From: syzbot <syzbot+0bab26cf3949891fb534@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
rafael@kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] INFO: rcu detected stall in watchdog
Date: Thu, 18 Aug 2022 14:14:31 -0700 [thread overview]
Message-ID: <000000000000ae5aca05e68a7748@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 7ebfc85e2cd7 Merge tag 'net-6.0-rc1' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d620f3080000
kernel config: https://syzkaller.appspot.com/x/.config?x=924833c12349a8c0
dashboard link: https://syzkaller.appspot.com/bug?extid=0bab26cf3949891fb534
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a79067080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d9627b080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0bab26cf3949891fb534@syzkaller.appspotmail.com
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 1-...!: (1495 ticks this GP) idle=01fc/1/0x4000000000000000 softirq=5485/5485 fqs=1
(t=10501 jiffies g=4273 q=306 ncpus=2)
rcu: rcu_preempt kthread starved for 2302 jiffies! g4273 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:I stack:28728 pid: 16 ppid: 2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5182 [inline]
__schedule+0xadf/0x52b0 kernel/sched/core.c:6494
schedule+0xda/0x1b0 kernel/sched/core.c:6570
schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1935
rcu_gp_fqs_loop+0x190/0x910 kernel/rcu/tree.c:1657
rcu_gp_kthread+0x236/0x360 kernel/rcu/tree.c:1854
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:format_decode+0x8/0xad0 lib/vsprintf.c:2490
Code: 66 90 e8 ab cc 59 fd 48 c7 c7 60 8a 46 91 e9 3f cc 80 fd 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 57 41 56 41 55 41 54 <55> 48 89 f5 53 48 bb 00 00 00 00 00 fc ff df 48 83 ec 78 48 c7 44
RSP: 0018:ffffc900000071f8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000100
RDX: ffff888016d98000 RSI: ffffc90000007288 RDI: ffffffff8ab16ca0
RBP: ffffffff8ab16ca0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000069 R11: 0000000000000001 R12: ffffc900000076d6
R13: ffffffff8ab16ca0 R14: 0000000000000000 R15: ffffc90000007360
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd6287e8b4 CR3: 000000001ccaa000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
vsnprintf+0x155/0x14f0 lib/vsprintf.c:2734
va_format.constprop.0+0x138/0x380 lib/vsprintf.c:1680
pointer+0x544/0x950 lib/vsprintf.c:2419
vsnprintf+0x5b2/0x14f0 lib/vsprintf.c:2786
vprintk_store+0x2d8/0xae0 kernel/printk/printk.c:2155
vprintk_emit+0x14c/0x5f0 kernel/printk/printk.c:2252
dev_vprintk_emit+0x36e/0x3b2 drivers/base/core.c:4736
dev_printk_emit+0xba/0xf1 drivers/base/core.c:4747
__dev_printk+0xcf/0xf5 drivers/base/core.c:4759
_dev_warn+0xd7/0x109 drivers/base/core.c:4803
usb_rx_callback_intf0.cold+0x34/0x43 drivers/media/rc/imon.c:1773
__usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1106
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:200
Code: 48 89 ef 5d e9 f1 b5 4b 00 5d be 03 00 00 00 e9 86 04 81 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 29 68 86 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffffc90000a4fd78 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888016d98000 RSI: ffffffff8161e2a1 RDI: 0000000000000007
RBP: ffffc90000a4fdb8 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000049
R13: ffff8880263cbb00 R14: 0000000000000200 R15: ffffc90000a4fe08
console_trylock_spinning kernel/printk/printk.c:1922 [inline]
vprintk_emit+0x3f7/0x5f0 kernel/printk/printk.c:2270
vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
_printk+0xba/0xed kernel/printk/printk.c:2292
check_hung_task kernel/hung_task.c:138 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog.cold+0xf4/0x158 kernel/hung_task.c:369
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.371 msecs
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
NMI backtrace for cpu 1
CPU: 1 PID: 3624 Comm: sshd Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x46/0x14f lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x206/0x250 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:166 [inline]
rcu_dump_cpu_stacks+0x2c7/0x4d0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:660 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:744 [inline]
rcu_pending kernel/rcu/tree.c:3660 [inline]
rcu_sched_clock_irq.cold+0x9f/0x79c kernel/rcu/tree.c:2342
update_process_times+0x11a/0x1a0 kernel/time/timer.c:1839
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:243
tick_sched_timer+0xee/0x120 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x1c0/0xe40 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
Code: 74 24 10 e8 8a 76 dd f7 48 89 ef e8 12 f8 dd f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 13 b9 d0 f7 65 8b 05 3c 72 80 76 85 c0 74 0a 5b 5d c3 e8 30 81
RSP: 0018:ffffc900001e0b28 EFLAGS: 00000206
RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff21254ee
RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000001
RBP: ffff888147d40000 R08: 0000000000000001 R09: ffffffff908dba17
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888020a0a440
R13: ffff888071066500 R14: dffffc0000000000 R15: ffff8880170a3400
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
dummy_timer+0x12fc/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:2002
call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
</IRQ>
<TASK>
do_softirq kernel/softirq.c:464 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:396
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:776 [inline]
ip_finish_output2+0x7d0/0x2170 net/ipv4/ip_output.c:229
__ip_finish_output net/ipv4/ip_output.c:306 [inline]
__ip_finish_output+0x396/0x650 net/ipv4/ip_output.c:288
ip_finish_output+0x2d/0x280 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_output+0x19f/0x310 net/ipv4/ip_output.c:430
dst_output include/net/dst.h:451 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0x8de/0x1be0 net/ipv4/ip_output.c:532
__tcp_transmit_skb+0x1967/0x3800 net/ipv4/tcp_output.c:1402
tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
tcp_write_xmit+0xd89/0x6050 net/ipv4/tcp_output.c:2691
__tcp_push_pending_frames+0xaa/0x380 net/ipv4/tcp_output.c:2875
tcp_push+0x499/0x720 net/ipv4/tcp.c:728
tcp_sendmsg_locked+0x241f/0x2f80 net/ipv4/tcp.c:1455
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1483
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
sock_write_iter+0x291/0x3d0 net/socket.c:1108
call_write_iter include/linux/fs.h:2192 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9e9/0xdd0 fs/read_write.c:578
ksys_write+0x1e8/0x250 fs/read_write.c:631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f96787259a3
================================
WARNING: inconsistent lock state
5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
sshd/3624 [HC1[1]:SC1[1]:HE0:SE0] takes:
ffffffff8c0bee78 (vmap_area_lock){?.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
ffffffff8c0bee78 (vmap_area_lock){?.+.}-{2:2}, at: find_vmap_area+0x1c/0x130 mm/vmalloc.c:1836
{HARDIRQ-ON-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
alloc_vmap_area+0xa0b/0x1d50 mm/vmalloc.c:1617
__get_vm_area_node+0x142/0x3f0 mm/vmalloc.c:2484
get_vm_area_caller+0x43/0x50 mm/vmalloc.c:2537
__ioremap_caller.constprop.0+0x292/0x600 arch/x86/mm/ioremap.c:280
acpi_os_ioremap include/acpi/acpi_io.h:13 [inline]
acpi_map drivers/acpi/osl.c:296 [inline]
acpi_os_map_iomem+0x463/0x550 drivers/acpi/osl.c:355
acpi_tb_acquire_table+0xd8/0x209 drivers/acpi/acpica/tbdata.c:142
acpi_tb_validate_table drivers/acpi/acpica/tbdata.c:317 [inline]
acpi_tb_validate_table+0x50/0x8c drivers/acpi/acpica/tbdata.c:308
acpi_tb_verify_temp_table+0x84/0x674 drivers/acpi/acpica/tbdata.c:504
acpi_reallocate_root_table+0x374/0x3e0 drivers/acpi/acpica/tbxface.c:180
acpi_early_init+0x13a/0x438 drivers/acpi/bus.c:1214
start_kernel+0x3cf/0x48f init/main.c:1099
secondary_startup_64_no_verify+0xce/0xdb
irq event stamp: 32301
hardirqs last enabled at (32300): [<ffffffff8981fd10>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (32300): [<ffffffff8981fd10>] _raw_spin_unlock_irqrestore+0x50/0x70 kernel/locking/spinlock.c:194
hardirqs last disabled at (32301): [<ffffffff897ec0bb>] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1106
softirqs last enabled at (21154): [<ffffffff87d80ef2>] rcu_read_unlock_bh include/linux/rcupdate.h:772 [inline]
softirqs last enabled at (21154): [<ffffffff87d80ef2>] ip_finish_output2+0x7a2/0x2170 net/ipv4/ip_output.c:229
softirqs last disabled at (21155): [<ffffffff814910ee>] do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(vmap_area_lock);
<Interrupt>
lock(vmap_area_lock);
*** DEADLOCK ***
4 locks held by sshd/3624:
#0: ffff88807a790d30 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1687 [inline]
#0: ffff88807a790d30 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x1d/0x40 net/ipv4/tcp.c:1482
#1: ffffffff8bf89240 (rcu_read_lock){....}-{1:2}, at: read_pnet include/net/net_namespace.h:369 [inline]
#1: ffffffff8bf89240 (rcu_read_lock){....}-{1:2}, at: sock_net include/net/sock.h:618 [inline]
#1: ffffffff8bf89240 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x3d/0x1be0 net/ipv4/ip_output.c:457
#2: ffffc900001e0d90 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
#2: ffffc900001e0d90 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 kernel/time/timer.c:1464
#3: ffffffff8bf93798 (rcu_node_0){-.-.}-{2:2}, at: rcu_dump_cpu_stacks+0xc1/0x4d0 kernel/rcu/tree_stall.h:366
stack backtrace:
CPU: 1 PID: 3624 Comm: sshd Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_usage_bug kernel/locking/lockdep.c:3961 [inline]
valid_state kernel/locking/lockdep.c:3973 [inline]
mark_lock_irq kernel/locking/lockdep.c:4176 [inline]
mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632
mark_lock kernel/locking/lockdep.c:4596 [inline]
mark_usage kernel/locking/lockdep.c:4524 [inline]
__lock_acquire+0x14a2/0x56d0 kernel/locking/lockdep.c:5007
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
find_vmap_area+0x1c/0x130 mm/vmalloc.c:1836
check_heap_object mm/usercopy.c:176 [inline]
__check_object_size mm/usercopy.c:250 [inline]
__check_object_size+0x1f8/0x700 mm/usercopy.c:212
check_object_size include/linux/thread_info.h:199 [inline]
__copy_from_user_inatomic include/linux/uaccess.h:62 [inline]
copy_from_user_nmi arch/x86/lib/usercopy.c:47 [inline]
copy_from_user_nmi+0xcb/0x130 arch/x86/lib/usercopy.c:31
copy_code arch/x86/kernel/dumpstack.c:91 [inline]
show_opcodes+0x59/0xb0 arch/x86/kernel/dumpstack.c:121
show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:149
__show_regs+0x1e/0x60 arch/x86/kernel/process_64.c:74
show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:292
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x46/0x14f lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x206/0x250 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:166 [inline]
rcu_dump_cpu_stacks+0x2c7/0x4d0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:660 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:744 [inline]
rcu_pending kernel/rcu/tree.c:3660 [inline]
rcu_sched_clock_irq.cold+0x9f/0x79c kernel/rcu/tree.c:2342
update_process_times+0x11a/0x1a0 kernel/time/timer.c:1839
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:243
tick_sched_timer+0xee/0x120 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x1c0/0xe40 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
Code: 74 24 10 e8 8a 76 dd f7 48 89 ef e8 12 f8 dd f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 13 b9 d0 f7 65 8b 05 3c 72 80 76 85 c0 74 0a 5b 5d c3 e8 30 81
RSP: 0018:ffffc900001e0b28 EFLAGS: 00000206
RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff21254ee
RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000001
RBP: ffff888147d40000 R08: 0000000000000001 R09: ffffffff908dba17
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888020a0a440
R13: ffff888071066500 R14: dffffc0000000000 R15: ffff8880170a3400
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
dummy_timer+0x12fc/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:2002
call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
</IRQ>
<TASK>
do_softirq kernel/softirq.c:464 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:396
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:776 [inline]
ip_finish_output2+0x7d0/0x2170 net/ipv4/ip_output.c:229
__ip_finish_output net/ipv4/ip_output.c:306 [inline]
__ip_finish_output+0x396/0x650 net/ipv4/ip_output.c:288
ip_finish_output+0x2d/0x280 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_output+0x19f/0x310 net/ipv4/ip_output.c:430
dst_output include/net/dst.h:451 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
__ip_queue_xmit+0x8de/0x1be0 net/ipv4/ip_output.c:532
__tcp_transmit_skb+0x1967/0x3800 net/ipv4/tcp_output.c:1402
tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
tcp_write_xmit+0xd89/0x6050 net/ipv4/tcp_output.c:2691
__tcp_push_pending_frames+0xaa/0x380 net/ipv4/tcp_output.c:2875
tcp_push+0x499/0x720 net/ipv4/tcp.c:728
tcp_sendmsg_locked+0x241f/0x2f80 net/ipv4/tcp.c:1455
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1483
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
sock_write_iter+0x291/0x3d0 net/socket.c:1108
call_write_iter include/linux/fs.h:2192 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9e9/0xdd0 fs/read_write.c:578
ksys_write+0x1e8/0x250 fs/read_write.c:631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f96787259a3
Code: 8b 15 d9 f4 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
RSP: 002b:00007ffe0d29f248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007f96787259a3
RDX: 0000000000000034 RSI: 00005608a3467640 RDI: 0000000000000004
RBP: 00005608a34758b0 R08: 0000000000000000 R09: 00007ffe0d35a080
R10: 00007ffe0d35a0f0 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000001 R14: 00007ffe0d29f2b8 R15: 00007ffe0d29f338
</TASK>
Code: 8b 15 d9 f4 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
RSP: 002b:00007ffe0d29f248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007f96787259a3
RDX: 0000000000000034 RSI: 00005608a3467640 RDI: 0000000000000004
RBP: 00005608a34758b0 R08: 0000000000000000 R09: 00007ffe0d35a080
R10: 00007ffe0d35a0f0 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000001 R14: 00007ffe0d29f2b8 R15: 00007ffe0d29f338
</TASK>
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
NMI backtrace for cpu 0
CPU: 0 PID: 2959 Comm: klogd Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0033:0x7f2ac83c87b2
Code: 83 0b 08 5b c3 0f 1f 00 48 8b 47 28 48 39 47 10 48 0f 43 47 10 48 2b 47 18 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 57 <41> 56 41 89 d6 41 55 49 89 f5 41 54 55 89 cd 53 48 89 fb 48 83 ec
RSP: 002b:00007ffe513fd3c0 EFLAGS: 00000202
RAX: 00007f2ac83c87b0 RBX: 0000561c2d7dd910 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000561c2d7dd910
RBP: 0000561c2d7dd910 R08: 00007ffe513fd224 R09: 0000000000000002
R10: 0000000000000010 R11: 0000561c2d7e19f4 R12: 000000000000000c
R13: 0000000000000001 R14: 00007f2ac85bb77d R15: 00007ffe513fd4f8
FS: 00007f2ac82a4800 GS: 0000000000000000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2022-08-18 21:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-18 21:14 syzbot [this message]
2025-10-17 22:57 ` [syzbot] [bpf?] INFO: rcu detected stall in watchdog syzbot
2025-10-18 5:28 ` Tetsuo Handa
[not found] <20220819104005.1357-1-hdanton@sina.com>
2022-08-19 15:05 ` [syzbot] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000ae5aca05e68a7748@google.com \
--to=syzbot+0bab26cf3949891fb534@syzkaller.appspotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.