./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor128121122 <...> DUID 00:04:11:31:ea:d8:bb:db:47:a8:80:cb:7d:0b:3c:d8:ea:74 forked to background, child pid 4672 [ 31.595580][ T4673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.607742][ T4673] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. execve("./syz-executor128121122", ["./syz-executor128121122"], 0x7ffc83117410 /* 10 vars */) = 0 brk(NULL) = 0x555556a86000 brk(0x555556a86c40) = 0x555556a86c40 arch_prctl(ARCH_SET_FS, 0x555556a86300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556a865d0) = 5003 set_robust_list(0x555556a865e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f34b2aeae10, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f34b2aeb4e0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f34b2aeaeb0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f34b2aeb4e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor128121122", 4096) = 27 brk(0x555556aa7c40) = 0x555556aa7c40 brk(0x555556aa8000) = 0x555556aa8000 mprotect(0x7f34b2bab000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f34b2abb000 mprotect(0x7f34b2abc000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f34b2adb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x7f34b2adb9e0, 24) = 0 [pid 5004] futex(0x7f34b2bb1428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] <... clone resumed>, parent_tid=[5004], tls=0x7f34b2adb700, child_tidptr=0x7f34b2adb9d0) = 5004 [pid 5003] futex(0x7f34b2bb1428, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5004] pipe2([3, 4], 0) = 0 [pid 5003] futex(0x7f34b2bb142c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f34b2bb1428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f34b2bb142c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] dup(4) = 5 [pid 5004] futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f34b2bb1428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f34b2bb142c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] pipe2([6, 7], O_EXCL|O_NONBLOCK) = 0 [pid 5004] futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f34b2bb1428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f34b2bb142c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] openat(AT_FDCWD, "/proc/thread-self/fd/4", O_RDWR) = 8 [pid 5004] futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f34b2bb1428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f34b2bb142c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] splice(8, NULL, 7, NULL, 256, 0 [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5003] futex(0x7f34b2bb143c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f34b2a9a000 [pid 5003] mprotect(0x7f34b2a9b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7f34b2aba3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5005 attached , parent_tid=[5005], tls=0x7f34b2aba700, child_tidptr=0x7f34b2aba9d0) = 5005 [pid 5003] futex(0x7f34b2bb1438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f34b2bb143c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] set_robust_list(0x7f34b2aba9e0, 24) = 0 syzkaller login: [ 55.556027][ T5004] [ 55.558374][ T5004] ============================================ [ 55.564533][ T5004] WARNING: possible recursive locking detected [ 55.570663][ T5004] 6.4.0-rc5-syzkaller-00133-g25041a4c02c7 #0 Not tainted [ 55.577661][ T5004] -------------------------------------------- [ 55.583788][ T5004] syz-executor128/5004 is trying to acquire lock: [ 55.590178][ T5004] ffff8880287ea068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x140/0x1ca0 [ 55.598959][ T5004] [ 55.598959][ T5004] but task is already holding lock: [ 55.606300][ T5004] ffff8880287e9c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x39f/0x420 [ 55.615679][ T5004] [ 55.615679][ T5004] other info that might help us debug this: [ 55.623718][ T5004] Possible unsafe locking scenario: [ 55.623718][ T5004] [ 55.631146][ T5004] CPU0 [ 55.634411][ T5004] ---- [ 55.637670][ T5004] lock(&pipe->mutex/1); [ 55.641985][ T5004] lock(&pipe->mutex/1); [ 55.646305][ T5004] [ 55.646305][ T5004] *** DEADLOCK *** [ 55.646305][ T5004] [ 55.654439][ T5004] May be due to missing lock nesting notation [ 55.654439][ T5004] [ 55.662765][ T5004] 1 lock held by syz-executor128/5004: [ 55.668207][ T5004] #0: ffff8880287e9c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x39f/0x420 [ 55.678033][ T5004] [ 55.678033][ T5004] stack backtrace: [ 55.683906][ T5004] CPU: 1 PID: 5004 Comm: syz-executor128 Not tainted 6.4.0-rc5-syzkaller-00133-g25041a4c02c7 #0 [ 55.694301][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 55.704340][ T5004] Call Trace: [ 55.707605][ T5004] [ 55.710520][ T5004] dump_stack_lvl+0xd9/0x150 [ 55.715108][ T5004] __lock_acquire+0x13eb/0x5f30 [ 55.719951][ T5004] ? print_usage_bug.part.0+0x660/0x660 [ 55.725486][ T5004] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.731452][ T5004] ? __lock_acquire+0x1987/0x5f30 [ 55.736466][ T5004] lock_acquire+0x1b1/0x520 [ 55.740957][ T5004] ? pipe_write+0x140/0x1ca0 [ 55.745535][ T5004] ? lock_sync+0x190/0x190 [ 55.749947][ T5004] ? __lock_acquire+0xc17/0x5f30 [ 55.754875][ T5004] __mutex_lock+0x12f/0x1350 [ 55.759452][ T5004] ? pipe_write+0x140/0x1ca0 [ 55.764031][ T5004] ? pipe_write+0x140/0x1ca0 [ 55.768604][ T5004] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 55.774136][ T5004] ? find_held_lock+0x2d/0x110 [ 55.778890][ T5004] ? aa_file_perm+0x567/0x1250 [ 55.783645][ T5004] ? lock_downgrade+0x690/0x690 [ 55.788487][ T5004] pipe_write+0x140/0x1ca0 [ 55.792890][ T5004] ? aa_file_perm+0x591/0x1250 [ 55.797645][ T5004] ? do_proc_dopipe_max_size_conv+0x1c0/0x1c0 [ 55.803698][ T5004] ? aa_path_link+0x2f0/0x2f0 [ 55.808363][ T5004] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 55.813895][ T5004] ? pipe_wait_readable+0x33a/0x420 [ 55.819077][ T5004] ? lock_downgrade+0x690/0x690 [ 55.823915][ T5004] ? _raw_spin_lock_irqsave+0x52/0x60 [ 55.829277][ T5004] do_iter_readv_writev+0x20b/0x3b0 [ 55.834465][ T5004] ? generic_copy_file_range+0x1d0/0x1d0 [ 55.840089][ T5004] ? bpf_lsm_file_permission+0x9/0x10 [ 55.845454][ T5004] ? security_file_permission+0xaf/0xd0 [ 55.850989][ T5004] do_iter_write+0x185/0x7e0 [ 55.855573][ T5004] vfs_iter_write+0x74/0xa0 [ 55.860069][ T5004] iter_file_splice_write+0x743/0xc80 [ 55.865439][ T5004] ? page_cache_pipe_buf_confirm+0x5b0/0x5b0 [ 55.871412][ T5004] ? bpf_lsm_file_permission+0x9/0x10 [ 55.876775][ T5004] ? security_file_permission+0xaf/0xd0 [ 55.882309][ T5004] ? page_cache_pipe_buf_confirm+0x5b0/0x5b0 [ 55.888280][ T5004] do_splice+0xb8c/0x1e50 [ 55.892600][ T5004] ? find_held_lock+0x2d/0x110 [ 55.897352][ T5004] ? splice_file_to_pipe+0x120/0x120 [ 55.902628][ T5004] ? pipe_to_sendpage+0x380/0x380 [ 55.907643][ T5004] __do_splice+0x14e/0x270 [ 55.912051][ T5004] ? do_splice+0x1e50/0x1e50 [ 55.916633][ T5004] __x64_sys_splice+0x19c/0x250 [ 55.921468][ T5004] do_syscall_64+0x39/0xb0 [ 55.925880][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.931764][ T5004] RIP: 0033:0x7f34b2b28f69 [ 55.936174][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5005] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967021 [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5004] <... splice resumed>) = -1 EXDEV (Invalid cross-device link) [pid 5004] futex(0x7f34b2bb142c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.955765][ T5004] RSP: 002b:00007f34b2adb278 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 55.964159][ T5004] RAX: ffffffffffffffda RBX: 00007f34b2bb1428 RCX: 00007f34b2b28f69 [ 55.972114][ T5004] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008 [ 55.980067][ T5004] RBP: 00007f34b2bb1420 R08: 0000000000000100 R09: 0000000000000000 [ 55.988046][ T5004] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34b2b7f040 [ 55.996003][ T5004] R13: 00007f34b2adb290 R14: 00007f34b2adb400 R15: 0000000000022000 [ 56.003965][ T5004] [pid 5004] futex(0x7f34b2bb1428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] exit_group(0) = ? [pid 5005] <... write resumed>) = ? [pid 5004] <... futex resumed>) = ? [pid 5005] +++ exited with 0 +++ [pid 5004] +++ exited with 0 +++ +++ exited with 0 +++