From: syzbot <syzbot+879882be5b42e60d4d98@syzkaller.appspotmail.com>
To: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
mingo@redhat.com, pbonzini@redhat.com,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org
Subject: [syzbot] INFO: rcu detected stall in dummy_timer (4)
Date: Fri, 08 Jul 2022 20:52:27 -0700 [thread overview]
Message-ID: <0000000000004d1b5605e3573f8e@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: c1084b6c5620 Merge tag 'soc-fixes-5.19-2' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=127615f4080000
kernel config: https://syzkaller.appspot.com/x/.config?x=f3bf7765b1ebd721
dashboard link: https://syzkaller.appspot.com/bug?extid=879882be5b42e60d4d98
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ef6948080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c44524080000
Bisection is inconclusive: the issue happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16a1bf04080000
final oops: https://syzkaller.appspot.com/x/report.txt?x=15a1bf04080000
console output: https://syzkaller.appspot.com/x/log.txt?x=11a1bf04080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+879882be5b42e60d4d98@syzkaller.appspotmail.com
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 1-...!: (1 GPs behind) idle=a7b/1/0x4000000000000000 softirq=26067/26069 fqs=3
(t=10500 jiffies g=29121 q=209 ncpus=2)
rcu: rcu_preempt kthread starved for 10494 jiffies! g29121 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:26424 pid: 16 ppid: 2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5146 [inline]
__schedule+0x957/0xe20 kernel/sched/core.c:6458
schedule+0xeb/0x1b0 kernel/sched/core.c:6530
schedule_timeout+0x1b9/0x300 kernel/time/timer.c:1935
rcu_gp_fqs_loop+0x2b9/0xfb0 kernel/rcu/tree.c:1999
rcu_gp_kthread+0xa5/0x360 kernel/rcu/tree.c:2187
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4628 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
RIP: 0010:arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
RIP: 0010:kvm_wait+0x1b0/0x1f0 arch/x86/kernel/kvm.c:1067
Code: 4c 89 e0 48 c1 e8 03 42 8a 04 28 84 c0 75 41 45 8a 34 24 e8 12 05 53 00 44 3a 74 24 1c 75 10 66 90 0f 00 2d f2 05 4f 09 fb f4 <e9> cc fe ff ff fb e9 c6 fe ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 57
RSP: 0018:ffffc9000475f960 EFLAGS: 00000246
RAX: c1a516943b300f00 RBX: 1ffff920008ebf30 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: ffffffff8ae99700
RBP: ffffc9000475fa30 R08: dffffc0000000000 R09: fffffbfff1fa9204
R10: fffffbfff1fa9204 R11: 1ffffffff1fa9203 R12: ffff888144f9ea10
R13: dffffc0000000000 R14: 1ffff920008ebf03 R15: ffffc9000475f9a0
FS: 00005555558e1300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f88c0e041f0 CR3: 0000000018135000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
pv_wait arch/x86/include/asm/paravirt.h:603 [inline]
pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
__pv_queued_spin_lock_slowpath+0x70d/0xc60 kernel/locking/qspinlock.c:511
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x264/0x360 kernel/locking/spinlock_debug.c:115
spin_lock include/linux/spinlock.h:349 [inline]
kset_find_obj+0x2e/0x110 lib/kobject.c:881
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.011 msecs
NMI backtrace for cpu 1
CPU: 1 PID: 4627 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x473/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x168/0x280 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x236/0x3a0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:667 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:751 [inline]
rcu_pending kernel/rcu/tree.c:3977 [inline]
rcu_sched_clock_irq+0xfee/0x19d0 kernel/rcu/tree.c:2675
update_process_times+0x148/0x1b0 kernel/time/timer.c:1839
tick_sched_handle kernel/time/tick-sched.c:243 [inline]
tick_sched_timer+0x377/0x540 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x4cb/0xa60 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x3a6/0xfd0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0xf9/0x280 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x3e/0xb0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 72 31 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c7 cd 27 f7 65 8b 05 c8 37 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc900001e07e0 EFLAGS: 00000206
RAX: d93f2df2dd9f9600 RBX: 1ffff9200003c100 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
RBP: ffffc900001e0870 R08: dffffc0000000000 R09: fffffbfff1fa921b
R10: fffffbfff1fa921b R11: 1ffffffff1fa921a R12: dffffc0000000000
R13: 1ffff9200003c0fc R14: ffffc900001e0800 R15: 0000000000000246
dummy_timer+0x301c/0x3110
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x382/0x793 kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:strcmp+0x39/0xa0 lib/string.c:347
Code: bf 00 00 00 00 00 fc ff df 31 db 66 0f 1f 44 00 00 49 8d 3c 1c 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 29 41 0f b6 2c 1c <49> 8d 3c 1e 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 20 41 3a
RSP: 0018:ffffc900044dfc10 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802065bb00
RDX: 0000000000000000 RSI: ffffffff8b478fc0 RDI: ffff888016e8bf50
RBP: 0000000000000073 R08: ffffffff846362b6 R09: fffff5200089bf78
R10: fffff5200089bf79 R11: 1ffff9200089bf78 R12: ffff888016e8bf50
R13: ffff8881458e3a80 R14: ffffffff8b478fc0 R15: dffffc0000000000
kset_find_obj+0x7b/0x110 lib/kobject.c:884
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
================================
WARNING: inconsistent lock state
5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor415/4627 [HC1[1]:SC1[1]:HE0:SE0] takes:
ffffffff8cbed438 (vmap_area_lock){?.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
ffffffff8cbed438 (vmap_area_lock){?.+.}-{2:2}, at: find_vmap_area+0x1d/0x120 mm/vmalloc.c:1805
{HARDIRQ-ON-W} state was registered at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
alloc_vmap_area+0x18bb/0x1ae0 mm/vmalloc.c:1586
__get_vm_area_node+0x18a/0x380 mm/vmalloc.c:2453
get_vm_area_caller+0x45/0x50 mm/vmalloc.c:2506
__ioremap_caller+0x510/0x920 arch/x86/mm/ioremap.c:280
acpi_os_ioremap include/acpi/acpi_io.h:13 [inline]
acpi_map drivers/acpi/osl.c:296 [inline]
acpi_os_map_iomem+0x226/0x4b0 drivers/acpi/osl.c:355
acpi_tb_acquire_table+0xf5/0x25d drivers/acpi/acpica/tbdata.c:142
acpi_tb_validate_table drivers/acpi/acpica/tbdata.c:317 [inline]
acpi_tb_validate_temp_table+0xa6/0x10b drivers/acpi/acpica/tbdata.c:400
acpi_tb_verify_temp_table+0x82/0x8ed drivers/acpi/acpica/tbdata.c:504
acpi_reallocate_root_table+0x328/0x584 drivers/acpi/acpica/tbxface.c:180
acpi_early_init+0xdb/0x536 drivers/acpi/bus.c:1200
start_kernel+0x40b/0x55b init/main.c:1098
secondary_startup_64_no_verify+0xcf/0xdb
irq event stamp: 78847
hardirqs last enabled at (78846): [<ffffffff8a3436eb>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (78846): [<ffffffff8a3436eb>] _raw_spin_unlock_irqrestore+0x8b/0x130 kernel/locking/spinlock.c:194
hardirqs last disabled at (78847): [<ffffffff8a2b421a>] sysvec_apic_timer_interrupt+0xa/0xb0 arch/x86/kernel/apic/apic.c:1106
softirqs last enabled at (0): [<ffffffff814f65c0>] copy_process+0x1530/0x3fa0 kernel/fork.c:2185
softirqs last disabled at (799): [<ffffffff81519a4c>] __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(vmap_area_lock);
<Interrupt>
lock(vmap_area_lock);
*** DEADLOCK ***
3 locks held by syz-executor415/4627:
#0: ffff888144f9ea28 (&k->list_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
#0: ffff888144f9ea28 (&k->list_lock){+.+.}-{2:2}, at: kset_find_obj+0x2e/0x110 lib/kobject.c:881
#1: ffffc900001e0be0 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:41 [inline]
#1: ffffc900001e0be0 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xbb/0x210 kernel/time/timer.c:1464
#2: ffffffff8cb23258 (rcu_node_0){-.-.}-{2:2}, at: rcu_dump_cpu_stacks+0xa5/0x3a0 kernel/rcu/tree_stall.h:366
stack backtrace:
CPU: 1 PID: 4627 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
mark_lock_irq+0xb20/0xf00
mark_lock+0x21c/0x350 kernel/locking/lockdep.c:4632
mark_usage kernel/locking/lockdep.c:4524 [inline]
__lock_acquire+0xb43/0x1f80 kernel/locking/lockdep.c:5007
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
find_vmap_area+0x1d/0x120 mm/vmalloc.c:1805
check_heap_object+0x30/0x820 mm/usercopy.c:176
__check_object_size+0xad/0x210 mm/usercopy.c:250
check_object_size include/linux/thread_info.h:199 [inline]
__copy_from_user_inatomic include/linux/uaccess.h:62 [inline]
copy_from_user_nmi+0x98/0x100 arch/x86/lib/usercopy.c:47
copy_code arch/x86/kernel/dumpstack.c:91 [inline]
show_opcodes+0xa2/0x120 arch/x86/kernel/dumpstack.c:121
show_ip arch/x86/kernel/dumpstack.c:144 [inline]
show_iret_regs+0x2f/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x29/0x500 arch/x86/kernel/process_64.c:74
show_regs_if_on_stack arch/x86/kernel/dumpstack.c:167 [inline]
show_trace_log_lvl+0x562/0x630 arch/x86/kernel/dumpstack.c:292
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x473/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x168/0x280 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x236/0x3a0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:667 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:751 [inline]
rcu_pending kernel/rcu/tree.c:3977 [inline]
rcu_sched_clock_irq+0xfee/0x19d0 kernel/rcu/tree.c:2675
update_process_times+0x148/0x1b0 kernel/time/timer.c:1839
tick_sched_handle kernel/time/tick-sched.c:243 [inline]
tick_sched_timer+0x377/0x540 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x4cb/0xa60 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x3a6/0xfd0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0xf9/0x280 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x3e/0xb0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 72 31 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c7 cd 27 f7 65 8b 05 c8 37 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc900001e07e0 EFLAGS: 00000206
RAX: d93f2df2dd9f9600 RBX: 1ffff9200003c100 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
RBP: ffffc900001e0870 R08: dffffc0000000000 R09: fffffbfff1fa921b
R10: fffffbfff1fa921b R11: 1ffffffff1fa921a R12: dffffc0000000000
R13: 1ffff9200003c0fc R14: ffffc900001e0800 R15: 0000000000000246
dummy_timer+0x301c/0x3110
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x382/0x793 kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:strcmp+0x39/0xa0 lib/string.c:347
Code: bf 00 00 00 00 00 fc ff df 31 db 66 0f 1f 44 00 00 49 8d 3c 1c 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 29 41 0f b6 2c 1c <49> 8d 3c 1e 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 20 41 3a
RSP: 0018:ffffc900044dfc10 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802065bb00
RDX: 0000000000000000 RSI: ffffffff8b478fc0 RDI: ffff888016e8bf50
RBP: 0000000000000073 R08: ffffffff846362b6 R09: fffff5200089bf78
R10: fffff5200089bf79 R11: 1ffff9200089bf78 R12: ffff888016e8bf50
R13: ffff8881458e3a80 R14: ffffffff8b478fc0 R15: dffffc0000000000
kset_find_obj+0x7b/0x110 lib/kobject.c:884
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
----------------
Code disassembly (best guess):
0: 4c 89 e0 mov %r12,%rax
3: 48 c1 e8 03 shr $0x3,%rax
7: 42 8a 04 28 mov (%rax,%r13,1),%al
b: 84 c0 test %al,%al
d: 75 41 jne 0x50
f: 45 8a 34 24 mov (%r12),%r14b
13: e8 12 05 53 00 callq 0x53052a
18: 44 3a 74 24 1c cmp 0x1c(%rsp),%r14b
1d: 75 10 jne 0x2f
1f: 66 90 xchg %ax,%ax
21: 0f 00 2d f2 05 4f 09 verw 0x94f05f2(%rip) # 0x94f061a
28: fb sti
29: f4 hlt
* 2a: e9 cc fe ff ff jmpq 0xfffffefb <-- trapping instruction
2f: fb sti
30: e9 c6 fe ff ff jmpq 0xfffffefb
35: 44 89 e1 mov %r12d,%ecx
38: 80 e1 07 and $0x7,%cl
3b: 38 c1 cmp %al,%cl
3d: 0f .byte 0xf
3e: 8c .byte 0x8c
3f: 57 push %rdi
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2022-07-09 3:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-09 3:52 syzbot [this message]
2025-10-13 17:22 ` [syzbot] [usb?] INFO: rcu detected stall in dummy_timer (4) syzbot
2025-10-14 10:23 ` Tetsuo Handa
[not found] <20220709074319.2322-1-hdanton@sina.com>
2022-07-09 9:31 ` [syzbot] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000004d1b5605e3573f8e@google.com \
--to=syzbot+879882be5b42e60d4d98@syzkaller.appspotmail.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.