bisecting fixing commit since 125222814e7b8f84df767d6ab622aff2a6d2f234
building syzkaller on 8092f30df01f3443831725509ef5a3dae26122c0
testing commit 125222814e7b8f84df767d6ab622aff2a6d2f234
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 469f48d76b843ae6ec505a189f760391e020d549ce2e0a8d60a4469ad5c54a07
run #0: crashed: INFO: rcu detected stall in corrupted
run #1: crashed: INFO: rcu detected stall in chrdev_open
run #2: crashed: INFO: rcu detected stall in chrdev_open
run #3: crashed: INFO: rcu detected stall in corrupted
run #4: crashed: INFO: rcu detected stall in chrdev_open
run #5: crashed: INFO: rcu detected stall in chrdev_open
run #6: crashed: INFO: rcu detected stall in chrdev_open
run #7: crashed: INFO: rcu detected stall in chrdev_open
run #8: crashed: INFO: rcu detected stall in chrdev_open
run #9: crashed: INFO: rcu detected stall in corrupted
run #10: crashed: INFO: rcu detected stall in chrdev_open
run #11: crashed: INFO: rcu detected stall in chrdev_open
run #12: crashed: INFO: rcu detected stall in chrdev_open
run #13: crashed: INFO: rcu detected stall in corrupted
run #14: crashed: INFO: rcu detected stall in chrdev_open
run #15: crashed: INFO: rcu detected stall in corrupted
run #16: crashed: INFO: rcu detected stall in chrdev_open
run #17: crashed: INFO: rcu detected stall in chrdev_open
run #18: crashed: INFO: rcu detected stall in corrupted
run #19: crashed: no output from test machine
testing current HEAD 5c66974a63046780925e5d99b6dc6631fe2f9a31
testing commit 5c66974a63046780925e5d99b6dc6631fe2f9a31
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 78aeb8219c92aa12bb4a47ae06c14b72eed464560cd33132f4c69f5d26b5ef5c
run #0: crashed: INFO: rcu detected stall in chrdev_open
run #1: crashed: INFO: rcu detected stall in chrdev_open
run #2: crashed: INFO: rcu detected stall in chrdev_open
run #3: crashed: INFO: rcu detected stall in chrdev_open
run #4: crashed: INFO: rcu detected stall in chrdev_open
run #5: crashed: INFO: rcu detected stall in chrdev_open
run #6: crashed: INFO: rcu detected stall in chrdev_open
run #7: crashed: INFO: rcu detected stall in chrdev_open
run #8: crashed: INFO: rcu detected stall in chrdev_open
run #9: crashed: INFO: rcu detected stall in corrupted
revisions tested: 2, total time: 30m56.233446703s (build: 15m54.744258656s, test: 14m21.161701547s)
the crash still happens on HEAD
commit msg: Linux 4.19.202
crash: INFO: rcu detected stall in corrupted
Bluetooth: hci3: command 0x0419 tx timeout
Bluetooth: hci4: command 0x0419 tx timeout
Bluetooth: hci5: command 0x0419 tx timeout
Bluetooth: hci0: command 0x0419 tx timeout
ieee802154 phy0 wpan0: encryption failed: -22
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8456 P8441 P6147
rcu: 	(detected by 0, t=10503 jiffies, g=7177, q=2556)
syz-execprog    R  running task    24904  8456   8435 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_irq+0xb9/0x140 kernel/sched/core.c:3744
 retint_kernel+0x1b/0x2d
RIP: 0010:__lock_task_sighand+0x0/0x210 kernel/signal.c:1342
Code: a6 d0 54 00 e9 55 ff ff ff e8 7c d0 54 00 eb 97 e8 95 d0 54 00 eb b2 e8 8e d0 54 00 e9 db fe ff ff 66 0f 1f 84 00 00 00 00 00 <55> 48 89 e5 41 57 49 89 f7 41 56 41 55 49 89 fd 41 54 53 48 83 ec
RSP: 0018:ffff8880a9dcfcb0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
RAX: 0000000000000000 RBX: 1ffff110153b9f98 RCX: 0000000000000001
RDX: ffff8880abce0100 RSI: ffff8880a9dcfce0 RDI: ffff8880abce0100
RBP: ffff8880a9dcfd48 R08: 0000000000000000 R09: ffffed1017464552
R10: ffffed1017464552 R11: ffff8880ba322a93 R12: ffff8880abce0100
R13: dffffc0000000000 R14: 0000000000000009 R15: ffff8880a9dcfe08
 group_send_sig_info+0xbf/0x120 kernel/signal.c:1385
 kill_pid_info+0x8a/0x140 kernel/signal.c:1419
 kill_something_info kernel/signal.c:1503 [inline]
 __do_sys_kill kernel/signal.c:3297 [inline]
 __se_sys_kill+0x3a4/0x500 kernel/signal.c:3286
 __x64_sys_kill+0x4f/0x70 kernel/signal.c:3286
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4acdf6
Code: Bad RIP value.
RSP: 002b:000000c000677698 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004acdf6
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000002115
RBP: 000000c0006776d8 R08: 000000c00012a5a0 R09: 000000c00012a5a0
R10: 0000000000000000 R11: 0000000000000206 R12: 000000c000677768
R13: 000000c000677778 R14: 0000000000000000 R15: 0000000000000000
syz-execprog    R  running task    24968  8441   8435 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_common+0x1f/0xe0 kernel/sched/core.c:3641
 preempt_schedule+0x4d/0x60 kernel/sched/core.c:3667
 ___preempt_schedule+0x16/0x18
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xbb/0xd0 kernel/locking/spinlock.c:184
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 unlock_task_sighand include/linux/sched/signal.h:677 [inline]
 do_send_sig_info+0xc6/0x120 kernel/signal.c:1269
 group_send_sig_info+0xbf/0x120 kernel/signal.c:1385
 kill_pid_info+0x8a/0x140 kernel/signal.c:1419
 kill_something_info kernel/signal.c:1503 [inline]
 __do_sys_kill kernel/signal.c:3297 [inline]
 __se_sys_kill+0x3a4/0x500 kernel/signal.c:3286
 __x64_sys_kill+0x4f/0x70 kernel/signal.c:3286
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4acdf6
Code: Bad RIP value.
RSP: 002b:000000c000676e98 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004acdf6
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 000000000000210c
RBP: 000000c000676ed8 R08: 000000c000341c20 R09: 000000c000341c20
R10: 0000000000000000 R11: 0000000000000206 R12: 000000c000676f68
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
systemd-timesyn R  running task    25656  6147      1 0x00000100
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_common+0x1f/0xe0 kernel/sched/core.c:3641
 preempt_schedule+0x4d/0x60 kernel/sched/core.c:3667
 ___preempt_schedule+0x16/0x18
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xbb/0xd0 kernel/locking/spinlock.c:184
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 __wake_up_common_lock+0xec/0x180 kernel/sched/wait.c:122
 __wake_up_sync_key+0x19/0x20 kernel/sched/wait.c:199
 sock_def_readable+0xd5/0x350 net/core/sock.c:2724
 unix_dgram_sendmsg+0xa7e/0x13e0 net/unix/af_unix.c:1824
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:661
 ___sys_sendmsg+0x647/0x950 net/socket.c:2225
 __sys_sendmsg+0xd9/0x180 net/socket.c:2263
 __do_sys_sendmsg net/socket.c:2272 [inline]
 __se_sys_sendmsg net/socket.c:2270 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2270
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f58fc887eb0
Code: Bad RIP value.
RSP: 002b:00007ffd578bafd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f58fc887eb0
RDX: 0000000000004000 RSI: 00007ffd578bb030 RDI: 000000000000000d
RBP: 00007ffd578bb030 R08: 0000000000000000 R09: 000000000000000d
R10: 00007ffd578bb0c0 R11: 0000000000000293 R12: 0000000000004000
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd578bb030
syz-execprog    R  running task    24904  8456   8435 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_irq+0xb9/0x140 kernel/sched/core.c:3744
 retint_kernel+0x1b/0x2d
RIP: 0010:__lock_task_sighand+0x0/0x210 kernel/signal.c:1342
Code: a6 d0 54 00 e9 55 ff ff ff e8 7c d0 54 00 eb 97 e8 95 d0 54 00 eb b2 e8 8e d0 54 00 e9 db fe ff ff 66 0f 1f 84 00 00 00 00 00 <55> 48 89 e5 41 57 49 89 f7 41 56 41 55 49 89 fd 41 54 53 48 83 ec
RSP: 0018:ffff8880a9dcfcb0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
RAX: 0000000000000000 RBX: 1ffff110153b9f98 RCX: 0000000000000001
RDX: ffff8880abce0100 RSI: ffff8880a9dcfce0 RDI: ffff8880abce0100
RBP: ffff8880a9dcfd48 R08: 0000000000000000 R09: ffffed1017464552
R10: ffffed1017464552 R11: ffff8880ba322a93 R12: ffff8880abce0100
R13: dffffc0000000000 R14: 0000000000000009 R15: ffff8880a9dcfe08
 group_send_sig_info+0xbf/0x120 kernel/signal.c:1385
 kill_pid_info+0x8a/0x140 kernel/signal.c:1419
 kill_something_info kernel/signal.c:1503 [inline]
 __do_sys_kill kernel/signal.c:3297 [inline]
 __se_sys_kill+0x3a4/0x500 kernel/signal.c:3286
 __x64_sys_kill+0x4f/0x70 kernel/signal.c:3286
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4acdf6
Code: Bad RIP value.
RSP: 002b:000000c000677698 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004acdf6
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000002115
RBP: 000000c0006776d8 R08: 000000c00012a5a0 R09: 000000c00012a5a0
R10: 0000000000000000 R11: 0000000000000206 R12: 000000c000677768
R13: 000000c000677778 R14: 0000000000000000 R15: 0000000000000000
syz-execprog    R  running task    24968  8441   8435 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_common+0x1f/0xe0 kernel/sched/core.c:3641
 preempt_schedule+0x4d/0x60 kernel/sched/core.c:3667
 ___preempt_schedule+0x16/0x18
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xbb/0xd0 kernel/locking/spinlock.c:184
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 unlock_task_sighand include/linux/sched/signal.h:677 [inline]
 do_send_sig_info+0xc6/0x120 kernel/signal.c:1269
 group_send_sig_info+0xbf/0x120 kernel/signal.c:1385
 kill_pid_info+0x8a/0x140 kernel/signal.c:1419
 kill_something_info kernel/signal.c:1503 [inline]
 __do_sys_kill kernel/signal.c:3297 [inline]
 __se_sys_kill+0x3a4/0x500 kernel/signal.c:3286
 __x64_sys_kill+0x4f/0x70 kernel/signal.c:3286
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4acdf6
Code: Bad RIP value.
RSP: 002b:000000c000676e98 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004acdf6
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 000000000000210c
RBP: 000000c000676ed8 R08: 000000c000341c20 R09: 000000c000341c20
R10: 0000000000000000 R11: 0000000000000206 R12: 000000c000676f68
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
systemd-timesyn R  running task    25656  6147      1 0x00000100
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_common+0x1f/0xe0 kernel/sched/core.c:3641
 preempt_schedule+0x4d/0x60 kernel/sched/core.c:3667
 ___preempt_schedule+0x16/0x18
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xbb/0xd0 kernel/locking/spinlock.c:184
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 __wake_up_common_lock+0xec/0x180 kernel/sched/wait.c:122
 __wake_up_sync_key+0x19/0x20 kernel/sched/wait.c:199
 sock_def_readable+0xd5/0x350 net/core/sock.c:2724
 unix_dgram_sendmsg+0xa7e/0x13e0 net/unix/af_unix.c:1824
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:661
 ___sys_sendmsg+0x647/0x950 net/socket.c:2225
 __sys_sendmsg+0xd9/0x180 net/socket.c:2263
 __do_sys_sendmsg net/socket.c:2272 [inline]
 __se_sys_sendmsg net/socket.c:2270 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2270
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f58fc887eb0
Code: Bad RIP value.
RSP: 002b:00007ffd578bafd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f58fc887eb0
RDX: 0000000000004000 RSI: 00007ffd578bb030 RDI: 000000000000000d
RBP: 00007ffd578bb030 R08: 0000000000000000 R09: 000000000000000d
R10: 00007ffd578bb0c0 R11: 0000000000000293 R12: 0000000000004000
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd578bb030
rcu: rcu_preempt kthread starved for 9070 jiffies! g7177 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt     I29016    10      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x80c/0x1f70 kernel/sched/core.c:3517
 preempt_schedule_irq+0xb9/0x140 kernel/sched/core.c:3744
 retint_kernel+0x1b/0x2d
RIP: 0010:memset_erms+0xb/0x10 arch/x86/lib/memset_64.S:67
Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
RSP: 0018:ffff8880b59bf728 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
RAX: ffffed1016b37f00 RBX: ffff8880b59bf7a8 RCX: 0000000000000000
RDX: 0000000000000060 RSI: 0000000000000000 RDI: ffff8880b59bf808
RBP: ffff8880b59bf748 R08: ffffed1016b37f01 R09: ffff8880b59bf7a8
R10: ffffed1016b37f00 R11: ffff8880b59bf807 R12: 0000000000000060
R13: 0000000000000000 R14: ffff8880b59aa280 R15: ffff8880b59bf7a8
 memset include/linux/string.h:362 [inline]
 __unwind_start+0x29/0x400 arch/x86/kernel/unwind_frame.c:393
 unwind_start arch/x86/include/asm/unwind.h:60 [inline]
 __save_stack_trace+0x5c/0x100 arch/x86/kernel/stacktrace.c:43
 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc.part.1+0x62/0xf0 mm/kasan/kasan.c:553
 kasan_kmalloc+0xaf/0xc0 mm/kasan/kasan.c:538
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
 kmem_cache_alloc+0x12e/0x390 mm/slab.c:3559
 kmem_cache_zalloc include/linux/slab.h:699 [inline]
 fill_pool lib/debugobjects.c:134 [inline]
 __debug_object_init+0x77f/0xc00 lib/debugobjects.c:379
 debug_object_init_on_stack+0x19/0x20 lib/debugobjects.c:446
 init_timer_on_stack_key+0x28/0xe0 kernel/time/timer.c:746
 schedule_timeout+0xf5/0xd20 kernel/time/timer.c:1816
 rcu_gp_kthread+0xd2b/0x23e0 kernel/rcu/tree.c:2202
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
sched: RT throttling activated
systemd[1]: systemd-udevd.service: Watchdog timeout (limit 3min)!
systemd[1]: systemd-udevd.service: Killing process 4702 (systemd-udevd) with signal SIGABRT.
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT
systemd[1]: systemd-journald.service: Unit entered failed state.
systemd[1]: systemd-journald.service: Failed with result 'watchdog'.
systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart.
systemd[1]: Stopped Flush Journal to Persistent Storage.
systemd[1]: Stopping Flush Journal to Persistent Storage...
systemd[1]: Stopped Journal Service.
systemd[1]: Starting Journal Service...
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
ieee802154 phy1 wpan1: encryption failed: -22
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
systemd-journald[10215]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing.
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
Bluetooth: hci0: command 0x0409 tx timeout
Bluetooth: hci4: command 0x0409 tx timeout
Bluetooth: hci2: command 0x0409 tx timeout
Bluetooth: hci5: command 0x0409 tx timeout
Bluetooth: hci1: command 0x0409 tx timeout
Bluetooth: hci3: command 0x0409 tx timeout
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
chnl_net:caif_netlink_parms(): no params data found
chnl_net:caif_netlink_parms(): no params data found
chnl_net:caif_netlink_parms(): no params data found
chnl_net:caif_netlink_parms(): no params data found
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode