INFO: task hung in pipe_write

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 4707d8e5 Linux 4.19.126
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=178a0a1e100000
kernel config: https://syzkaller.appspot.com/x/.config?x=cedcec061125e487
dashboard link: https://syzkaller.appspot.com/bug?extid=eb4579cce1e26940e2e1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c799a6100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+eb4579...@syzkaller.appspotmail.com

INFO: task syz-executor.5:11159 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11159 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: Bad RIP value.
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11163 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11163 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: Bad RIP value.
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11170 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30528 11170 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11197 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11197 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11211 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11211 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11235 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11235 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11300 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11300 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11314 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11314 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11322 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11322 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914
INFO: task syz-executor.5:11333 blocked for more than 140 seconds.
Not tainted 4.19.126-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D30160 11333 6474 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x8a2/0x1fc0 kernel/sched/core.c:3515
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x5b8/0x1300 kernel/locking/mutex.c:1072
__pipe_lock fs/pipe.c:83 [inline]
pipe_write+0xc1/0xf80 fs/pipe.c:380
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 18 48 83 c4 20 c3 e8 86 34 00 00 e9 71 ff ff ff cc 64 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 a1 00 00 00 48 83 ec 38 48 89 <6c> 24 30 48 8d 6c 24 30 48 8b 42 08 48 89 44 24 28 48 8b 0d 77 94
RSP: 002b:00007ffe533b2768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000050c980 RCX: 000000000045ca69
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cec R14: 00000000004cf3d4 R15: 000000000281c914

Showing all locks held in the system:
1 lock held by khungtaskd/1078:
#0: 00000000dc3dee3c (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by syz-executor.5/11149:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:62 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:70 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x1bd/0x1e0 fs/pipe.c:118
1 lock held by syz-executor.5/11159:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11163:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11170:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11197:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11211:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11235:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11300:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11314:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11322:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11333:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11396:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11405:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11462:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11467:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11473:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11480:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11484:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11515:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11528:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11548:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11566:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11574:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11592:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11605:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11612:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11689:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11696:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11702:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11835:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11848:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11866:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11874:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11881:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11901:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11913:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11941:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11949:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/11967:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12011:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12015:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12078:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12145:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12152:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12170:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12181:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12188:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12205:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12214:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12290:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12320:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12330:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12334:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12354:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12360:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12366:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12375:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12383:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12395:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12404:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12413:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12498:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12509:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12602:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12610:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12620:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12634:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12646:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12653:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12672:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12683:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12700:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12717:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12723:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12730:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12746:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12767:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12780:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12857:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/12863:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13000:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13047:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13165:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13174:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13191:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13205:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13228:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13238:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13250:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13265:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13276:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13301:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13330:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13447:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13457:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13470:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13483:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13494:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13508:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13524:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13535:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13543:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13630:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13634:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13657:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13673:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13768:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13774:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13789:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13802:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13812:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13823:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13832:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13854:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13914:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13923:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13944:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13956:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13971:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/13985:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14004:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14015:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14032:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14044:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14058:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14065:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14102:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14115:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14140:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14149:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14158:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14344:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14350:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14354:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14358:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14461:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14472:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14478:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14492:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14500:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14514:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14520:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14535:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14542:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14560:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14635:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14714:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380
1 lock held by syz-executor.5/14720:
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
#0: 00000000f3fd9715 (&pipe->mutex/1){+.+.}, at: pipe_write+0xc1/0xf80 fs/pipe.c:380

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1078 Comm: khungtaskd Not tainted 4.19.126-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x962/0xe40 kernel/hung_task.c:287
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3686 Comm: systemd-journal Not tainted 4.19.126-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:13 [inline]
RIP: 0010:lock_acquire+0x139/0x3c0 kernel/locking/lockdep.c:3906
Code: 00 c7 83 84 08 00 00 01 00 00 00 0f 1f 44 00 00 65 8b 05 4a 77 b1 7e 83 f8 3f 0f 87 e2 01 00 00 89 c0 48 0f a3 05 df 36 3d 08 <0f> 82 95 01 00 00 4c 8b 4c 24 08 44 89 ea 6a 00 48 89 ef 6a 00 45
RSP: 0018:ffff88809422f858 EFLAGS: 00000093
RAX: 0000000000000001 RBX: ffff888094224100 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888094224984
RBP: ffffffff88b93160 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000001c R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000
FS: 00007f7c259e48c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7c22e05000 CR3: 00000000942be000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rcu_lock_acquire include/linux/rcupdate.h:242 [inline]
rcu_read_lock include/linux/rcupdate.h:627 [inline]
avc_has_perm_noaudit+0xd1/0x390 security/selinux/avc.c:1146
selinux_inode_permission+0x3bc/0x640 security/selinux/hooks.c:3222
security_inode_permission+0xae/0xf0 security/security.c:704
inode_permission+0x104/0x540 fs/namei.c:459
may_lookup fs/namei.c:1697 [inline]
link_path_walk.part.0+0x1a9/0x1220 fs/namei.c:2085
link_path_walk fs/namei.c:2073 [inline]
path_parentat.isra.0+0x51/0x160 fs/namei.c:2367
filename_parentat.isra.0+0x19c/0x410 fs/namei.c:2389
filename_create+0x9e/0x490 fs/namei.c:3621
user_path_create fs/namei.c:3696 [inline]
do_mkdirat+0xa0/0x280 fs/namei.c:3834
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f7c24ca0687
Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdca9f5208 EFLAGS: 00000293 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffdca9f8120 RCX: 00007f7c24ca0687
RDX: 00007f7c25711a00 RSI: 00000000000001ed RDI: 000055d6d1a038c0
RBP: 00007ffdca9f5240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ffdca9f8120 R15: 00007ffdca9f5730


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12414d8df00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=eb4579cce1e26940e2e1
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13839af5f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12faa483f00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb4579...@syzkaller.appspotmail.com

netlink: 'syz-executor190': attribute type 1 has an invalid length.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor190'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor190'.
INFO: task syz-executor190:8137 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

syz-executor190 D27736 8137 8135 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1016 [inline]
__mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078
pipe_lock_nested fs/pipe.c:77 [inline]
pipe_lock fs/pipe.c:85 [inline]
pipe_wait+0x1bd/0x1e0 fs/pipe.c:133
pipe_write+0x5c3/0xf80 fs/pipe.c:500

call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]

__vfs_write+0x51b/0x770 fs/read_write.c:487

vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe

RIP: 0033:0x7fadd482eab9
Code: Bad RIP value.
RSP: 002b:00007fadd47e02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fadd48b6420 RCX: 00007fadd482eab9
RDX: 00000000fffffecc RSI: 0000000020000000 RDI: 0000000000000004
RBP: 00007fadd48b642c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadd4884074
R13: 632e79726f6d656d R14: 00000ffffffff000 R15: 00007fadd48b6428

Showing all locks held in the system:

1 lock held by khungtaskd/1571:
#0: 000000006b1a827e (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by in:imklog/7823:
#0: 0000000071c54c7c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
1 lock held by syz-executor190/8137:
#0: 00000000754de621 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:77 [inline]
#0: 00000000754de621 (&pipe->mutex/1){+.+.}, at: pipe_lock fs/pipe.c:85 [inline]
#0: 00000000754de621 (&pipe->mutex/1){+.+.}, at: pipe_wait+0x1bd/0x1e0 fs/pipe.c:133
2 locks held by syz-executor190/8138:

=============================================

NMI backtrace for cpu 0

CPU: 0 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]

dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62

trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]

watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x33f/0x460 kernel/kthread.c:259

ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1

CPU: 1 PID: 8138 Comm: syz-executor190 Not tainted 4.19.211-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

RIP: 0010:preempt_latency_start kernel/sched/core.c:3218 [inline]
RIP: 0010:preempt_count_add+0xde/0x190 kernel/sched/core.c:3241
Code: 48 8b 2c 25 c0 df 01 00 48 8d bd 38 12 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 8e 00 00 00 <48> 89 9d 38 12 00 00 5b 5d c3 31 ff 31 db e8 ff 14 0a 00 eb c0 e8
RSP: 0018:ffff8880b0fcef48 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffffff81298225 RCX: 0000000000000000
RDX: 1ffff1101289f6d7 RSI: ffff8880b0fceef0 RDI: ffff8880944fb6b8
RBP: ffff8880944fa480 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880b0fcf0ef R11: 0000000000074071 R12: ffff8880b0fcf0d8
R13: 0000000000000000 R14: ffff8880b0fcf090 R15: 0000000000001000
FS: 00007fadd47bf700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 00007f7d03b27020 CR3: 00000000a5555000 CR4: 00000000003406e0

DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:

unwind_next_frame+0x135/0x1400 arch/x86/kernel/unwind_orc.c:407
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
__do_kmalloc_node mm/slab.c:3689 [inline]
__kmalloc_node_track_caller+0x4c/0x70 mm/slab.c:3703
__kmalloc_reserve net/core/skbuff.c:137 [inline]
__alloc_skb+0xae/0x560 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:995 [inline]
nlmsg_new include/net/netlink.h:511 [inline]
ip_set_protocol+0xaa/0x540 net/netfilter/ipset/ip_set_core.c:1828
nfnetlink_rcv_msg+0xc4f/0xf60 net/netfilter/nfnetlink.c:233
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
nfnetlink_rcv+0x1b2/0x420 net/netfilter/nfnetlink.c:565
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
sock_no_sendpage+0xf5/0x140 net/core/sock.c:2686
kernel_sendpage net/socket.c:3585 [inline]
sock_sendpage+0xdf/0x140 net/socket.c:912
pipe_to_sendpage+0x268/0x330 fs/splice.c:452
splice_from_pipe_feed fs/splice.c:503 [inline]
__splice_from_pipe+0x389/0x800 fs/splice.c:627
splice_from_pipe fs/splice.c:662 [inline]
generic_splice_sendpage+0xd4/0x140 fs/splice.c:833
do_splice_from fs/splice.c:852 [inline]
do_splice fs/splice.c:1154 [inline]
__do_sys_splice fs/splice.c:1428 [inline]
__se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fadd482eab9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fadd47bf2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00007fadd48b6430 RCX: 00007fadd482eab9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fadd48b643c R08: 000000000004ffe6 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadd4884074
R13: 632e79726f6d656d R14: 00000ffffffff000 R15: 00007fadd48b6438
----------------
Code disassembly (best guess):
0: 48 8b 2c 25 c0 df 01 mov 0x1dfc0,%rbp
7: 00
8: 48 8d bd 38 12 00 00 lea 0x1238(%rbp),%rdi
f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
16: fc ff df
19: 48 89 fa mov %rdi,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
24: 0f 85 8e 00 00 00 jne 0xb8
* 2a: 48 89 9d 38 12 00 00 mov %rbx,0x1238(%rbp) <-- trapping instruction
31: 5b pop %rbx
32: 5d pop %rbp
33: c3 retq
34: 31 ff xor %edi,%edi
36: 31 db xor %ebx,%ebx
38: e8 ff 14 0a 00 callq 0xa153c
3d: eb c0 jmp 0xffffffff
3f: e8 .byte 0xe8