bisecting fixing commit since 4707d8e5727387e36ea99c74d5ff0ad227700fd0 building syzkaller on e6b89e4e5adde15c0dc0a241e03dc215f2e249b3 testing commit 4707d8e5727387e36ea99c74d5ff0ad227700fd0 with gcc (GCC) 8.4.1 20210217 kernel signature: 2ec95741cd99607b6466e13b6603df7815c7e4d0bd5793d0ddaf5a3c76c77aa6 run #0: crashed: INFO: task hung in pipe_write run #1: crashed: INFO: task hung in pipe_write run #2: crashed: INFO: task hung in pipe_write run #3: crashed: INFO: task hung in pipe_write run #4: crashed: INFO: task hung in pipe_write run #5: crashed: INFO: task hung in pipe_write run #6: crashed: INFO: task hung in pipe_write run #7: crashed: INFO: task hung in pipe_write run #8: crashed: INFO: task hung in pipe_read run #9: crashed: INFO: task hung in pipe_write run #10: crashed: INFO: task hung in vfs_unlink run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK testing current HEAD 2d19be4653f5e74ed95560b69f94eb6791d49af3 testing commit 2d19be4653f5e74ed95560b69f94eb6791d49af3 with gcc (GCC) 8.4.1 20210217 kernel signature: 8833372a9fd25f33182c51ea3ca9db5689be80ed35c1f1ddb5ecb1c94231bb56 run #0: crashed: INFO: task hung in pipe_read run #1: crashed: INFO: task hung in pipe_read run #2: crashed: INFO: task hung in pipe_write run #3: crashed: INFO: task hung in pipe_write run #4: crashed: INFO: task hung in pipe_write run #5: crashed: INFO: task hung in pipe_write run #6: crashed: INFO: task hung in pipe_write run #7: crashed: INFO: task hung in pipe_read run #8: crashed: INFO: task hung in pipe_write run #9: OK revisions tested: 2, total time: 35m47.521443515s (build: 17m15.989107492s, test: 17m30.049031253s) the crash still happens on HEAD commit msg: Linux 4.19.177 crash: INFO: task hung in pipe_write INFO: task syz-executor.0:10082 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29448 10082 5873 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007f2f43e27198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007f2f43e276bc R14: 00000000ffffffff R15: 0000000000000003 INFO: task syz-executor.1:12038 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29368 12038 5875 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007f33f9714198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007f33f97146bc R14: 00000000ffffffff R15: 0000000000000003 INFO: task syz-executor.2:12582 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29096 12582 5877 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007facb69fc198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007facb69fc6bc R14: 00000000ffffffff R15: 0000000000000003 INFO: task syz-executor.0:12645 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29160 12645 5873 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007f2f43e27198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007f2f43e276bc R14: 00000000ffffffff R15: 0000000000000003 INFO: task syz-executor.0:12778 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29784 12778 5873 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007f2f43e27198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007f2f43e276bc R14: 00000000ffffffff R15: 0000000000000003 INFO: task syz-executor.2:13156 blocked for more than 140 seconds. Not tainted 4.19.177-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29096 13156 5877 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __pipe_lock fs/pipe.c:83 [inline] pipe_write+0xa6/0xd00 fs/pipe.c:380 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x464319 Code: Bad RIP value. RSP: 002b:00007facb69fc198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000464319 RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000 RBP: 0000000000526220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007facb69fc6bc R14: 00000000ffffffff R15: 0000000000000003 Showing all locks held in the system: 1 lock held by khungtaskd/1079: #0: 0000000014a8d7ed (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442 1 lock held by in:imklog/5535: 1 lock held by syz-execprog/5856: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_read+0xaa/0x7b0 fs/pipe.c:274 1 lock held by syz-executor.0/7337: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.1/9577: #0: 00000000684cd848 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000684cd848 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000684cd848 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.0/10082: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/11924: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.1/12038: #0: 00000000684cd848 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000684cd848 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/12582: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/12645: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/12778: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/13156: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/14481: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.5/15035: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.5/15100: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.5/15673: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/15675: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/15723: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.5/15784: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.5/16090: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/16179: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/16538: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/16584: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/16655: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x185/0x1b0 fs/pipe.c:118 1 lock held by syz-executor.2/17022: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/17027: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/17040: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/17183: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/17219: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/17264: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/17583: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/17658: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.5/17717: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/17829: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/17939: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/18177: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.5/18432: #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d5e36eb4 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/18542: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/18546: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/18704: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/18812: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/18890: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/19059: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/19106: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/19278: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.3/19323: #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000ccf042e8 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/19373: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.4/19699: #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000d323e334 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.2/19882: #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000b90580ad (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 1 lock held by syz-executor.0/19905: #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline] #0: 00000000c9f17148 (&pipe->mutex/1){+.+.}, at: pipe_write+0xa6/0xd00 fs/pipe.c:380 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1079 Comm: khungtaskd Not tainted 4.19.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xf5/0x120 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:207 [inline] RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:22 [inline] RIP: 0010:queued_spin_is_locked include/asm-generic/qspinlock.h:35 [inline] RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:98 [inline] RIP: 0010:do_raw_spin_unlock+0x54/0x260 kernel/locking/spinlock_debug.c:134 Code: 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e6 01 00 00 81 7b 04 ad 4e ad de 0f 85 9e 01 00 00 be 04 00 00 00 48 89 df e8 bc 3a 44 00 <48> 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 48 RSP: 0018:ffff8881f5747b98 EFLAGS: 00000046 RAX: fffffbfff14680fa RBX: ffffffff8a3407c8 RCX: ffffffff814b1934 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8a3407c8 RBP: ffff8881f5747bb0 R08: fffffbfff14680fa R09: fffffbfff14680f9 R10: fffffbfff14680f9 R11: ffffffff8a3407cb R12: ffffffff8a3407c8 R13: ffffffff8a3407c8 R14: dffffc0000000000 R15: ffff8881dbb865c0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f12c4e8d028 CR3: 000000000846d003 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:159 [inline] _raw_spin_unlock_irqrestore+0x27/0xd0 kernel/locking/spinlock.c:184 debug_object_active_state lib/debugobjects.c:749 [inline] debug_object_active_state+0x226/0x3b0 lib/debugobjects.c:713 debug_rcu_head_unqueue kernel/rcu/rcu.h:202 [inline] rcu_do_batch kernel/rcu/tree.c:2583 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0x9f9/0x19b0 kernel/rcu/tree.c:2881 __do_softirq+0x25f/0x919 kernel/softirq.c:292 run_ksoftirqd+0x5e/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x55f/0x8a0 kernel/smpboot.c:164 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415