Re: [syzbot] [usb?] INFO: rcu detected stall in raw_ioctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+5f996b83575ef4058638@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	 linux-usb@vger.kernel.org, stern@rowland.harvard.edu,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [usb?] INFO: rcu detected stall in raw_ioctl
Date: Mon, 10 Jun 2024 10:58:02 -0700	[thread overview]
Message-ID: <000000000000ee54e1061a8ce3f6@google.com> (raw)
In-Reply-To: <e8b8013b-d8b4-4eee-8643-1d512aa17133@rowland.harvard.edu>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: soft lockup in raw_ioctl

dummy_hcd dummy_hcd.0: urbp 000000006bf6c1dd 40409880 next_frame 0000000000000000
cdc_wdm 1-1:1.0: nonzero urb status received: -71
cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
dummy_hcd dummy_hcd.0: urbp 000000003f481f40 40409880 next_frame 000000003f481f40
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor415:10796]
CPU#0 Utilization every 4s during lockup:
	#1:  95% system,	  1% softirq,	  5% hardirq,	  0% idle
	#2:  95% system,	  1% softirq,	  5% hardirq,	  0% idle
	#3:  95% system,	  2% softirq,	  5% hardirq,	  0% idle
	#4:  95% system,	  1% softirq,	  5% hardirq,	  0% idle
	#5:  95% system,	  2% softirq,	  5% hardirq,	  0% idle
Modules linked in:
irq event stamp: 223968
hardirqs last  enabled at (223967): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
hardirqs last  enabled at (223967): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
hardirqs last disabled at (223968): [<ffff80008af10ec0>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (223968): [<ffff80008af10ec0>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last  enabled at (223962): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (223962): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
softirqs last disabled at (223957): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
CPU: 0 PID: 10796 Comm: syz-executor415 Tainted: G        W          6.10.0-rc2-syzkaller-00003-g8867bbd4a056-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
pc : arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
pc : console_emit_next_record kernel/printk/printk.c:2935 [inline]
pc : console_flush_all+0x67c/0xb74 kernel/printk/printk.c:2994
lr : console_emit_next_record kernel/printk/printk.c:2935 [inline]
lr : console_flush_all+0x678/0xb74 kernel/printk/printk.c:2994
sp : ffff80009c6d7380
x29: ffff80009c6d7480 x28: ffff80009c6d7530 x27: 0000000000000001
x26: ffff80009090b530 x25: ffff80009090b520 x24: dfff800000000000
x23: 1ffff000121216af x22: dfff800000000000 x21: ffff80009090b578
x20: 0000000000000000 x19: 00000000000000c0 x18: ffff80009c6d72b8
x17: 000000302e646368 x16: ffff80008033878c x15: 0000000000000001
x14: 1ffff00011e379c8 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dac7bc80 x7 : ffff800080381d44 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline]
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
 console_emit_next_record kernel/printk/printk.c:2935 [inline]
 console_flush_all+0x67c/0xb74 kernel/printk/printk.c:2994
 console_unlock+0xec/0x3d4 kernel/printk/printk.c:3063
 vprintk_emit+0x1ec/0x350 kernel/printk/printk.c:2345
 vprintk_default+0xa0/0xe4 kernel/printk/printk.c:2360
 vprintk+0x200/0x2d4 kernel/printk/printk_safe.c:45
 _printk+0xdc/0x128 kernel/printk/printk.c:2370
 usb_gadget_register_driver_owner+0x1f0/0x224 drivers/usb/gadget/udc/core.c:1711
 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:595 [inline]
 raw_ioctl+0x10c0/0x33bc drivers/usb/gadget/legacy/raw_gadget.c:1306
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 532 Comm: kworker/u8:6 Tainted: G        W          6.10.0-rc2-syzkaller-00003-g8867bbd4a056-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: bat_events batadv_nc_worker
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : lock_release+0x500/0x9cc
lr : lockdep_recursion_finish kernel/locking/lockdep.c:467 [inline]
lr : lock_release+0x4c4/0x9cc kernel/locking/lockdep.c:5776
sp : ffff8000988e78e0
x29: ffff8000988e79b0 x28: ffff80008f1c76a0 x27: dfff800000000000
x26: 1fffe00018cc6517 x25: ffff0000c6632910 x24: ffff0000c6631e40
x23: ffff0000c66328b8 x22: 00000000ffe2000d x21: 73559e3b58d8591b
x20: 0000000000000002 x19: ffff0001b3db6000 x18: 1fffe000367b6bde
x17: ffff80008efed000 x16: ffff80008af15aa8 x15: 0000000000000001
x14: ffff80008eff0558 x13: dfff800000000000 x12: 000000001635a668
x11: 0000000061619286 x10: 0000000000ff0100 x9 : ffff80008ef36000
x8 : 0000000000000000 x7 : ffff80008ac4e1b0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000080 x0 : 0000000000000001
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline]
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
 lock_release+0x500/0x9cc kernel/locking/lockdep.c:5777
 rcu_lock_release+0x2c/0x38 include/linux/rcupdate.h:339
 rcu_read_unlock include/linux/rcupdate.h:812 [inline]
 batadv_nc_process_nc_paths+0x28c/0x324 net/batman-adv/network-coding.c:699
 batadv_nc_worker+0x3c4/0x580 net/batman-adv/network-coding.c:728
 process_one_work+0x7b0/0x15e8 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x938/0xef4 kernel/workqueue.c:3393
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860


Tested on:

commit:         8867bbd4 mm: arm64: Fix the out-of-bounds issue in con..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=137ec67a980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3b4350cf56c61c80
dashboard link: https://syzkaller.appspot.com/bug?extid=5f996b83575ef4058638
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=151eb522980000

next prev parent reply	other threads:[~2024-06-10 17:58 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-31  9:02 [syzbot] [usb?] INFO: rcu detected stall in raw_ioctl syzbot
2024-06-09  0:28 ` syzbot
2024-06-09  1:57   ` Alan Stern
2024-06-09  4:41     ` syzbot
2024-06-10 17:24       ` Alan Stern
2024-06-10 17:58         ` syzbot [this message]
2024-06-10 19:42           ` Alan Stern
2024-06-10 20:12             ` syzbot
2024-06-11 15:20               ` Alan Stern
2024-06-11 15:53                 ` syzbot
2024-06-11 17:26                   ` Alan Stern
2024-06-11 18:03                     ` syzbot
2024-06-12 14:37                       ` Alan Stern
2024-06-13  1:23                         ` Alan Stern
2024-06-13  3:40                           ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000ee54e1061a8ce3f6@google.com \
    --to=syzbot+5f996b83575ef4058638@syzkaller.appspotmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=stern@rowland.harvard.edu \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.