./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3829610130 <...> DUID 00:04:11:31:ea:d8:bb:db:47:a8:80:cb:7d:0b:3c:d8:ea:74 forked to background, child pid 3190 [ 25.416909][ T3191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.422853][ T3191] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. execve("./syz-executor3829610130", ["./syz-executor3829610130"], 0x7fff0862cc00 /* 10 vars */) = 0 brk(NULL) = 0x555555840000 brk(0x555555840c40) = 0x555555840c40 arch_prctl(ARCH_SET_FS, 0x555555840300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3829610130", 4096) = 28 brk(0x555555861c40) = 0x555555861c40 brk(0x555555862000) = 0x555555862000 mprotect(0x7f6cb44a6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3612 attached , child_tidptr=0x5555558405d0) = 3612 [pid 3612] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setsid() = 1 [pid 3612] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3612] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3612] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3612] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3612] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3612] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3612] unshare(CLONE_NEWNS) = 0 [pid 3612] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3612] unshare(CLONE_NEWIPC) = 0 [pid 3612] unshare(CLONE_NEWCGROUP) = 0 [pid 3612] unshare(CLONE_NEWUTS) = 0 [pid 3612] unshare(CLONE_SYSVSEM) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "16777216", 8) = 8 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "536870912", 9) = 9 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1024", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "8192", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1024", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1024", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3612] close(3) = 0 [pid 3612] getpid() = 1 [pid 3612] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<j1939_socks_lock){+.-.}-{2:2}, at: j1939_sk_errqueue+0x9f/0x1a0 [ 50.621254][ C0] [ 50.621254][ C0] but task is already holding lock: [ 50.621258][ C0] ffff888077729088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_tp_rxtimer+0xe5/0x220 [ 50.621301][ C0] [ 50.621301][ C0] which lock already depends on the new lock. [ 50.621301][ C0] [ 50.621306][ C0] [ 50.621306][ C0] the existing dependency chain (in reverse order) is: [ 50.621311][ C0] [ 50.621311][ C0] -> #2 (&priv->active_session_list_lock){+.-.}-{2:2}: [ 50.621338][ C0] _raw_spin_lock_bh+0x2f/0x40 [ 50.621360][ C0] j1939_session_activate+0x43/0x4b0 [ 50.621382][ C0] j1939_sk_queue_activate_next+0x29b/0x460 [ 50.621406][ C0] j1939_session_completed+0x19a/0x1f0 [ 50.621427][ C0] j1939_xtp_rx_eoma+0x2a6/0x5f0 [ 50.621449][ C0] j1939_tp_recv+0x930/0xcb0 [ 50.621470][ C0] j1939_can_recv+0x6ff/0x9a0 [ 50.621489][ C0] can_rcv_filter+0x5d4/0x8d0 [ 50.621513][ C0] can_receive+0x31d/0x580 [ 50.621542][ C0] can_rcv+0x120/0x1c0 [ 50.621564][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 50.621590][ C0] __netif_receive_skb+0x24/0x1b0 [ 50.621612][ C0] process_backlog+0x3a0/0x7c0 [ 50.621635][ C0] __napi_poll+0xb3/0x6e0 [ 50.621656][ C0] net_rx_action+0x9c1/0xd90 [ 50.621679][ C0] __do_softirq+0x29b/0x9c2 [ 50.621700][ C0] run_ksoftirqd+0x2d/0x60 [ 50.621719][ C0] smpboot_thread_fn+0x645/0x9c0 [ 50.621743][ C0] kthread+0x2e9/0x3a0 [ 50.621759][ C0] ret_from_fork+0x1f/0x30 [ 50.621780][ C0] [ 50.621780][ C0] -> #1 (&jsk->sk_session_queue_lock){+.-.}-{2:2}: [ 50.621805][ C0] _raw_spin_lock_bh+0x2f/0x40 [ 50.621825][ C0] j1939_sk_queue_drop_all+0x40/0x2f0 [ 50.621847][ C0] j1939_sk_netdev_event_netdown+0x7b/0x160 [ 50.621869][ C0] j1939_netdev_notify+0x199/0x1d0 [ 50.621890][ C0] notifier_call_chain+0xb5/0x200 [ 50.621910][ C0] call_netdevice_notifiers_info+0xb5/0x130 [ 50.621930][ C0] __dev_notify_flags+0x1da/0x2b0 [ 50.621953][ C0] dev_change_flags+0x112/0x170 [ 50.621975][ C0] do_setlink+0x961/0x3bb0 [ 50.621997][ C0] __rtnl_newlink+0xd6a/0x17e0 [ 50.622020][ C0] rtnl_newlink+0x64/0xa0 [ 50.622042][ C0] rtnetlink_rcv_msg+0x43a/0xc90 [ 50.622064][ C0] netlink_rcv_skb+0x153/0x420 [ 50.622082][ C0] netlink_unicast+0x543/0x7f0 [ 50.622100][ C0] netlink_sendmsg+0x917/0xe10 [ 50.622118][ C0] sock_sendmsg+0xcf/0x120 [ 50.622140][ C0] ____sys_sendmsg+0x6eb/0x810 [ 50.622163][ C0] ___sys_sendmsg+0xf3/0x170 [ 50.622182][ C0] __x64_sys_sendmsg+0x132/0x220 [ 50.622201][ C0] do_syscall_64+0x35/0xb0 [ 50.622223][ C0] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 50.622246][ C0] [ 50.622246][ C0] -> #0 (&priv->j1939_socks_lock){+.-.}-{2:2}: [ 50.622282][ C0] __lock_acquire+0x2abe/0x5660 [ 50.622306][ C0] lock_acquire+0x1ab/0x570 [ 50.622323][ C0] _raw_spin_lock_bh+0x2f/0x40 [ 50.622342][ C0] j1939_sk_errqueue+0x9f/0x1a0 [ 50.622362][ C0] __j1939_session_cancel+0x3b9/0x460 [ 50.622383][ C0] j1939_tp_rxtimer.cold+0x1f6/0x24f [ 50.622405][ C0] __hrtimer_run_queues+0x609/0xe50 [ 50.622426][ C0] hrtimer_run_softirq+0x17b/0x360 [ 50.622446][ C0] __do_softirq+0x29b/0x9c2 [ 50.622467][ C0] __irq_exit_rcu+0x123/0x180 [ 50.622484][ C0] irq_exit_rcu+0x5/0x20 [ 50.622502][ C0] sysvec_apic_timer_interrupt+0x93/0xc0 [ 50.622522][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 50.622545][ C0] acpi_idle_do_entry+0x1c9/0x240 [ 50.622570][ C0] acpi_idle_enter+0x369/0x510 [ 50.622591][ C0] cpuidle_enter_state+0x1b1/0xc80 [ 50.622612][ C0] cpuidle_enter+0x4a/0xa0 [ 50.622627][ C0] do_idle+0x3e8/0x590 [ 50.622644][ C0] cpu_startup_entry+0x14/0x20 [ 50.622664][ C0] rest_init+0x169/0x270 [ 50.622682][ C0] arch_call_rest_init+0xf/0x14 [ 50.622700][ C0] start_kernel+0x46e/0x48f [ 50.622717][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 50.622740][ C0] [ 50.622740][ C0] other info that might help us debug this: [ 50.622740][ C0] [ 50.622745][ C0] Chain exists of: [ 50.622745][ C0] &priv->j1939_socks_lock --> &jsk->sk_session_queue_lock --> &priv->active_session_list_lock [ 50.622745][ C0] [ 50.622775][ C0] Possible unsafe locking scenario: [ 50.622775][ C0] [ 50.622779][ C0] CPU0 CPU1 [ 50.622784][ C0] ---- ---- [ 50.622787][ C0] lock(&priv->active_session_list_lock); [ 50.622799][ C0] lock(&jsk->sk_session_queue_lock); [ 50.622812][ C0] lock(&priv->active_session_list_lock); [ 50.622825][ C0] lock(&priv->j1939_socks_lock); [ 50.622836][ C0] [ 50.622836][ C0] *** DEADLOCK *** [ 50.622836][ C0] [ 50.622840][ C0] 1 lock held by swapper/0/0: [ 50.622851][ C0] #0: ffff888077729088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_tp_rxtimer+0xe5/0x220 [ 50.622901][ C0] [ 50.622901][ C0] stack backtrace: [ 50.622905][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc2-syzkaller-00049-g24625f7d91fb #0 [ 50.622927][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.622939][ C0] Call Trace: [ 50.622944][ C0] [ 50.622951][ C0] dump_stack_lvl+0xcd/0x134 [ 50.622975][ C0] check_noncircular+0x25f/0x2e0 [ 50.623001][ C0] ? print_circular_bug+0x1e0/0x1e0 [ 50.623031][ C0] ? mark_held_locks+0x9f/0xe0 [ 50.623058][ C0] __lock_acquire+0x2abe/0x5660 [ 50.623089][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.623115][ C0] ? get_rps_cpu+0x1270/0x1270 [ 50.623137][ C0] ? memcpy+0x39/0x60 [ 50.623164][ C0] lock_acquire+0x1ab/0x570 [ 50.623182][ C0] ? j1939_sk_errqueue+0x9f/0x1a0 [ 50.623206][ C0] ? lock_release+0x780/0x780 [ 50.623230][ C0] ? can_rx_unregister+0x6f0/0x6f0 [ 50.623249][ C0] ? __build_skb_around+0x274/0x340 [ 50.623275][ C0] ? j1939_ac_fixup+0xd6/0x660 [ 50.623299][ C0] _raw_spin_lock_bh+0x2f/0x40 [ 50.623320][ C0] ? j1939_sk_errqueue+0x9f/0x1a0 [ 50.623342][ C0] j1939_sk_errqueue+0x9f/0x1a0 [ 50.623367][ C0] __j1939_session_cancel+0x3b9/0x460 [ 50.623391][ C0] ? j1939_session_get_by_addr_locked+0x7c0/0x7c0 [ 50.623417][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 50.623440][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 50.623465][ C0] j1939_tp_rxtimer.cold+0x1f6/0x24f [ 50.623489][ C0] ? j1939_session_deactivate_locked+0x340/0x340 [ 50.623514][ C0] __hrtimer_run_queues+0x609/0xe50 [ 50.623540][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 50.623569][ C0] ? ktime_get_update_offsets_now+0x3eb/0x5c0 [ 50.623598][ C0] hrtimer_run_softirq+0x17b/0x360 [ 50.623621][ C0] __do_softirq+0x29b/0x9c2 [ 50.623647][ C0] __irq_exit_rcu+0x123/0x180 [ 50.623667][ C0] irq_exit_rcu+0x5/0x20 [ 50.623686][ C0] sysvec_apic_timer_interrupt+0x93/0xc0 [ 50.623708][ C0] [ 50.623714][ C0] [ 50.623721][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 50.623746][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x240 [ 50.623770][ C0] Code: 89 de e8 4a 53 00 f8 84 db 75 98 e8 41 57 00 f8 e8 2c a7 06 f8 66 90 e8 35 57 00 f8 0f 00 2d 2e f0 b9 00 e8 29 57 00 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 53 00 f8 48 85 db [ 50.623790][ C0] RSP: 0018:ffffffff8ba07d38 EFLAGS: 00000293 [ 50.623806][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 50.623819][ C0] RDX: ffffffff8babc940 RSI: ffffffff897a1ad7 RDI: 0000000000000000 [ 50.623833][ C0] RBP: ffff888017071064 R08: 0000000000000001 R09: 0000000000000001 [ 50.623846][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 50.623858][ C0] R13: ffff888017071000 R14: ffff888017071064 R15: ffff88801b1cd804 [ 50.623877][ C0] ? acpi_idle_do_entry+0x1c7/0x240 [ 50.623901][ C0] ? acpi_idle_do_entry+0x1c7/0x240 [ 50.623923][ C0] acpi_idle_enter+0x369/0x510 [ 50.623948][ C0] cpuidle_enter_state+0x1b1/0xc80 [ 50.623972][ C0] cpuidle_enter+0x4a/0xa0 [ 50.623993][ C0] do_idle+0x3e8/0x590 [ 50.624014][ C0] ? arch_cpu_idle_exit+0x30/0x30 [ 50.624040][ C0] cpu_startup_entry+0x14/0x20 [ 50.624060][ C0] rest_init+0x169/0x270 [ 50.624080][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 50.624105][ C0] arch_call_rest_init+0xf/0x14 [ 50.624124][ C0] start_kernel+0x46e/0x48f [ 50.624144][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 50.624175][ C0] [ 50.625571][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88814717a000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 50.625632][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b7b3800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [pid 3612] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=1, si_utime=0, si_stime=57} --- exit_group(0) = ? +++ exited with 0 +++