./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor591467904 <...> Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. execve("./syz-executor591467904", ["./syz-executor591467904"], 0x7ffce50258e0 /* 10 vars */) = 0 brk(NULL) = 0x555572c48000 brk(0x555572c48d00) = 0x555572c48d00 arch_prctl(ARCH_SET_FS, 0x555572c48380) = 0 set_tid_address(0x555572c48650) = 5830 set_robust_list(0x555572c48660, 24) = 0 rseq(0x555572c48ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor591467904", 4096) = 27 getrandom("\x7c\x72\x93\x3c\x5a\xa0\xee\xb0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555572c48d00 brk(0x555572c69d00) = 0x555572c69d00 brk(0x555572c6a000) = 0x555572c6a000 mprotect(0x7ff2383ec000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 madvise(0x20000000, 8388608, MADV_HUGEPAGE) = 0 userfaultfd(UFFD_USER_MODE_ONLY) = 3 [ 61.345803][ T5830] [ 61.348154][ T5830] ============================================ [ 61.354284][ T5830] WARNING: possible recursive locking detected [ 61.360419][ T5830] 6.13.0-rc3-next-20241218-syzkaller #0 Not tainted [ 61.366993][ T5830] -------------------------------------------- [ 61.373134][ T5830] syz-executor591/5830 is trying to acquire lock: [ 61.379525][ T5830] ffff8880122abc08 (vm_lock){++++}-{0:0}, at: move_pages+0x26b/0x1680 [ 61.387706][ T5830] [ 61.387706][ T5830] but task is already holding lock: [ 61.395047][ T5830] ffff88823bfcafc8 (vm_lock){++++}-{0:0}, at: uffd_lock_vma+0x20c/0x2c0 [ 61.403375][ T5830] [ 61.403375][ T5830] other info that might help us debug this: [ 61.411416][ T5830] Possible unsafe locking scenario: [ 61.411416][ T5830] [ 61.418846][ T5830] CPU0 [ 61.422108][ T5830] ---- [ 61.425368][ T5830] lock(vm_lock); [ 61.429086][ T5830] lock(vm_lock); [ 61.432789][ T5830] [ 61.432789][ T5830] *** DEADLOCK *** [ 61.432789][ T5830] [ 61.440910][ T5830] May be due to missing lock nesting notation [ 61.440910][ T5830] [ 61.449210][ T5830] 2 locks held by syz-executor591/5830: [ 61.454738][ T5830] #0: ffff88823bfcafc8 (vm_lock){++++}-{0:0}, at: uffd_lock_vma+0x20c/0x2c0 [ 61.463596][ T5830] #1: ffffffff8e937d20 (rcu_read_lock){....}-{1:3}, at: lock_vma_under_rcu+0x1dd/0xa40 [ 61.473324][ T5830] [ 61.473324][ T5830] stack backtrace: [ 61.479210][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor591 Not tainted 6.13.0-rc3-next-20241218-syzkaller #0 [ 61.479223][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 61.479232][ T5830] Call Trace: [ 61.479238][ T5830] [ 61.479243][ T5830] dump_stack_lvl+0x241/0x360 [ 61.479255][ T5830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.479264][ T5830] ? __pfx__printk+0x10/0x10 [ 61.479278][ T5830] ? lockdep_unlock+0x16a/0x300 [ 61.479293][ T5830] print_deadlock_bug+0x483/0x620 [ 61.479301][ T5830] ? lockdep_unlock+0x16a/0x300 [ 61.479317][ T5830] validate_chain+0x15e2/0x5920 [ 61.479335][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 61.479348][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 61.479362][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 61.479376][ T5830] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 61.479387][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 61.479401][ T5830] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 61.479413][ T5830] ? look_up_lock_class+0x77/0x170 [ 61.479431][ T5830] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 61.479444][ T5830] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 61.479455][ T5830] ? stack_trace_save+0x118/0x1d0 [ 61.479466][ T5830] ? mark_lock+0x9a/0x360 [ 61.479479][ T5830] __lock_acquire+0x1397/0x2100 [ 61.479494][ T5830] lock_acquire+0x1ed/0x550 [ 61.479506][ T5830] ? move_pages+0x26b/0x1680 [ 61.479517][ T5830] ? __pfx_lock_acquire+0x10/0x10 [ 61.479531][ T5830] ? mas_walk+0x1f3/0x280 [ 61.479543][ T5830] lock_vma_under_rcu+0x370/0xa40 [ 61.479553][ T5830] ? move_pages+0x26b/0x1680 [ 61.479562][ T5830] ? lock_vma_under_rcu+0x1dd/0xa40 [ 61.479572][ T5830] ? move_pages+0x26b/0x1680 [ 61.479582][ T5830] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 61.479595][ T5830] ? uffd_lock_vma+0x22b/0x2c0 [ 61.479604][ T5830] move_pages+0x26b/0x1680 [ 61.479613][ T5830] ? __pfx___might_resched+0x10/0x10 [ 61.479624][ T5830] ? __might_fault+0xaa/0x120 [ 61.479636][ T5830] ? preempt_count_add+0x93/0x190 [ 61.479646][ T5830] ? __pfx_move_pages+0x10/0x10 [ 61.479655][ T5830] ? __might_fault+0xc6/0x120 [ 61.479666][ T5830] userfaultfd_ioctl+0x5221/0x6840 [ 61.479683][ T5830] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 61.479694][ T5830] ? stack_trace_save+0x118/0x1d0 [ 61.479703][ T5830] ? __pfx_stack_trace_save+0x10/0x10 [ 61.479714][ T5830] ? stack_depot_save_flags+0x37/0x940 [ 61.479733][ T5830] ? kasan_save_track+0x51/0x80 [ 61.479745][ T5830] ? kasan_save_track+0x3f/0x80 [ 61.479756][ T5830] ? kasan_save_free_info+0x40/0x50 [ 61.479766][ T5830] ? __kasan_slab_free+0x59/0x70 [ 61.479778][ T5830] ? kfree+0x196/0x430 [ 61.479786][ T5830] ? tomoyo_path_number_perm+0x679/0x860 [ 61.479795][ T5830] ? security_file_ioctl+0xc6/0x2a0 [ 61.479804][ T5830] ? __se_sys_ioctl+0x46/0x170 [ 61.479815][ T5830] ? do_syscall_64+0xf3/0x230 [ 61.479823][ T5830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.479836][ T5830] ? do_vfs_ioctl+0xf07/0x2e40 [ 61.479849][ T5830] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 61.479861][ T5830] ? mark_lock+0x9a/0x360 [ 61.479876][ T5830] ? tomoyo_path_number_perm+0x206/0x860 [ 61.479885][ T5830] ? __pfx_lock_release+0x10/0x10 [ 61.479898][ T5830] ? tomoyo_path_number_perm+0x679/0x860 [ 61.479907][ T5830] ? tomoyo_path_number_perm+0x679/0x860 [ 61.479917][ T5830] ? tomoyo_path_number_perm+0x6f9/0x860 [ 61.479927][ T5830] ? tomoyo_path_number_perm+0x206/0x860 [ 61.479936][ T5830] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 61.479953][ T5830] ? __pfx_ptrace_notify+0x10/0x10 [ 61.479963][ T5830] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 61.479975][ T5830] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 61.479986][ T5830] __se_sys_ioctl+0xf5/0x170 [ 61.479998][ T5830] do_syscall_64+0xf3/0x230 [ 61.480007][ T5830] ? clear_bhb_loop+0x35/0x90 [ 61.480020][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.480033][ T5830] RIP: 0033:0x7ff238379329 [ 61.480046][ T5830] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.480056][ T5830] RSP: 002b:00007ffca8233748 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.480067][ T5830] RAX: ffffffffffffffda RBX: 00007ffca8233918 RCX: 00007ff238379329 [ 61.480074][ T5830] RDX: 0000000020000080 RSI: 00000000c028aa05 RDI: 0000000000000003 ioctl(3, UFFDIO_API, {api=0xaa, features=0 => features=UFFD_FEATURE_PAGEFAULT_FLAG_WP|UFFD_FEATURE_EVENT_FORK|UFFD_FEATURE_EVENT_REMAP|UFFD_FEATURE_EVENT_REMOVE|UFFD_FEATURE_MISSING_HUGETLBFS|UFFD_FEATURE_MISSING_SHMEM|UFFD_FEATURE_EVENT_UNMAP|UFFD_FEATURE_SIGBUS|UFFD_FEATURE_THREAD_ID|UFFD_FEATURE_MINOR_HUGETLBFS|UFFD_FEATURE_MINOR_SHMEM|UFFD_FEATURE_EXACT_ADDRESS|0x14000, ioctls=1<<_UFFDIO_REGISTER|1<<_UFFDIO_UNREGISTER|1<<_UFFDIO_API}) = 0 ioctl(3, _IOC(_IOC_READ|_IOC_WRITE, 0xaa, 0x5, 0x28), 0x20000080) = -1 EINVAL (Invalid argument) exit_group(0) = ? +++ exited with 0 +++ [ 61.480080][ T5830] RBP: 00007