./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2417233707 <...> Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts. execve("./syz-executor2417233707", ["./syz-executor2417233707"], 0x7ffc287a6310 /* 10 vars */) = 0 brk(NULL) = 0x5555561e9000 brk(0x5555561e9c40) = 0x5555561e9c40 arch_prctl(ARCH_SET_FS, 0x5555561e9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555561e95d0) = 3613 set_robust_list(0x5555561e95e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fd5c0e09c10, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fd5c0e0a2e0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fd5c0e09cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd5c0e0a2e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2417233707", 4096) = 28 brk(0x55555620ac40) = 0x55555620ac40 brk(0x55555620b000) = 0x55555620b000 mprotect(0x7fd5c0eca000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fd5c0ed040c, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd5c0dda000 mprotect(0x7fd5c0ddb000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fd5c0dfa3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7fd5c0dfa700, child_tidptr=0x7fd5c0dfa9d0) = 3614 futex(0x7fd5c0ed0408, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7fd5c0ed040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7fd5c0dfa9e0, 24) = 0 [pid 3614] pipe([3, 4]) = 0 [pid 3614] futex(0x7fd5c0ed040c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7fd5c0ed0408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7fd5c0ed040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 1 [pid 3614] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966988 [pid 3613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3613] futex(0x7fd5c0ed040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3613] futex(0x7fd5c0ed041c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd5c0db9000 [pid 3613] mprotect(0x7fd5c0dba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3613] clone(child_stack=0x7fd5c0dd93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3615 attached , parent_tid=[3615], tls=0x7fd5c0dd9700, child_tidptr=0x7fd5c0dd99d0) = 3615 [pid 3613] futex(0x7fd5c0ed0418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7fd5c0ed041c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] set_robust_list(0x7fd5c0dd99e0, 24) = 0 [pid 3615] pipe2([5, 6], O_EXCL) = 0 [pid 3615] futex(0x7fd5c0ed041c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7fd5c0ed0418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7fd5c0ed041c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... futex resumed>) = 1 [ 50.259645][ T3615] [ 50.262014][ T3615] ============================================ [ 50.268144][ T3615] WARNING: possible recursive locking detected [ 50.274284][ T3615] 6.0.0-rc5-syzkaller-00025-g3245cb65fd91 #0 Not tainted [ 50.281301][ T3615] -------------------------------------------- [ 50.287454][ T3615] syz-executor241/3615 is trying to acquire lock: [ 50.293882][ T3615] ffff88801d470c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x12b/0x1aa0 [ 50.302737][ T3615] [ 50.302737][ T3615] but task is already holding lock: [ 50.310180][ T3615] ffff888012222868 (&pipe->mutex/1){+.+.}-{3:3}, at: iter_file_splice_write+0x2a2/0xff0 [ 50.319913][ T3615] [ 50.319913][ T3615] other info that might help us debug this: [ 50.327957][ T3615] Possible unsafe locking scenario: [ 50.327957][ T3615] [ 50.335479][ T3615] CPU0 [ 50.338758][ T3615] ---- [ 50.342033][ T3615] lock(&pipe->mutex/1); [ 50.346356][ T3615] lock(&pipe->mutex/1); [ 50.350684][ T3615] [ 50.350684][ T3615] *** DEADLOCK *** [ 50.350684][ T3615] [ 50.358811][ T3615] May be due to missing lock nesting notation [ 50.358811][ T3615] [ 50.367110][ T3615] 1 lock held by syz-executor241/3615: [ 50.372548][ T3615] #0: ffff888012222868 (&pipe->mutex/1){+.+.}-{3:3}, at: iter_file_splice_write+0x2a2/0xff0 [ 50.382754][ T3615] [ 50.382754][ T3615] stack backtrace: [ 50.388641][ T3615] CPU: 0 PID: 3615 Comm: syz-executor241 Not tainted 6.0.0-rc5-syzkaller-00025-g3245cb65fd91 #0 [ 50.399033][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 50.409087][ T3615] Call Trace: [ 50.412445][ T3615] [ 50.415366][ T3615] dump_stack_lvl+0x1e3/0x2cb [ 50.420074][ T3615] ? io_alloc_page_table+0x110/0x110 [ 50.425347][ T3615] ? panic+0x76b/0x76b [ 50.429508][ T3615] ? print_tainted+0x141/0x160 [ 50.434263][ T3615] ? lockdep_print_held_locks+0x10f/0x1b0 [ 50.439973][ T3615] validate_chain+0x4897/0x6600 [ 50.444812][ T3615] ? _raw_spin_unlock+0x24/0x40 [ 50.449660][ T3615] ? reacquire_held_locks+0x680/0x680 [ 50.455019][ T3615] ? validate_chain+0x126/0x6600 [ 50.459956][ T3615] ? validate_chain+0x126/0x6600 [ 50.464885][ T3615] ? validate_chain+0x126/0x6600 [ 50.469809][ T3615] ? register_lock_class+0xfe/0x9b0 [ 50.474998][ T3615] ? reacquire_held_locks+0x680/0x680 [ 50.480438][ T3615] ? is_dynamic_key+0x1f0/0x1f0 [ 50.485362][ T3615] ? mark_lock+0x9a/0x350 [ 50.489696][ T3615] __lock_acquire+0x1292/0x1f60 [ 50.494539][ T3615] lock_acquire+0x1a7/0x400 [ 50.499039][ T3615] ? pipe_write+0x12b/0x1aa0 [ 50.503635][ T3615] ? read_lock_is_recursive+0x10/0x10 [ 50.509016][ T3615] ? __might_sleep+0xc0/0xc0 [ 50.513606][ T3615] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.519241][ T3615] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.525220][ T3615] __mutex_lock_common+0x1de/0x26c0 [ 50.530427][ T3615] ? pipe_write+0x12b/0x1aa0 [ 50.535006][ T3615] ? read_lock_is_recursive+0x10/0x10 [ 50.540373][ T3615] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 50.546340][ T3615] ? pipe_write+0x12b/0x1aa0 [ 50.550916][ T3615] ? mutex_lock_io_nested+0x60/0x60 [ 50.556103][ T3615] ? mark_lock+0x9a/0x350 [ 50.560423][ T3615] ? __lock_acquire+0x1292/0x1f60 [ 50.565441][ T3615] mutex_lock_nested+0x17/0x20 [ 50.570194][ T3615] pipe_write+0x12b/0x1aa0 [ 50.574617][ T3615] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.580239][ T3615] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.586207][ T3615] ? pipe_read+0x12a0/0x12a0 [ 50.590787][ T3615] ? trace_contention_end+0x4d/0x140 [ 50.596069][ T3615] ? bpf_lsm_file_permission+0x5/0x10 [ 50.601429][ T3615] do_iter_write+0x6f0/0xc50 [ 50.606145][ T3615] ? mutex_lock_io_nested+0x60/0x60 [ 50.611329][ T3615] ? vfs_iter_write+0xa0/0xa0 [ 50.616091][ T3615] ? vfs_iter_write+0x69/0xa0 [ 50.620762][ T3615] iter_file_splice_write+0x830/0xff0 [ 50.626226][ T3615] ? splice_from_pipe+0x220/0x220 [ 50.631326][ T3615] ? rcu_lock_release+0x9/0x20 [ 50.636086][ T3615] ? bpf_lsm_file_permission+0x5/0x10 [ 50.641444][ T3615] ? security_file_permission+0xe0/0x5c0 [ 50.647061][ T3615] ? splice_from_pipe+0x220/0x220 [ 50.652078][ T3615] do_splice+0x1105/0x1930 [ 50.656483][ T3615] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 50.662473][ T3615] ? print_irqtrace_events+0x220/0x220 [ 50.667922][ T3615] ? splice_file_to_pipe+0x660/0x660 [ 50.673211][ T3615] ? __fdget+0x180/0x210 [ 50.677442][ T3615] __se_sys_splice+0x2a8/0x410 [ 50.682198][ T3615] ? __x64_sys_splice+0xf0/0xf0 [ 50.687038][ T3615] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 50.693007][ T3615] ? __x64_sys_splice+0x1d/0xf0 [ 50.697846][ T3615] do_syscall_64+0x2b/0x70 [ 50.702250][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.708139][ T3615] RIP: 0033:0x7fd5c0e47c79 [ 50.712558][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.732416][ T3615] RSP: 002b:00007fd5c0dd9308 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 50.741014][ T3615] RAX: ffffffffffffffda RBX: 00007fd5c0ed0418 RCX: 00007fd5c0e47c79 [ 50.748974][ T3615] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [pid 3615] splice(3, NULL, 6, NULL, 137438961665, 0) = -1 EXDEV (Invalid cross-device link) [pid 3613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3615] futex(0x7fd5c0ed041c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 50.756935][ T3615] RBP: 00007fd5c0ed0410 R08: 0000002000002001 R09: 0000000000000000 [ 50.764893][ T3615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c0ed041c [ 50.772851][ T3615] R13: 00007ffc1007c76f R14: 00007fd5c0dd9400 R15: 0000000000022000 [ 50.780815][ T3615] [pid 3615] futex(0x7fd5c0ed0418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] exit_group(0) = ? [pid 3614] <... write resumed>) = ? [pid 3615] <... futex resumed>) = ? [pid 3614] +++ exited with 0 +++ [pid 3615] +++ exited with 0 +++ +++ exited with 0 +++