./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3797646248 <...> Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. execve("./syz-executor3797646248", ["./syz-executor3797646248"], 0x7ffc5f8327a0 /* 10 vars */) = 0 brk(NULL) = 0x555556534000 brk(0x555556534d40) = 0x555556534d40 arch_prctl(ARCH_SET_FS, 0x5555565343c0) = 0 set_tid_address(0x555556534690) = 5032 set_robust_list(0x5555565346a0, 24) = 0 rseq(0x555556534ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3797646248", 4096) = 28 getrandom("\x5b\xe7\x4c\xb4\x3e\x16\xa3\x29", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556534d40 brk(0x555556555d40) = 0x555556555d40 brk(0x555556556000) = 0x555556556000 mprotect(0x7f4124a10000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f4124a1632c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f41249b2b20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41249a41a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f412492f000 mprotect(0x7f4124930000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f412494f990, parent_tid=0x7f412494f990, exit_signal=0, stack=0x7f412492f000, stack_size=0x20300, tls=0x7f412494f6c0}./strace-static-x86_64: Process 5033 attached => {parent_tid=[5033]}, 88) = 5033 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] rseq(0x7f412494ffe0, 0x20, 0, 0x53053053 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] <... rseq resumed>) = 0 [pid 5032] futex(0x7f4124a16328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] set_robust_list(0x7f412494f9a0, 24 [pid 5032] <... futex resumed>) = 0 [pid 5033] <... set_robust_list resumed>) = 0 [pid 5032] futex(0x7f4124a1632c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] pipe([3, 4]) = 0 [pid 5033] futex(0x7f4124a1632c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7f4124a16328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f4124a16328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 1 [pid 5033] pipe2( [pid 5032] futex(0x7f4124a1632c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... pipe2 resumed>[5, 6], O_EXCL) = 0 [pid 5033] futex(0x7f4124a1632c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f4124a16328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5033] splice(3, NULL, 6, NULL, 4, 0 [pid 5032] futex(0x7f4124a1632c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5032] futex(0x7f4124a1632c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5032] futex(0x7f4124a1633c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f412490e000 [pid 5032] mprotect(0x7f412490f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f412492e990, parent_tid=0x7f412492e990, exit_signal=0, stack=0x7f412490e000, stack_size=0x20300, tls=0x7f412492e6c0}./strace-static-x86_64: Process 5034 attached => {parent_tid=[5034]}, 88) = 5034 [pid 5034] rseq(0x7f412492efe0, 0x20, 0, 0x53053053) = 0 [pid 5034] set_robust_list(0x7f412492e9a0, 24) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f4124a16338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5032] futex(0x7f4124a16338, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f4124a1633c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 0 [pid 5034] write(4, "\xda", 1) = 1 [pid 5034] futex(0x7f4124a1633c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] futex(0x7f4124a16338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [ 74.087713][ T5033] [ 74.090091][ T5033] ============================================ [ 74.096240][ T5033] WARNING: possible recursive locking detected [ 74.102384][ T5033] 6.6.0-rc4-syzkaller-00012-gce36c8b14987 #0 Not tainted [ 74.109401][ T5033] -------------------------------------------- [ 74.115540][ T5033] syz-executor379/5033 is trying to acquire lock: [ 74.121948][ T5033] ffff88807636fc68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x13e/0x1bb0 [ 74.130758][ T5033] [ 74.130758][ T5033] but task is already holding lock: [ 74.138123][ T5033] ffff88807636f868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550 [ 74.147530][ T5033] [ 74.147530][ T5033] other info that might help us debug this: [ 74.155584][ T5033] Possible unsafe locking scenario: [ 74.155584][ T5033] [ 74.163032][ T5033] CPU0 [ 74.166314][ T5033] ---- [ 74.169592][ T5033] lock(&pipe->mutex/1); [ 74.173935][ T5033] lock(&pipe->mutex/1); [ 74.178275][ T5033] [ 74.178275][ T5033] *** DEADLOCK *** [ 74.178275][ T5033] [ 74.186417][ T5033] May be due to missing lock nesting notation [ 74.186417][ T5033] [ 74.194731][ T5033] 1 lock held by syz-executor379/5033: [ 74.200193][ T5033] #0: ffff88807636f868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550 [ 74.210045][ T5033] [ 74.210045][ T5033] stack backtrace: [ 74.215934][ T5033] CPU: 0 PID: 5033 Comm: syz-executor379 Not tainted 6.6.0-rc4-syzkaller-00012-gce36c8b14987 #0 [ 74.226346][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 74.236400][ T5033] Call Trace: [ 74.239684][ T5033] [ 74.242616][ T5033] dump_stack_lvl+0x1e7/0x2d0 [ 74.247298][ T5033] ? nf_tcp_handle_invalid+0x650/0x650 [ 74.252762][ T5033] ? print_deadlock_bug+0x462/0x600 [ 74.257965][ T5033] ? _find_first_zero_bit+0xd4/0x100 [ 74.263259][ T5033] __lock_acquire+0x6a81/0x7f70 [ 74.268126][ T5033] ? verify_lock_unused+0x140/0x140 [ 74.273328][ T5033] ? __lock_acquire+0x1345/0x7f70 [ 74.278365][ T5033] ? verify_lock_unused+0x140/0x140 [ 74.283570][ T5033] lock_acquire+0x1e3/0x520 [ 74.288097][ T5033] ? pipe_write+0x13e/0x1bb0 [ 74.292706][ T5033] ? read_lock_is_recursive+0x20/0x20 [ 74.298084][ T5033] ? __might_sleep+0xc0/0xc0 [ 74.302681][ T5033] ? print_irqtrace_events+0x220/0x220 [ 74.308144][ T5033] ? do_raw_spin_unlock+0x13b/0x8b0 [ 74.313358][ T5033] __mutex_lock+0x136/0xd60 [ 74.317868][ T5033] ? pipe_write+0x13e/0x1bb0 [ 74.322484][ T5033] ? __mutex_trylock_common+0x182/0x2e0 [ 74.328043][ T5033] ? pipe_write+0x13e/0x1bb0 [ 74.332638][ T5033] ? __might_sleep+0xc0/0xc0 [ 74.337235][ T5033] ? mutex_lock_nested+0x20/0x20 [ 74.342190][ T5033] ? rcu_is_watching+0x15/0xb0 [ 74.346965][ T5033] ? trace_contention_end+0x3c/0xf0 [ 74.352171][ T5033] pipe_write+0x13e/0x1bb0 [ 74.356591][ T5033] ? print_irqtrace_events+0x220/0x220 [ 74.362051][ T5033] ? pipe_wait_readable+0x3e3/0x550 [ 74.367253][ T5033] ? mutex_lock_nested+0x20/0x20 [ 74.372200][ T5033] ? finish_wait+0xd3/0x1e0 [ 74.376703][ T5033] ? pipe_read+0x1300/0x1300 [ 74.381294][ T5033] ? pipe_wait_readable+0x3e3/0x550 [ 74.386500][ T5033] do_iter_write+0x84f/0xde0 [ 74.391097][ T5033] ? iter_file_splice_write+0x2d9/0x1010 [ 74.396735][ T5033] ? vfs_iter_write+0xa0/0xa0 [ 74.401419][ T5033] ? vfs_iter_write+0x70/0xa0 [ 74.406100][ T5033] iter_file_splice_write+0x86d/0x1010 [ 74.411577][ T5033] ? splice_from_pipe+0x240/0x240 [ 74.416615][ T5033] ? fsnotify_perm+0x63/0x5a0 [ 74.421299][ T5033] ? security_file_permission+0x79/0xa0 [ 74.426851][ T5033] ? splice_from_pipe+0x240/0x240 [ 74.431886][ T5033] do_splice+0xf66/0x1dd0 [ 74.436224][ T5033] ? read_lock_is_recursive+0x20/0x20 [ 74.441611][ T5033] ? pipe_clear_nowait+0x196/0x220 [ 74.446725][ T5033] ? __fget_files+0x435/0x4a0 [ 74.451405][ T5033] ? wait_for_space+0x2d0/0x2d0 [ 74.456261][ T5033] ? __fdget+0x186/0x210 [ 74.460507][ T5033] __se_sys_splice+0x331/0x4a0 [ 74.465276][ T5033] ? do_notify_parent+0x1100/0x1100 [ 74.470493][ T5033] ? __x64_sys_splice+0xf0/0xf0 [ 74.475349][ T5033] ? syscall_enter_from_user_mode+0x32/0x230 [ 74.481370][ T5033] ? __x64_sys_splice+0x21/0xf0 [ 74.486225][ T5033] do_syscall_64+0x41/0xc0 [ 74.490644][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.496539][ T5033] RIP: 0033:0x7f412498cc79 [ 74.500967][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 74.520573][ T5033] RSP: 002b:00007f412494f228 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 74.528992][ T5033] RAX: ffffffffffffffda RBX: 00007f4124a16328 RCX: 00007f412498cc79 [pid 5033] <... splice resumed>) = -1 EXDEV (Invalid cross-device link) [pid 5033] futex(0x7f4124a1632c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f4124a16328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0) = ? [pid 5034] <... futex resumed>) = ? [pid 5033] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ +++ exited with 0 +++ [ 74.536967][ T5033] RDX: 0000000