./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3686040745

<...>
DUID 00:04:23:68:77:f1:65:66:05:56:fc:6e:24:65:03:30:d5:25
forked to backgr[   20.971655][ T4689] 8021q: adding VLAN 0 to HW filter on device bond0
ound, child pid 4688
[   20.983383][ T4689] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
execve("./syz-executor3686040745", ["./syz-executor3686040745"], 0x7ffd13c30530 /* 10 vars */) = 0
brk(NULL)                               = 0x5555572bc000
brk(0x5555572bcc40)                     = 0x5555572bcc40
arch_prctl(ARCH_SET_FS, 0x5555572bc300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555572bc5d0)         = 5019
set_robust_list(0x5555572bc5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7ff39cdeee10, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7ff39cdef4e0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7ff39cdeeeb0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff39cdef4e0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3686040745", 4096) = 28
brk(0x5555572ddc40)                     = 0x5555572ddc40
brk(0x5555572de000)                     = 0x5555572de000
mprotect(0x7ff39ceaf000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff39cdbf000
mprotect(0x7ff39cdc0000, 131072, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7ff39cddf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5020 attached
, parent_tid=[5020], tls=0x7ff39cddf700, child_tidptr=0x7ff39cddf9d0) = 5020
[pid  5020] set_robust_list(0x7ff39cddf9e0, 24) = 0
[pid  5020] futex(0x7ff39ceb5428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] futex(0x7ff39ceb5428, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5020] pipe2([3, 4], 0)            = 0
[pid  5020] futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] futex(0x7ff39ceb5428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] futex(0x7ff39ceb542c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5019] futex(0x7ff39ceb5428, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5020] dup(4)                      = 5
[pid  5020] futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] futex(0x7ff39ceb5428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] futex(0x7ff39ceb542c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5019] futex(0x7ff39ceb5428, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5020] pipe2([6, 7], O_EXCL|O_NONBLOCK) = 0
[pid  5020] futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] futex(0x7ff39ceb5428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] futex(0x7ff39ceb542c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5019] futex(0x7ff39ceb5428, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5020] openat(AT_FDCWD, "/proc/thread-self/fd/4", O_RDWR <unfinished ...>
[pid  5019] futex(0x7ff39ceb542c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] <... openat resumed>)       = 8
[pid  5020] futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7ff39ceb5428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7ff39ceb542c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] splice(8, NULL, 7, NULL, 256, 0 <unfinished ...>
[pid  5019] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5019] futex(0x7ff39ceb543c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff39cd9e000
[pid  5019] mprotect(0x7ff39cd9f000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5019] clone(child_stack=0x7ff39cdbe3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5021 attached
, parent_tid=[5021], tls=0x7ff39cdbe700, child_tidptr=0x7ff39cdbe9d0) = 5021
[pid  5019] futex(0x7ff39ceb5438, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7ff39ceb543c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5021] set_robust_list(0x7ff39cdbe9e0, 24) = 0
syzkaller login: [   41.318112][ T5020] 
[   41.320457][ T5020] ============================================
[   41.326608][ T5020] WARNING: possible recursive locking detected
[   41.332748][ T5020] 6.4.0-syzkaller-12365-g8689f4f2ea56 #0 Not tainted
[   41.339404][ T5020] --------------------------------------------
[   41.345547][ T5020] syz-executor368/5020 is trying to acquire lock:
[   41.351933][ T5020] ffff88802a73ec68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x140/0x1cc0
[   41.360733][ T5020] 
[   41.360733][ T5020] but task is already holding lock:
[   41.368081][ T5020] ffff88802416a868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x39f/0x420
[   41.377460][ T5020] 
[   41.377460][ T5020] other info that might help us debug this:
[   41.385492][ T5020]  Possible unsafe locking scenario:
[   41.385492][ T5020] 
[   41.392914][ T5020]        CPU0
[   41.396169][ T5020]        ----
[   41.399424][ T5020]   lock(&pipe->mutex/1);
[   41.403731][ T5020]   lock(&pipe->mutex/1);
[   41.408062][ T5020] 
[   41.408062][ T5020]  *** DEADLOCK ***
[   41.408062][ T5020] 
[   41.416267][ T5020]  May be due to missing lock nesting notation
[   41.416267][ T5020] 
[   41.424564][ T5020] 1 lock held by syz-executor368/5020:
[   41.430002][ T5020]  #0: ffff88802416a868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x39f/0x420
[   41.439857][ T5020] 
[   41.439857][ T5020] stack backtrace:
[   41.445723][ T5020] CPU: 0 PID: 5020 Comm: syz-executor368 Not tainted 6.4.0-syzkaller-12365-g8689f4f2ea56 #0
[   41.455788][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   41.465827][ T5020] Call Trace:
[   41.469095][ T5020]  <TASK>
[   41.472010][ T5020]  dump_stack_lvl+0xd9/0x150
[   41.476606][ T5020]  __lock_acquire+0x2a33/0x5e20
[   41.481454][ T5020]  ? print_usage_bug.part.0+0x670/0x670
[   41.486991][ T5020]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   41.492965][ T5020]  ? __lock_acquire+0x1984/0x5e20
[   41.497981][ T5020]  lock_acquire+0x1b1/0x520
[   41.502475][ T5020]  ? pipe_write+0x140/0x1cc0
[   41.507062][ T5020]  ? lock_sync+0x190/0x190
[   41.511571][ T5020]  ? __lock_acquire+0xc1b/0x5e20
[   41.516503][ T5020]  __mutex_lock+0x12f/0x1350
[   41.521083][ T5020]  ? pipe_write+0x140/0x1cc0
[   41.525669][ T5020]  ? __lock_acquire+0x1984/0x5e20
[   41.530683][ T5020]  ? pipe_write+0x140/0x1cc0
[   41.535355][ T5020]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   41.540890][ T5020]  ? find_held_lock+0x2d/0x110
[   41.545639][ T5020]  ? aa_file_perm+0x579/0x1270
[   41.550388][ T5020]  ? lock_downgrade+0x690/0x690
[   41.555338][ T5020]  pipe_write+0x140/0x1cc0
[   41.559749][ T5020]  ? aa_file_perm+0x5a3/0x1270
[   41.564501][ T5020]  ? do_proc_dopipe_max_size_conv+0x1c0/0x1c0
[   41.570560][ T5020]  ? aa_path_link+0x2f0/0x2f0
[   41.575242][ T5020]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   41.580782][ T5020]  ? pipe_wait_readable+0x33a/0x420
[   41.585972][ T5020]  ? lock_downgrade+0x690/0x690
[   41.590813][ T5020]  ? _raw_spin_lock_irqsave+0x52/0x60
[   41.596184][ T5020]  do_iter_readv_writev+0x211/0x3b0
[   41.601379][ T5020]  ? generic_copy_file_range+0x1d0/0x1d0
[   41.607004][ T5020]  ? bpf_lsm_file_permission+0x9/0x10
[   41.612364][ T5020]  ? security_file_permission+0xaf/0xd0
[   41.617908][ T5020]  do_iter_write+0x182/0x810
[   41.622491][ T5020]  ? __kmem_cache_alloc_node+0x201/0x350
[   41.628116][ T5020]  vfs_iter_write+0x7a/0xb0
[   41.632610][ T5020]  iter_file_splice_write+0x73b/0xc70
[   41.637982][ T5020]  ? page_cache_pipe_buf_confirm+0x5b0/0x5b0
[   41.643961][ T5020]  ? bpf_lsm_file_permission+0x9/0x10
[   41.649321][ T5020]  ? security_file_permission+0xaf/0xd0
[   41.654860][ T5020]  ? page_cache_pipe_buf_confirm+0x5b0/0x5b0
[   41.660836][ T5020]  do_splice+0xb8a/0x1ec0
[   41.665159][ T5020]  ? find_held_lock+0x2d/0x110
[   41.669916][ T5020]  ? splice_file_to_pipe+0x1b0/0x1b0
[   41.675194][ T5020]  ? direct_file_splice_eof+0xb0/0xb0
[   41.680564][ T5020]  __do_splice+0x14e/0x270
[   41.684973][ T5020]  ? do_splice+0x1ec0/0x1ec0
[   41.689557][ T5020]  __x64_sys_splice+0x19c/0x250
[   41.694402][ T5020]  do_syscall_64+0x39/0xb0
[   41.698816][ T5020]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.704706][ T5020] RIP: 0033:0x7ff39ce2cf69
[   41.709104][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   41.728696][ T5020] RSP: 002b:00007ff39cddf278 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   41.737091][ T5020] RAX: ffffffffffffffda RBX: 00007ff39ceb5428 RCX: 00007ff39ce2cf69
[   41.745046][ T5020] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008
[   41.752998][ T5020] RBP: 00007ff39ceb5420 R08: 0000000000000100 R09: 0000000000000000
[   41.760956][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff39ce83040
[pid  5021] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967021 <unfinished ...>
[pid  5019] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5020] <... splice resumed>)       = -1 EXDEV (Invalid cross-device link)
[pid  5020] futex(0x7ff39ceb542c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   41.768916][ T5020] R13: 00007ff39cddf290 R14: 00007ff39cddf400 R15: 0000000000022000
[   41.776876][ T5020]  </TASK>
[pid  5020] futex(0x7ff39ceb5428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] exit_group(0)               = ?
[pid  5020] <... futex resumed>)        = ?
[pid  5020] +++ exited with 0 +++
[pid  5021] <... write resumed>)        = ?
[pid  5021] +++ exited with 0 +++
+++ exited with 0 +++