ci starts bisection 2025-09-18 13:47:56.65551231 +0000 UTC m=+582359.042260724 bisecting cause commit starting from 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 building syzkaller on e2beed91937c0ace342f19a2e9afb67adb3a828a ensuring issue is reproducible on original commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6cbac53bfd1e445cb01c90e3422944ee1242dbf9e793269a2a63cbf83b5059a2 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [bug_or_warning kasan locking atomic_sleep memleak ubsan], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 73be75e30ab81d70e49a44202354a33c021ea6f3f657e4290ef888ec3fff31d5 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the bug reproduces without the instrumentation disabling configs for [locking atomic_sleep memleak ubsan bug_or_warning kasan], they are not needed kconfig minimization: base=4093 full=8499 leaves diff=2190 split chunks (needed=false): <2190> split chunk #0 of len 2190 into 5 parts testing without sub-chunk 1/5 disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 11725f96442851612607488565ded67954130f504509354922dc21ca3ed6be52 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [atomic_sleep memleak ubsan bug_or_warning kasan locking], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 58a2f18f850b4651fb12db3daf55d2148cf31cf0d95872953ff9efe726e83784 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [locking atomic_sleep memleak ubsan bug_or_warning kasan], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cd88c2601b36fe29bca5a37ddcbf8294a1aaa67485ff3d4dd4ef349fdeaa5dae all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d138e33a7b413248e32c7ce98bf4cd6999cf76fa6838e8c08c5e1b4d277e09e4 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [atomic_sleep memleak ubsan bug_or_warning kasan locking], they are not needed testing commit 46a51f4f5edade43ba66b3c151f0e25ec8b69cb6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4bc8c59113aaf589b57cfa163152762254766b3ea45690d74598316b7f188e3b all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] the chunk can be dropped disabling configs for [kasan locking atomic_sleep memleak ubsan bug_or_warning], they are not needed picked [v6.16 v6.15 v6.14 v6.12 v6.10 v6.8 v6.6 v6.4 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 39 release tags testing release v6.16 testing commit 038d61fd642278bab63ee8ef722c50d10ab01e8f gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 94aeb583779ea910a40ada923426681a5bc591dece1c701a537d95082e131041 all runs: crashed: INFO: task hung in vfs_utimes representative crash: INFO: task hung in vfs_utimes, types: [HANG] testing release v6.15 testing commit 0ff41df1cb268fc69e703a08a57ee14ae967d0ca gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fa2589905a39dac1e88da31123ef476e24166992df27e882c48178ce689fc6d2 all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] testing release v6.14 testing commit 38fec10eb60d687e30c8c6b5420d86e8149f7557 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ca5024bbb5d7fa8f472fc79b6558161291ee50edbe3e6fb90dcd1e7176f5d38b all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] testing release v6.12 testing commit adc218676eef25575469234709c2d87185ca223a gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e85f30380e9b85e339f4e437b7b5b408278b4eb0fc844fd281c4358f32fbd96 all runs: OK false negative chance: 0.000 # git bisect start 38fec10eb60d687e30c8c6b5420d86e8149f7557 adc218676eef25575469234709c2d87185ca223a Bisecting: 13139 revisions left to test after this (roughly 14 steps) [af215c980c1fbf1ca01675b128b0dd194745b880] Merge tag 'drm-fixes-2024-12-20' of https://gitlab.freedesktop.org/drm/kernel testing commit af215c980c1fbf1ca01675b128b0dd194745b880 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3c28eb8c86571bca4124139c2fa5e5ccb9c894242475d37785694890c3d97c55 all runs: OK false negative chance: 0.000 # git bisect good af215c980c1fbf1ca01675b128b0dd194745b880 Bisecting: 6500 revisions left to test after this (roughly 13 steps) [c9c0543b52d8cfe3a3b15d1e39ab9dbc91be6df4] Merge tag 'platform-drivers-x86-v6.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit c9c0543b52d8cfe3a3b15d1e39ab9dbc91be6df4 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af86e7fd7b3ab110a1cd0f929d2946f3844cb541c9c462f1d9436a2da3b1270e all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad c9c0543b52d8cfe3a3b15d1e39ab9dbc91be6df4 Bisecting: 3245 revisions left to test after this (roughly 12 steps) [96c84703f1cf6ea43617f9565166681cd71df104] Merge tag 'drm-next-2025-01-17' of https://gitlab.freedesktop.org/drm/kernel testing commit 96c84703f1cf6ea43617f9565166681cd71df104 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f8a0de2dcb8e0603720171c4654b402cc8280e73787b57252099d5b69723ae1 all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad 96c84703f1cf6ea43617f9565166681cd71df104 Bisecting: 1652 revisions left to test after this (roughly 11 steps) [1cbfb828e05171ca2dd77b5988d068e6872480fe] Merge tag 'for-6.14/block-20250118' of git://git.kernel.dk/linux testing commit 1cbfb828e05171ca2dd77b5988d068e6872480fe gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 32b1244b33ebef83292703ca739e6d8e2a69f40d1332b77d0e859b5b5805cf91 all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad 1cbfb828e05171ca2dd77b5988d068e6872480fe Bisecting: 869 revisions left to test after this (roughly 10 steps) [097a7eef61bd0366a822418b2ba074942eb00744] btrfs: uncollapse transaction aborts during renames testing commit 097a7eef61bd0366a822418b2ba074942eb00744 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a98f7b9cd97f1ac724d9c86f1315dd24d23f8dbdc2de2fc284e890c7a079b6e4 all runs: OK false negative chance: 0.000 # git bisect good 097a7eef61bd0366a822418b2ba074942eb00744 Bisecting: 398 revisions left to test after this (roughly 9 steps) [0eb4aaa230d725fa9b1cd758c0f17abca5597af6] Merge tag 'for-6.14-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 0eb4aaa230d725fa9b1cd758c0f17abca5597af6 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 541dda2fa100a0fee532233ace1b3b222689d85ac7a16457d7a10b3747d47a15 all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad 0eb4aaa230d725fa9b1cd758c0f17abca5597af6 Bisecting: 245 revisions left to test after this (roughly 8 steps) [91309a70829d94c735c8bb1cc383e78c96127a16] x86: use cmov for user address masking testing commit 91309a70829d94c735c8bb1cc383e78c96127a16 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 823d571a49146e75a0632242278651ec3c356ee239464a42e5051758aa03f043 all runs: OK false negative chance: 0.000 # git bisect good 91309a70829d94c735c8bb1cc383e78c96127a16 Bisecting: 123 revisions left to test after this (roughly 7 steps) [37c12fcb3c8e356825bbffb64c0158ccf8a7de94] Merge tag 'kernel-6.14-rc1.cred' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 37c12fcb3c8e356825bbffb64c0158ccf8a7de94 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1cf397c445a95189fed2c7fbe4e5a55ed725de9dbcecbfc769da0387a0275539 all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad 37c12fcb3c8e356825bbffb64c0158ccf8a7de94 Bisecting: 49 revisions left to test after this (roughly 6 steps) [4b84a4c8d40dfbfe1becec13a6e373e871e103e9] Merge tag 'vfs-6.14-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 4b84a4c8d40dfbfe1becec13a6e373e871e103e9 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 66d2072c349a1c5deb8285c815ad176a76f1f7d54f5f336009e47a6a732b9bbf all runs: crashed: INFO: task hung in netfs_retry_writes representative crash: INFO: task hung in netfs_retry_writes, types: [HANG] # git bisect bad 4b84a4c8d40dfbfe1becec13a6e373e871e103e9 Bisecting: 38 revisions left to test after this (roughly 5 steps) [ca56a74a31e26d81a481304ed2f631e65883372b] Merge tag 'vfs-6.14-rc1.netfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit ca56a74a31e26d81a481304ed2f631e65883372b gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 095d2ebab58dd964c6176576460e88ea101788e7c9fda418789f511685bf671f all runs: OK false negative chance: 0.000 # git bisect good ca56a74a31e26d81a481304ed2f631e65883372b Bisecting: 18 revisions left to test after this (roughly 4 steps) [6a4ef7a2ff4dfdb7b345b13bd74fc68fe351bb45] Merge patch series "fix reading ESP during coredump" testing commit 6a4ef7a2ff4dfdb7b345b13bd74fc68fe351bb45 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6b2b265fc79489d93a5c6e9ae22422be54dbf6878743de32530573a8e6557353 all runs: crashed: INFO: task hung in netfs_write_collection_worker representative crash: INFO: task hung in netfs_write_collection_worker, types: [HANG] # git bisect bad 6a4ef7a2ff4dfdb7b345b13bd74fc68fe351bb45 Bisecting: 9 revisions left to test after this (roughly 3 steps) [9b7da575f85962c44abe7dc245b0a58179ad2c45] file: flush delayed work in delayed fput() testing commit 9b7da575f85962c44abe7dc245b0a58179ad2c45 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 786656b454c63e80b70e5ca4e6d8f5840d32a62e770bf574f2faa5c870cda6b1 all runs: OK false negative chance: 0.000 # git bisect good 9b7da575f85962c44abe7dc245b0a58179ad2c45 Bisecting: 5 revisions left to test after this (roughly 2 steps) [ec052fae814d467d6aa7e591b4b24531b87e65ec] fs: sort out a stale comment about races between fd alloc and dup2 testing commit ec052fae814d467d6aa7e591b4b24531b87e65ec gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9a20ba83e7cf205e2ad71b5adf1ef6b57e9f3efe88337d1562cadbbc39e51a89 all runs: OK false negative chance: 0.000 # git bisect good ec052fae814d467d6aa7e591b4b24531b87e65ec Bisecting: 2 revisions left to test after this (roughly 2 steps) [aaec5a95d59615523db03dd53c2052f0a87beea7] pipe_read: don't wake up the writer if the pipe is still full testing commit aaec5a95d59615523db03dd53c2052f0a87beea7 gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7b3f6c3278e8eb1e80c6f63ff35b0244266285b80a6648246e422c6057098f30 all runs: crashed: INFO: task hung in netfs_write_collection_worker representative crash: INFO: task hung in netfs_write_collection_worker, types: [HANG] # git bisect bad aaec5a95d59615523db03dd53c2052f0a87beea7 Bisecting: 0 revisions left to test after this (roughly 1 step) [d2fc0ed52a284a13a16c914bc83b0b8733f55a4a] Merge branch 'vfs-6.14.uncached_buffered_io' testing commit d2fc0ed52a284a13a16c914bc83b0b8733f55a4a gcc compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8444729eb9b527a72acdb5677d51052bcf42399ba4e35edd5defc8e718c0c302 all runs: OK false negative chance: 0.000 # git bisect good d2fc0ed52a284a13a16c914bc83b0b8733f55a4a aaec5a95d59615523db03dd53c2052f0a87beea7 is the first bad commit commit aaec5a95d59615523db03dd53c2052f0a87beea7 Author: Oleg Nesterov Date: Thu Jan 2 15:07:15 2025 +0100 pipe_read: don't wake up the writer if the pipe is still full wake_up(pipe->wr_wait) makes no sense if pipe_full() is still true after the reading, the writer sleeping in wait_event(wr_wait, pipe_writable()) will check the pipe_writable() == !pipe_full() condition and sleep again. Only wake the writer if we actually released a pipe buf, and the pipe was full before we did so. Signed-off-by: Oleg Nesterov Link: https://lore.kernel.org/all/20241229135737.GA3293@redhat.com/ Link: https://lore.kernel.org/r/20250102140715.GA7091@redhat.com Reported-by: WangYuli Signed-off-by: Christian Brauner fs/pipe.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) accumulated error probability: 0.00 culprit signature: 7b3f6c3278e8eb1e80c6f63ff35b0244266285b80a6648246e422c6057098f30 parent signature: 8444729eb9b527a72acdb5677d51052bcf42399ba4e35edd5defc8e718c0c302 revisions tested: 26, total time: 10h57m59.029796447s (build: 6h29m59.202437741s, test: 3h51m50.919319179s) first bad commit: aaec5a95d59615523db03dd53c2052f0a87beea7 pipe_read: don't wake up the writer if the pipe is still full recipients (to): ["brauner@kernel.org" "linux-kernel@vger.kernel.org" "oleg@redhat.com"] recipients (cc): ["brauner@kernel.org" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: INFO: task hung in netfs_write_collection_worker INFO: task kworker/u8:2:37 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u8:2 state:D stack:13360 pid:37 tgid:37 ppid:2 flags:0x00004000 Workqueue: events_unbound netfs_write_collection_worker Call Trace: context_switch kernel/sched/core.c:5369 [inline] __schedule+0x510/0xb30 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0x25/0x110 kernel/sched/core.c:6848 bit_wait+0xc/0x60 kernel/sched/wait_bit.c:237 __wait_on_bit+0x46/0x150 kernel/sched/wait_bit.c:49 out_of_line_wait_on_bit+0x92/0xb0 kernel/sched/wait_bit.c:64 wait_on_bit include/linux/wait_bit.h:77 [inline] netfs_retry_writes fs/netfs/write_collect.c:347 [inline] netfs_collect_write_results fs/netfs/write_collect.c:529 [inline] netfs_write_collection_worker+0xd0b/0x16e0 fs/netfs/write_collect.c:551 process_one_work+0x22f/0x6b0 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x1c2/0x360 kernel/workqueue.c:3391 kthread+0xd6/0x100 kernel/kthread.c:389 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 INFO: task syz.3.17:2918 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.17 state:D stack:14824 pid:2918 tgid:2916 ppid:2462 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:5369 [inline] __schedule+0x510/0xb30 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0x25/0x110 kernel/sched/core.c:6848 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905 rwsem_down_write_slowpath+0x2bb/0x700 kernel/locking/rwsem.c:1176 __down_write_common kernel/locking/rwsem.c:1304 [inline] __down_write kernel/locking/rwsem.c:1313 [inline] down_write+0x86/0x90 kernel/locking/rwsem.c:1578 inode_lock include/linux/fs.h:831 [inline] vfs_utimes+0x123/0x260 fs/utimes.c:65 do_utimes_path fs/utimes.c:99 [inline] do_utimes+0xc9/0x130 fs/utimes.c:140 __do_sys_utime fs/utimes.c:221 [inline] __se_sys_utime fs/utimes.c:210 [inline] __x64_sys_utime+0x81/0xb0 fs/utimes.c:210 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42e3c2eba9 RSP: 002b:00007f42e3a7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084 RAX: ffffffffffffffda RBX: 00007f42e3e76090 RCX: 00007f42e3c2eba9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0 RBP: 00007f42e3cb1e19 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f42e3e76128 R14: 00007f42e3e76090 R15: 00007ffc75987e88 Showing all locks held in the system: 2 locks held by kworker/u8:0/11: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc90000063e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by kworker/u8:1/13: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc90000073e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 1 lock held by khungtaskd/30: #0: ffffffff8277e700 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8277e700 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #0: ffffffff8277e700 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6744 2 locks held by kworker/u8:2/37: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc9000013fe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by kworker/u8:3/67: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc9000019be58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by kworker/u8:4/123: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc9000018be58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by kworker/u8:5/651: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc9000150fe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by getty/843: #0: ffff8881062a10a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243 #1: ffffc900001fb2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x521/0x670 drivers/tty/n_tty.c:2211 2 locks held by syz.3.17/2917: #0: ffff888108ae03f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113388148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.3.17/2918: #0: ffff888108ae03f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113388148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113388148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by syz.4.18/3376: #0: ffff88810f6903f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113388720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.4.18/3378: #0: ffff88810f6903f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113388720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113388720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by syz.5.19/3836: #0: ffff88810d2d93f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113320148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.5.19/3838: #0: ffff88810d2d93f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113320148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113320148 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by syz.6.20/4296: #0: ffff88810839a3f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113388cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.6.20/4298: #0: ffff88810839a3f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113388cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113388cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by kworker/u8:6/4299: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc9000389fe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by syz.7.21/4758: #0: ffff8881063cb3f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff8881133892d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.7.21/4760: #0: ffff8881063cb3f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff8881133892d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff8881133892d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by syz.8.22/5218: #0: ffff8881063d73f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff8881133898a8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.8.22/5220: #0: ffff8881063d73f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff8881133898a8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff8881133898a8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by syz.9.23/5680: #0: ffff88810cf553f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113389e80 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.9.23/5682: #0: ffff88810cf553f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113389e80 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113389e80 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by kworker/u8:10/5683: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc90005177e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by syz.0.24/6141: #0: ffff8881062ba3f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113320720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.0.24/6143: #0: ffff8881062ba3f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113320720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113320720 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by kworker/u8:11/6144: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc900059cfe58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by syz.1.25/6602: #0: ffff88810c7c73f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff888113320cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.1.25/6603: #0: ffff88810c7c73f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff888113320cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff888113320cf8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 2 locks held by kworker/u8:12/6604: #0: ffff888100078948 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x442/0x6b0 kernel/workqueue.c:3204 #1: ffffc90006107e58 ((work_completion)(&rreq->work)){....}-{0:0}, at: process_one_work+0x1ec/0x6b0 kernel/workqueue.c:3205 2 locks held by syz.2.26/7062: #0: ffff88810bb393f8 (sb_writers#14){....}-{0:0}, at: do_pwritev+0x8d/0xc0 fs/read_write.c:1146 #1: ffff8881133212d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: netfs_start_io_direct+0x79/0xd0 fs/netfs/locking.c:188 2 locks held by syz.2.26/7064: #0: ffff88810bb393f8 (sb_writers#14){....}-{0:0}, at: vfs_utimes+0x248/0x260 fs/utimes.c:36 #1: ffff8881133212d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:831 [inline] #1: ffff8881133212d0 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: vfs_utimes+0x123/0x260 fs/utimes.c:65 ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:120 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline] watchdog+0x648/0x680 kernel/hung_task.c:397 kthread+0xd6/0x100 kernel/kthread.c:389 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:106 [inline] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:111