./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3541450739 <...> DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03 forked to background, child pid 3188 [ 26.146041][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.155593][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. execve("./syz-executor3541450739", ["./syz-executor3541450739"], 0x7ffc89d86af0 /* 10 vars */) = 0 brk(NULL) = 0x5555565d5000 brk(0x5555565d5c40) = 0x5555565d5c40 arch_prctl(ARCH_SET_FS, 0x5555565d5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555565d55d0) = 3616 set_robust_list(0x5555565d55e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fde40f21c30, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fde40f22300}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fde40f21cd0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde40f22300}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3541450739", 4096) = 28 brk(0x5555565f6c40) = 0x5555565f6c40 brk(0x5555565f7000) = 0x5555565f7000 mprotect(0x7fde40fe2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fde40fe840c, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde40ef2000 mprotect(0x7fde40ef3000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fde40f123f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3617], tls=0x7fde40f12700, child_tidptr=0x7fde40f129d0) = 3617 futex(0x7fde40fe8408, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7fde40fe840c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x7fde40f129e0, 24) = 0 [pid 3617] pipe([3, 4]) = 0 [pid 3617] futex(0x7fde40fe840c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... futex resumed>) = 0 [pid 3616] futex(0x7fde40fe8408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] futex(0x7fde40fe840c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3617] <... futex resumed>) = 1 [pid 3617] pipe2([5, 6], O_EXCL) = 0 [pid 3617] futex(0x7fde40fe840c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] <... futex resumed>) = 0 [pid 3616] futex(0x7fde40fe8408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] futex(0x7fde40fe840c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3617] <... futex resumed>) = 1 [pid 3617] splice(3, NULL, 6, NULL, 511, 0 [pid 3616] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3616] futex(0x7fde40fe841c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde40ed1000 [pid 3616] mprotect(0x7fde40ed2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3616] clone(child_stack=0x7fde40ef13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3618], tls=0x7fde40ef1700, child_tidptr=0x7fde40ef19d0) = 3618 [pid 3616] futex(0x7fde40fe8418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] futex(0x7fde40fe841c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3618 attached [pid 3618] set_robust_list(0x7fde40ef19e0, 24) = 0 [pid 3618] vmsplice(4, [{iov_base="\xb5", iov_len=1}], 1, 0) = 1 [pid 3618] futex(0x7fde40fe841c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] futex(0x7fde40fe8418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3616] <... futex resumed>) = 0 syzkaller login: [ 48.828234][ T3617] [ 48.830600][ T3617] ============================================ [ 48.836789][ T3617] WARNING: possible recursive locking detected [ 48.842927][ T3617] 5.19.0-rc7-syzkaller-00199-g515f71412bb7 #0 Not tainted [ 48.850107][ T3617] -------------------------------------------- [ 48.856237][ T3617] syz-executor354/3617 is trying to acquire lock: [ 48.862642][ T3617] ffff88807e999c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x12f/0x1b00 [ 48.871462][ T3617] [ 48.871462][ T3617] but task is already holding lock: [ 48.878827][ T3617] ffff88807e999868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3d7/0x550 [ 48.888210][ T3617] [ 48.888210][ T3617] other info that might help us debug this: [ 48.896256][ T3617] Possible unsafe locking scenario: [ 48.896256][ T3617] [ 48.903788][ T3617] CPU0 [ 48.907055][ T3617] ---- [ 48.910318][ T3617] lock(&pipe->mutex/1); [ 48.914694][ T3617] lock(&pipe->mutex/1); [ 48.919061][ T3617] [ 48.919061][ T3617] *** DEADLOCK *** [ 48.919061][ T3617] [pid 3616] exit_group(0) = ? [pid 3618] <... futex resumed>) = ? [pid 3618] +++ exited with 0 +++ [ 48.927195][ T3617] May be due to missing lock nesting notation [ 48.927195][ T3617] [ 48.935503][ T3617] 1 lock held by syz-executor354/3617: [ 48.940948][ T3617] #0: ffff88807e999868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3d7/0x550 [ 48.950786][ T3617] [ 48.950786][ T3617] stack backtrace: [ 48.956672][ T3617] CPU: 1 PID: 3617 Comm: syz-executor354 Not tainted 5.19.0-rc7-syzkaller-00199-g515f71412bb7 #0 [ 48.967167][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 48.977221][ T3617] Call Trace: [ 48.980484][ T3617] [ 48.983486][ T3617] dump_stack_lvl+0x1e3/0x2cb [ 48.988184][ T3617] ? bfq_pos_tree_add_move+0x436/0x436 [ 48.993623][ T3617] ? panic+0x76e/0x76e [ 48.997683][ T3617] ? print_tainted+0x145/0x170 [ 49.002434][ T3617] ? lockdep_print_held_locks+0x10f/0x1b0 [ 49.008138][ T3617] validate_chain+0x485d/0x65c0 [ 49.012972][ T3617] ? reacquire_held_locks+0x680/0x680 [ 49.018327][ T3617] ? validate_chain+0x126/0x65c0 [ 49.023244][ T3617] ? reacquire_held_locks+0x680/0x680 [ 49.028598][ T3617] ? validate_chain+0x126/0x65c0 [ 49.033529][ T3617] ? validate_chain+0x126/0x65c0 [ 49.038443][ T3617] ? update_blocked_averages+0x10b0/0x10b0 [ 49.044231][ T3617] ? mark_lock+0x98/0x350 [ 49.048547][ T3617] ? reacquire_held_locks+0x680/0x680 [ 49.053996][ T3617] ? register_lock_class+0xfe/0x9d0 [ 49.059260][ T3617] ? reacquire_held_locks+0x680/0x680 [ 49.064628][ T3617] ? is_dynamic_key+0x1f0/0x1f0 [ 49.069478][ T3617] ? mark_lock+0x98/0x350 [ 49.073786][ T3617] __lock_acquire+0x129a/0x1f80 [ 49.078618][ T3617] lock_acquire+0x1a7/0x400 [ 49.083100][ T3617] ? pipe_write+0x12f/0x1b00 [ 49.087693][ T3617] ? read_lock_is_recursive+0x10/0x10 [ 49.093238][ T3617] ? __might_sleep+0xc0/0xc0 [ 49.097807][ T3617] ? __lock_acquire+0x129a/0x1f80 [ 49.102832][ T3617] __mutex_lock_common+0x1de/0x26c0 [ 49.108013][ T3617] ? pipe_write+0x12f/0x1b00 [ 49.112585][ T3617] ? pipe_write+0x12f/0x1b00 [ 49.117155][ T3617] ? mutex_lock_io_nested+0x60/0x60 [ 49.122348][ T3617] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 49.128308][ T3617] ? trace_raw_output_contention_end+0xd0/0xd0 [ 49.134545][ T3617] mutex_lock_nested+0x17/0x20 [ 49.139287][ T3617] pipe_write+0x12f/0x1b00 [ 49.143685][ T3617] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 49.149644][ T3617] ? print_irqtrace_events+0x220/0x220 [ 49.155080][ T3617] ? pipe_wait_readable+0x3d7/0x550 [ 49.160257][ T3617] ? mutex_lock_io_nested+0x60/0x60 [ 49.165438][ T3617] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 49.171322][ T3617] ? pipe_read+0x12a0/0x12a0 [ 49.175892][ T3617] ? finish_wait+0xc5/0x1d0 [ 49.180374][ T3617] ? mutex_lock_nested+0x17/0x20 [ 49.185291][ T3617] do_iter_readv_writev+0x499/0x650 [ 49.190484][ T3617] ? generic_file_rw_checks+0x250/0x250 [ 49.196012][ T3617] ? iter_file_splice_write+0x2a2/0xff0 [ 49.201624][ T3617] ? bpf_lsm_file_permission+0x5/0x10 [ 49.206981][ T3617] ? security_file_permission+0xe0/0x5c0 [ 49.212594][ T3617] ? do_iter_write+0x147/0x7a0 [ 49.217337][ T3617] do_iter_write+0x1f1/0x7a0 [ 49.221916][ T3617] ? vfs_iter_write+0x69/0xa0 [ 49.226572][ T3617] iter_file_splice_write+0x830/0xff0 [ 49.231929][ T3617] ? splice_from_pipe+0x220/0x220 [ 49.236930][ T3617] ? rcu_lock_release+0x9/0x20 [ 49.241675][ T3617] ? bpf_lsm_file_permission+0x5/0x10 [ 49.247033][ T3617] ? security_file_permission+0xe0/0x5c0 [ 49.252641][ T3617] ? splice_from_pipe+0x220/0x220 [ 49.257684][ T3617] do_splice+0x1105/0x1930 [ 49.262086][ T3617] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 49.268058][ T3617] ? print_irqtrace_events+0x220/0x220 [ 49.273496][ T3617] ? splice_file_to_pipe+0x660/0x660 [ 49.278759][ T3617] ? __fdget+0x180/0x210 [ 49.282981][ T3617] __se_sys_splice+0x2a8/0x410 [ 49.287730][ T3617] ? __x64_sys_splice+0xf0/0xf0 [ 49.292581][ T3617] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 49.298542][ T3617] ? __x64_sys_splice+0x1d/0xf0 [ 49.303374][ T3617] do_syscall_64+0x2b/0x70 [ 49.307785][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.313672][ T3617] RIP: 0033:0x7fde40f5fc99 [ 49.318067][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.337657][ T3617] RSP: 002b:00007fde40f12308 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 49.346061][ T3617] RAX: ffffffffffffffda RBX: 00007fde40fe8408 RCX: 00007fde40f5fc99 [ 49.354012][ T3617] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [ 49.361960][ T3617] RBP: 00007fde40fe8400 R08: 00000000000001ff R09: 0000000000000000 [ 49.369910][ T3617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde40fe840c [pid 3617] <... splice resumed>) = ? [pid 3617] +++ exited with 0 +++ +++ exited with 0 +++ [ 49.377876][ T3617] R13: 0000