All of lore.kernel.org
 help / color / mirror / Atom feed
* WARNING in delayed_work_timer_fn
@ 2026-06-26 21:27 sanan.hasanou
  0 siblings, 0 replies; only message in thread
From: sanan.hasanou @ 2026-06-26 21:27 UTC (permalink / raw)
  To: tj, jiangshanlai, linux-kernel; +Cc: syzkaller, contact

Good day, dear maintainers,

We found a bug using a modified version of syzkaller.

Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1zJHAs5GUroGFBkxAlzfDaWAd_NVPZTfJ>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!

Best regards,
Sanan Hasanov

------------[ cut here ]------------
workqueue: cannot queue hci_conn_timeout on wq hci4
WARNING: kernel/workqueue.c:2271 at __queue_work+0xd2b/0xff0 kernel/workqueue.c:2269, CPU#1: pool_workqueue_/3
Modules linked in:
CPU: 1 UID: 0 PID: 3 Comm: pool_workqueue_ Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__queue_work+0xd57/0xff0 kernel/workqueue.c:2269
Code: c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 db 15 a0 00 49 8b 75 00 48 8b 55 a8 48 81 c2 78 01 00 00 4c 89 f7 <67> 48 0f b9 3a e9 f3 fe ff ff e8 4a cd 36 00 48 8d 3d 43 9a 06 0e
RSP: 0018:ffffc900001f8bb0 EFLAGS: 00010086
RAX: 1ffff1100341314b RBX: 0000000000000100 RCX: ffff8880192f1d00
RDX: ffff88805f5fd978 RSI: ffffffff8a67ba00 RDI: ffffffff8f90ef60
RBP: ffffc900001f8c40 R08: ffffffff8f8dfdb7 R09: 1ffffffff1f1bfb6
R10: dffffc0000000000 R11: fffffbfff1f1bfb7 R12: dffffc0000000000
R13: ffff88801a098a58 R14: ffffffff8f90ef60 R15: 0000000000000008
FS:  0000000000000000(0000) GS:ffff8880ef136000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005646cf5e23c0 CR3: 0000000060a4c000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 delayed_work_timer_fn+0x65/0x90 kernel/workqueue.c:2500
 call_timer_fn+0x167/0x640 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1794 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x641/0x860 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xc0/0x180 kernel/time/timer.c:2404
 handle_softirqs+0x226/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x64/0x150 kernel/softirq.c:723
 irq_exit_rcu+0xd/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697
RIP: 0010:preempt_schedule_irq+0x4c/0xa0 kernel/sched/core.c:7234
Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 54 bf 01 00 00 00 e8 5f df 27 f6 e8 1a 9b 60 f6 fb bf 01 00 00 00 <e8> 4f a7 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 e0 9c 60 f6 bf 01
RSP: 0018:ffffc9000014fb28 EFLAGS: 00000202
RAX: 00000000000ca7b5 RBX: ffffc9000014fbd8 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8d71009e RDI: 0000000000000001
RBP: ffffc9000014fb38 R08: ffffffff8f8dfdb7 R09: 1ffffffff1f1bfb6
R10: dffffc0000000000 R11: fffffbfff1f1bfb7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
 raw_irqentry_exit_cond_resched+0x48/0x50 kernel/entry/common.c:196
 irqentry_exit+0x155/0x610 kernel/entry/common.c:239
 sysvec_reschedule_ipi+0xae/0xc0 arch/x86/kernel/smp.c:248
 asm_sysvec_reschedule_ipi+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockdep_unregister_key+0x2d2/0x350 kernel/locking/lockdep.c:6616
Code: 0b fe ff ff 89 c6 48 c7 c7 10 ea d6 92 e8 a6 c6 cb 09 90 e9 66 fe ff ff e8 2b 32 c9 09 41 f7 c4 00 02 00 00 74 bc fb 45 84 ff <75> bb eb cc 90 0f 0b 90 e9 2b ff ff ff 90 0f 0b 90 e9 38 ff ff ff
RSP: 0018:ffffc9000014fc80 EFLAGS: 00000246
RAX: 0000000000000046 RBX: ffff888026d8b138 RCX: 0000000000000046
RDX: ffffffff90926578 RSI: ffffffff8d723c2c RDI: ffffffff8be59a80
RBP: ffffc9000014fcc0 R08: 0000000000000000 R09: ffffffff8df5b3e0
R10: ffffffff81ab1668 R11: fffffbfff1f1bfb7 R12: 0000000000000a47
R13: 0000000000001000 R14: ffff888026d8b139 R15: ffffffff90d26500
 wq_unregister_lockdep kernel/workqueue.c:4902 [inline]
 pwq_release_workfn+0x6e9/0x870 kernel/workqueue.c:5198
 kthread_worker_fn+0x4fb/0xbe0 kernel/kthread.c:1056
 kthread+0x37d/0x470 kernel/kthread.c:467
 ret_from_fork+0x507/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	18 4c 89 e8          	sbb    %cl,-0x18(%rcx,%rcx,4)
   4:	48 c1 e8 03          	shr    $0x3,%rax
   8:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   d:	74 08                	je     0x17
   f:	4c 89 ef             	mov    %r13,%rdi
  12:	e8 db 15 a0 00       	call   0xa015f2
  17:	49 8b 75 00          	mov    0x0(%r13),%rsi
  1b:	48 8b 55 a8          	mov    -0x58(%rbp),%rdx
  1f:	48 81 c2 78 01 00 00 	add    $0x178,%rdx
  26:	4c 89 f7             	mov    %r14,%rdi
* 29:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2e:	e9 f3 fe ff ff       	jmp    0xffffff26
  33:	e8 4a cd 36 00       	call   0x36cd82
  38:	48 8d 3d 43 9a 06 0e 	lea    0xe069a43(%rip),%rdi        # 0xe069a82

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

 kthread_worker_fn+0x4fb/0xbe0
 kthread+0x37d/0x470
 ret_from_fork+0x507/0xb90
 ret_from_fork_asm+0x11/0x20
 </TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 UID: 0 PID: 3 Comm: pool_workqueue_ Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack+0x21/0x30
 dump_stack_lvl+0x2b/0x150
 dump_stack+0x19/0x20
 vpanic+0x53e/0xa20
 panic+0xb9/0xc0
 __warn+0x320/0x500
 __report_bug+0x28d/0x500
 report_bug_entry+0x1a5/0x290
 handle_bug+0xce/0x200
 exc_invalid_op+0x1f/0x50
 asm_exc_invalid_op+0x1f/0x30
RIP: 0010:__queue_work+0xd57/0xff0
Code: c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 db 15 a0 00 49 8b 75 00 48 8b 55 a8 48 81 c2 78 01 00 00 4c 89 f7 <67> 48 0f b9 3a e9 f3 fe ff ff e8 4a cd 36 00 48 8d 3d 43 9a 06 0e
RSP: 0018:ffffc900001f8bb0 EFLAGS: 00010086
RAX: 1ffff1100341314b RBX: 0000000000000100 RCX: ffff8880192f1d00
RDX: ffff88805f5fd978 RSI: ffffffff8a67ba00 RDI: ffffffff8f90ef60
RBP: ffffc900001f8c40 R08: ffffffff8f8dfdb7 R09: 1ffffffff1f1bfb6
R10: dffffc0000000000 R11: fffffbfff1f1bfb7 R12: dffffc0000000000
R13: ffff88801a098a58 R14: ffffffff8f90ef60 R15: 0000000000000008
 delayed_work_timer_fn+0x65/0x90
 call_timer_fn+0x167/0x640
 __run_timer_base+0x641/0x860
 run_timer_softirq+0xc0/0x180
 handle_softirqs+0x226/0x870
 __irq_exit_rcu+0x64/0x150
 irq_exit_rcu+0xd/0x30
 sysvec_apic_timer_interrupt+0x9b/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1f/0x30
RIP: 0010:preempt_schedule_irq+0x4c/0xa0
Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 54 bf 01 00 00 00 e8 5f df 27 f6 e8 1a 9b 60 f6 fb bf 01 00 00 00 <e8> 4f a7 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 e0 9c 60 f6 bf 01
RSP: 0018:ffffc9000014fb28 EFLAGS: 00000202
RAX: 00000000000ca7b5 RBX: ffffc9000014fbd8 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8d71009e RDI: 0000000000000001
RBP: ffffc9000014fb38 R08: ffffffff8f8dfdb7 R09: 1ffffffff1f1bfb6
R10: dffffc0000000000 R11: fffffbfff1f1bfb7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
 raw_irqentry_exit_cond_resched+0x48/0x50
 irqentry_exit+0x155/0x610
 sysvec_reschedule_ipi+0xae/0xc0
 asm_sysvec_reschedule_ipi+0x1f/0x30
RIP: 0010:lockdep_unregister_key+0x2d2/0x350
Code: 0b fe ff ff 89 c6 48 c7 c7 10 ea d6 92 e8 a6 c6 cb 09 90 e9 66 fe ff ff e8 2b 32 c9 09 41 f7 c4 00 02 00 00 74 bc fb 45 84 ff <75> bb eb cc 90 0f 0b 90 e9 2b ff ff ff 90 0f 0b 90 e9 38 ff ff ff
RSP: 0018:ffffc9000014fc80 EFLAGS: 00000246
RAX: 0000000000000046 RBX: ffff888026d8b138 RCX: 0000000000000046
RDX: ffffffff90926578 RSI: ffffffff8d723c2c RDI: ffffffff8be59a80
RBP: ffffc9000014fcc0 R08: 0000000000000000 R09: ffffffff8df5b3e0
R10: ffffffff81ab1668 R11: fffffbfff1f1bfb7 R12: 0000000000000a47
R13: 0000000000001000 R14: ffff888026d8b139 R15: ffffffff90d26500
 pwq_release_workfn+0x6e9/0x870
 kthread_worker_fn+0x4fb/0xbe0
 kthread+0x37d/0x470
 ret_from_fork+0x507/0xb90
 ret_from_fork_asm+0x11/0x20
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2026-06-26 21:27 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-26 21:27 WARNING in delayed_work_timer_fn sanan.hasanou

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.