[v6.1] BUG: soft lockup in wb_workfn
11 views
Skip to first unread message
syzbot
Oct 24, 2024, 5:18:38 PM10/24/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7ec6f9fa3d97 Linux 6.1.114
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1235d287980000
kernel config: https://syzkaller.appspot.com/x/.config?x=b307f63ce6b5abc8
dashboard link: https://syzkaller.appspot.com/bug?extid=48cac2bbba146c43df3d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c0647034d885/disk-7ec6f9fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/aba7028b0104/vmlinux-7ec6f9fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7df6b29aa1f4/Image-7ec6f9fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [kworker/u4:19:6427]
Modules linked in:
irq event stamp: 26756786
hardirqs last enabled at (26756785): [<ffff80001228ee08>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (26756785): [<ffff80001228ee08>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (26756786): [<ffff80001228cae4>] __el1_irq arch/arm64/kernel/entry-common.c:468 [inline]
hardirqs last disabled at (26756786): [<ffff80001228cae4>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:486
softirqs last enabled at (26752114): [<ffff8000081c7c58>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (26752114): [<ffff8000081c7c58>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (26752077): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
CPU: 1 PID: 6427 Comm: kworker/u4:19 Not tainted 6.1.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: writeback wb_workfn (flush-259:0)
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : queued_spin_lock_slowpath+0x15c/0xe48 kernel/locking/qspinlock.c:383
lr : queued_spin_lock_slowpath+0x168/0xe48 kernel/locking/qspinlock.c:383
sp : ffff8000214f61a0
x29: ffff8000214f6240 x28: 1fffe00020632d50 x27: 1ffff0000429ec40
x26: dfff800000000000 x25: 1fffe00020632d52 x24: ffff8000214f61c0
x23: ffff8000214f6200 x22: ffff70000429ec38 x21: 0000000000000001
x20: 0000000000000001 x19: ffff000103196a80 x18: ffff8000214f6f88
x17: ffff8000159cd000 x16: ffff800008979dc8 x15: 0000000000000000
x14: 1ffff00002b3a0b0 x13: dfff800000000000 x12: 0000000000000001
x11: 1fffe00020632d50 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000101 x7 : ffff8000088983ac x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800012373644
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:252 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:278 [inline]
queued_spin_lock_slowpath+0x15c/0xe48 kernel/locking/qspinlock.c:383
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x330/0x358 kernel/locking/spinlock_debug.c:115
__raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline]
_raw_spin_lock+0x5c/0x6c kernel/locking/spinlock.c:154
page_vma_mapped_walk+0xfc0/0x14f8
page_vma_mkclean_one+0x2e0/0x644 mm/rmap.c:958
page_mkclean_one+0x250/0x350 mm/rmap.c:1018
rmap_walk_file+0x2dc/0x4c8 mm/rmap.c:2511
rmap_walk mm/rmap.c:2529 [inline]
folio_mkclean+0x1f4/0x308 mm/rmap.c:1050
folio_clear_dirty_for_io+0x15c/0x750 mm/page-writeback.c:2886
clear_page_dirty_for_io+0x58/0x78 mm/folio-compat.c:74
mpage_submit_page fs/ext4/inode.c:2121 [inline]
mpage_process_page_bufs+0x638/0x900 fs/ext4/inode.c:2255
mpage_prepare_extent_to_map+0xa34/0xee4 fs/ext4/inode.c:2680
ext4_writepages+0x8dc/0x32b4 fs/ext4/inode.c:2808
do_writepages+0x2e8/0x56c mm/page-writeback.c:2491
__writeback_single_inode+0x16c/0x1770 fs/fs-writeback.c:1612
writeback_sb_inodes+0x978/0x1718 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x110/0x39c fs/fs-writeback.c:1974
wb_writeback+0x428/0x1130 fs/fs-writeback.c:2079
wb_check_old_data_flush fs/fs-writeback.c:2179 [inline]
wb_do_writeback fs/fs-writeback.c:2232 [inline]
wb_workfn+0xc08/0x1034 fs/fs-writeback.c:2260
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7ec6f9fa3d97 Linux 6.1.114
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1235d287980000
kernel config: https://syzkaller.appspot.com/x/.config?x=b307f63ce6b5abc8
dashboard link: https://syzkaller.appspot.com/bug?extid=48cac2bbba146c43df3d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c0647034d885/disk-7ec6f9fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/aba7028b0104/vmlinux-7ec6f9fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7df6b29aa1f4/Image-7ec6f9fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [kworker/u4:19:6427]
Modules linked in:
irq event stamp: 26756786
hardirqs last enabled at (26756785): [<ffff80001228ee08>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (26756785): [<ffff80001228ee08>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (26756786): [<ffff80001228cae4>] __el1_irq arch/arm64/kernel/entry-common.c:468 [inline]
hardirqs last disabled at (26756786): [<ffff80001228cae4>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:486
softirqs last enabled at (26752114): [<ffff8000081c7c58>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (26752114): [<ffff8000081c7c58>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (26752077): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
CPU: 1 PID: 6427 Comm: kworker/u4:19 Not tainted 6.1.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: writeback wb_workfn (flush-259:0)
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : queued_spin_lock_slowpath+0x15c/0xe48 kernel/locking/qspinlock.c:383
lr : queued_spin_lock_slowpath+0x168/0xe48 kernel/locking/qspinlock.c:383
sp : ffff8000214f61a0
x29: ffff8000214f6240 x28: 1fffe00020632d50 x27: 1ffff0000429ec40
x26: dfff800000000000 x25: 1fffe00020632d52 x24: ffff8000214f61c0
x23: ffff8000214f6200 x22: ffff70000429ec38 x21: 0000000000000001
x20: 0000000000000001 x19: ffff000103196a80 x18: ffff8000214f6f88
x17: ffff8000159cd000 x16: ffff800008979dc8 x15: 0000000000000000
x14: 1ffff00002b3a0b0 x13: dfff800000000000 x12: 0000000000000001
x11: 1fffe00020632d50 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000101 x7 : ffff8000088983ac x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800012373644
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:252 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:278 [inline]
queued_spin_lock_slowpath+0x15c/0xe48 kernel/locking/qspinlock.c:383
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x330/0x358 kernel/locking/spinlock_debug.c:115
__raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline]
_raw_spin_lock+0x5c/0x6c kernel/locking/spinlock.c:154
page_vma_mapped_walk+0xfc0/0x14f8
page_vma_mkclean_one+0x2e0/0x644 mm/rmap.c:958
page_mkclean_one+0x250/0x350 mm/rmap.c:1018
rmap_walk_file+0x2dc/0x4c8 mm/rmap.c:2511
rmap_walk mm/rmap.c:2529 [inline]
folio_mkclean+0x1f4/0x308 mm/rmap.c:1050
folio_clear_dirty_for_io+0x15c/0x750 mm/page-writeback.c:2886
clear_page_dirty_for_io+0x58/0x78 mm/folio-compat.c:74
mpage_submit_page fs/ext4/inode.c:2121 [inline]
mpage_process_page_bufs+0x638/0x900 fs/ext4/inode.c:2255
mpage_prepare_extent_to_map+0xa34/0xee4 fs/ext4/inode.c:2680
ext4_writepages+0x8dc/0x32b4 fs/ext4/inode.c:2808
do_writepages+0x2e8/0x56c mm/page-writeback.c:2491
__writeback_single_inode+0x16c/0x1770 fs/fs-writeback.c:1612
writeback_sb_inodes+0x978/0x1718 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x110/0x39c fs/fs-writeback.c:1974
wb_writeback+0x428/0x1130 fs/fs-writeback.c:2079
wb_check_old_data_flush fs/fs-writeback.c:2179 [inline]
wb_do_writeback fs/fs-writeback.c:2232 [inline]
wb_workfn+0xc08/0x1034 fs/fs-writeback.c:2260
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 9, 2024, 10:07:25 AM11/9/24
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: d7039b844a1c Linux 6.1.116
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13b0e0c0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a047880f6dd12cce
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b531abf1deab/disk-d7039b84.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6780cfcf0543/vmlinux-d7039b84.xz
kernel image: https://storage.googleapis.com/syzbot-assets/398543175ad2/bzImage-d7039b84.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-...D } 2631 jiffies s: 4517 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 51 Comm: kworker/u4:3 Not tainted 6.1.116-syzkaller #0
RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline]
RIP: 0010:lock_release+0xcf/0xa20 kernel/locking/lockdep.c:5673
Code: 0d 0f 86 c2 05 00 00 89 db 48 89 d8 48 c1 e8 06 48 8d 3c c5 28 08 9a 8e be 08 00 00 00 e8 b9 5d 77 00 48 0f a3 1d a9 4f 2f 0d <73> 0d e8 5a bf 08 00 84 c0 0f 84 c5 05 00 00 48 c7 c0 e4 3c 9a 8e
RSP: 0018:ffffc900001e0b60 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816ab877
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e9a0828
RBP: ffffc900001e0ca0 R08: dffffc0000000000 R09: fffffbfff1d34106
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200003c178
R13: ffffffff88d033db R14: dffffc0000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005583289b4950 CR3: 000000007f859000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
__raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
advance_sched+0x68b/0x970 net/sched/sch_taprio.c:749
__run_hrtimer kernel/time/hrtimer.c:1689 [inline]
__hrtimer_run_queues+0x5e5/0xe50 kernel/time/hrtimer.c:1753
hrtimer_interrupt+0x392/0x980 kernel/time/hrtimer.c:1815
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x158/0x5b0 arch/x86/kernel/apic/apic.c:1124
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 82 4d 30 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 87 b8 ac f6 65 8b 05 08 a8 50 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc90000bc6b80 EFLAGS: 00000206
RAX: 26ac3d9a41269b00 RBX: 1ffff92000178d74 RCX: ffffffff816b028a
RDX: dffffc0000000000 RSI: ffffffff8b0c01c0 RDI: 0000000000000001
RBP: ffffc90000bc6c10 R08: dffffc0000000000 R09: fffffbfff2246261
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff92000178d70 R14: ffffc90000bc6ba0 R15: 0000000000000246
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x57f/0x10c0 mm/page-writeback.c:3022
ext4_bio_write_page+0x352/0x2ac0 fs/ext4/page-io.c:453
mpage_submit_page+0x18d/0x230 fs/ext4/inode.c:2141
mpage_map_and_submit_buffers fs/ext4/inode.c:2386 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2525 [inline]
ext4_writepages+0x2076/0x3de0 fs/ext4/inode.c:2854
do_writepages+0x3a2/0x670 mm/page-writeback.c:2491
__writeback_single_inode+0x15d/0x11e0 fs/fs-writeback.c:1612
writeback_sb_inodes+0xc2b/0x1b20 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x114/0x400 fs/fs-writeback.c:1974
wb_writeback+0x4b1/0xe10 fs/fs-writeback.c:2079
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: d7039b844a1c Linux 6.1.116
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13b0e0c0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a047880f6dd12cce
dashboard link: https://syzkaller.appspot.com/bug?extid=48cac2bbba146c43df3d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1218fd87980000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b531abf1deab/disk-d7039b84.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6780cfcf0543/vmlinux-d7039b84.xz
kernel image: https://storage.googleapis.com/syzbot-assets/398543175ad2/bzImage-d7039b84.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 51 Comm: kworker/u4:3 Not tainted 6.1.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline]
RIP: 0010:lock_release+0xcf/0xa20 kernel/locking/lockdep.c:5673
Code: 0d 0f 86 c2 05 00 00 89 db 48 89 d8 48 c1 e8 06 48 8d 3c c5 28 08 9a 8e be 08 00 00 00 e8 b9 5d 77 00 48 0f a3 1d a9 4f 2f 0d <73> 0d e8 5a bf 08 00 84 c0 0f 84 c5 05 00 00 48 c7 c0 e4 3c 9a 8e
RSP: 0018:ffffc900001e0b60 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816ab877
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e9a0828
RBP: ffffc900001e0ca0 R08: dffffc0000000000 R09: fffffbfff1d34106
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200003c178
R13: ffffffff88d033db R14: dffffc0000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005583289b4950 CR3: 000000007f859000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
__raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
advance_sched+0x68b/0x970 net/sched/sch_taprio.c:749
__run_hrtimer kernel/time/hrtimer.c:1689 [inline]
__hrtimer_run_queues+0x5e5/0xe50 kernel/time/hrtimer.c:1753
hrtimer_interrupt+0x392/0x980 kernel/time/hrtimer.c:1815
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x158/0x5b0 arch/x86/kernel/apic/apic.c:1124
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 82 4d 30 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 87 b8 ac f6 65 8b 05 08 a8 50 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc90000bc6b80 EFLAGS: 00000206
RAX: 26ac3d9a41269b00 RBX: 1ffff92000178d74 RCX: ffffffff816b028a
RDX: dffffc0000000000 RSI: ffffffff8b0c01c0 RDI: 0000000000000001
RBP: ffffc90000bc6c10 R08: dffffc0000000000 R09: fffffbfff2246261
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff92000178d70 R14: ffffc90000bc6ba0 R15: 0000000000000246
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x57f/0x10c0 mm/page-writeback.c:3022
ext4_bio_write_page+0x352/0x2ac0 fs/ext4/page-io.c:453
mpage_submit_page+0x18d/0x230 fs/ext4/inode.c:2141
mpage_map_and_submit_buffers fs/ext4/inode.c:2386 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2525 [inline]
ext4_writepages+0x2076/0x3de0 fs/ext4/inode.c:2854
do_writepages+0x3a2/0x670 mm/page-writeback.c:2491
__writeback_single_inode+0x15d/0x11e0 fs/fs-writeback.c:1612
writeback_sb_inodes+0xc2b/0x1b20 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x114/0x400 fs/fs-writeback.c:1974
wb_writeback+0x4b1/0xe10 fs/fs-writeback.c:2079
wb_check_old_data_flush fs/fs-writeback.c:2179 [inline]
wb_do_writeback fs/fs-writeback.c:2232 [inline]
wb_workfn+0xbec/0x1020 fs/fs-writeback.c:2260
wb_do_writeback fs/fs-writeback.c:2232 [inline]
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 30, 2025, 12:26:33 PM5/30/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: da3c5173c55f Linux 6.1.140
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1587f7f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=46e5b914cae7bc26
dashboard link: https://syzkaller.appspot.com/bug?extid=48cac2bbba146c43df3d
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121b3482580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=168a5ed4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f64777e3df5f/disk-da3c5173.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/86760acf06d3/vmlinux-da3c5173.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4b53296c1a0a/bzImage-da3c5173.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 0-...!: (1 ticks this GP) idle=61dc/1/0x4000000000000000 softirq=8478/8478 fqs=0
(detected by 1, t=10502 jiffies, g=7577, q=387 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:lock_release+0x25d/0x910 kernel/locking/lockdep.c:5682
Code: e8 03 42 0f b6 04 28 84 c0 0f 85 af 04 00 00 41 83 3e 00 0f 85 c0 03 00 00 4d 8d 74 24 20 4c 89 f3 48 c1 eb 03 42 0f b6 04 2b <84> c0 4c 8b 7c 24 18 0f 85 ab 04 00 00 41 8b 06 3d 00 00 10 00 72
RSP: 0018:ffffc90000007ae0 EFLAGS: 00000802
RAX: 0000000000000000 RBX: 1ffff11027fc7183 RCX: 0000000000000001
RDX: 0000000000000007 RSI: ffffffff96c729e8 RDI: ffff88813fe38bf8
RBP: ffffc90000007bf0 R08: dffffc0000000000 R09: fffffbfff1bfd006
R10: fffffbfff1bfd006 R11: 1ffffffff1bfd005 R12: ffff88813fe38bf8
R13: dffffc0000000000 R14: ffff88813fe38c18 R15: 0000000000000007
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
_raw_spin_unlock_irqrestore+0x6d/0x100 kernel/locking/spinlock.c:194
debug_object_activate+0x2d7/0x490 lib/debugobjects.c:716
debug_hrtimer_activate kernel/time/hrtimer.c:411 [inline]
debug_activate kernel/time/hrtimer.c:466 [inline]
enqueue_hrtimer+0x30/0x3f0 kernel/time/hrtimer.c:1075
__run_hrtimer kernel/time/hrtimer.c:1708 [inline]
__hrtimer_run_queues+0x642/0xc80 kernel/time/hrtimer.c:1755
hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1817
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x153/0x5a0 arch/x86/kernel/apic/apic.c:1124
Code: 74 05 e8 2e f7 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> b6 71 3e f7 65 8b 05 57 33 e9 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc900000e6c60 EFLAGS: 00000206
RAX: b77252b9441a0700 RBX: 0000000000000a02 RCX: b77252b9441a0700
RDX: dffffc0000000000 RSI: ffffffff8a6c0000 RDI: 0000000000000001
RBP: ffffc900000e6cf0 R08: dffffc0000000000 R09: fffffbfff211705d
R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88807423e930 R15: 1ffff9200001cd8c
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x751/0xf80 mm/page-writeback.c:3022
ext4_bio_write_page+0x30d/0x2ae0 fs/ext4/page-io.c:453
mpage_submit_page+0x17a/0x210 fs/ext4/inode.c:2142
mpage_map_and_submit_buffers fs/ext4/inode.c:2387 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2526 [inline]
ext4_writepages+0x1a84/0x2e50 fs/ext4/inode.c:2855
do_writepages+0x3b7/0x610 mm/page-writeback.c:2491
__writeback_single_inode+0x156/0x1160 fs/fs-writeback.c:1612
writeback_sb_inodes+0xad8/0x17d0 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x12a/0x3f0 fs/fs-writeback.c:1974
wb_writeback+0x47a/0xd00 fs/fs-writeback.c:2079
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g7577 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: Possible timer handling issue on cpu=0 timer-softirq=3805
rcu: rcu_preempt kthread starved for 10502 jiffies! g7577 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:I stack:27464 pid:16 ppid:2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0x10e9/0x40d0 kernel/sched/core.c:6561
schedule+0xb9/0x180 kernel/sched/core.c:6637
schedule_timeout+0x15c/0x280 kernel/time/timer.c:1965
rcu_gp_fqs_loop+0x2f2/0x1310 kernel/rcu/tree.c:1706
rcu_gp_kthread+0x95/0x380 kernel/rcu/tree.c:1905
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:do_raw_spin_unlock+0x66/0x230 kernel/locking/spinlock_debug.c:140
Code: 48 89 df be 04 00 00 00 e8 d7 1d 6e 00 48 89 d8 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 6e 01 00 00 83 3b 00 0f 84 e4 00 00 00 <4c> 8d 73 10 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7
RSP: 0018:ffffc90000007c28 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffffff96c729d0 RCX: ffffffff816430c9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff96c729d0
RBP: ffffc90000007ce0 R08: dffffc0000000000 R09: fffffbfff2d8e53b
R10: fffffbfff2d8e53b R11: 1ffffffff2d8e53a R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff96c729d4 R15: 1ffff92000000f8c
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock_irqrestore+0x75/0x100 kernel/locking/spinlock.c:194
debug_hrtimer_deactivate kernel/time/hrtimer.c:416 [inline]
debug_deactivate+0x29/0x240 kernel/time/hrtimer.c:472
__run_hrtimer kernel/time/hrtimer.c:1659 [inline]
__hrtimer_run_queues+0x2d0/0xc80 kernel/time/hrtimer.c:1755
hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1817
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x153/0x5a0 arch/x86/kernel/apic/apic.c:1124
Code: 74 05 e8 2e f7 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> b6 71 3e f7 65 8b 05 57 33 e9 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc900000e6c60 EFLAGS: 00000206
RAX: b77252b9441a0700 RBX: 0000000000000a02 RCX: b77252b9441a0700
RDX: dffffc0000000000 RSI: ffffffff8a6c0000 RDI: 0000000000000001
RBP: ffffc900000e6cf0 R08: dffffc0000000000 R09: fffffbfff211705d
R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88807423e930 R15: 1ffff9200001cd8c
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x751/0xf80 mm/page-writeback.c:3022
ext4_bio_write_page+0x30d/0x2ae0 fs/ext4/page-io.c:453
mpage_submit_page+0x17a/0x210 fs/ext4/inode.c:2142
mpage_map_and_submit_buffers fs/ext4/inode.c:2387 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2526 [inline]
ext4_writepages+0x1a84/0x2e50 fs/ext4/inode.c:2855
do_writepages+0x3b7/0x610 mm/page-writeback.c:2491
__writeback_single_inode+0x156/0x1160 fs/fs-writeback.c:1612
writeback_sb_inodes+0xad8/0x17d0 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x12a/0x3f0 fs/fs-writeback.c:1974
wb_writeback+0x47a/0xd00 fs/fs-writeback.c:2079
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
HEAD commit: da3c5173c55f Linux 6.1.140
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1587f7f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=46e5b914cae7bc26
dashboard link: https://syzkaller.appspot.com/bug?extid=48cac2bbba146c43df3d
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121b3482580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=168a5ed4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f64777e3df5f/disk-da3c5173.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/86760acf06d3/vmlinux-da3c5173.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4b53296c1a0a/bzImage-da3c5173.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48cac2...@syzkaller.appspotmail.com
rcu: 0-...!: (1 ticks this GP) idle=61dc/1/0x4000000000000000 softirq=8478/8478 fqs=0
(detected by 1, t=10502 jiffies, g=7577, q=387 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:__lock_release kernel/locking/lockdep.c:5348 [inline]
RIP: 0010:lock_release+0x25d/0x910 kernel/locking/lockdep.c:5682
Code: e8 03 42 0f b6 04 28 84 c0 0f 85 af 04 00 00 41 83 3e 00 0f 85 c0 03 00 00 4d 8d 74 24 20 4c 89 f3 48 c1 eb 03 42 0f b6 04 2b <84> c0 4c 8b 7c 24 18 0f 85 ab 04 00 00 41 8b 06 3d 00 00 10 00 72
RSP: 0018:ffffc90000007ae0 EFLAGS: 00000802
RAX: 0000000000000000 RBX: 1ffff11027fc7183 RCX: 0000000000000001
RDX: 0000000000000007 RSI: ffffffff96c729e8 RDI: ffff88813fe38bf8
RBP: ffffc90000007bf0 R08: dffffc0000000000 R09: fffffbfff1bfd006
R10: fffffbfff1bfd006 R11: 1ffffffff1bfd005 R12: ffff88813fe38bf8
R13: dffffc0000000000 R14: ffff88813fe38c18 R15: 0000000000000007
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd0f65bf19 CR3: 000000007474a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
_raw_spin_unlock_irqrestore+0x6d/0x100 kernel/locking/spinlock.c:194
debug_object_activate+0x2d7/0x490 lib/debugobjects.c:716
debug_hrtimer_activate kernel/time/hrtimer.c:411 [inline]
debug_activate kernel/time/hrtimer.c:466 [inline]
enqueue_hrtimer+0x30/0x3f0 kernel/time/hrtimer.c:1075
__run_hrtimer kernel/time/hrtimer.c:1708 [inline]
__hrtimer_run_queues+0x642/0xc80 kernel/time/hrtimer.c:1755
hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1817
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x153/0x5a0 arch/x86/kernel/apic/apic.c:1124
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
Code: 74 05 e8 2e f7 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> b6 71 3e f7 65 8b 05 57 33 e9 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc900000e6c60 EFLAGS: 00000206
RAX: b77252b9441a0700 RBX: 0000000000000a02 RCX: b77252b9441a0700
RDX: dffffc0000000000 RSI: ffffffff8a6c0000 RDI: 0000000000000001
RBP: ffffc900000e6cf0 R08: dffffc0000000000 R09: fffffbfff211705d
R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88807423e930 R15: 1ffff9200001cd8c
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x751/0xf80 mm/page-writeback.c:3022
ext4_bio_write_page+0x30d/0x2ae0 fs/ext4/page-io.c:453
mpage_submit_page+0x17a/0x210 fs/ext4/inode.c:2142
mpage_map_and_submit_buffers fs/ext4/inode.c:2387 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2526 [inline]
ext4_writepages+0x1a84/0x2e50 fs/ext4/inode.c:2855
do_writepages+0x3b7/0x610 mm/page-writeback.c:2491
__writeback_single_inode+0x156/0x1160 fs/fs-writeback.c:1612
writeback_sb_inodes+0xad8/0x17d0 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x12a/0x3f0 fs/fs-writeback.c:1974
wb_writeback+0x47a/0xd00 fs/fs-writeback.c:2079
wb_check_old_data_flush fs/fs-writeback.c:2179 [inline]
wb_do_writeback fs/fs-writeback.c:2232 [inline]
wb_workfn+0xb66/0xec0 fs/fs-writeback.c:2260
wb_do_writeback fs/fs-writeback.c:2232 [inline]
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g7577 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: Possible timer handling issue on cpu=0 timer-softirq=3805
rcu: rcu_preempt kthread starved for 10502 jiffies! g7577 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:I stack:27464 pid:16 ppid:2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0x10e9/0x40d0 kernel/sched/core.c:6561
schedule+0xb9/0x180 kernel/sched/core.c:6637
schedule_timeout+0x15c/0x280 kernel/time/timer.c:1965
rcu_gp_fqs_loop+0x2f2/0x1310 kernel/rcu/tree.c:1706
rcu_gp_kthread+0x95/0x380 kernel/rcu/tree.c:1905
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline]
RIP: 0010:do_raw_spin_unlock+0x66/0x230 kernel/locking/spinlock_debug.c:140
Code: 48 89 df be 04 00 00 00 e8 d7 1d 6e 00 48 89 d8 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 6e 01 00 00 83 3b 00 0f 84 e4 00 00 00 <4c> 8d 73 10 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7
RSP: 0018:ffffc90000007c28 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffffff96c729d0 RCX: ffffffff816430c9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff96c729d0
RBP: ffffc90000007ce0 R08: dffffc0000000000 R09: fffffbfff2d8e53b
R10: fffffbfff2d8e53b R11: 1ffffffff2d8e53a R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff96c729d4 R15: 1ffff92000000f8c
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd0f65bf19 CR3: 000000007474a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock_irqrestore+0x75/0x100 kernel/locking/spinlock.c:194
debug_hrtimer_deactivate kernel/time/hrtimer.c:416 [inline]
debug_deactivate+0x29/0x240 kernel/time/hrtimer.c:472
__run_hrtimer kernel/time/hrtimer.c:1659 [inline]
__hrtimer_run_queues+0x2d0/0xc80 kernel/time/hrtimer.c:1755
hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1817
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x153/0x5a0 arch/x86/kernel/apic/apic.c:1124
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194
sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
Code: 74 05 e8 2e f7 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> b6 71 3e f7 65 8b 05 57 33 e9 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc900000e6c60 EFLAGS: 00000206
RAX: b77252b9441a0700 RBX: 0000000000000a02 RCX: b77252b9441a0700
RDX: dffffc0000000000 RSI: ffffffff8a6c0000 RDI: 0000000000000001
RBP: ffffc900000e6cf0 R08: dffffc0000000000 R09: fffffbfff211705d
R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88807423e930 R15: 1ffff9200001cd8c
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__folio_start_writeback+0x751/0xf80 mm/page-writeback.c:3022
ext4_bio_write_page+0x30d/0x2ae0 fs/ext4/page-io.c:453
mpage_submit_page+0x17a/0x210 fs/ext4/inode.c:2142
mpage_map_and_submit_buffers fs/ext4/inode.c:2387 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2526 [inline]
ext4_writepages+0x1a84/0x2e50 fs/ext4/inode.c:2855
do_writepages+0x3b7/0x610 mm/page-writeback.c:2491
__writeback_single_inode+0x156/0x1160 fs/fs-writeback.c:1612
writeback_sb_inodes+0xad8/0x17d0 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x12a/0x3f0 fs/fs-writeback.c:1974
wb_writeback+0x47a/0xd00 fs/fs-writeback.c:2079
wb_check_old_data_flush fs/fs-writeback.c:2179 [inline]
wb_do_writeback fs/fs-writeback.c:2232 [inline]
wb_workfn+0xb66/0xec0 fs/fs-writeback.c:2260
wb_do_writeback fs/fs-writeback.c:2232 [inline]
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
Reply all
Reply to author
Forward
0 new messages