bisecting fixing commit since f4cc0ed9b2c72687303b035379c5824a02224354 building syzkaller on 7509bf360eba1461ac6059e4cacfbc29c9d2d4c7 testing commit f4cc0ed9b2c72687303b035379c5824a02224354 with gcc (GCC) 8.1.0 kernel signature: a6369433e394e5456bfba5a10a8cbbed1168f40c run #0: crashed: INFO: rcu detected stall in ext4_file_write_iter run #1: crashed: INFO: rcu detected stall in ext4_file_write_iter run #2: crashed: INFO: rcu detected stall in sendfile64 run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in sendfile64 run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in sendfile64 run #7: crashed: INFO: rcu detected stall in sendfile64 run #8: crashed: INFO: rcu detected stall in ext4_file_write_iter run #9: crashed: INFO: rcu detected stall in corrupted testing current HEAD fbc5fe7a54d02e11972e3b2a5ddb6ffc88162c8f testing commit fbc5fe7a54d02e11972e3b2a5ddb6ffc88162c8f with gcc (GCC) 8.1.0 kernel signature: c32d4453cdf8ca98cc32405e027cbef2099b247b run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in ext4_file_write_iter run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in sendfile64 run #9: crashed: INFO: rcu detected stall in corrupted revisions tested: 2, total time: 26m42.670648061s (build: 15m39.361554025s, test: 9m59.010777708s) the crash still happens on HEAD commit msg: Linux 4.14.157 crash: INFO: rcu detected stall in corrupted hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 8021q: adding VLAN 0 to HW filter on device batadv0 INFO: rcu_preempt detected stalls on CPUs/tasks: (detected by 1, t=10502 jiffies, g=1306, c=1305, q=356) All QSes seen, last rcu_preempt kthread activity 10501 (4294953962-4294943461), jiffies_till_next_fqs=1, root ->qsmask 0x0 INFO: rcu_sched detected stalls on CPUs/tasks: syz-executor.2 R running task 27000 6933 6870 0x00000000 1-...: (10499 ticks this GP) idle=31e/140000000000001/0 softirq=12059/12059 fqs=0 Call Trace: sched_show_task.cold.89+0x2e1/0x342 kernel/sched/core.c:5168 print_other_cpu_stall kernel/rcu/tree.c:1501 [inline] check_cpu_stall kernel/rcu/tree.c:1616 [inline] __rcu_pending kernel/rcu/tree.c:3390 [inline] rcu_pending kernel/rcu/tree.c:3452 [inline] rcu_check_callbacks.cold.77+0xc96/0xcfa kernel/rcu/tree.c:2792 update_process_times+0x2a/0x60 kernel/time/timer.c:1590 tick_sched_handle+0x7b/0x140 kernel/time/tick-sched.c:161 (detected by 0, t=10502 jiffies, g=681, c=680, q=0) tick_sched_timer+0x34/0xf0 kernel/time/tick-sched.c:1219 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6933 Comm: syz-executor.2 Not tainted 4.14.157-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88808c2c8100 task.stack: ffff8880a6818000 RIP: 0010:format_decode+0x298/0x870 lib/vsprintf.c:1980 RSP: 0018:ffff8880aef07748 EFLAGS: 00000046 RAX: ffffffff868be144 RBX: ffffffff868be144 RCX: 0000000000000003 RDX: 000000000000006c RSI: ffffffff868be144 RDI: ffffffff868be143 RBP: ffff8880aef077e0 R08: ffff8880aef077b8 R09: ffff8880aef0785f R10: ffffffff868be141 R11: ffffffff8933b360 R12: 1ffff11015de0eeb R13: ffffffff868be141 R14: ffff8880aef07858 R15: ffffffff868be143 FS: 00007f6c44e00700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000758080 CR3: 00000000865e0000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vsnprintf+0x140/0x1780 lib/vsprintf.c:2133 sprintf+0x95/0xb0 lib/vsprintf.c:2383 print_time kernel/printk/printk.c:1230 [inline] print_prefix+0x218/0x370 kernel/printk/printk.c:1253 msg_print_text+0x92/0x170 kernel/printk/printk.c:1280 console_unlock+0x323/0xe30 kernel/printk/printk.c:2374 vprintk_emit+0x1b4/0x4e0 kernel/printk/printk.c:1923 vprintk_default+0x1a/0x20 kernel/printk/printk.c:1963 vprintk_func+0x49/0x12c kernel/printk/printk_safe.c:401 printk+0x91/0xab kernel/printk/printk.c:1996 printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline] show_trace_log_lvl+0x22d/0x26b arch/x86/kernel/dumpstack.c:202 show_stack+0x38/0x3a arch/x86/kernel/dumpstack.c:237 sched_show_task.cold.89+0x2e1/0x342 kernel/sched/core.c:5168 print_other_cpu_stall kernel/rcu/tree.c:1501 [inline] check_cpu_stall kernel/rcu/tree.c:1616 [inline] __rcu_pending kernel/rcu/tree.c:3390 [inline] rcu_pending kernel/rcu/tree.c:3452 [inline] rcu_check_callbacks.cold.77+0xc96/0xcfa kernel/rcu/tree.c:2792 update_process_times+0x2a/0x60 kernel/time/timer.c:1590 tick_sched_handle+0x7b/0x140 kernel/time/tick-sched.c:161 tick_sched_timer+0x34/0xf0 kernel/time/tick-sched.c:1219 __run_hrtimer kernel/time/hrtimer.c:1220 [inline] __hrtimer_run_queues+0x297/0xaf0 kernel/time/hrtimer.c:1284 hrtimer_interrupt+0x1ae/0x600 kernel/time/hrtimer.c:1318 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline] smp_apic_timer_interrupt+0x11f/0x5d0 arch/x86/kernel/apic/apic.c:1100 apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:774 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:796 [inline] RIP: 0010:lock_is_held_type+0x74/0x210 kernel/locking/lockdep.c:4028 RSP: 0018:ffff8880a681f2b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff88808c2c8100 RCX: 0000000000000000 RDX: 1ffffffff0f22d28 RSI: 00000000ffffffff RDI: ffffffff87916940 RBP: ffff8880a681f2d8 R08: 0000000000000000 R09: ffffea0001b96b00 R10: ffff88809a1e9828 R11: ffff88809a1e9980 R12: 0000000000000000 R13: ffffffff87990d20 R14: 000000000000002e R15: ffffea0001b96b00 lock_is_held include/linux/lockdep.h:437 [inline] ___might_sleep+0x23b/0x2a0 kernel/sched/core.c:6005 __might_sleep+0x93/0xb0 kernel/sched/core.c:5993 ext4_journal_check_start+0x1d/0x1a0 fs/ext4/ext4_jbd2.c:46 __ext4_journal_start_sb+0x55/0x3b0 fs/ext4/ext4_jbd2.c:74 __ext4_journal_start fs/ext4/ext4_jbd2.h:314 [inline] ext4_dirty_inode+0x48/0x90 fs/ext4/inode.c:5921 __mark_inode_dirty+0x542/0xe80 fs/fs-writeback.c:2144 mark_inode_dirty include/linux/fs.h:2019 [inline] generic_write_end+0x162/0x220 fs/buffer.c:2218 ext4_da_write_end+0x2d6/0x9e0 fs/ext4/inode.c:3187 generic_perform_write+0x318/0x450 mm/filemap.c:3058 __generic_file_write_iter+0x201/0x580 mm/filemap.c:3172 ext4_file_write_iter+0x279/0xe70 fs/ext4/file.c:268 call_write_iter include/linux/fs.h:1777 [inline] do_iter_readv_writev+0x460/0x900 fs/read_write.c:675 do_iter_write+0x12b/0x520 fs/read_write.c:954 vfs_iter_write+0x5b/0xb0 fs/read_write.c:967 iter_file_splice_write+0x540/0xc20 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x104/0x1c0 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x750 fs/splice.c:973 do_splice_direct+0x144/0x250 fs/splice.c:1061 do_sendfile+0x463/0xd00 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1496 [inline] SyS_sendfile64+0x97/0x110 fs/read_write.c:1488 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459519 RSP: 002b:00007f6c44dffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459519 RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 00008080fffffffe R11: 0000000000000246 R12: 00007f6c44e006d4 R13: 00000000004c6af0 R14: 00000000004dbd68 R15: 00000000ffffffff Code: fc ff df 48 c1 e9 03 49 89 40 c0 48 89 c3 0f b6 14 11 4c 89 f9 83 e1 07 38 ca 7f 08 84 d2 0f 85 5a 05 00 00 48 89 c6 41 0f b6 17 <48> b9 00 00 00 00 00 fc ff df 48 c1 ee 03 0f b6 0c 0e 48 89 c6 rcu_sched kthread starved for 10502 jiffies! g681 c680 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=1 __run_hrtimer kernel/time/hrtimer.c:1220 [inline] __hrtimer_run_queues+0x297/0xaf0 kernel/time/hrtimer.c:1284 rcu_sched R running task 29832 9 2 0x80000000 Call Trace: hrtimer_interrupt+0x1ae/0x600 kernel/time/hrtimer.c:1318 context_switch kernel/sched/core.c:2808 [inline] __schedule+0x780/0x1d20 kernel/sched/core.c:3384 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline] smp_apic_timer_interrupt+0x11f/0x5d0 arch/x86/kernel/apic/apic.c:1100 apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792 schedule+0x7f/0x1b0 kernel/sched/core.c:3428 schedule_timeout+0x40c/0xcc0 kernel/time/timer.c:1746 RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:774 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:796 [inline] RIP: 0010:lock_is_held_type+0x74/0x210 kernel/locking/lockdep.c:4028 RSP: 0018:ffff8880a681f2b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff88808c2c8100 RCX: 0000000000000000 rcu_gp_kthread+0xbbf/0x1e00 kernel/rcu/tree.c:2255 RDX: 1ffffffff0f22d28 RSI: 00000000ffffffff RDI: ffffffff87916940 RBP: ffff8880a681f2d8 R08: 0000000000000000 R09: ffffea0001b96b00 kthread+0x338/0x400 kernel/kthread.c:232 R10: ffff88809a1e9828 R11: ffff88809a1e9980 R12: 0000000000000000 R13: ffffffff87990d20 R14: 000000000000002e R15: ffffea0001b96b00 lock_is_held include/linux/lockdep.h:437 [inline] ___might_sleep+0x23b/0x2a0 kernel/sched/core.c:6005 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 __might_sleep+0x93/0xb0 kernel/sched/core.c:5993 ext4_journal_check_start+0x1d/0x1a0 fs/ext4/ext4_jbd2.c:46 __ext4_journal_start_sb+0x55/0x3b0 fs/ext4/ext4_jbd2.c:74 __ext4_journal_start fs/ext4/ext4_jbd2.h:314 [inline] ext4_dirty_inode+0x48/0x90 fs/ext4/inode.c:5921 __mark_inode_dirty+0x542/0xe80 fs/fs-writeback.c:2144 mark_inode_dirty include/linux/fs.h:2019 [inline] generic_write_end+0x162/0x220 fs/buffer.c:2218 ext4_da_write_end+0x2d6/0x9e0 fs/ext4/inode.c:3187 generic_perform_write+0x318/0x450 mm/filemap.c:3058 __generic_file_write_iter+0x201/0x580 mm/filemap.c:3172 ext4_file_write_iter+0x279/0xe70 fs/ext4/file.c:268 call_write_iter include/linux/fs.h:1777 [inline] do_iter_readv_writev+0x460/0x900 fs/read_write.c:675 do_iter_write+0x12b/0x520 fs/read_write.c:954 vfs_iter_write+0x5b/0xb0 fs/read_write.c:967 iter_file_splice_write+0x540/0xc20 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x104/0x1c0 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x750 fs/splice.c:973 do_splice_direct+0x144/0x250 fs/splice.c:1061 do_sendfile+0x463/0xd00 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1496 [inline] SyS_sendfile64+0x97/0x110 fs/read_write.c:1488 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459519 RSP: 002b:00007f6c44dffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459519 RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 00008080fffffffe R11: 0000000000000246 R12: 00007f6c44e006d4 R13: 00000000004c6af0 R14: 00000000004dbd68 R15: 00000000ffffffff rcu_preempt kthread starved for 10620 jiffies! g1306 c1305 f0x2 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=1 rcu_preempt R running task 29832 8 2 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x780/0x1d20 kernel/sched/core.c:3384 schedule+0x7f/0x1b0 kernel/sched/core.c:3428 schedule_timeout+0x40c/0xcc0 kernel/time/timer.c:1746 rcu_gp_kthread+0xbbf/0x1e00 kernel/rcu/tree.c:2255 kthread+0x338/0x400 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404