From: syzbot <syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
Date: Tue, 15 Oct 2024 18:54:02 -0700 [thread overview]
Message-ID: <670f1cba.050a0220.d9b66.015a.GAE@google.com> (raw)
In-Reply-To: <8b9352a4-ce86-4313-b5a7-cc6ba987b506@rowland.harvard.edu>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_register_dev
INFO: task kworker/1:3:2749 blocked for more than 143 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 state:D stack:23024 pid:2749 tgid:2749 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.2.212:6930 blocked for more than 143 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.212 state:D stack:28432 pid:6930 tgid:6927 ppid:4256 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdc49bec990
RSP: 002b:00007fdc4966eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdc49bec990
RDX: 0000000000000002 RSI: 00007fdc4966ec10 RDI: 00000000ffffff9c
RBP: 00007fdc4966ec10 R08: 0000000000000000 R09: 00007fdc4966e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fdc49da5f80 R15: 00007ffed2825e78
</TASK>
INFO: task syz.0.211:6928 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.211 state:D stack:27856 pid:6928 tgid:6928 ppid:4251 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd96296dff9
RSP: 002b:00007ffcaa4c7618 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fd962b27a80 RCX: 00007fd96296dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fd962b27a80 R08: 0000000000000000 R09: 00007ffcaa4c790f
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000002b754
R13: 00007ffcaa4c7720 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.1.214:6931 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.214 state:D stack:27792 pid:6931 tgid:6931 ppid:4255 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf6aefdff9
RSP: 002b:00007ffeac8e10d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fcf6b0b7a80 RCX: 00007fcf6aefdff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fcf6b0b7a80 R08: 0000000000000000 R09: 00007ffeac8e13cf
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000002b754
R13: 00007ffeac8e11e0 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.4.213:6934 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.213 state:D stack:28024 pid:6934 tgid:6933 ppid:4261 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_open+0x24a/0x630 drivers/usb/class/cdc-wdm.c:730
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbedff2c990
RSP: 002b:00007fbedf9aeb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fbedff2c990
RDX: 0000000000000002 RSI: 00007fbedf9aec10 RDI: 00000000ffffff9c
RBP: 00007fbedf9aec10 R08: 0000000000000000 R09: 00007fbedf9ae987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbee00e5f80 R15: 00007ffd8a3f7b78
</TASK>
INFO: task syz.3.215:6938 blocked for more than 145 seconds.
Not tainted 6.12.0-rc3-syzkaller-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.215 state:D stack:28432 pid:6938 tgid:6937 ppid:4265 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5db0e7c990
RSP: 002b:00007f5db08f8b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5db0e7c990
RDX: 0000000000000002 RSI: 00007f5db08f8c10 RDI: 00000000ffffff9c
RBP: 00007f5db08f8c10 R08: 0000000000000000 R09: 00007f5db08f8987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f5db1035f80 R15: 00007ffdea149328
</TASK>
Showing all locks held in the system:
3 locks held by kworker/0:0/8:
#0: ffff888100eed548 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000008fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109f05508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff888109f05508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
2 locks held by kworker/u8:0/11:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900000bfd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:5/88:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90000577d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:6/740:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001b7fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:7/1143:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001f7fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:8/1341:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000290fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by getty/2607:
#0: ffff88810f7b90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:3/2749:
#0: ffff888105efad48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900014bfd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109f80190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109f80190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888117a26190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888117a26190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888117a27160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888117a27160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
2 locks held by syz.2.212/6930:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a968c8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.0.211/6928:
#0: ffffffff89a968c8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
1 lock held by syz.1.214/6931:
#0: ffffffff89a968c8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.4.213/6934:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a968c8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.3.215/6938:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.219/9202:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.217/9206:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.216/9215:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.218/9218:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.220/9221:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.225/11478:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.222/11483:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.223/11501:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.224/11503:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.221/11505:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.230/13758:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.226/13767:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.228/13772:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.229/13779:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.227/13788:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by modprobe/15403:
1 lock held by modprobe/15424:
#0: ffff8881f583d6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:593 [inline]
#0: ffff8881f583d6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1505 [inline]
#0: ffff8881f583d6d8 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1804 [inline]
#0: ffff8881f583d6d8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x293/0x34b0 kernel/sched/core.c:6582
1 lock held by modprobe/15425:
1 lock held by modprobe/15426:
1 lock held by modprobe/15427:
1 lock held by modprobe/15428:
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 15432 Comm: modprobe Not tainted 6.12.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:87 [inline]
RIP: 0010:check_preemption_disabled+0x2d/0xe0 lib/smp_processor_id.c:19
Code: 53 48 83 ec 08 65 8b 1d 1d 31 15 79 65 8b 05 12 31 15 79 a9 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d 41 5c c3 cc cc cc cc 9c <58> f6 c4 02 74 ea 65 48 8b 05 e5 30 15 79 f6 40 2f 04 48 89 fd 74
RSP: 0000:ffffc900043afc78 EFLAGS: 00000046
RAX: 0000000080000000 RBX: 0000000000000000 RCX: 1ffffffff1f5b434
RDX: 0000000000000001 RSI: ffffffff8727f4a0 RDI: ffffffff8746ea40
RBP: 7a9c3eb05b4f2345 R08: 0000000000000000 R09: fffffbfff1f55dc1
R10: ffffffff8faaee0f R11: 0000000000000000 R12: 0000000000000200
R13: ffff888100ebc000 R14: ffff88811a232e40 R15: ffff88811ae90d40
FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff853262380 CR3: 0000000113168000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
lockdep_recursion_finish kernel/locking/lockdep.c:467 [inline]
lockdep_hardirqs_on_prepare+0x17d/0x420 kernel/locking/lockdep.c:4407
trace_hardirqs_on+0x36/0x40 kernel/trace/trace_preemptirq.c:61
memcg1_commit_charge+0x105/0x170 mm/memcontrol-v1.c:1521
charge_memcg mm/memcontrol.c:4472 [inline]
__mem_cgroup_charge+0xae/0x270 mm/memcontrol.c:4483
mem_cgroup_charge include/linux/memcontrol.h:694 [inline]
folio_prealloc mm/memory.c:1070 [inline]
alloc_anon_folio mm/memory.c:4721 [inline]
do_anonymous_page mm/memory.c:4778 [inline]
do_pte_missing mm/memory.c:3963 [inline]
handle_pte_fault mm/memory.c:5751 [inline]
__handle_mm_fault+0x1656/0x3390 mm/memory.c:5894
handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6062
do_user_addr_fault+0x613/0x12c0 arch/x86/mm/fault.c:1338
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7ff85357a0b8
Code: 48 89 c5 31 c0 48 85 ed 74 49 31 d2 48 8d 44 1d ff b9 70 02 00 00 48 f7 f3 48 0f af c3 4d 8d 84 05 40 f6 ff ff 31 c0 4c 89 c7 <f3> ab 49 89 a8 c0 09 00 00 4c 89 c7 e8 33 fa ff ff 48 85 c0 75 13
RSP: 002b:00007ffc3678d0b0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000040 RCX: 0000000000000270
RDX: 000000000000001f RSI: 0000000000000008 RDI: 00007ff853262380
RBP: 00007ff853261b60 R08: 00007ff853262380 R09: 0000000000000000
R10: 0000000000000000 R11: 00007ff853261740 R12: 0000000000000041
R13: 00000000000011c0 R14: 0000000000000000 R15: 00007ff85359b2a0
</TASK>
Tested on:
commit: 8e929cb5 Linux 6.12-rc3
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git v6.12-rc3
console output: https://syzkaller.appspot.com/x/log.txt?x=13022c40580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9878fe11046ea2c6
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16642c40580000
next prev parent reply other threads:[~2024-10-16 1:54 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b9bea8cd-effc-484f-ac46-1644093adffe@rowland.harvard.edu>
2024-10-14 1:58 ` [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
2024-10-14 16:14 ` Alan Stern
2024-10-14 17:20 ` syzbot
2024-10-14 18:21 ` Alan Stern
2024-10-14 18:42 ` syzbot
2024-10-14 22:38 ` Alan Stern
2024-10-14 22:57 ` syzbot
2024-10-15 0:43 ` Alan Stern
2024-10-15 0:45 ` syzbot
2024-10-15 1:31 ` Alan Stern
2024-10-15 14:22 ` Alan Stern
2024-10-15 14:54 ` syzbot
2024-10-15 19:23 ` Alan Stern
2024-10-15 19:54 ` syzbot
2024-10-16 0:54 ` Alan Stern
2024-10-16 1:54 ` syzbot [this message]
2024-10-16 2:11 ` Alan Stern
2024-10-16 2:34 ` syzbot
2024-10-16 14:40 ` Alan Stern
2024-10-16 15:02 ` syzbot
2024-10-16 15:44 ` [PATCH] USB: gadget: dummy-hcd: Fix "task hung" problem Alan Stern
2024-10-17 6:43 ` Greg KH
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
2024-10-11 14:08 ` Alan Stern
2024-10-11 14:35 ` syzbot
2024-10-11 14:55 ` Alan Stern
2024-10-11 15:00 ` syzbot
2024-10-11 15:17 ` Alan Stern
2024-10-11 15:45 ` syzbot
2024-10-12 0:48 ` Alan Stern
2024-10-12 1:14 ` syzbot
2024-10-13 1:09 ` Alan Stern
2024-10-13 2:10 ` syzbot
2024-10-13 2:43 ` Alan Stern
2024-10-13 3:05 ` syzbot
2024-10-13 14:30 ` Alan Stern
2024-10-13 15:02 ` syzbot
2024-10-13 15:45 ` Alan Stern
2024-10-13 16:14 ` syzbot
2024-10-13 18:02 ` Alan Stern
2024-10-13 18:38 ` syzbot
2024-10-13 19:24 ` Alan Stern
2024-10-13 20:34 ` syzbot
2024-10-20 16:38 ` syzbot
2024-10-21 8:04 ` Oliver Neukum
2024-10-21 13:37 ` Alan Stern
2024-10-22 11:42 ` Hillf Danton
2024-10-22 10:46 ` Hillf Danton
2024-10-22 11:29 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=670f1cba.050a0220.d9b66.015a.GAE@google.com \
--to=syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.