bisecting cause commit starting from 9b992972fb9c2a1bc3fb25bab70da8a4385e3abe building syzkaller on 6972b10616d785401dea17cec890cca8916424a7 testing commit 9b992972fb9c2a1bc3fb25bab70da8a4385e3abe compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1b7eeb264ebb20a15cf6e0e22e4e73a968d2159c9caba8cd745209b8b9bcb73c all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1cb5111c0f95c1fc7e3896d55db5b53fbce5858f143c657e735c92f7019c7d10 all runs: OK # git bisect start 9b992972fb9c2a1bc3fb25bab70da8a4385e3abe 62fb9874f5da54fdb243003b386128037319b219 Bisecting: 11415 revisions left to test after this (roughly 14 steps) [a16d8644bad461bb073b92e812080ea6715ddf2b] Merge tag 'staging-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit a16d8644bad461bb073b92e812080ea6715ddf2b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 731f071ac0890eca6e2659c43417eae356e689c88e2c3c3cc1a035a586b04abb run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0) run #3: boot failed: possible deadlock in fs_reclaim_acquire run #4: boot failed: possible deadlock in fs_reclaim_acquire run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: possible deadlock in get_page_from_freelist run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0) # git bisect skip a16d8644bad461bb073b92e812080ea6715ddf2b Bisecting: 11415 revisions left to test after this (roughly 14 steps) [b94dc99c0ddb74713da315853919393fb3e63b96] net: dsa: use switchdev_handle_fdb_{add,del}_to_device testing commit b94dc99c0ddb74713da315853919393fb3e63b96 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d33353501ec5b09827be2f6e9c0d8d5f83a22970ee84d33de2d29adcd7f12a4a all runs: OK # git bisect good b94dc99c0ddb74713da315853919393fb3e63b96 Bisecting: 4180 revisions left to test after this (roughly 12 steps) [9a1ab73d00a65793a3cf0318cbfcd3f8b8a7d3aa] Merge remote-tracking branch 'net-next/master' testing commit 9a1ab73d00a65793a3cf0318cbfcd3f8b8a7d3aa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 7351774aba3d176c5629692daf7b8dc32398cc30eb13c3b796fa178ca1bf6529 all runs: OK # git bisect good 9a1ab73d00a65793a3cf0318cbfcd3f8b8a7d3aa Bisecting: 2153 revisions left to test after this (roughly 11 steps) [d945fd0dcfe369b2fa5b10b35097d42997492ca4] Merge remote-tracking branch 'spi/for-next' testing commit d945fd0dcfe369b2fa5b10b35097d42997492ca4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 9a1810fe2769463bbb5a1503eec2c4a3727bf75760a96197711f62773b2c99ce all runs: OK # git bisect good d945fd0dcfe369b2fa5b10b35097d42997492ca4 Bisecting: 1030 revisions left to test after this (roughly 10 steps) [e92da0fb76d1fcf0c156afc3be850455c992274e] Merge remote-tracking branch 'staging/staging-next' testing commit e92da0fb76d1fcf0c156afc3be850455c992274e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 43406954f2e5a814882e2c68d6815bcc2e9586410631c7ccd99bf6e04a604045 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad e92da0fb76d1fcf0c156afc3be850455c992274e Bisecting: 534 revisions left to test after this (roughly 9 steps) [408e8b1517583bdd70c8b4ee46c61712a5e5cd0b] Merge remote-tracking branch 'usb/usb-next' testing commit 408e8b1517583bdd70c8b4ee46c61712a5e5cd0b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 15cd29382baa04c0c0e451bfd091fd3432f7e39abf9a11b1b7b1c66046dc66c5 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad 408e8b1517583bdd70c8b4ee46c61712a5e5cd0b Bisecting: 260 revisions left to test after this (roughly 8 steps) [0cb2a28db9c431c76497716e07f1e101a8148810] Merge remote-tracking branch 'rcu/rcu/next' testing commit 0cb2a28db9c431c76497716e07f1e101a8148810 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2fbd8a9fe636ec5043666bcd2d14986048151a1f131754ef677c8cfb55b7ab26 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad 0cb2a28db9c431c76497716e07f1e101a8148810 Bisecting: 162 revisions left to test after this (roughly 7 steps) [1fd628c2ee3d3d24661520f0356c0329389372ad] Merge branch 'x86/irq' testing commit 1fd628c2ee3d3d24661520f0356c0329389372ad compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 67b54b6579ba2db1ce2344d883103df7a478402f166691cb4a303bd1849c4e5d all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad 1fd628c2ee3d3d24661520f0356c0329389372ad Bisecting: 87 revisions left to test after this (roughly 6 steps) [c898d1c33bf785fc3a0e510848994df24c612930] Merge branch 'perf/core' testing commit c898d1c33bf785fc3a0e510848994df24c612930 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3d14b8ee10aef540ac12fa0ab4fd5271518784bf91807f148cfc1c37d355d104 all runs: OK # git bisect good c898d1c33bf785fc3a0e510848994df24c612930 Bisecting: 45 revisions left to test after this (roughly 6 steps) [a65bfc59b1d1dfde16c9b553528c36db216a10db] Merge branch 'timers/core' testing commit a65bfc59b1d1dfde16c9b553528c36db216a10db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6ea087bf167f4afb89322ee54772fc53f6ff8e06e0c99cf369dc0cab6a3eb4e8 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad a65bfc59b1d1dfde16c9b553528c36db216a10db Bisecting: 18 revisions left to test after this (roughly 4 steps) [dceddb335b4cc26867cb46ff4af5cf8c16fe5a38] Merge branch 'smp/core' testing commit dceddb335b4cc26867cb46ff4af5cf8c16fe5a38 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: cbdb6e2c51ffdc7bff617b51372dd812be833d4b9bb91565335b61e1a57f17d4 all runs: OK # git bisect good dceddb335b4cc26867cb46ff4af5cf8c16fe5a38 Bisecting: 9 revisions left to test after this (roughly 3 steps) [627ef5ae2df8eeccb20d5af0e4cfa4df9e61ed28] hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() testing commit 627ef5ae2df8eeccb20d5af0e4cfa4df9e61ed28 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6568831700742ed6d6c5a3c91e279e702d3047eb8579f3a570b8c221448eb480 all runs: OK # git bisect good 627ef5ae2df8eeccb20d5af0e4cfa4df9e61ed28 Bisecting: 4 revisions left to test after this (roughly 2 steps) [a761a67f591a8c7476c30bb20ed0f09fdfb1a704] timekeeping: Distangle resume and clock-was-set events testing commit a761a67f591a8c7476c30bb20ed0f09fdfb1a704 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f75adb6a21718bb6f8807e9566d08c7ed3ebac7e70c453a97e5834445594ac17 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad a761a67f591a8c7476c30bb20ed0f09fdfb1a704 Bisecting: 2 revisions left to test after this (roughly 1 step) [8c3b5e6ec0fee18bc2ce38d1dfe913413205f908] hrtimer: Ensure timerfd notification for HIGHRES=n testing commit 8c3b5e6ec0fee18bc2ce38d1dfe913413205f908 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0116b41d213c4bc6cbeccab7d063e20631348b6f4498ba92f3457f55f2549519 all runs: OK # git bisect good 8c3b5e6ec0fee18bc2ce38d1dfe913413205f908 Bisecting: 0 revisions left to test after this (roughly 1 step) [66f7b0c8aadd2785fc29f2c71477ebc16f4e38cc] timerfd: Provide timerfd_resume() testing commit 66f7b0c8aadd2785fc29f2c71477ebc16f4e38cc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 01147256c2f3467f51ad461cb1ccf8299085cbb41e4384debd526ed29444ff11 all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad 66f7b0c8aadd2785fc29f2c71477ebc16f4e38cc Bisecting: 0 revisions left to test after this (roughly 0 steps) [e71a4153b7c256ec103e79875398553808aeffd2] hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case testing commit e71a4153b7c256ec103e79875398553808aeffd2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 4c597ab3ae098f9243a1d6449bb215eb79f4a51518184e1b4eaf66b635825f3e all runs: crashed: BUG: using smp_processor_id() in preemptible code in clock_was_set # git bisect bad e71a4153b7c256ec103e79875398553808aeffd2 e71a4153b7c256ec103e79875398553808aeffd2 is the first bad commit commit e71a4153b7c256ec103e79875398553808aeffd2 Author: Thomas Gleixner Date: Tue Jul 13 15:39:49 2021 +0200 hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case When CONFIG_HIGH_RES_TIMERS is disabled, but NOHZ is enabled then clock_was_set() is not doing anything. With HIGHRES=n the kernel relies on the periodic tick to update the clock offsets, but when NOHZ is enabled and active then CPUs which are in a deep idle sleep do not have a periodic tick which means the expiry of timers affected by clock_was_set() can be arbitrarily delayed up to the point where the CPUs are brought out of idle again. Make the clock_was_set() logic unconditionaly available so that idle CPUs are kicked out of idle to handle the update. Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20210713135158.288697903@linutronix.de kernel/time/hrtimer.c | 87 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 28 deletions(-) culprit signature: 4c597ab3ae098f9243a1d6449bb215eb79f4a51518184e1b4eaf66b635825f3e parent signature: 0116b41d213c4bc6cbeccab7d063e20631348b6f4498ba92f3457f55f2549519 revisions tested: 18, total time: 3h48m43.536041683s (build: 1h56m20.10458951s, test: 1h50m17.379166645s) first bad commit: e71a4153b7c256ec103e79875398553808aeffd2 hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case recipients (to): ["linux-kernel@vger.kernel.org" "tglx@linutronix.de" "tglx@linutronix.de"] recipients (cc): ["mingo@elte.hu" "peterz@infradead.org"] crash: BUG: using smp_processor_id() in preemptible code in clock_was_set BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.2/10188 caller is hrtimer_hres_active kernel/time/hrtimer.c:652 [inline] caller is clock_was_set+0xe/0xf0 kernel/time/hrtimer.c:885 CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 check_preemption_disabled+0xc8/0xd0 lib/smp_processor_id.c:49 hrtimer_hres_active kernel/time/hrtimer.c:652 [inline] clock_was_set+0xe/0xf0 kernel/time/hrtimer.c:885 timekeeping_inject_offset+0x363/0x540 kernel/time/timekeeping.c:1375 do_adjtimex+0x1ad/0x730 kernel/time/timekeeping.c:2406 do_clock_adjtime kernel/time/posix-timers.c:1109 [inline] __do_sys_clock_adjtime+0x11a/0x1f0 kernel/time/posix-timers.c:1121 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdfd1ab3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe479f291f R14: 00007fdfd1ab3300 R15: 0000000000022000 BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.2/10188 caller is hrtimer_hres_active kernel/time/hrtimer.c:652 [inline] caller is clock_was_set+0xe/0xf0 kernel/time/hrtimer.c:885 CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 check_preemption_disabled+0xc8/0xd0 lib/smp_processor_id.c:49 hrtimer_hres_active kernel/time/hrtimer.c:652 [inline] clock_was_set+0xe/0xf0 kernel/time/hrtimer.c:885 timekeeping_inject_offset+0x363/0x540 kernel/time/timekeeping.c:1375 do_adjtimex+0x1ad/0x730 kernel/time/timekeeping.c:2406 do_clock_adjtime kernel/time/posix-timers.c:1109 [inline] __do_sys_clock_adjtime+0x11a/0x1f0 kernel/time/posix-timers.c:1121 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdfd1ab3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe479f291f R14: 00007fdfd1ab3300 R15: 0000000000022000 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ff c3 inc %ebx 2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 9: 00 00 00 c: 0f 1f 40 00 nopl 0x0(%rax) 10: 48 89 f8 mov %rdi,%rax 13: 48 89 f7 mov %rsi,%rdi 16: 48 89 d6 mov %rdx,%rsi 19: 48 89 ca mov %rcx,%rdx 1c: 4d 89 c2 mov %r8,%r10 1f: 4d 89 c8 mov %r9,%r8 22: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 27: 0f 05 syscall 29: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 2f: 73 01 jae 0x32 31: c3 retq 32: 48 c7 c1 bc ff ff ff mov $0xffffffffffffffbc,%rcx 39: f7 d8 neg %eax 3b: 64 89 01 mov %eax,%fs:(%rcx) 3e: 48 rex.W