./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2805229891
<...>
Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts.
execve("./syz-executor2805229891", ["./syz-executor2805229891"], 0x7ffd74b5a320 /* 10 vars */) = 0
brk(NULL) = 0x555556bc1000
brk(0x555556bc1d40) = 0x555556bc1d40
arch_prctl(ARCH_SET_FS, 0x555556bc13c0) = 0
set_tid_address(0x555556bc1690) = 5052
set_robust_list(0x555556bc16a0, 24) = 0
rseq(0x555556bc1ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2805229891", 4096) = 28
getrandom("\x24\xf9\x49\xe7\x0f\xe4\xd4\x22", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556bc1d40
brk(0x555556be2d40) = 0x555556be2d40
brk(0x555556be3000) = 0x555556be3000
mprotect(0x7f2e09414000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f2e093b6e60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e093a84e0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e09333000
mprotect(0x7f2e09334000, 131072, PROT_READ|PROT_WRITE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e09353990, parent_tid=0x7f2e09353990, exit_signal=0, stack=0x7f2e09333000, stack_size=0x20300, tls=0x7f2e093536c0}./strace-static-x86_64: Process 5053 attached
=> {parent_tid=[5053]}, 88) = 5053
[pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5052] futex(0x7f2e0941a348, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5052] futex(0x7f2e0941a34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5053] rseq(0x7f2e09353fe0, 0x20, 0, 0x53053053) = 0
[pid 5053] set_robust_list(0x7f2e093539a0, 24) = 0
[pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5053] pipe2([3, 4], 0) = 0
[pid 5053] futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5052] <... futex resumed>) = 0
[pid 5053] futex(0x7f2e0941a348, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 5052] futex(0x7f2e0941a348, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5053] <... futex resumed>) = 0
[pid 5052] <... futex resumed>) = 1
[pid 5053] dup(4 <unfinished ...>
[pid 5052] futex(0x7f2e0941a34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5053] <... dup resumed>) = 5
[pid 5053] futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5052] <... futex resumed>) = 0
[pid 5053] futex(0x7f2e0941a348, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 5052] futex(0x7f2e0941a348, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 5052] <... futex resumed>) = 0
[pid 5053] pipe2( <unfinished ...>
[pid 5052] futex(0x7f2e0941a34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5053] <... pipe2 resumed>[6, 7], O_EXCL|O_NONBLOCK) = 0
[pid 5053] futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5052] <... futex resumed>) = 0
[pid 5052] futex(0x7f2e0941a348, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5053] <... futex resumed>) = 1
[pid 5052] futex(0x7f2e0941a34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5053] openat(AT_FDCWD, "/proc/thread-self/fd/4", O_RDWR) = 8
[pid 5053] futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5052] <... futex resumed>) = 0
[pid 5053] <... futex resumed>) = 1
[pid 5052] futex(0x7f2e0941a348, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5053] splice(8, NULL, 7, NULL, 256, 0 <unfinished ...>
[pid 5052] <... futex resumed>) = 0
[pid 5052] futex(0x7f2e0941a34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid 5052] futex(0x7f2e0941a35c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e09312000
[pid 5052] mprotect(0x7f2e09313000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e09332990, parent_tid=0x7f2e09332990, exit_signal=0, stack=0x7f2e09312000, stack_size=0x20300, tls=0x7f2e093326c0}./strace-static-x86_64: Process 5054 attached
=> {parent_tid=[5054]}, 88) = 5054
[pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5052] futex(0x7f2e0941a358, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5054] rseq(0x7f2e09332fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid 5052] futex(0x7f2e0941a35c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5054] <... rseq resumed>) = 0
[pid 5054] set_robust_list(0x7f2e093329a0, 24) = 0
[pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[ 71.196435][ T5053]
[ 71.198812][ T5053] ============================================
[ 71.204963][ T5053] WARNING: possible recursive locking detected
[ 71.211119][ T5053] 6.6.0-syzkaller-06824-g8bc9e6515183 #0 Not tainted
[ 71.217797][ T5053] --------------------------------------------
[ 71.223950][ T5053] syz-executor280/5053 is trying to acquire lock:
[ 71.230370][ T5053] ffff88802004bc68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x136/0x1a40
[ 71.239204][ T5053]
[ 71.239204][ T5053] but task is already holding lock:
[ 71.246581][ T5053] ffff88802004b868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550
[ 71.256019][ T5053]
[ 71.256019][ T5053] other info that might help us debug this:
[ 71.264075][ T5053] Possible unsafe locking scenario:
[ 71.264075][ T5053]
[ 71.271523][ T5053] CPU0
[ 71.274804][ T5053] ----
[ 71.278080][ T5053] lock(&pipe->mutex/1);
[ 71.282426][ T5053] lock(&pipe->mutex/1);
[ 71.286769][ T5053]
[ 71.286769][ T5053] *** DEADLOCK ***
[ 71.286769][ T5053]
[ 71.294920][ T5053] May be due to missing lock nesting notation
[ 71.294920][ T5053]
[ 71.303257][ T5053] 1 lock held by syz-executor280/5053:
[ 71.308713][ T5053] #0: ffff88802004b868 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_wait_readable+0x3e3/0x550
[ 71.318577][ T5053]
[ 71.318577][ T5053] stack backtrace:
[ 71.324464][ T5053] CPU: 0 PID: 5053 Comm: syz-executor280 Not tainted 6.6.0-syzkaller-06824-g8bc9e6515183 #0
[ 71.334530][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 71.344696][ T5053] Call Trace:
[ 71.348003][ T5053] <TASK>
[ 71.350962][ T5053] dump_stack_lvl+0x1e7/0x2d0
[ 71.355702][ T5053] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.361185][ T5053] ? print_deadlock_bug+0x462/0x600
[ 71.366417][ T5053] ? _find_first_zero_bit+0xd4/0x100
[ 71.371720][ T5053] __lock_acquire+0x6a81/0x7f70
[ 71.376599][ T5053] ? verify_lock_unused+0x140/0x140
[ 71.381802][ T5053] ? __lock_acquire+0x1345/0x7f70
[ 71.386950][ T5053] ? verify_lock_unused+0x140/0x140
[ 71.392161][ T5053] lock_acquire+0x1e3/0x520
[ 71.396703][ T5053] ? pipe_write+0x136/0x1a40
[ 71.401336][ T5053] ? read_lock_is_recursive+0x20/0x20
[ 71.406724][ T5053] ? __might_sleep+0xc0/0xc0
[ 71.411326][ T5053] ? print_irqtrace_events+0x220/0x220
[ 71.416795][ T5053] ? do_raw_spin_unlock+0x13b/0x8b0
[ 71.422010][ T5053] __mutex_lock+0x136/0xd60
[ 71.426537][ T5053] ? pipe_write+0x136/0x1a40
[ 71.431138][ T5053] ? __mutex_trylock_common+0x182/0x2e0
[ 71.436685][ T5053] ? pipe_write+0x136/0x1a40
[ 71.441282][ T5053] ? __might_sleep+0xc0/0xc0
[ 71.445881][ T5053] ? mutex_lock_nested+0x20/0x20
[ 71.450841][ T5053] ? rcu_is_watching+0x15/0xb0
[ 71.455619][ T5053] ? trace_contention_end+0x3c/0xf0
[ 71.460821][ T5053] pipe_write+0x136/0x1a40
[ 71.465244][ T5053] ? print_irqtrace_events+0x220/0x220
[ 71.470712][ T5053] ? pipe_wait_readable+0x3e3/0x550
[ 71.475921][ T5053] ? mutex_lock_nested+0x20/0x20
[ 71.480872][ T5053] ? _raw_spin_unlock+0x40/0x40
[ 71.485737][ T5053] ? finish_wait+0xd3/0x1e0
[ 71.490246][ T5053] ? pipe_read+0x13e0/0x13e0
[ 71.494844][ T5053] ? pipe_wait_readable+0x3e3/0x550
[ 71.500057][ T5053] do_iter_write+0x7ac/0xcb0
[ 71.504665][ T5053] ? vfs_iter_write+0xa0/0xa0
[ 71.509389][ T5053] ? vfs_iter_write+0x70/0xa0
[ 71.514073][ T5053] iter_file_splice_write+0x86d/0x1010
[ 71.519590][ T5053] ? splice_from_pipe+0x240/0x240
[ 71.524637][ T5053] ? fsnotify_perm+0x67/0x5a0
[ 71.529329][ T5053] ? bpf_lsm_file_permission+0x9/0x10
[ 71.534736][ T5053] ? splice_from_pipe+0x240/0x240
[ 71.539785][ T5053] do_splice+0xf66/0x1d60
[ 71.544138][ T5053] ? read_lock_is_recursive+0x20/0x20
[ 71.549537][ T5053] ? __fget_files+0x29/0x480
[ 71.554230][ T5053] ? pipe_clear_nowait+0xc1/0x220
[ 71.559269][ T5053] ? __fget_files+0x29/0x480
[ 71.563890][ T5053] ? wait_for_space+0x2d0/0x2d0
[ 71.568754][ T5053] ? __fdget+0x186/0x210
[ 71.573012][ T5053] __se_sys_splice+0x331/0x4a0
[ 71.577960][ T5053] ? do_notify_parent+0x1100/0x1100
[ 71.583180][ T5053] ? __x64_sys_splice+0xf0/0xf0
[ 71.588041][ T5053] ? syscall_enter_from_user_mode+0x32/0x230
[ 71.594030][ T5053] ? __x64_sys_splice+0x21/0xf0
[ 71.598891][ T5053] do_syscall_64+0x44/0x110
[ 71.603408][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 71.609334][ T5053] RIP: 0033:0x7f2e09390fb9
[ 71.613751][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 71.633400][ T5053] RSP: 002b:00007f2e09353188 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[pid 5054] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967021 <unfinished ...>
[pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 5053] <... splice resumed>) = -1 EXDEV (Invalid cross-device link)
[pid 5053] futex(0x7f2e0941a34c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[ 71.641885][ T5053] RAX: ffffffffffffffda RBX: 00007f2e0941a348 RCX: 00007f2e09390fb9
[ 71.649883][ T5053] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008
[ 71.657864][ T5053] RBP: 00007f2e0941a340 R08: 0000000000000100 R09: 0000000000000000
[ 71.665938][ T5053] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e093e8040
[ 71.673911][ T5053] R13: 00007f2e093531a0 R14: 00007f2e093e8012 R15: 00000000fffffeed
[ 71.681903][ T5053] </TASK>
[pid 5053] futex(0x7f2e0941a348, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 5052] exit_group(0) = ?
[pid 5054] <... write resumed>) = ?
[pid 5054] +++ exited with 0 +++
[pid 5053] <... futex resumed>) = ?
[pid 5053] +++ exited with 0 +++
+++ exited with 0 +++