./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1069063503 <...> Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. execve("./syz-executor1069063503", ["./syz-executor1069063503"], 0x7ffe6f288c80 /* 10 vars */) = 0 brk(NULL) = 0x555556f9a000 brk(0x555556f9ad40) = 0x555556f9ad40 arch_prctl(ARCH_SET_FS, 0x555556f9a3c0) = 0 set_tid_address(0x555556f9a690) = 5032 set_robust_list(0x555556f9a6a0, 24) = 0 rseq(0x555556f9ace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1069063503", 4096) = 28 getrandom("\xc1\x6d\x3e\xdf\xf6\x34\xbc\x2a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556f9ad40 brk(0x555556fbbd40) = 0x555556fbbd40 brk(0x555556fbc000) = 0x555556fbc000 mprotect(0x7f5b31fad000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f5b31fb332c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5b31f4ff60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5b31f415e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5b31ecc000 mprotect(0x7f5b31ecd000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5b31eec990, parent_tid=0x7f5b31eec990, exit_signal=0, stack=0x7f5b31ecc000, stack_size=0x20300, tls=0x7f5b31eec6c0} => {parent_tid=[5033]}, 88) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5032] futex(0x7f5b31fb3328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] rseq(0x7f5b31eecfe0, 0x20, 0, 0x53053053 [pid 5032] futex(0x7f5b31fb332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... rseq resumed>) = 0 [pid 5033] set_robust_list(0x7f5b31eec9a0, 24) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] pipe2([3, 4], 0) = 0 [pid 5033] futex(0x7f5b31fb332c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7f5b31fb3328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f5b31fb3328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5032] futex(0x7f5b31fb332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] pipe2([5, 6], O_EXCL|O_NONBLOCK) = 0 [pid 5033] futex(0x7f5b31fb332c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f5b31fb3328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/proc/thread-self/fd/4", O_RDWR [pid 5032] futex(0x7f5b31fb332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... openat resumed>) = 7 [pid 5033] futex(0x7f5b31fb332c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f5b31fb3328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f5b31fb332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] splice(7, NULL, 6, NULL, 256, 0 [pid 5032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5032] futex(0x7f5b31fb332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5032] futex(0x7f5b31fb333c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5b31eab000 [pid 5032] mprotect(0x7f5b31eac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5b31ecb990, parent_tid=0x7f5b31ecb990, exit_signal=0, stack=0x7f5b31eab000, stack_size=0x20300, tls=0x7f5b31ecb6c0}./strace-static-x86_64: Process 5034 attached => {parent_tid=[5034]}, 88) = 5034 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] rseq(0x7f5b31ecbfe0, 0x20, 0, 0x53053053 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... rseq resumed>) = 0 [pid 5032] futex(0x7f5b31fb3338, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] set_robust_list(0x7f5b31ecb9a0, 24 [pid 5032] <... futex resumed>) = 0 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5032] futex(0x7f5b31fb333c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] write(4, "\x5d\x00\x00\x00\x7d\x01\x00\x00\x00\x43\x00\x00\xfe\x00\x00\x00\x00\x08\x04\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x93\x37\x89\x23\x09\x00\x00\x00\x08\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x03\x00\x2a\x7b\xca\x05\x00\x66\x64\x2f\x34\x00\x05\x00\x66\x64\x2f\x34\x00\x03\x00\x2f\x27\x2e\x05\x00\x66\x64\x2f\x34\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 93) = 93 [pid 5034] futex(0x7f5b31fb333c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] futex(0x7f5b31fb3338, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [ 57.710474][ T5033] [ 57.712828][ T5033] ============================================ [ 57.718957][ T5033] WARNING: possible recursive locking detected [ 57.725098][ T5033] 6.6.0-rc5-syzkaller-00250-g70f8c6f8f880 #0 Not tainted [ 57.732111][ T5033] -------------------------------------------- [ 57.738245][ T5033] syz-executor106/5033 is trying to acquire lock: [ 57.744636][ T5033] ffff888073c1b468 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x13e/0x1bb0 [ 57.753414][ T5033] [ 57.753414][ T5033] but task is already holding lock: [ 57.760752][ T5033] ffff888073c1b068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550 [ 57.770122][ T5033] [ 57.770122][ T5033] other info that might help us debug this: [ 57.778157][ T5033] Possible unsafe locking scenario: [ 57.778157][ T5033] [ 57.785591][ T5033] CPU0 [ 57.788860][ T5033] ---- [ 57.792119][ T5033] lock(&pipe->mutex/1); [ 57.796432][ T5033] lock(&pipe->mutex/1); [ 57.800746][ T5033] [ 57.800746][ T5033] *** DEADLOCK *** [ 57.800746][ T5033] [pid 5032] exit_group(0) = ? [pid 5034] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [ 57.808869][ T5033] May be due to missing lock nesting notation [ 57.808869][ T5033] [ 57.817173][ T5033] 1 lock held by syz-executor106/5033: [ 57.822605][ T5033] #0: ffff888073c1b068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550 [ 57.832431][ T5033] [ 57.832431][ T5033] stack backtrace: [ 57.838296][ T5033] CPU: 0 PID: 5033 Comm: syz-executor106 Not tainted 6.6.0-rc5-syzkaller-00250-g70f8c6f8f880 #0 [ 57.848681][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 57.858716][ T5033] Call Trace: [ 57.861977][ T5033] [ 57.864886][ T5033] dump_stack_lvl+0x1e7/0x2d0 [ 57.869545][ T5033] ? nf_tcp_handle_invalid+0x650/0x650 [ 57.874981][ T5033] ? print_deadlock_bug+0x462/0x600 [ 57.880156][ T5033] ? _find_first_zero_bit+0xd4/0x100 [ 57.885424][ T5033] __lock_acquire+0x6a81/0x7f70 [ 57.890274][ T5033] ? verify_lock_unused+0x140/0x140 [ 57.895449][ T5033] ? __lock_acquire+0x1345/0x7f70 [ 57.900456][ T5033] ? verify_lock_unused+0x140/0x140 [ 57.905639][ T5033] lock_acquire+0x1e3/0x520 [ 57.910118][ T5033] ? pipe_write+0x13e/0x1bb0 [ 57.914692][ T5033] ? read_lock_is_recursive+0x20/0x20 [ 57.920043][ T5033] ? __might_sleep+0xc0/0xc0 [ 57.924611][ T5033] ? print_irqtrace_events+0x220/0x220 [ 57.930048][ T5033] ? do_raw_spin_unlock+0x13b/0x8b0 [ 57.935229][ T5033] __mutex_lock+0x136/0xd60 [ 57.939714][ T5033] ? pipe_write+0x13e/0x1bb0 [ 57.944280][ T5033] ? __mutex_trylock_common+0x182/0x2e0 [ 57.949805][ T5033] ? pipe_write+0x13e/0x1bb0 [ 57.954373][ T5033] ? __might_sleep+0xc0/0xc0 [ 57.958941][ T5033] ? mutex_lock_nested+0x20/0x20 [ 57.963860][ T5033] ? rcu_is_watching+0x15/0xb0 [ 57.968603][ T5033] ? trace_contention_end+0x3c/0xf0 [ 57.973790][ T5033] pipe_write+0x13e/0x1bb0 [ 57.978181][ T5033] ? print_irqtrace_events+0x220/0x220 [ 57.983623][ T5033] ? pipe_wait_readable+0x3e3/0x550 [ 57.988798][ T5033] ? mutex_lock_nested+0x20/0x20 [ 57.993717][ T5033] ? finish_wait+0xd3/0x1e0 [ 57.998196][ T5033] ? pipe_read+0x1300/0x1300 [ 58.002777][ T5033] ? pipe_wait_readable+0x3e3/0x550 [ 58.007953][ T5033] do_iter_write+0x84f/0xde0 [ 58.012521][ T5033] ? iter_file_splice_write+0x2d9/0x1010 [ 58.018128][ T5033] ? vfs_iter_write+0xa0/0xa0 [ 58.022782][ T5033] ? vfs_iter_write+0x70/0xa0 [ 58.027432][ T5033] iter_file_splice_write+0x86d/0x1010 [ 58.032891][ T5033] ? splice_from_pipe+0x240/0x240 [ 58.037902][ T5033] ? fsnotify_perm+0x63/0x5a0 [ 58.042559][ T5033] ? security_file_permission+0x79/0xa0 [ 58.048523][ T5033] ? splice_from_pipe+0x240/0x240 [ 58.053528][ T5033] do_splice+0xf66/0x1dd0 [ 58.057833][ T5033] ? read_lock_is_recursive+0x20/0x20 [ 58.063185][ T5033] ? __fget_files+0x28/0x4a0 [ 58.067752][ T5033] ? pipe_clear_nowait+0xc1/0x220 [ 58.072752][ T5033] ? __fget_files+0x435/0x4a0 [ 58.077409][ T5033] ? wait_for_space+0x2d0/0x2d0 [ 58.082236][ T5033] ? __fdget+0x186/0x210 [ 58.086461][ T5033] __se_sys_splice+0x331/0x4a0 [ 58.091204][ T5033] ? do_notify_parent+0x1100/0x1100 [ 58.096389][ T5033] ? __x64_sys_splice+0xf0/0xf0 [ 58.101221][ T5033] ? syscall_enter_from_user_mode+0x32/0x230 [ 58.107187][ T5033] ? __x64_sys_splice+0x21/0xf0 [ 58.112034][ T5033] do_syscall_64+0x41/0xc0 [ 58.116437][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.122310][ T5033] RIP: 0033:0x7f5b31f2a0b9 [ 58.126706][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.146293][ T5033] RSP: 002b:00007f5b31eec188 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 58.154687][ T5033] RAX: ffffffffffffffda RBX: 00007f5b31fb3328 RCX: 00007f5b31f2a0b9 [pid 5033] <... splice resumed>) = ? [pid 5033] +++ exited with 0 +++ +++ exited with 0 +++