syzbot

 sign-in | mailing list | source | docs
🐞 Open [677]
🐞 Fixed [94]
🐞 Invalid [514]
Missing Backports [36]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in __hrtimer_run_queues

Status: auto-obsoleted due to no activity on 2023/08/31 12:31
Reported-by: syzbot+695c09885cef9d49936a@syzkaller.appspotmail.com
First crash: 548d, last: 548d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in __hrtimer_run_queues (2) kernel C error done 16 209d 241d 26/28 fixed on 2024/06/20 20:31
linux-6.1 possible deadlock in __hrtimer_run_queues (2) C done 2 226d 232d 3/3 fixed on 2024/05/10 00:32
linux-5.15 possible deadlock in __hrtimer_run_queues 3 542d 552d 0/3 auto-obsoleted due to no activity on 2023/09/06 10:20
upstream possible deadlock in __hrtimer_run_queues kernel 24 530d 559d 0/28 auto-obsoleted due to no activity on 2023/08/23 09:03
linux-5.15 possible deadlock in __hrtimer_run_queues (2) origin:lts-only C done 26 1d13h 238d 0/3 upstream: reported C repro on 2024/03/28 04:51

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.1.29-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/24029 is trying to acquire lock:
ffff0001fec71600 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:137 [inline]
ffff0001fec71600 (&pgdat->kcompactd_wait){-...}-{2:2}, at: __wake_up+0xec/0x1a8 kernel/sched/wait.c:160

but task is already holding lock:
ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x58c/0xdc0 kernel/time/hrtimer.c:1749

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #4 (hrtimer_bases.lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
       lock_hrtimer_base kernel/time/hrtimer.c:173 [inline]
       hrtimer_start_range_ns+0xe4/0x9b0 kernel/time/hrtimer.c:1296
       hrtimer_start_expires include/linux/hrtimer.h:432 [inline]
       do_start_rt_bandwidth kernel/sched/rt.c:116 [inline]
       start_rt_bandwidth kernel/sched/rt.c:127 [inline]
       inc_rt_group kernel/sched/rt.c:1241 [inline]
       inc_rt_tasks kernel/sched/rt.c:1285 [inline]
       __enqueue_rt_entity kernel/sched/rt.c:1461 [inline]
       enqueue_rt_entity kernel/sched/rt.c:1510 [inline]
       enqueue_task_rt+0x500/0xc18 kernel/sched/rt.c:1545
       enqueue_task kernel/sched/core.c:2060 [inline]
       __sched_setscheduler+0xf38/0x16ec kernel/sched/core.c:7659
       _sched_setscheduler kernel/sched/core.c:7705 [inline]
       sched_setscheduler_nocheck kernel/sched/core.c:7752 [inline]
       sched_set_fifo+0xf8/0x1c0 kernel/sched/core.c:7776
       watchdog_dev_init+0x5c/0x124 drivers/watchdog/watchdog_dev.c:1217
       watchdog_init+0x18/0x54 drivers/watchdog/watchdog_core.c:465
       do_one_initcall+0x260/0xacc init/main.c:1303
       do_initcall_level+0x154/0x214 init/main.c:1376
       do_initcalls+0x58/0xac init/main.c:1392
       do_basic_setup+0x8c/0xa0 init/main.c:1411
       kernel_init_freeable+0x3a4/0x528 init/main.c:1631
       kernel_init+0x24/0x29c init/main.c:1519
       ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

-> #3 (&rt_b->rt_runtime_lock){-.-.}-{2:2}:
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
       __enable_runtime kernel/sched/rt.c:876 [inline]
       rq_online_rt+0x15c/0x36c kernel/sched/rt.c:2485
       set_rq_online kernel/sched/core.c:9330 [inline]
       sched_cpu_activate+0x340/0x578 kernel/sched/core.c:9438
       cpuhp_invoke_callback+0x404/0x704 kernel/cpu.c:192
       cpuhp_thread_fun+0x2e8/0x61c kernel/cpu.c:815
       smpboot_thread_fn+0x4b0/0x96c kernel/smpboot.c:164
       kthread+0x250/0x2d8 kernel/kthread.c:376
       ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

-> #2 (&rq->__lock){-.-.}-{2:2}:
       _raw_spin_lock_nested+0x5c/0x78 kernel/locking/spinlock.c:378
       raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:537
       raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
       rq_lock kernel/sched/sched.h:1645 [inline]
       task_fork_fair+0x7c/0x23c kernel/sched/fair.c:11893
       sched_cgroup_fork+0x38c/0x464 kernel/sched/core.c:4682
       copy_process+0x2650/0x38d0 kernel/fork.c:2376
       kernel_clone+0x1d8/0x98c kernel/fork.c:2679
       user_mode_thread+0x110/0x178 kernel/fork.c:2755
       rest_init+0x2c/0x2f0 init/main.c:694
       start_kernel+0x0/0x60c init/main.c:890
       start_kernel+0x44c/0x60c init/main.c:1145
       __primary_switched+0xb8/0xc0 arch/arm64/kernel/head.S:468

-> #1 (&p->pi_lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
       try_to_wake_up+0xb4/0xe60 kernel/sched/core.c:4108
       default_wake_function+0x4c/0x60 kernel/sched/core.c:6878
       autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:419
       __wake_up_common+0x23c/0x3bc kernel/sched/wait.c:107
       __wake_up_common_lock kernel/sched/wait.c:138 [inline]
       __wake_up+0x10c/0x1a8 kernel/sched/wait.c:160
       wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
       balance_pgdat+0x2868/0x2ccc mm/vmscan.c:7200
       kswapd+0x828/0x1254 mm/vmscan.c:7397
       kthread+0x250/0x2d8 kernel/kthread.c:376
       ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

-> #0 (&pgdat->kcompactd_wait){-...}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3098 [inline]
       check_prevs_add kernel/locking/lockdep.c:3217 [inline]
       validate_chain kernel/locking/lockdep.c:3832 [inline]
       __lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
       lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
       __wake_up_common_lock kernel/sched/wait.c:137 [inline]
       __wake_up+0xec/0x1a8 kernel/sched/wait.c:160
       wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
       wakeup_kswapd+0x350/0x964 mm/vmscan.c:7451
       wake_all_kswapds+0x13c/0x23c mm/page_alloc.c:4818
       __alloc_pages_slowpath+0x37c/0x2138 mm/page_alloc.c:5087
       __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
       alloc_pages+0x4bc/0x7c0
       __stack_depot_save+0x43c/0x4dc lib/stackdepot.c:474
       kasan_save_stack mm/kasan/common.c:46 [inline]
       kasan_set_track+0x64/0x80 mm/kasan/common.c:52
       kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
       __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
       kasan_slab_alloc include/linux/kasan.h:201 [inline]
       slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
       slab_alloc_node mm/slub.c:3398 [inline]
       slab_alloc mm/slub.c:3406 [inline]
       __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
       kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
       kmem_cache_zalloc include/linux/slab.h:679 [inline]
       fill_pool lib/debugobjects.c:168 [inline]
       debug_objects_fill_pool+0x4d0/0x814 lib/debugobjects.c:597
       debug_object_activate+0x114/0x790 lib/debugobjects.c:693
       debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
       debug_activate kernel/time/hrtimer.c:475 [inline]
       enqueue_hrtimer+0x40/0x4ac kernel/time/hrtimer.c:1084
       __run_hrtimer kernel/time/hrtimer.c:1702 [inline]
       __hrtimer_run_queues+0x5d0/0xdc0 kernel/time/hrtimer.c:1749
       hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
       timer_handler drivers/clocksource/arm_arch_timer.c:655 [inline]
       arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:666
       handle_percpu_devid_irq+0x174/0x354 kernel/irq/chip.c:930
       generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
       handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
       generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:707
       __gic_handle_irq drivers/irqchip/irq-gic-v3.c:695 [inline]
       __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:746 [inline]
       gic_handle_irq+0x70/0x1e4 drivers/irqchip/irq-gic-v3.c:790
       call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
       do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:274
       __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
       el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486
       el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
       el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
       arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
       seqcount_lockdep_reader_access include/linux/seqlock.h:104 [inline]
       read_seqbegin+0xa0/0x138 include/linux/seqlock.h:836
       zone_span_seqbegin include/linux/memory_hotplug.h:132 [inline]
       page_outside_zone_boundaries mm/page_alloc.c:647 [inline]
       bad_range+0x9c/0x268 mm/page_alloc.c:674
       rmqueue mm/page_alloc.c:3864 [inline]
       get_page_from_freelist+0x3068/0x31f0 mm/page_alloc.c:4289
       __alloc_pages_slowpath+0x390/0x2138 mm/page_alloc.c:5093
       __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
       alloc_pages+0x4bc/0x7c0
       alloc_slab_page+0xa0/0x15c mm/slub.c:1794
       allocate_slab mm/slub.c:1939 [inline]
       new_slab+0xa0/0x2f4 mm/slub.c:1992
       ___slab_alloc+0x8bc/0xee0 mm/slub.c:3180
       __slab_alloc mm/slub.c:3279 [inline]
       slab_alloc_node mm/slub.c:3364 [inline]
       slab_alloc mm/slub.c:3406 [inline]
       __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
       kmem_cache_alloc+0x2cc/0x37c mm/slub.c:3422
       kmem_cache_zalloc include/linux/slab.h:679 [inline]
       fill_pool lib/debugobjects.c:168 [inline]
       debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:597
       debug_object_activate+0x114/0x790 lib/debugobjects.c:693
       debug_rcu_head_queue kernel/rcu/rcu.h:189 [inline]
       call_rcu+0x50/0xa40 kernel/rcu/tree.c:2784
       dentry_free+0xa8/0x174
       __dentry_kill+0x470/0x5e4 fs/dcache.c:621
       shrink_dentry_list+0x41c/0x850 fs/dcache.c:1201
       prune_dcache_sb+0x104/0x164 fs/dcache.c:1282
       super_cache_scan+0x2ac/0x3c8 fs/super.c:104
       do_shrink_slab+0x4f4/0x11d8 mm/vmscan.c:846
       shrink_slab_memcg mm/vmscan.c:915 [inline]
       shrink_slab+0x48c/0x7f0 mm/vmscan.c:994
       shrink_node_memcgs mm/vmscan.c:6129 [inline]
       shrink_node+0x5b4/0x212c mm/vmscan.c:6158
       shrink_zones mm/vmscan.c:6396 [inline]
       do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6458
       try_to_free_pages+0x8cc/0x11f4 mm/vmscan.c:6693
       __perform_reclaim mm/page_alloc.c:4759 [inline]
       __alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
       __alloc_pages_slowpath+0xc58/0x2138 mm/page_alloc.c:5187
       __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
       alloc_pages+0x4bc/0x7c0
       __get_free_pages+0x18/0x84 mm/page_alloc.c:5609
       kasan_populate_vmalloc_pte+0x50/0xf0 mm/kasan/shadow.c:271
       apply_to_pte_range mm/memory.c:2635 [inline]
       apply_to_pmd_range mm/memory.c:2679 [inline]
       apply_to_pud_range mm/memory.c:2715 [inline]
       apply_to_p4d_range mm/memory.c:2751 [inline]
       __apply_to_page_range+0x834/0xc3c mm/memory.c:2785
       apply_to_page_range+0x4c/0x64 mm/memory.c:2804
       kasan_populate_vmalloc+0x60/0x70 mm/kasan/shadow.c:318
       alloc_vmap_area+0x15dc/0x171c mm/vmalloc.c:1646
       __get_vm_area_node+0x1a0/0x374 mm/vmalloc.c:2505
       __vmalloc_node_range+0x1d4/0xf78 mm/vmalloc.c:3179
       vmalloc_user+0xc8/0xf0 mm/vmalloc.c:3373
       vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
       __vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
       __vb2_queue_alloc+0x620/0x111c drivers/media/common/videobuf2/videobuf2-core.c:444
       vb2_core_create_bufs+0x4e8/0xa54 drivers/media/common/videobuf2/videobuf2-core.c:976
       vb2_create_bufs+0x650/0xddc drivers/media/common/videobuf2/videobuf2-v4l2.c:794
       v4l2_m2m_create_bufs drivers/media/v4l2-core/v4l2-mem2mem.c:840 [inline]
       v4l2_m2m_ioctl_create_bufs+0x120/0x158 drivers/media/v4l2-core/v4l2-mem2mem.c:1376
       v4l_create_bufs+0xc4/0x178 drivers/media/v4l2-core/v4l2-ioctl.c:2133
       __video_do_ioctl+0x7f4/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3037
       video_usercopy+0x938/0x10d4 drivers/media/v4l2-core/v4l2-ioctl.c:3384
       video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3431
       v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:870 [inline]
       __se_sys_ioctl fs/ioctl.c:856 [inline]
       __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
       el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

other info that might help us debug this:

Chain exists of:
  &pgdat->kcompactd_wait --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(hrtimer_bases.lock);
                               lock(&rt_b->rt_runtime_lock);
                               lock(hrtimer_bases.lock);
  lock(&pgdat->kcompactd_wait);

 *** DEADLOCK ***

5 locks held by syz-executor.4/24029:
 #0: ffff00012bd9d2f0 (&ctx->vb_mutex){+.+.}-{3:3}, at: __video_do_ioctl+0x424/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3005
 #1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4756 [inline]
 #1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
 #1: ffff80001583ba40 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xbf4/0x2138 mm/page_alloc.c:5187
 #2: ffff800015811b90 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab_memcg mm/vmscan.c:888 [inline]
 #2: ffff800015811b90 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0x25c/0x7f0 mm/vmscan.c:994
 #3: ffff0000d84780e0 (&type->s_umount_key#30){++++}-{3:3}, at: trylock_super fs/super.c:415 [inline]
 #3: ffff0000d84780e0 (&type->s_umount_key#30){++++}-{3:3}, at: super_cache_scan+0x80/0x3c8 fs/super.c:79
 #4: ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 #4: ffff0001b45d48d8 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x58c/0xdc0 kernel/time/hrtimer.c:1749

stack backtrace:
CPU: 1 PID: 24029 Comm: syz-executor.4 Not tainted 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
 check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3098 [inline]
 check_prevs_add kernel/locking/lockdep.c:3217 [inline]
 validate_chain kernel/locking/lockdep.c:3832 [inline]
 __lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
 __wake_up_common_lock kernel/sched/wait.c:137 [inline]
 __wake_up+0xec/0x1a8 kernel/sched/wait.c:160
 wakeup_kcompactd+0x308/0x698 mm/compaction.c:2915
 wakeup_kswapd+0x350/0x964 mm/vmscan.c:7451
 wake_all_kswapds+0x13c/0x23c mm/page_alloc.c:4818
 __alloc_pages_slowpath+0x37c/0x2138 mm/page_alloc.c:5087
 __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
 alloc_pages+0x4bc/0x7c0
 __stack_depot_save+0x43c/0x4dc lib/stackdepot.c:474
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x64/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
 __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
 kmem_cache_zalloc include/linux/slab.h:679 [inline]
 fill_pool lib/debugobjects.c:168 [inline]
 debug_objects_fill_pool+0x4d0/0x814 lib/debugobjects.c:597
 debug_object_activate+0x114/0x790 lib/debugobjects.c:693
 debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
 debug_activate kernel/time/hrtimer.c:475 [inline]
 enqueue_hrtimer+0x40/0x4ac kernel/time/hrtimer.c:1084
 __run_hrtimer kernel/time/hrtimer.c:1702 [inline]
 __hrtimer_run_queues+0x5d0/0xdc0 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x2c0/0xb64 kernel/time/hrtimer.c:1811
 timer_handler drivers/clocksource/arm_arch_timer.c:655 [inline]
 arch_timer_handler_virt+0x74/0x88 drivers/clocksource/arm_arch_timer.c:666
 handle_percpu_devid_irq+0x174/0x354 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:651 [inline]
 generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:707
 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:695 [inline]
 __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:746 [inline]
 gic_handle_irq+0x70/0x1e4 drivers/irqchip/irq-gic-v3.c:790
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
 do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:274
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:486
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 seqcount_lockdep_reader_access include/linux/seqlock.h:104 [inline]
 read_seqbegin+0xa0/0x138 include/linux/seqlock.h:836
 zone_span_seqbegin include/linux/memory_hotplug.h:132 [inline]
 page_outside_zone_boundaries mm/page_alloc.c:647 [inline]
 bad_range+0x9c/0x268 mm/page_alloc.c:674
 rmqueue mm/page_alloc.c:3864 [inline]
 get_page_from_freelist+0x3068/0x31f0 mm/page_alloc.c:4289
 __alloc_pages_slowpath+0x390/0x2138 mm/page_alloc.c:5093
 __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
 alloc_pages+0x4bc/0x7c0
 alloc_slab_page+0xa0/0x15c mm/slub.c:1794
 allocate_slab mm/slub.c:1939 [inline]
 new_slab+0xa0/0x2f4 mm/slub.c:1992
 ___slab_alloc+0x8bc/0xee0 mm/slub.c:3180
 __slab_alloc mm/slub.c:3279 [inline]
 slab_alloc_node mm/slub.c:3364 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc+0x2cc/0x37c mm/slub.c:3422
 kmem_cache_zalloc include/linux/slab.h:679 [inline]
 fill_pool lib/debugobjects.c:168 [inline]
 debug_objects_fill_pool+0x570/0x814 lib/debugobjects.c:597
 debug_object_activate+0x114/0x790 lib/debugobjects.c:693
 debug_rcu_head_queue kernel/rcu/rcu.h:189 [inline]
 call_rcu+0x50/0xa40 kernel/rcu/tree.c:2784
 dentry_free+0xa8/0x174
 __dentry_kill+0x470/0x5e4 fs/dcache.c:621
 shrink_dentry_list+0x41c/0x850 fs/dcache.c:1201
 prune_dcache_sb+0x104/0x164 fs/dcache.c:1282
 super_cache_scan+0x2ac/0x3c8 fs/super.c:104
 do_shrink_slab+0x4f4/0x11d8 mm/vmscan.c:846
 shrink_slab_memcg mm/vmscan.c:915 [inline]
 shrink_slab+0x48c/0x7f0 mm/vmscan.c:994
 shrink_node_memcgs mm/vmscan.c:6129 [inline]
 shrink_node+0x5b4/0x212c mm/vmscan.c:6158
 shrink_zones mm/vmscan.c:6396 [inline]
 do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6458
 try_to_free_pages+0x8cc/0x11f4 mm/vmscan.c:6693
 __perform_reclaim mm/page_alloc.c:4759 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4781 [inline]
 __alloc_pages_slowpath+0xc58/0x2138 mm/page_alloc.c:5187
 __alloc_pages+0x3e0/0x730 mm/page_alloc.c:5572
 alloc_pages+0x4bc/0x7c0
 __get_free_pages+0x18/0x84 mm/page_alloc.c:5609
 kasan_populate_vmalloc_pte+0x50/0xf0 mm/kasan/shadow.c:271
 apply_to_pte_range mm/memory.c:2635 [inline]
 apply_to_pmd_range mm/memory.c:2679 [inline]
 apply_to_pud_range mm/memory.c:2715 [inline]
 apply_to_p4d_range mm/memory.c:2751 [inline]
 __apply_to_page_range+0x834/0xc3c mm/memory.c:2785
 apply_to_page_range+0x4c/0x64 mm/memory.c:2804
 kasan_populate_vmalloc+0x60/0x70 mm/kasan/shadow.c:318
 alloc_vmap_area+0x15dc/0x171c mm/vmalloc.c:1646
 __get_vm_area_node+0x1a0/0x374 mm/vmalloc.c:2505
 __vmalloc_node_range+0x1d4/0xf78 mm/vmalloc.c:3179
 vmalloc_user+0xc8/0xf0 mm/vmalloc.c:3373
 vb2_vmalloc_alloc+0xfc/0x2d8 drivers/media/common/videobuf2/videobuf2-vmalloc.c:47
 __vb2_buf_mem_alloc drivers/media/common/videobuf2/videobuf2-core.c:233 [inline]
 __vb2_queue_alloc+0x620/0x111c drivers/media/common/videobuf2/videobuf2-core.c:444
 vb2_core_create_bufs+0x4e8/0xa54 drivers/media/common/videobuf2/videobuf2-core.c:976
 vb2_create_bufs+0x650/0xddc drivers/media/common/videobuf2/videobuf2-v4l2.c:794
 v4l2_m2m_create_bufs drivers/media/v4l2-core/v4l2-mem2mem.c:840 [inline]
 v4l2_m2m_ioctl_create_bufs+0x120/0x158 drivers/media/v4l2-core/v4l2-mem2mem.c:1376
 v4l_create_bufs+0xc4/0x178 drivers/media/v4l2-core/v4l2-ioctl.c:2133
 __video_do_ioctl+0x7f4/0xb68 drivers/media/v4l2-core/v4l2-ioctl.c:3037
 video_usercopy+0x938/0x10d4 drivers/media/v4l2-core/v4l2-ioctl.c:3384
 video_ioctl2+0x3c/0x50 drivers/media/v4l2-core/v4l2-ioctl.c:3431
 v4l2_ioctl+0x148/0x18c drivers/media/v4l2-core/v4l2-dev.c:364
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/23 12:31 linux-6.1.y fa74641fb6b9 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __hrtimer_run_queues
* Struck through repros no longer work on HEAD.