bisecting fixing commit since 4707d8e5727387e36ea99c74d5ff0ad227700fd0 building syzkaller on e6b89e4e5adde15c0dc0a241e03dc215f2e249b3 testing commit 4707d8e5727387e36ea99c74d5ff0ad227700fd0 with gcc (GCC) 8.1.0 kernel signature: 0a8fce75b14b2914ebd12a6ae07d27c9fd9faa792540a3a71a4044c2b5d49854 run #0: crashed: INFO: task hung in vfs_unlink run #1: crashed: INFO: task hung in pipe_write run #2: crashed: INFO: task hung in pipe_write run #3: crashed: INFO: task hung in pipe_write run #4: crashed: INFO: task hung in pipe_write run #5: crashed: INFO: task hung in pipe_write run #6: crashed: INFO: task hung in pipe_read run #7: crashed: INFO: task hung in pipe_read run #8: OK run #9: OK testing current HEAD daefdc9eb24bfa11ab77a4b2a9c3923f1051fe0b testing commit daefdc9eb24bfa11ab77a4b2a9c3923f1051fe0b with gcc (GCC) 8.1.0 kernel signature: d9e5ffafb450c7ab0f6ac370321e2e90785aaaa58423deb912990a255681058c run #0: crashed: INFO: task hung in pipe_read run #1: crashed: INFO: task hung in pipe_write run #2: crashed: INFO: task hung in vfs_unlink run #3: crashed: INFO: task hung in pipe_write run #4: crashed: INFO: task hung in pipe_write run #5: crashed: INFO: task hung in vfs_unlink run #6: crashed: INFO: task hung in pipe_read run #7: crashed: INFO: task hung in pipe_write run #8: OK run #9: OK revisions tested: 2, total time: 39m2.154643342s (build: 19m41.120999811s, test: 18m46.294241136s) the crash still happens on HEAD commit msg: Linux 4.19.161 crash: INFO: task hung in pipe_write IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready device hsr_slave_0 entered promiscuous mode device hsr_slave_1 entered promiscuous mode INFO: task syz-executor.3:29788 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29784 29788 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30213 blocked for more than 140 seconds. IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready syz-executor.3 D29784 30213 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 8021q: adding VLAN 0 to HW filter on device bond0 ksys_write+0x103/0x260 fs/read_write.c:599 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30242 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29784 30242 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30371 blocked for more than 140 seconds. IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready syz-executor.3 D29784 30371 24658 0x00000000 Call Trace: IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 8021q: adding VLAN 0 to HW filter on device team0 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready bridge0: port 1(bridge_slave_0) entered blocking state vfs_write+0x150/0x4d0 fs/read_write.c:549 bridge0: port 1(bridge_slave_0) entered forwarding state ksys_write+0x103/0x260 fs/read_write.c:599 IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 bridge0: port 2(bridge_slave_1) entered blocking state entry_SYSCALL_64_after_hwframe+0x49/0xbe bridge0: port 2(bridge_slave_1) entered forwarding state RIP: 0033:0x45cae9 Code: Bad RIP value. IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30532 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29784 30532 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30679 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready syz-executor.3 D29784 30679 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready vfs_write+0x150/0x4d0 fs/read_write.c:549 IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready ksys_write+0x103/0x260 fs/read_write.c:599 IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready entry_SYSCALL_64_after_hwframe+0x49/0xbe IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready RIP: 0033:0x45cae9 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready Code: Bad RIP value. 8021q: adding VLAN 0 to HW filter on device batadv0 RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30759 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29448 30759 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 device veth0_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready device veth1_vlan entered promiscuous mode vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready RIP: 0033:0x45cae9 device veth0_macvtap entered promiscuous mode Code: Bad RIP value. IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30904 blocked for more than 140 seconds. device veth1_macvtap entered promiscuous mode Not tainted 4.19.161-syzkaller #0 IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready syz-executor.3 D29784 30904 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 vfs_write+0x150/0x4d0 fs/read_write.c:549 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! ksys_write+0x103/0x260 fs/read_write.c:599 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_0 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30929 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29448 30929 24658 0x00000000 Call Trace: IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 batman_adv: batadv0: Interface activated: batadv_slave_1 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 INFO: task syz-executor.3:30945 blocked for more than 140 seconds. Not tainted 4.19.161-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29448 30945 24658 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: Bad RIP value. RSP: 002b:00007fe8343aac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000050ca00 RCX: 000000000045cae9 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cec R14: 00000000004cf454 R15: 00007fe8343ab6d4 Showing all locks held in the system: 3 locks held by kworker/u4:0/7: #0: 00000000281663e7 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x6e8/0x15a0 kernel/workqueue.c:2126 #1: 000000009f3183f3 (net_cleanup_work){+.+.}, at: process_one_work+0x71b/0x15a0 kernel/workqueue.c:2130 #2: 0000000083c4357a (pernet_ops_rwsem){++++}, at: cleanup_net+0xb4/0x850 net/core/net_namespace.c:520 1 lock held by khungtaskd/1072: #0: 0000000027029f18 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442 1 lock held by in:imklog/5535: #0: 00000000553cec79 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 1 lock held by syz-executor.3/29709: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.3/29788: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30213: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30242: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30371: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30532: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30679: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30759: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30904: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30929: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/30945: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31085: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31111: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31139: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31175: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31193: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.3/31217: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31231: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31262: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31286: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31289: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31323: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31324: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31359: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31362: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31391: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/31393: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31421: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31914: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31963: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/31987: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32004: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32031: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.3/32082: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32195: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32221: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32283: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32304: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.4/32336: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32338: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32352: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32353: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32384: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32386: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32388: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32430: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32431: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32462: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32465: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32466: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32477: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32491: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32493: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32509: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32514: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32523: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32524: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32538: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32543: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32552: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32553: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32564: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32582: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32583: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32591: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32598: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32613: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32614: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32629: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32634: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32650: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32651: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32666: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32668: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32685: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32687: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32701: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/32706: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32721: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/32731: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/32734: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/32756: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/300: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/309: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/315: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/333: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/338: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/366: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/377: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/394: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/407: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/415: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/434: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/437: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/460: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/463: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/465: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/476: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/496: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/501: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/509: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/515: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/535: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/536: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/550: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/569: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/574: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/577: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/596: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/608: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/613: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/620: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/643: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/645: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/649: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/675: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/676: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/677: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/698: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/712: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.1/719: #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 000000000f4616e1 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/720: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/733: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/745: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/751: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/1134: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 3 locks held by syz-executor.5/1204: #0: 0000000070254460 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 #1: 0000000066011c42 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2780 [inline] #1: 0000000066011c42 (sb_writers#3){.+.+}, at: vfs_write+0x378/0x4d0 fs/read_write.c:548 #2: 0000000095987345 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_trylock include/linux/fs.h:768 [inline] #2: 0000000095987345 (&sb->s_type->i_mutex_key#13){+.+.}, at: ext4_file_write_iter+0x1e2/0xe50 fs/ext4/file.c:238 1 lock held by syz-executor.0/1210: #0: 000000004786c36b (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 000000004786c36b (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 000000004786c36b (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.3/1236: #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 0000000092b51a72 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/1270: #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000e58805cc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/1285: #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c40a86fc (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1072 Comm: khungtaskd Not tainted 4.19.161-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x22a lib/dump_stack.c:118 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xf5/0x119 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 1292 Comm: syz-executor.5 Not tainted 4.19.161-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:lock_is_held_type+0x18b/0x210 kernel/locking/lockdep.c:3947 Code: ff df 41 c7 84 24 84 08 00 00 00 00 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 75 63 48 83 3d e4 c6 06 07 00 74 30 48 89 df 57 9d <0f> 1f 44 00 00 48 83 c4 08 44 89 e8 5b 41 5c 41 5d 5d c3 48 83 c4 RSP: 0018:ffff8881d0687420 EFLAGS: 00000286 RAX: dffffc0000000000 RBX: 0000000000000286 RCX: ffffed103e72f9b8 RDX: 1ffffffff10a3f51 RSI: 0000000000000000 RDI: 0000000000000286 RBP: ffff8881d0687440 R08: 1ffff1103e72f9b8 R09: ffffed103ed0473a R10: ffffed103ed0473a R11: ffff8881f68239d3 R12: ffff8881f397c540 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f6458280700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f645827fdb8 CR3: 00000001f3e0b003 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held include/linux/lockdep.h:344 [inline] rcu_read_lock_sched_held+0x108/0x120 kernel/rcu/update.c:118 trace_ext4_releasepage include/trace/events/ext4.h:561 [inline] ext4_releasepage+0x2ce/0x390 fs/ext4/inode.c:3407 try_to_release_page+0x1d7/0x330 mm/filemap.c:3358 block_invalidatepage+0x2d3/0x380 fs/buffer.c:1511 ext4_invalidatepage+0xfc/0x300 fs/ext4/inode.c:3375 ext4_da_invalidatepage+0x113/0xc00 fs/ext4/inode.c:3219 do_invalidatepage mm/truncate.c:165 [inline] truncate_cleanup_page+0x2d0/0x460 mm/truncate.c:187 truncate_inode_pages_range+0x41e/0x1920 mm/truncate.c:367 truncate_inode_pages mm/truncate.c:478 [inline] truncate_pagecache+0x61/0x90 mm/truncate.c:805 ext4_setattr+0xe44/0x1f40 fs/ext4/inode.c:5699 notify_change+0x6c1/0xcb0 fs/attr.c:334 do_truncate+0xef/0x1a0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x1af2/0x2870 fs/namei.c:3537 do_filp_open+0x177/0x250 fs/namei.c:3567 do_sys_open+0x1dd/0x350 fs/open.c:1085 __do_sys_openat fs/open.c:1112 [inline] __se_sys_openat fs/open.c:1106 [inline] __x64_sys_openat+0x98/0xf0 fs/open.c:1106 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cae9 Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f645827fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00000000004f7400 RCX: 000000000045cae9 RDX: 000000000000275a RSI: 00000000200001c0 RDI: ffffffffffffff9c RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000794 R14: 00000000004ca73e R15: 00007f64582806d4