff8e334f00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30 [ 75.865227][ C1] [ 75.865227][ C1] stack backtrace: [ 75.871110][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.9.0-rc6-syzkaller-01461-g5829614a7b3b #0 [ 75.880726][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 75.890768][ C1] Call Trace: [ 75.894033][ C1] [ 75.896866][ C1] dump_stack_lvl+0x241/0x360 [ 75.901534][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.906746][ C1] ? print_deadlock_bug+0x479/0x620 [ 75.911932][ C1] ? _find_first_zero_bit+0xd4/0x100 [ 75.917211][ C1] validate_chain+0x15c1/0x58e0 [ 75.922060][ C1] ? __pfx_validate_chain+0x10/0x10 [ 75.927263][ C1] ? hlock_conflict+0x59/0x1e0 [ 75.932018][ C1] ? __bfs+0x368/0x6f0 [ 75.936086][ C1] ? __pfx_hlock_conflict+0x10/0x10 [ 75.941305][ C1] ? __pfx___bfs+0x10/0x10 [ 75.945717][ C1] ? __pfx_validate_chain+0x10/0x10 [ 75.950918][ C1] ? check_path+0x21/0x40 [ 75.955246][ C1] ? mark_lock+0x9a/0x350 [ 75.959574][ C1] __lock_acquire+0x1346/0x1fd0 [ 75.964432][ C1] lock_acquire+0x1ed/0x550 [ 75.968946][ C1] ? hsr_dev_xmit+0x13e/0x1d0 [ 75.973611][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 75.978636][ C1] ? hsr_dev_xmit+0x13e/0x1d0 [ 75.983315][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 75.989110][ C1] ? netif_skb_features+0x7f4/0xbb0 [ 75.994297][ C1] ? hsr_dev_xmit+0x13e/0x1d0 [ 75.998964][ C1] _raw_spin_lock_bh+0x35/0x50 [ 76.003721][ C1] ? hsr_dev_xmit+0x13e/0x1d0 [ 76.008390][ C1] hsr_dev_xmit+0x13e/0x1d0 [ 76.012897][ C1] dev_hard_start_xmit+0x27a/0x7e0 [ 76.018004][ C1] __dev_queue_xmit+0x1b0e/0x3d30 [ 76.023039][ C1] ? __dev_queue_xmit+0x2d2/0x3d30 [ 76.028157][ C1] ? mark_lock+0x9a/0x350 [ 76.032482][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 76.037864][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 76.042884][ C1] ? skb_push+0x97/0x100 [ 76.047122][ C1] br_dev_queue_push_xmit+0x701/0x8d0 [ 76.052481][ C1] ? __pfx_lock_release+0x10/0x10 [ 76.057494][ C1] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 76.063390][ C1] NF_HOOK+0x3a7/0x460 [ 76.067446][ C1] ? NF_HOOK+0x9f/0x460 [ 76.071593][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 76.076175][ C1] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 76.082059][ C1] ? __pfx_lock_release+0x10/0x10 [ 76.087068][ C1] ? dev_hard_start_xmit+0x27a/0x7e0 [ 76.092339][ C1] ? hsr_forward_skb+0x170d/0x2680 [ 76.097437][ C1] ? hsr_announce+0x1a9/0x370 [ 76.102097][ C1] ? __run_timer_base+0x66a/0x8e0 [ 76.107111][ C1] ? __do_softirq+0x2c6/0x980 [ 76.111772][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 76.116524][ C1] br_forward_finish+0xe5/0x140 [ 76.121366][ C1] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 76.127245][ C1] NF_HOOK+0x3a7/0x460 [ 76.131301][ C1] ? NF_HOOK+0x9f/0x460 [ 76.135446][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 76.140042][ C1] __br_forward+0x489/0x660 [ 76.144536][ C1] ? __pfx_br_forward_finish+0x10/0x10 [ 76.149983][ C1] ? __pfx___br_forward+0x10/0x10 [ 76.154995][ C1] ? skb_clone+0x240/0x390 [ 76.159400][ C1] maybe_deliver+0xb3/0x150 [ 76.163889][ C1] br_flood+0x2e4/0x660 [ 76.168036][ C1] br_dev_xmit+0x118c/0x1a10 [ 76.172636][ C1] ? mark_lock+0x9a/0x350 [ 76.176971][ C1] ? br_dev_xmit+0x1b9/0x1a10 [ 76.181651][ C1] ? __pfx_br_dev_xmit+0x10/0x10 [ 76.186579][ C1] ? __pfx_validate_xmit_xfrm+0x10/0x10 [ 76.192129][ C1] ? __pfx_passthru_features_check+0x10/0x10 [ 76.198129][ C1] ? __pfx_passthru_features_check+0x10/0x10 [ 76.204116][ C1] ? netif_skb_features+0x7f4/0xbb0 [ 76.209307][ C1] ? validate_xmit_skb+0xa04/0x1120 [ 76.214505][ C1] dev_hard_start_xmit+0x27a/0x7e0 [ 76.219669][ C1] __dev_queue_xmit+0x1b0e/0x3d30 [ 76.224863][ C1] ? acpi_idle_enter+0xe4/0x140 [ 76.229712][ C1] ? cpuidle_enter_state+0x112/0x480 [ 76.234992][ C1] ? cpuidle_enter+0x5d/0xa0 [ 76.239571][ C1] ? __dev_queue_xmit+0x2d2/0x3d30 [ 76.244691][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 76.250054][ C1] ? __copy_skb_header+0x437/0x5b0 [ 76.255159][ C1] ? __asan_memcpy+0x40/0x70 [ 76.259774][ C1] ? __copy_skb_header+0x437/0x5b0 [ 76.264897][ C1] ? __skb_clone+0x454/0x6c0 [ 76.269475][ C1] ? hsr_addr_subst_dest+0x30a/0xac0 [ 76.274748][ C1] ? skb_clone+0x240/0x390 [ 76.279172][ C1] hsr_forward_skb+0x170d/0x2680 [ 76.284104][ C1] ? hsr_forward_skb+0xae/0x2680 [ 76.289047][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 76.294324][ C1] ? __asan_memset+0x23/0x50 [ 76.298906][ C1] ? __skb_pad+0x3d7/0x5c0 [ 76.303315][ C1] send_hsr_supervision_frame+0x660/0xce0 [ 76.309116][ C1] hsr_announce+0x1a9/0x370 [ 76.313606][ C1] ? hsr_announce+0xa3/0x370 [ 76.318182][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.323214][ C1] ? call_timer_fn+0xa8/0x650 [ 76.327883][ C1] call_timer_fn+0x18e/0x650 [ 76.332462][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.337475][ C1] ? call_timer_fn+0xc0/0x650 [ 76.342153][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.347164][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 76.352266][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.357293][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.362342][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.367362][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.372552][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 76.377739][ C1] ? __pfx_hsr_announce+0x10/0x10 [ 76.382750][ C1] __run_timer_base+0x66a/0x8e0 [ 76.387593][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 76.392952][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.399262][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 76.404473][ C1] run_timer_softirq+0xb7/0x170 [ 76.409308][ C1] __do_softirq+0x2c6/0x980 [ 76.413810][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 76.418563][ C1] ? __pfx___do_softirq+0x10/0x10 [ 76.423587][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 76.428780][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 76.433357][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 76.438546][ C1] irq_exit_rcu+0x9/0x30 [ 76.442774][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 76.448393][ C1] [ 76.451306][ C1] [ 76.454222][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.460192][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 76.465477][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 c0 d3 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d c5 ac a6 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 76.485073][ C1] RSP: 0018:ffffc90000197d08 EFLAGS: 00000246 [ 76.491127][ C1] RAX: ffff8880172c5a00 RBX: ffff888017aeb864 RCX: 000000000001f6f1 [ 76.499087][ C1] RDX: 0000000000000001 RSI: ffff888017aeb800 RDI: ffff888017aeb864 [ 76.507045][ C1] RBP: 000000000003a478 R08: ffff8880b9537ccb R09: 1ffff110172a6f99 [ 76.515005][ C1] R10: dffffc0000000000 R11: ffffffff8b82a030 R12: ffff88801af17000 [ 76.522977][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8eac4160 [ 76.530935][ C1] ? __pfx_acpi_idle_enter+0x10/0x10 [ 76.536223][ C1] acpi_idle_enter+0xe4/0x140 [ 76.540900][ C1] cpuidle_enter_state+0x112/0x480 [ 76.546033][ C1] ? __pfx_menu_select+0x10/0x10 [ 76.550971][ C1] cpuidle_enter+0x5d/0xa0 [ 76.555380][ C1] do_idle+0x375/0x5d0 [ 76.559459][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.565779][ C1] ? __pfx_do_idle+0x10/0x10 [ 76.570361][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.576270][ C1] ? complete+0xb4/0x1c0 [ 76.580528][ C1] cpu_startup_entry+0x42/0x60 [ 76.585284][ C1] start_secondary+0x100/0x100 [ 76.590043][ C1] common_startup_64+0x13e/0x147 [ 76.594982][ C1] [pid 5089] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=1, si_utime=0, si_stime=113 /* 1.13 s */} --- exit_group(0) = ? +++ exited with 0 +++