bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217 building syzkaller on 4a77ae0bdc5cd75ebe88ce7c896aae6bbf457a29 testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.4.1 20210217 kernel signature: ccb491339ac71f9ef26c6ce988f5eb91e0f248593837e9ffb16001aca6467fc8 all runs: crashed: INFO: task hung in __sync_dirty_buffer testing current HEAD 2965db2e004cf9c92b87c1f559e9812c0ae878c1 testing commit 2965db2e004cf9c92b87c1f559e9812c0ae878c1 with gcc (GCC) 8.4.1 20210217 kernel signature: 0233022bed1c184649f732b142dff9f0f0db0c8011c0ad881ded066084ea479c all runs: crashed: INFO: task hung in __sync_dirty_buffer revisions tested: 2, total time: 32m3.699850777s (build: 17m34.94712087s, test: 14m4.412912956s) the crash still happens on HEAD commit msg: Linux 4.19.188 crash: INFO: task hung in __sync_dirty_buffer Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout INFO: task syz-executor.5:7352 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D25480 7352 5912 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007f8d6cf25188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffc095499cf R14: 00007f8d6cf25300 R15: 0000000000022000 INFO: task syz-executor.3:7384 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D25656 7384 5908 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007fba3a25b188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffff9c06b9f R14: 00007fba3a25b300 R15: 0000000000022000 INFO: task syz-executor.2:7423 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D25656 7423 5907 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007f4a10169188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffecebe0f5f R14: 00007f4a10169300 R15: 0000000000022000 INFO: task syz-executor.1:7429 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D25656 7429 5915 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007fe296405188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffe9444d7bf R14: 00007fe296405300 R15: 0000000000022000 INFO: task syz-executor.0:7426 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D25656 7426 5914 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007fb5d14b0188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffe3454821f R14: 00007fb5d14b0300 R15: 0000000000022000 INFO: task syz-executor.4:7432 blocked for more than 140 seconds. Not tainted 4.19.188-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D25656 7432 5910 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 io_schedule+0x1c/0x70 kernel/sched/core.c:5181 bit_wait_io+0xf/0x90 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0xbb/0x160 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0xde/0x110 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x3c/0x40 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:374 [inline] __sync_dirty_buffer+0x180/0x1f0 fs/buffer.c:3178 sync_dirty_buffer+0xe/0x10 fs/buffer.c:3204 __ext4_handle_dirty_metadata+0x17a/0x520 fs/ext4/ext4_jbd2.c:300 ext4_convert_inline_data_nolock+0x4f8/0xc40 fs/ext4/inline.c:1240 ext4_convert_inline_data+0x299/0x3c0 fs/ext4/inline.c:2027 ext4_fallocate+0xdb/0x1920 fs/ext4/extents.c:4956 vfs_fallocate+0x2b5/0x7c0 fs/open.c:308 ksys_fallocate+0x3c/0x80 fs/open.c:331 __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0x92/0xf0 fs/open.c:337 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465849 Code: Bad RIP value. RSP: 002b:00007f7244de2188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465849 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffe0 R11: 0000000000000246 R12: 000000000055bf00 R13: 00007ffc19a1d94f R14: 00007f7244de2300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1098: #0: 00000000f80b385c (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442 1 lock held by in:imklog/5584: #0: 000000002d3dd2d2 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 4 locks held by kworker/u4:6/5755: 2 locks held by syz-executor.5/7352: #0: 000000007f90dafd (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 000000007f90dafd (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 000000005d0c2c76 (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 000000005d0c2c76 (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 2 locks held by syz-executor.3/7384: #0: 00000000abdfe492 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 00000000abdfe492 (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 000000003c5341ae (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 000000003c5341ae (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 2 locks held by syz-executor.2/7423: #0: 00000000261e352d (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 00000000261e352d (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 00000000f690b793 (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 00000000f690b793 (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 2 locks held by syz-executor.1/7429: #0: 0000000051962f5d (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 0000000051962f5d (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 000000001e37df4e (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 000000001e37df4e (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 2 locks held by syz-executor.0/7426: #0: 00000000e0439387 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 00000000e0439387 (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 00000000a0e624d4 (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 00000000a0e624d4 (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 2 locks held by syz-executor.4/7432: #0: 00000000413475ac (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 00000000413475ac (sb_writers#3){.+.+}, at: vfs_fallocate+0x4df/0x7c0 fs/open.c:307 #1: 0000000059b6cbea (&ei->xattr_sem){++++}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #1: 0000000059b6cbea (&ei->xattr_sem){++++}, at: ext4_convert_inline_data+0x1dc/0x3c0 fs/ext4/inline.c:2025 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1098 Comm: khungtaskd Not tainted 4.19.188-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xf5/0x120 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 10 Comm: rcu_preempt Not tainted 4.19.188-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__lock_acquire+0x538/0x47c0 kernel/locking/lockdep.c:3365 Code: e0 01 83 e1 03 c1 e0 02 45 88 6a 21 41 83 e7 f8 41 09 cf 41 09 c7 41 83 e7 f7 45 09 e7 45 88 7a 22 0f b7 55 20 41 0f b7 42 22 e2 04 83 e0 0f 09 d0 48 89 fa 66 41 89 42 22 48 c1 ea 03 48 b8 RSP: 0018:ffff8881f52df930 EFLAGS: 00000006 RAX: 000000000000000c RBX: 0000000000000002 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8881f52c6b08 RDI: ffff8881f52c6b2c RBP: ffff8881f52dfb18 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8881f52c6b08 R11: ffff8881f52c6af4 R12: 0000000000000008 R13: 0000000000000000 R14: ffff8881f52c6280 R15: 000000000000000c FS: 0000000000000000(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2df5e1a000 CR3: 000000000866d001 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x180/0x3a0 kernel/locking/lockdep.c:3907 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x99/0xd0 kernel/locking/spinlock.c:152 __free_object+0x1a/0x1f0 lib/debugobjects.c:251 free_object lib/debugobjects.c:272 [inline] debug_object_free lib/debugobjects.c:652 [inline] debug_object_free+0x235/0x3e0 lib/debugobjects.c:624 destroy_timer_on_stack kernel/time/timer.c:753 [inline] schedule_timeout+0x3af/0xd20 kernel/time/timer.c:1822 rcu_gp_kthread+0xd2b/0x23e0 kernel/rcu/tree.c:2202 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415