ci starts bisection 2025-09-28 06:24:23.121173746 +0000 UTC m=+115729.175401579
bisecting fixing commit since 5bc1018675ec28a8a60d83b378d8c3991faa5a27
building syzkaller on c6b4fb399236b655a39701fd51c33522caa06811
ensuring issue is reproducible on original commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a4f18640c8ca38941cfe3a67273f0c317560b751b0c54963b1a988c32420a363
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
check whether we can drop unnecessary instrumentation
disabling configs for [atomic_sleep memleak ubsan bug_or_warning kasan locking], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9fa51efd32d872a262ac84419f151f3bb9dd61469bf940eae840a2880aa4579d
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the bug reproduces without the instrumentation
disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
kconfig minimization: base=4093 full=8318 leaves diff=2133
split chunks (needed=false): <2133>
split chunk #0 of len 2133 into 5 parts
testing without sub-chunk 1/5
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep memleak], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8a3268b5cb37a745dc893e804aa763586b21107091ee545ec303a9a4042232dc
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [kasan locking atomic_sleep memleak ubsan bug_or_warning], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8011b5107c1a215997b77d8125698d6857f533292cc720b50c815461f08dcee8
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a1eb8ea9b4b91f502f88113108e03a1fb3d6880e5e12980fa47fbc880c06831b
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep memleak], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f40a78ae6a125625da3de30359e08fbb24a391157c000d254abffb32ee7c5a44
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit 5bc1018675ec28a8a60d83b378d8c3991faa5a27 gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3d25016b08edb364e6b1a2d1ae6c44c76f3c0b77ccd07438a00dfdb6d082b421
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
the chunk can be dropped
disabling configs for [locking atomic_sleep memleak ubsan bug_or_warning kasan], they are not needed
testing current HEAD 51a24b7deaae5c3561965f5b4b27bb9d686add1c
testing commit 51a24b7deaae5c3561965f5b4b27bb9d686add1c gcc
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e0df10e3f9b13a20c5b3c461cbed1fb7b8848ad25764623f6718bd758b0d0693
all runs: crashed: INFO: task hung in anon_pipe_write
representative crash: INFO: task hung in anon_pipe_write, types: [HANG]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 2h13m48.80518872s (build: 1h18m8.445451327s, test: 45m42.406827258s)
crash still not fixed or there were kernel test errors
commit msg: Merge tag 'trace-tools-v6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
crash: INFO: task hung in anon_pipe_write
INFO: task kworker/1:1:37 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D stack:12992 pid:37 tgid:37 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: events p9_write_work
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x5a2/0xd10 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0x25/0x110 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x670/0xd10 kernel/locking/mutex.c:760
anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
__kernel_write_iter+0x12a/0x290 fs/read_write.c:619
__kernel_write fs/read_write.c:639 [inline]
kernel_write fs/read_write.c:660 [inline]
kernel_write+0xf3/0x220 fs/read_write.c:650
p9_fd_write net/9p/trans_fd.c:434 [inline]
p9_write_work+0x82/0x2c0 net/9p/trans_fd.c:485
process_one_work+0x22e/0x660 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x1c7/0x370 kernel/workqueue.c:3400
kthread+0x104/0x200 kernel/kthread.c:463
ret_from_fork+0x192/0x1b0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Showing all locks held in the system:
3 locks held by kworker/0:0/9:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90000053e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff8881033bb668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
3 locks held by kworker/1:0/24:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc900000d3e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff8881033cf468 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
1 lock held by khungtaskd/31:
#0: ffffffff82981c20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff82981c20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff82981c20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6775
3 locks held by kworker/1:1/37:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc9000013fe38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff888103367068 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
3 locks held by kworker/1:2/313:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc9000112be38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff888103366668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
3 locks held by kworker/0:2/829:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90000e07e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff8881033c2268 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
2 locks held by getty/849:
#0: ffff8881032ce8a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
#1: ffffc90001dcf2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x17a/0x660 drivers/tty/n_tty.c:2222
2 locks held by syz.3.16/2837:
#0: ffff888103367068 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161a82e8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161a82e8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
2 locks held by syz.4.17/3290:
#0: ffff8881033c2268 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161c82e8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161c82e8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
2 locks held by syz.5.18/3744:
#0: ffff888103366668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161a88c0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161a88c0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
2 locks held by syz.6.19/4199:
#0: ffff8881033bb668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161c88c0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161c88c0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
3 locks held by kworker/0:3/4201:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90003397e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff8881033bba68 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
2 locks held by syz.7.20/4654:
#0: ffff8881033bba68 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161c8e98 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161c8e98 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
3 locks held by kworker/0:4/4655:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90003c07e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff88810af4c668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
3 locks held by kworker/1:4/4656:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90003aefe38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff88811801c268 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
2 locks held by syz.8.21/5109:
#0: ffff8881033cf468 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161a8e98 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161a8e98 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
2 locks held by syz.9.22/5563:
#0: ffff88810af4c668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161c9470 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161c9470 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
3 locks held by kworker/0:5/5565:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90004c87e38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff88810af4d668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
2 locks held by syz.0.23/6018:
#0: ffff88810af4d668 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161c9a48 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161c9a48 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
2 locks held by syz.1.24/6472:
#0: ffff88811801c268 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161a9470 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161a9470 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
3 locks held by kworker/1:5/6473:
#0: ffff888100072748 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x42d/0x660 kernel/workqueue.c:3211
#1: ffffc90005e6fe38 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ed/0x660 kernel/workqueue.c:3212
#2: ffff888103370868 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
2 locks held by syz.2.25/6927:
#0: ffff888103370868 (&pipe->mutex){....}-{3:3}, at: anon_pipe_write+0x46/0x6d0 fs/pipe.c:458
#1: ffff8881161a9a48 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
#1: ffff8881161a9a48 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x248/0xf50 mm/filemap.c:3452
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120
nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
watchdog+0x5f3/0x630 kernel/hung_task.c:491
kthread+0x104/0x200 kernel/kthread.c:463
ret_from_fork+0x192/0x1b0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 11 66 00 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a5 c7 10 00 fb f4 0c 1d 01 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffffff82803e80 EFLAGS: 000002c2
RAX: 000000000005bb4c RBX: ffffffff82824900 RCX: 000000472d23d100
RDX: ffff888237c24fe8 RSI: ffffffff82542e0b RDI: ffffffff8251282a
RBP: 0000000000000000 R08: 0000000000080000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff82824050 R15: 000000000008b000
FS: 0000000000000000(0000) GS:ffff8882b49d2000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560c0fa354c0 CR3: 000000000284c000 CR4: 00000000003506f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:757
default_idle_call+0x48/0x140 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x1d4/0x230 kernel/sched/idle.c:330
cpu_startup_entry+0x24/0x30 kernel/sched/idle.c:428
rest_init+0xed/0xf0 init/main.c:744
start_kernel+0x5ea/0x690 init/main.c:1097
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x103/0x120 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x148