INFO: task hung in pipe

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
android-414	INFO: task hung in pipe_release			1	1733d	1733d	0/1	auto-closed as invalid on 2019/11/24 16:38
upstream	INFO: task hung in pipe_release (2) ext4	syz	done	3	1330d	1361d	15/26	fixed on 2020/09/25 01:17
android-49	INFO: task hung in pipe_release (2)			1	1697d	1697d	0/3	auto-closed as invalid on 2019/12/30 22:08
upstream	INFO: task hung in pipe_release (4) fs	C	done	51	288d	288d	23/26	fixed on 2023/10/12 12:48
android-49	INFO: task hung in pipe_release			2	1926d	1838d	0/3	auto-closed as invalid on 2019/07/14 20:38
upstream	INFO: task hung in pipe_release fs			2	1824d	1988d	0/26	auto-closed as invalid on 2019/10/25 10:11
linux-4.19	INFO: task hung in pipe_release			1	1127d	1127d	0/1	auto-closed as invalid on 2021/07/23 11:59
upstream	INFO: task can't die in pipe_release (2) fs			1	1183d	1179d	0/26	auto-closed as invalid on 2021/03/29 10:10

INFO: task syz-executor.0:9545 blocked for more than 143 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:27584 pid: 9545 ppid: 9541 flags:0x00004002 Call Trace: <TASK> context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa9a/0x4940 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385 __mutex_lock_common kernel/locking/mutex.c:680 [inline] __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740 __pipe_lock fs/pipe.c:102 [inline] pipe_release+0x49/0x320 fs/pipe.c:717 __fput+0x286/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xc14/0x2b40 kernel/exit.c:832 do_group_exit+0x125/0x310 kernel/exit.c:929 get_signal+0x47d/0x2220 kernel/signal.c:2830 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 irqentry_exit_to_user_mode+0x5/0x40 kernel/entry/common.c:313 asm_exc_general_protection+0x1e/0x30 arch/x86/include/asm/idtentry.h:562 RIP: 0033:0x7f959496faf1 RSP: 002b:00000000200004c0 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007f9594a82f60 RCX: 00007f959496fae9 RDX: 0000000020000580 RSI: 00000000200004c0 RDI: 0000000000000000 RBP: 00007f95949c9f6d R08: 0000000020000600 R09: 0000000000000000 R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7b54f4ff R14: 00007f9591ee5300 R15: 0000000000022000 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8bb83a60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458 3 locks held by kworker/1:2/136: #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269 #1: ffffc900027afdb0 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273 #2: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #2: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:836 2 locks held by kworker/1:3/2953: #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269 #1: ffffc90001f1fdb0 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273 1 lock held by systemd-udevd/2976: 1 lock held by in:imklog/6226: #0: ffff88807f06eaf0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 2 locks held by syz-executor.0/6564: #0: ffff88801a10d918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x97/0x9e0 block/bdev.c:914 #1: ffff88801a109360 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x7a/0x1070 drivers/block/loop.c:1106 3 locks held by kworker/1:4/8166: #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269 #1: ffffc9001739fdb0 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273 #2: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #2: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fa/0x620 kernel/rcu/tree_exp.h:836 2 locks held by syz-executor.2/9122: #0: ffff88801a117918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x97/0x9e0 block/bdev.c:914 #1: ffff88801a113360 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x7a/0x1070 drivers/block/loop.c:1106 1 lock held by syz-executor.0/9541: #0: ffff88801db82c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_lock_nested fs/pipe.c:81 [inline] #0: ffff88801db82c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_lock+0x5a/0x70 fs/pipe.c:89 1 lock held by syz-executor.0/9545: #0: ffff88801db82c68 (&pipe->mutex/1){+.+.}-{3:3}, at: __pipe_lock fs/pipe.c:102 [inline] #0: ffff88801db82c68 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_release+0x49/0x320 fs/pipe.c:717 1 lock held by systemd-udevd/12334: #0: ffff88801a117918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x9b/0xb50 block/bdev.c:819 1 lock held by systemd-udevd/12384: #0: ffff88801a10d918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x9b/0xb50 block/bdev.c:819 1 lock held by systemd-udevd/13082: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc1d/0xf50 kernel/hung_task.c:295 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 13082 Comm: systemd-udevd Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:200 Code: 46 00 5d be 03 00 00 00 e9 f6 0c 63 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 19 88 8a 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 40 70 02 00 a9 RSP: 0018:ffffc900029cf5a8 EFLAGS: 00000283 RAX: 0000000080000000 RBX: 0000000000000007 RCX: ffff88803fa6ba00 RDX: 0000000000000000 RSI: ffff88803fa6ba00 RDI: 0000000000000003 RBP: ffff88807987d600 R08: 0000000000000000 R09: 0000000000000007 R10: ffffffff83a3511a R11: 0000000000000010 R12: 0000000000000002 R13: 00000000000003f6 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007f613788b8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f81c38321b8 CR3: 000000006e5ba000 CR4: 0000000000350ee0 Call Trace: <TASK> tomoyo_domain_quota_is_ok+0x2f1/0x550 security/tomoyo/util.c:1093 tomoyo_supervisor+0x2f2/0xf00 security/tomoyo/common.c:2089 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline] tomoyo_path_permission security/tomoyo/file.c:587 [inline] tomoyo_path_permission+0x270/0x3a0 security/tomoyo/file.c:573 tomoyo_check_open_permission+0x30f/0x380 security/tomoyo/file.c:780 tomoyo_file_open security/tomoyo/tomoyo.c:311 [inline] tomoyo_file_open+0xa3/0xd0 security/tomoyo/tomoyo.c:306 security_file_open+0x45/0xb0 security/security.c:1635 do_dentry_open+0x353/0x1250 fs/open.c:809 do_open fs/namei.c:3426 [inline] path_openat+0x1cad/0x2750 fs/namei.c:3559 do_filp_open+0x1aa/0x400 fs/namei.c:3586 do_sys_openat2+0x16d/0x4d0 fs/open.c:1212 do_sys_open fs/open.c:1228 [inline] __do_sys_open fs/open.c:1236 [inline] __se_sys_open fs/open.c:1232 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1232 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f61366fd6f0 Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 19 30 2c 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe 9d 01 00 48 89 04 24 RSP: 002b:00007ffdaa335fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f61366fd6f0 RDX: 0000000000000180 RSI: 00000000000800c2 RDI: 000055c428c2a450 RBP: 000000000003a2f8 R08: 000000000000fefe R09: 00007f6136750740 R10: 0000000000000000 R11: 0000000000000246 R12: 000055c428c2a465 R13: 8421084210842109 R14: 00000000000800c2 R15: 00007f613678b540 </TASK> ---------------- Code disassembly (best guess): 0: 46 00 5d be rex.RX add %r11b,-0x42(%rbp) 4: 03 00 add (%rax),%eax 6: 00 00 add %al,(%rax) 8: e9 f6 0c 63 02 jmpq 0x2630d03 d: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 13: 48 8b be b0 01 00 00 mov 0x1b0(%rsi),%rdi 1a: e8 b4 ff ff ff callq 0xffffffd3 1f: 31 c0 xor %eax,%eax 21: c3 retq 22: 90 nop 23: 65 8b 05 19 88 8a 7e mov %gs:0x7e8a8819(%rip),%eax # 0x7e8a8843 * 2a: 89 c1 mov %eax,%ecx <-- trapping instruction 2c: 48 8b 34 24 mov (%rsp),%rsi 30: 81 e1 00 01 00 00 and $0x100,%ecx 36: 65 48 8b 14 25 40 70 mov %gs:0x27040,%rdx 3d: 02 00 3f: a9 .byte 0xa9

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2021/11/16 05:17	upstream	8ab774587903	83f5c9b5	.config	console log	report	info	ci-upstream-kasan-gce-root	INFO: task hung in pipe_release
2021/11/07 17:29	upstream	b5013d084e03	4c1be0be	.config	console log	report	info	ci-upstream-kasan-gce-root	INFO: task hung in pipe_release
2021/09/05 09:22	upstream	49624efa65ac	d236a457	.config	console log	report	info	ci-upstream-kasan-gce-smack-root	INFO: task hung in pipe_release
2021/07/25 06:52	upstream	7ffca2bb9d8b	4d1b57d4	.config	console log	report	info	ci-upstream-kasan-gce	INFO: task hung in pipe_release

Crashes (4):

Assets (help?)