Re: [syzbot] [kernel?] WARNING in hrtimer_forward (4)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Juri Lelli <juri.lelli@redhat.com>
Cc: Shrikanth Hegde <sshegde@linux.ibm.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	syzbot <syzbot+8b3a2e23253b50098164@syzkaller.appspotmail.com>,
	anna-maria@linutronix.de, frederic@kernel.org,
	linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	Juri Lelli <jlelli@redhat.com>
Subject: Re: [syzbot] [kernel?] WARNING in hrtimer_forward (4)
Date: Tue, 21 Oct 2025 14:35:34 +0200	[thread overview]
Message-ID: <20251021123534.GU3419281@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <aPd6A7Gj3lg-EDzq@jlelli-thinkpadt14gen4.remote.csb>

On Tue, Oct 21, 2025 at 02:18:11PM +0200, Juri Lelli wrote:
> On 21/10/25 10:12, Shrikanth Hegde wrote:
> > 
> > 
> > On 9/11/25 2:45 PM, Juri Lelli wrote:
> > > On 10/09/25 22:07, Thomas Gleixner wrote:
> > > > On Fri, Aug 29 2025 at 19:00, syzbot wrote:
> > > > 
> > > > > HEAD commit:    b6add54ba618 Merge tag 'pinctrl-v6.17-2' of git://git.kern..
> > > > > git tree:       upstream
> > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=1130eef0580000
> > > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=e1e1566c7726877e
> > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=8b3a2e23253b50098164
> > > > > compiler:       Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
> > > > > 
> > > > > Unfortunately, I don't have any reproducer for this issue yet.
> > > > > 
> > > > > Downloadable assets:
> > > > > disk image: https://storage.googleapis.com/syzbot-assets/102656909b6f/disk-b6add54b.raw.xz
> > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/fa30d1d80a47/vmlinux-b6add54b.xz
> > > > > kernel image: https://storage.googleapis.com/syzbot-assets/c25ee8abf30a/bzImage-b6add54b.xz
> > > > > 
> > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > > > Reported-by: syzbot+8b3a2e23253b50098164@syzkaller.appspotmail.com
> > > > > 
> > > > > ------------[ cut here ]------------
> > > > > WARNING: CPU: 1 PID: 1186 at kernel/time/hrtimer.c:1052 hrtimer_forward+0x1d6/0x2b0 kernel/time/hrtimer.c:1052
> > > > > Modules linked in:
> > > > > CPU: 1 UID: 0 PID: 1186 Comm: irq/33-virtio1- Not tainted syzkaller #0 PREEMPT_{RT,(full)}
> > > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
> > > > > RIP: 0010:hrtimer_forward+0x1d6/0x2b0 kernel/time/hrtimer.c:1052
> > > > 
> > > > It compains that the timer is enqueued when it is attempted to be forwarded
> > > > 
> > > > > Code: 4c 89 33 48 8b 04 24 eb 07 e8 86 34 12 00 31 c0 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 01 d8 4d 09 cc e8 6b 34 12 00 90 <0f> 0b 90 eb df 48 89 e8 4c 09 f8 48 c1 e8 20 74 0a 48 89 e8 31 d2
> > > > > RSP: 0018:ffffc90000a78bd0 EFLAGS: 00010006
> > > > > RAX: ffffffff81ac27e5 RBX: ffff8880b883b508 RCX: ffff888026c19dc0
> > > > > RDX: 0000000000000100 RSI: 0000000000010000 RDI: 0000000000010100
> > > > > RBP: 000000000009d057 R08: 0000000000010000 R09: 0000000000010100
> > > > > R10: dffffc0000000000 R11: ffffffff8167a890 R12: ffff8880b883b520
> > > > > R13: 0000000000184487 R14: 1ffff110171076a4 R15: 0000000000000001
> > > > > FS:  0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000
> > > > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > > CR2: 00007f95323cbf98 CR3: 0000000064088000 CR4: 00000000003526f0
> > > > > Call Trace:
> > > > >   <IRQ>
> > > > >   hrtimer_forward_now include/linux/hrtimer.h:366 [inline]
> > > > >   dl_server_timer kernel/sched/deadline.c:1193 [inline]
> > > > 
> > > > which is strange as this is with the timer callback itself, so it
> > > > shouldn't be enqueued, unless there is a possiblilty to have:
> > > > 
> > > >     CPU0                       CPU1
> > > >     timer_expires()
> > > >        callback()              ????
> > > >          dl_task_timer()       rq_lock()
> > > >            rq_lock()             hrtimer_start()
> > > >                                rq_unlock()
> > > >             hrtimer_forward()
> > > > 
> > > > No idea whether that's possible, but that's the only sensible
> > > > explanation.
> > > 
> > > So, a dl_server_start() could be your ????, but it should see
> > > dl_server_active and just return if the dl_server callback is running.
> > > Unless a dl_server_stop() somehow interleaved as well and cleared it.
> > > 
> > 
> > isn't dl_server timer per CPU?
> 
> Indeed you have a point. Also dl-server timers handling has changed
> recently with several fixes from Peter.

Can still be a remote wakeup trying to start the timer.

Anyway, yeah, we've changed a bit around here, but we're still not quite
done -- there is that issue from Gabriel.

Also, every time I look at this code I get confused, so perhaps that
needs fixing too.

I'll poke at it some.

     prev parent reply	other threads:[~2025-10-21 17:19 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-30  2:00 [syzbot] [kernel?] WARNING in hrtimer_forward (4) syzbot
2025-09-10 20:07 ` Thomas Gleixner
2025-09-11  9:15   ` Juri Lelli
2025-10-21  4:42     ` Shrikanth Hegde
2025-10-21 12:18       ` Juri Lelli
2025-10-21 12:35         ` Peter Zijlstra [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251021123534.GU3419281@noisy.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=anna-maria@linutronix.de \
    --cc=frederic@kernel.org \
    --cc=jlelli@redhat.com \
    --cc=juri.lelli@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sshegde@linux.ibm.com \
    --cc=syzbot+8b3a2e23253b50098164@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.