bisecting fixing commit since ae4b064e2a616b545acf02b8f50cc513b32c7522
building syzkaller on 08003f6440deafc4e193b159c4acece64f7864b1
testing commit ae4b064e2a616b545acf02b8f50cc513b32c7522
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 79450ac766e6ee1c6d674c4246108ce8e17a02768744d4e7b53c5a30c04b9f53
run #0: crashed: BUG: workqueue lockup
run #1: crashed: BUG: workqueue lockup
run #2: crashed: BUG: workqueue lockup
run #3: crashed: BUG: workqueue lockup
run #4: crashed: BUG: workqueue lockup
run #5: crashed: INFO: rcu detected stall in chrdev_open
run #6: crashed: INFO: rcu detected stall in chrdev_open
run #7: crashed: INFO: rcu detected stall in chrdev_open
run #8: crashed: INFO: rcu detected stall in corrupted
run #9: crashed: INFO: rcu detected stall in chrdev_open
run #10: crashed: INFO: rcu detected stall in corrupted
run #11: crashed: BUG: workqueue lockup
run #12: crashed: INFO: rcu detected stall in chrdev_open
run #13: crashed: INFO: rcu detected stall in chrdev_open
run #14: crashed: INFO: rcu detected stall in chrdev_open
run #15: crashed: BUG: workqueue lockup
run #16: crashed: INFO: rcu detected stall in corrupted
run #17: crashed: INFO: rcu detected stall in chrdev_open
run #18: crashed: INFO: rcu detected stall in chrdev_open
run #19: crashed: no output from test machine
testing current HEAD c500bee1c5b2f1d59b1081ac879d73268ab0ff17
testing commit c500bee1c5b2f1d59b1081ac879d73268ab0ff17
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: af67070257e5611b86b2fd073d4e4053d67300709262926769ed13fe94a3fc06
run #0: crashed: BUG: workqueue lockup
run #1: crashed: BUG: workqueue lockup
run #2: crashed: BUG: workqueue lockup
run #3: crashed: BUG: workqueue lockup
run #4: crashed: INFO: rcu detected stall in corrupted
run #5: crashed: INFO: rcu detected stall in sys_symlink
run #6: crashed: INFO: rcu detected stall in chrdev_open
run #7: crashed: INFO: rcu detected stall in chrdev_open
run #8: crashed: INFO: rcu detected stall in chrdev_open
run #9: crashed: INFO: rcu detected stall in chrdev_open
revisions tested: 2, total time: 25m28.659887291s (build: 11m44.003296382s, test: 12m39.60456994s)
the crash still happens on HEAD
commit msg: Linux 5.14-rc4
crash: INFO: rcu detected stall in chrdev_open
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1):
	(detected by 0, t=10502 jiffies, g=7341, q=218)
rcu: All QSes seen, last rcu_preempt kthread activity 7451 (4294953748-4294946297), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread timer wakeup didn't happen for 7450 jiffies! g7341 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=0 timer-softirq=2502
rcu: rcu_preempt kthread starved for 7451 jiffies! g7341 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:29360 pid:   13 ppid:     2 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:4683 [inline]
 __schedule+0x8e8/0x2170 kernel/sched/core.c:5940
 schedule+0xe0/0x280 kernel/sched/core.c:6019
 schedule_timeout+0x133/0x270 kernel/time/timer.c:1879
 rcu_gp_fqs_loop kernel/rcu/tree.c:1996 [inline]
 rcu_gp_kthread+0xdd0/0x1af0 kernel/rcu/tree.c:2169
 kthread+0x395/0x470 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
rcu: Stack dump where RCU GP kthread last ran:
NMI backtrace for cpu 0
CPU: 0 PID: 7578 Comm: syz-executor.1 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xc2/0xe1 lib/dump_stack.c:105
 dump_stack+0x10/0x12 lib/dump_stack.c:112
 nmi_cpu_backtrace.cold+0x30/0x9c lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x120/0x170 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:39
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_check_gp_kthread_starvation.cold+0x283/0x288 kernel/rcu/tree_stall.h:479
 print_other_cpu_stall kernel/rcu/tree_stall.h:584 [inline]
 check_cpu_stall kernel/rcu/tree_stall.h:709 [inline]
 rcu_pending kernel/rcu/tree.c:3922 [inline]
 rcu_sched_clock_irq+0x1dc8/0x2050 kernel/rcu/tree.c:2641
 update_process_times+0x139/0x1b0 kernel/time/timer.c:1783
 tick_sched_handle+0x77/0x140 kernel/time/tick-sched.c:226
 tick_sched_timer+0x142/0x230 kernel/time/tick-sched.c:1421
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x1b7/0xc30 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2f3/0x950 kernel/time/hrtimer.c:1663
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline]
 __sysvec_apic_timer_interrupt+0x143/0x530 arch/x86/kernel/apic/apic.c:1106
 sysvec_apic_timer_interrupt+0x98/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:695 [inline]
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:140 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5628 [inline]
RIP: 0010:lock_acquire+0x4fc/0x5e0 kernel/locking/lockdep.c:5590
Code: 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 af 00 00 00 48 83 3d 1d dd 1d 08 00 74 64 fb 66 0f 1f 44 00 00 <e9> 58 fd ff ff e8 8a 81 63 06 85 c0 74 ab 80 3d 11 44 23 09 00 75
RSP: 0000:ffffc90005b07640 EFLAGS: 00000282
RAX: 1ffffffff12ec2f8 RBX: 1ffff92000b60ecb RCX: 0000000000001a57
RDX: dffffc0000000000 RSI: ffffffff880b6340 RDI: ffffffff88521ac0
RBP: ffffc90005b07720 R08: 0000000000000000 R09: ffffffff8b2c0c1f
R10: fffffbfff1658183 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffff89e94fe8 R15: 0000000000000200
 __mutex_lock_common kernel/locking/mutex.c:959 [inline]
 __mutex_lock+0x13f/0x11a0 kernel/locking/mutex.c:1104
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1119
 tty_open_by_driver drivers/tty/tty_io.c:2062 [inline]
 tty_open+0x493/0xf60 drivers/tty/tty_io.c:2146
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x42d/0xf90 fs/open.c:826
 vfs_open+0x9a/0xc0 fs/open.c:949
 do_open fs/namei.c:3374 [inline]
 path_openat+0xa75/0x25f0 fs/namei.c:3507
 do_filp_open+0x1ab/0x3f0 fs/namei.c:3534
 do_sys_openat2+0x120/0x3d0 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __x64_sys_openat+0x124/0x200 fs/open.c:1231
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x462209
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa154ed51a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 0000000000462209
RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004f8a08 R14: 00000000004b41d5 R15: 00007fa154ed56bc