* [syzbot] [usb?] INFO: task hung in usb_port_suspend
@ 2024-10-11 13:08 syzbot
2024-10-11 14:08 ` Alan Stern
` (3 more replies)
0 siblings, 4 replies; 28+ messages in thread
From: syzbot @ 2024-10-11 13:08 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 4a9fe2a8ac53 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=17d067d0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1312c327980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/883c5319cb52/disk-4a9fe2a8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/caf4421ed2ef/vmlinux-4a9fe2a8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d8e3beb01d49/bzImage-4a9fe2a8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
INFO: task kworker/1:0:24 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:23808 pid:24 tgid:24 ppid:2 flags:0x00004000
Workqueue: pm pm_runtime_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_autosuspend include/linux/pm_runtime.h:342 [inline]
usb_runtime_idle+0x4c/0x60 drivers/usb/core/driver.c:2005
rpm_idle+0x2f7/0x740 drivers/base/power/runtime.c:524
pm_runtime_work+0x120/0x150 drivers/base/power/runtime.c:970
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:1:36 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D stack:27264 pid:36 tgid:36 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
usb_lock_port drivers/usb/core/hub.c:3206 [inline]
hub_event+0x5c4/0x4f40 drivers/usb/core/hub.c:5902
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:2:815 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:23808 pid:815 tgid:815 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:3:3229 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 state:D stack:23808 pid:3229 tgid:3229 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
wdm_disconnect+0x25/0x440 drivers/usb/class/cdc-wdm.c:1214
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:561
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x396/0x9f0 drivers/base/core.c:3864
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1bed/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.4.51:5565 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.51 state:D stack:26752 pid:5565 tgid:5563 ppid:3219 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efd82bfc990
RSP: 002b:00007efd82678b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007efd82bfc990
RDX: 0000000000000002 RSI: 00007efd82678c10 RDI: 00000000ffffff9c
RBP: 00007efd82678c10 R08: 0000000000000000 R09: 00007efd82678987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007efd82db5f80 R15: 00007ffc5a69c008
</TASK>
INFO: task syz.0.50:5566 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.50 state:D stack:27856 pid:5566 tgid:5566 ppid:3213 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_manage_power+0x1d/0xa0 drivers/usb/class/cdc-wdm.c:1134
wdm_release+0x26a/0x440 drivers/usb/class/cdc-wdm.c:779
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faa2c80dff9
RSP: 002b:00007fff9a8583e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000003d7f1 RCX: 00007faa2c80dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007faa2c9c7a80 R08: 0000000000000001 R09: 00007fff9a8586df
R10: 00007faa2c68a000 R11: 0000000000000246 R12: 000000000003db3e
R13: 00007fff9a8584f0 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.2.53:5570 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.53 state:D stack:28224 pid:5570 tgid:5569 ppid:3221 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f048b01c990
RSP: 002b:00007f048aa9eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f048b01c990
RDX: 0000000000000002 RSI: 00007f048aa9ec10 RDI: 00000000ffffff9c
RBP: 00007f048aa9ec10 R08: 0000000000000000 R09: 00007f048aa9e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f048b1d5f80 R15: 00007ffec6cbec08
</TASK>
Showing all locks held in the system:
3 locks held by kworker/1:0/24:
#0: ffff888100eed548 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000019fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097de508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff8881097de508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
4 locks held by kworker/1:1/36:
#0: ffff8881062d0148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90000267d80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097db190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881097db190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff8881097de508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#3: ffff8881097de508 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x5c4/0x4f40 drivers/usb/core/hub.c:5902
2 locks held by kworker/u8:4/150:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900005efd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:5/281:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000188fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
6 locks held by kworker/0:2/815:
#0: ffff8881062d0148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001cbfd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff88810972b190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff88810972b190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888116622190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888116622190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888116623160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888116623160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
2 locks held by kworker/u8:6/1119:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900021afd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by getty/2609:
#0: ffff888113bc10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:3/3229:
#0: ffff8881062d0148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90002b0fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097a2190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881097a2190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888130bea190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888130bea190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x10a/0x920 drivers/usb/core/hub.c:2295
#4: ffff88812a9c4160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88812a9c4160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88812a9c4160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x610 drivers/base/dd.c:1293
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
2 locks held by syz.4.51/5565:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.0.50/5566:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
1 lock held by syz.2.53/5570:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.60/6912:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.62/6944:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.64/6974:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.83/8325:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.81/8343:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.85/8378:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.102/9746:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.104/9768:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.106/9782:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.123/11099:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.126/11133:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.127/11186:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.144/12415:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.146/12560:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.148/12590:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by modprobe/13635:
1 lock held by modprobe/13666:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 13672 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hlock_class+0x29/0x130 kernel/locking/lockdep.c:223
Code: 90 48 b8 00 00 00 00 00 fc ff df 53 48 89 fb 48 83 c7 20 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e da 00 00 00 <0f> b7 5b 20 66 81 e3 ff 1f 0f b7 db be 08 00 00 00 48 89 d8 48 c1
RSP: 0018:ffffc90005eef7a0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8881115a8a98 RCX: ffffffff813313e8
RDX: 1ffff110222b5157 RSI: 0000000000000008 RDI: ffff8881115a8ab8
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff1f55db6
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8881115a8a98 R14: 00000000000000a0 R15: ffff8881115a8000
FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc62aacc270 CR3: 000000011b350000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__lock_acquire+0xbdd/0x3ce0 kernel/locking/lockdep.c:5199
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
__fs_reclaim_acquire mm/page_alloc.c:3834 [inline]
fs_reclaim_acquire+0x102/0x160 mm/page_alloc.c:3848
might_alloc include/linux/sched/mm.h:327 [inline]
slab_pre_alloc_hook mm/slub.c:4037 [inline]
slab_alloc_node mm/slub.c:4115 [inline]
kmem_cache_alloc_noprof+0x54/0x2b0 mm/slub.c:4142
lsm_file_alloc security/security.c:734 [inline]
security_file_alloc+0x34/0x140 security/security.c:2853
init_file+0x93/0x230 fs/file_table.c:153
alloc_empty_file+0x91/0x1e0 fs/file_table.c:213
path_openat+0xe1/0x2d60 fs/namei.c:3919
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc62ad73a46
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 0a 48 01 00 48 83 c8 ff c3 31
RSP: 002b:00007ffc833eead8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffc833eed38 RCX: 00007fc62ad73a46
RDX: 0000000000080000 RSI: 00007ffc833eeb50 RDI: 00000000ffffff9c
RBP: 00007ffc833eeb40 R08: 0000000000080000 R09: 00007ffc833eeb50
R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffc833eeb50
R13: 0000000000000007 R14: 00007ffc833eed1f R15: 00000000ffffffff
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
@ 2024-10-11 14:08 ` Alan Stern
2024-10-11 14:35 ` syzbot
2024-10-14 1:24 ` [syzbot] " syzbot
` (2 subsequent siblings)
3 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-11 14:08 UTC (permalink / raw)
To: syzbot
Cc: Marcello Sylvester Bauer, gregkh, linux-kernel, linux-usb,
syzkaller-bugs
On Fri, Oct 11, 2024 at 06:08:30AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4a9fe2a8ac53 dt-bindings: usb: dwc3-imx8mp: add compatible..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> console output: https://syzkaller.appspot.com/x/log.txt?x=17d067d0580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
> dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1312c327980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/883c5319cb52/disk-4a9fe2a8.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/caf4421ed2ef/vmlinux-4a9fe2a8.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d8e3beb01d49/bzImage-4a9fe2a8.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
>
> INFO: task kworker/1:0:24 blocked for more than 143 seconds.
> Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/1:0 state:D stack:23808 pid:24 tgid:24 ppid:2 flags:0x00004000
> Workqueue: pm pm_runtime_work
Let's try to verify that this problem really was caused by the timer
changes to dummy-hcd. The following commit is the one preceding those
changes.
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 920e7522e3ba
Alan Stern
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 14:08 ` Alan Stern
@ 2024-10-11 14:35 ` syzbot
2024-10-11 14:55 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-11 14:35 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
ice)
[ 3.002225][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 3.003059][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 3.085420][ T12] Callback from call_rcu_tasks() invoked.
[ 3.276952][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 3.314462][ T1] ACPI: _OSC evaluation for CPUs failed, trying _PDC
[ 3.348039][ T1] ACPI: Interpreter enabled
[ 3.350335][ T1] ACPI: PM: (supports S0 S3 S4 S5)
[ 3.352134][ T1] ACPI: Using IOAPIC for interrupt routing
[ 3.354599][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 3.355296][ T1] PCI: Ignoring E820 reservations for host bridge windows
[ 3.367249][ T1] ACPI: Enabled 16 GPEs in block 00 to 0F
[ 3.746048][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 3.747443][ T1] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3]
[ 3.749086][ T1] acpi PNP0A03:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI]
[ 3.753239][ T1] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended configuration space under this bridge
[ 3.790190][ T1] PCI host bridge to bus 0000:00
[ 3.791637][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 3.792856][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 3.794311][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 3.795302][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfefff window]
[ 3.797357][ T1] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 3.800192][ T1] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000 conventional PCI endpoint
[ 3.811190][ T1] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint
[ 3.851850][ T1] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000 conventional PCI endpoint
[ 3.879292][ T1] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI
[ 3.890132][ T1] pci 0000:00:03.0: [1af4:1004] type 00 class 0x000000 conventional PCI endpoint
[ 3.902150][ T1] pci 0000:00:03.0: BAR 0 [io 0xc000-0xc03f]
[ 3.912077][ T1] pci 0000:00:03.0: BAR 1 [mem 0xfe800000-0xfe80007f]
[ 3.943377][ T1] pci 0000:00:04.0: [1af4:1000] type 00 class 0x020000 conventional PCI endpoint
[ 3.955285][ T1] pci 0000:00:04.0: BAR 0 [io 0xc040-0xc07f]
[ 3.963126][ T1] pci 0000:00:04.0: BAR 1 [mem 0xfe801000-0xfe80107f]
[ 3.989371][ T1] pci 0000:00:05.0: [1ae0:a002] type 00 class 0x030000 conventional PCI endpoint
[ 3.999276][ T1] pci 0000:00:05.0: BAR 0 [mem 0xfe000000-0xfe7fffff]
[ 4.030695][ T1] pci 0000:00:05.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[ 4.040832][ T1] pci 0000:00:06.0: [1af4:1002] type 00 class 0x00ff00 conventional PCI endpoint
[ 4.052403][ T1] pci 0000:00:06.0: BAR 0 [io 0xc080-0xc09f]
[ 4.083310][ T1] pci 0000:00:07.0: [1af4:1005] type 00 class 0x00ff00 conventional PCI endpoint
[ 4.098317][ T1] pci 0000:00:07.0: BAR 0 [io 0xc0a0-0xc0bf]
[ 4.107225][ T1] pci 0000:00:07.0: BAR 1 [mem 0xfe802000-0xfe80203f]
[ 4.200337][ T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
[ 4.213761][ T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
[ 4.227312][ T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
[ 4.241372][ T1] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
[ 4.248294][ T1] ACPI: PCI: Interrupt link LNKS configured for IRQ 9
[ 4.283168][ T1] iommu: Default domain type: Translated
[ 4.284430][ T1] iommu: DMA domain TLB invalidation policy: lazy mode
[ 4.291847][ T1] SCSI subsystem initialized
[ 4.298163][ T1] ACPI: bus type USB registered
[ 4.300417][ T1] usbcore: registered new interface driver usbfs
[ 4.302000][ T1] usbcore: registered new interface driver hub
[ 4.303838][ T1] usbcore: registered new device driver usb
[ 4.308961][ T1] mc: Linux media interface: v0.10
[ 4.310673][ T1] videodev: Linux video capture interface: v2.00
[ 4.314068][ T1] pps_core: LinuxPPS API ver. 1 registered
[ 4.315288][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 4.317429][ T1] PTP clock support registered
[ 4.321082][ T1] EDAC MC: Ver: 3.0.0
[ 4.331906][ T1] Advanced Linux Sound Architecture Driver Initialized.
[ 4.345666][ T1] Bluetooth: Core ver 2.22
[ 4.347724][ T1] NET: Registered PF_BLUETOOTH protocol family
[ 4.349885][ T1] Bluetooth: HCI device and connection manager initialized
[ 4.352264][ T1] Bluetooth: HCI socket layer initialized
[ 4.353522][ T1] Bluetooth: L2CAP socket layer initialized
[ 4.355359][ T1] Bluetooth: SCO socket layer initialized
[ 4.357435][ T1] NET: Registered PF_ATMPVC protocol family
[ 4.359810][ T1] NET: Registered PF_ATMSVC protocol family
[ 4.362356][ T1] NetLabel: Initializing
[ 4.363887][ T1] NetLabel: domain hash size = 128
[ 4.365276][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 4.368668][ T1] NetLabel: unlabeled traffic allowed by default
[ 4.375910][ T1] nfc: nfc_init: NFC Core ver 0.1
[ 4.378232][ T1] NET: Registered PF_NFC protocol family
[ 4.380020][ T1] PCI: Using ACPI for IRQ routing
[ 4.383469][ T1] pci 0000:00:05.0: vgaarb: setting as boot VGA device
[ 4.385257][ T1] pci 0000:00:05.0: vgaarb: bridge control possible
[ 4.385257][ T1] pci 0000:00:05.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[ 4.385284][ T1] vgaarb: loaded
[ 4.406926][ T1] clocksource: Switched to clocksource kvm-clock
[ 4.415109][ T1] VFS: Disk quotas dquot_6.6.0
[ 4.415313][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 4.420224][ T1] pnp: PnP ACPI init
[ 4.469015][ T1] pnp: PnP ACPI: found 7 devices
[ 4.555551][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[ 4.571683][ T1] NET: Registered PF_INET protocol family
[ 4.577543][ T1] IP idents hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[ 4.593539][ T1] ------------[ cut here ]------------
[ 4.595293][ T1] refcount_t: decrement hit 0; leaking memory.
[ 4.596951][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210
[ 4.599957][ T1] Modules linked in:
[ 4.601156][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc2-syzkaller-00078-g920e7522e3ba #0
[ 4.603368][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 4.606363][ T1] RIP: 0010:refcount_warn_saturate+0x1ed/0x210
[ 4.609070][ T1] Code: 87 e8 27 0e ce fe 90 0f 0b 90 90 e9 c3 fe ff ff e8 d8 d6 07 ff c6 05 11 98 b3 07 01 90 48 c7 c7 40 02 26 87 e8 04 0e ce fe 90 <0f> 0b 90 90 e9 a0 fe ff ff 48 89 ef e8 42 f7 5c ff e9 44 fe ff ff
[ 4.613673][ T1] RSP: 0000:ffffc9000001fba0 EFLAGS: 00010282
[ 4.614899][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811a05b9
[ 4.616158][ T1] RDX: ffff8881012a8000 RSI: ffffffff811a05c6 RDI: 0000000000000001
[ 4.618038][ T1] RBP: ffff88810a6a06cc R08: 0000000000000001 R09: 0000000000000000
[ 4.619549][ T1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810a6a06cc
[ 4.620938][ T1] R13: 0000000000000000 R14: 0000000000d60059 R15: ffff8881068d5f28
[ 4.622631][ T1] FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
[ 4.624581][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.625763][ T1] CR2: ffff88823ffff000 CR3: 000000000889e000 CR4: 00000000003506f0
[ 4.627528][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4.628776][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4.631108][ T1] Call Trace:
[ 4.631680][ T1] <TASK>
[ 4.632515][ T1] ? show_regs+0x8c/0xa0
[ 4.633661][ T1] ? __warn+0xe5/0x3c0
[ 4.635168][ T1] ? __wake_up_klogd.part.0+0x99/0xf0
[ 4.636612][ T1] ? refcount_warn_saturate+0x1ed/0x210
[ 4.637520][ T1] ? report_bug+0x3c0/0x580
[ 4.638548][ T1] ? handle_bug+0x3d/0x70
[ 4.639596][ T1] ? exc_invalid_op+0x17/0x50
[ 4.640935][ T1] ? asm_exc_invalid_op+0x1a/0x20
[ 4.642371][ T1] ? __warn_printk+0x199/0x350
[ 4.643107][ T1] ? __warn_printk+0x1a6/0x350
[ 4.644886][ T1] ? refcount_warn_saturate+0x1ed/0x210
[ 4.645992][ T1] __reset_page_owner+0x2ea/0x370
[ 4.646949][ T1] __free_pages_ok+0x5db/0xbf0
[ 4.648332][ T1] ? __split_page_owner+0xdd/0x120
[ 4.649331][ T1] make_alloc_exact+0x165/0x260
[ 4.650432][ T1] alloc_large_system_hash+0x4e0/0x640
[ 4.651653][ T1] inet_hashinfo2_init+0x4b/0xd0
[ 4.653240][ T1] tcp_init+0xba/0x9f0
[ 4.654195][ T1] inet_init+0x419/0x6f0
[ 4.655067][ T1] ? __pfx_inet_init+0x10/0x10
[ 4.656148][ T1] do_one_initcall+0x128/0x700
[ 4.657254][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 4.658290][ T1] ? trace_kmalloc+0x2d/0xe0
[ 4.659168][ T1] ? __kmalloc+0x213/0x400
[ 4.659995][ T1] kernel_init_freeable+0x69d/0xca0
[ 4.661086][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.662386][ T1] kernel_init+0x1c/0x2b0
[ 4.663173][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.664120][ T1] ret_from_fork+0x45/0x80
[ 4.665027][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.665837][ T1] ret_from_fork_asm+0x1a/0x30
[ 4.666808][ T1] </TASK>
[ 4.667817][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 4.669094][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc2-syzkaller-00078-g920e7522e3ba #0
[ 4.670996][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 4.672099][ T1] Call Trace:
[ 4.672099][ T1] <TASK>
[ 4.672099][ T1] dump_stack_lvl+0x3d/0x1f0
[ 4.672099][ T1] panic+0x6f5/0x7a0
[ 4.672099][ T1] ? __pfx_panic+0x10/0x10
[ 4.672099][ T1] ? show_trace_log_lvl+0x363/0x500
[ 4.672099][ T1] ? check_panic_on_warn+0x1f/0xb0
[ 4.672099][ T1] ? refcount_warn_saturate+0x1ed/0x210
[ 4.672099][ T1] check_panic_on_warn+0xab/0xb0
[ 4.672099][ T1] __warn+0xf1/0x3c0
[ 4.672099][ T1] ? __wake_up_klogd.part.0+0x99/0xf0
[ 4.672099][ T1] ? refcount_warn_saturate+0x1ed/0x210
[ 4.672099][ T1] report_bug+0x3c0/0x580
[ 4.672099][ T1] handle_bug+0x3d/0x70
[ 4.672099][ T1] exc_invalid_op+0x17/0x50
[ 4.672099][ T1] asm_exc_invalid_op+0x1a/0x20
[ 4.672099][ T1] RIP: 0010:refcount_warn_saturate+0x1ed/0x210
[ 4.672099][ T1] Code: 87 e8 27 0e ce fe 90 0f 0b 90 90 e9 c3 fe ff ff e8 d8 d6 07 ff c6 05 11 98 b3 07 01 90 48 c7 c7 40 02 26 87 e8 04 0e ce fe 90 <0f> 0b 90 90 e9 a0 fe ff ff 48 89 ef e8 42 f7 5c ff e9 44 fe ff ff
[ 4.672099][ T1] RSP: 0000:ffffc9000001fba0 EFLAGS: 00010282
[ 4.672099][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811a05b9
[ 4.672099][ T1] RDX: ffff8881012a8000 RSI: ffffffff811a05c6 RDI: 0000000000000001
[ 4.672099][ T1] RBP: ffff88810a6a06cc R08: 0000000000000001 R09: 0000000000000000
[ 4.672099][ T1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810a6a06cc
[ 4.672099][ T1] R13: 0000000000000000 R14: 0000000000d60059 R15: ffff8881068d5f28
[ 4.672099][ T1] ? __warn_printk+0x199/0x350
[ 4.672099][ T1] ? __warn_printk+0x1a6/0x350
[ 4.672099][ T1] __reset_page_owner+0x2ea/0x370
[ 4.672099][ T1] __free_pages_ok+0x5db/0xbf0
[ 4.672099][ T1] ? __split_page_owner+0xdd/0x120
[ 4.672099][ T1] make_alloc_exact+0x165/0x260
[ 4.672099][ T1] alloc_large_system_hash+0x4e0/0x640
[ 4.672099][ T1] inet_hashinfo2_init+0x4b/0xd0
[ 4.672099][ T1] tcp_init+0xba/0x9f0
[ 4.672099][ T1] inet_init+0x419/0x6f0
[ 4.672099][ T1] ? __pfx_inet_init+0x10/0x10
[ 4.672099][ T1] do_one_initcall+0x128/0x700
[ 4.672099][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 4.672099][ T1] ? trace_kmalloc+0x2d/0xe0
[ 4.721681][ T1] ? __kmalloc+0x213/0x400
[ 4.721681][ T1] kernel_init_freeable+0x69d/0xca0
[ 4.721681][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.721681][ T1] kernel_init+0x1c/0x2b0
[ 4.721681][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.721681][ T1] ret_from_fork+0x45/0x80
[ 4.721681][ T1] ? __pfx_kernel_init+0x10/0x10
[ 4.721681][ T1] ret_from_fork_asm+0x1a/0x30
[ 4.721681][ T1] </TASK>
[ 4.721681][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.1.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.1.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.1'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build204408742=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at d7906effc2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=d7906effc263366a8b067258cec67072b29aa5e0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241003-062913'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d7906effc263366a8b067258cec67072b29aa5e0\"
/usr/bin/ld: /tmp/ccI6z2y7.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccI6z2y7.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=12ac2840580000
Tested on:
commit: 920e7522 usb: gadget: function: Remove usage of the de..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
kernel config: https://syzkaller.appspot.com/x/.config?x=5508c3b3c58f53
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 14:35 ` syzbot
@ 2024-10-11 14:55 ` Alan Stern
2024-10-11 15:00 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-11 14:55 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Fri, Oct 11, 2024 at 07:35:02AM -0700, syzbot wrote:
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
...
> Tested on:
>
> commit: 920e7522 usb: gadget: function: Remove usage of the de..
All right, let's try again with an explicit patch to undo the timer
changes in dummy_hcd.c.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -30,7 +30,7 @@
#include <linux/slab.h>
#include <linux/errno.h>
#include <linux/init.h>
-#include <linux/hrtimer.h>
+#include <linux/timer.h>
#include <linux/list.h>
#include <linux/interrupt.h>
#include <linux/platform_device.h>
@@ -50,8 +50,6 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
-
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -242,7 +240,7 @@ enum dummy_rh_state {
struct dummy_hcd {
struct dummy *dum;
enum dummy_rh_state rh_state;
- struct hrtimer timer;
+ struct timer_list timer;
u32 port_status;
u32 old_status;
unsigned long re_timeout;
@@ -1303,8 +1301,8 @@ static int dummy_urb_enqueue(
urb->error_count = 1; /* mark as a new urb */
/* kick the scheduler, it'll do the rest */
- if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL);
+ if (!timer_pending(&dum_hcd->timer))
+ mod_timer(&dum_hcd->timer, jiffies + 1);
done:
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
@@ -1325,7 +1323,7 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL);
+ mod_timer(&dum_hcd->timer, jiffies);
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
@@ -1779,7 +1777,7 @@ static int handle_control_request(struct
* drivers except that the callbacks are invoked from soft interrupt
* context.
*/
-static enum hrtimer_restart dummy_timer(struct hrtimer *t)
+static void dummy_timer(struct timer_list *t)
{
struct dummy_hcd *dum_hcd = from_timer(dum_hcd, t, timer);
struct dummy *dum = dum_hcd->dum;
@@ -1810,6 +1808,8 @@ static enum hrtimer_restart dummy_timer(
break;
}
+ /* FIXME if HZ != 1000 this will probably misbehave ... */
+
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
@@ -1817,7 +1817,7 @@ static enum hrtimer_restart dummy_timer(
dev_err(dummy_dev(dum_hcd),
"timer fired with no URBs pending?\n");
spin_unlock_irqrestore(&dum->lock, flags);
- return HRTIMER_NORESTART;
+ return;
}
dum_hcd->next_frame_urbp = NULL;
@@ -1995,12 +1995,10 @@ return_urb:
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
/* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL);
+ mod_timer(&dum_hcd->timer, jiffies + msecs_to_jiffies(1));
}
spin_unlock_irqrestore(&dum->lock, flags);
-
- return HRTIMER_NORESTART;
}
/*-------------------------------------------------------------------------*/
@@ -2389,7 +2387,7 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL);
+ mod_timer(&dum_hcd->timer, jiffies);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
@@ -2467,8 +2465,7 @@ static DEVICE_ATTR_RO(urbs);
static int dummy_start_ss(struct dummy_hcd *dum_hcd)
{
- hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
- dum_hcd->timer.function = dummy_timer;
+ timer_setup(&dum_hcd->timer, dummy_timer, 0);
dum_hcd->rh_state = DUMMY_RH_RUNNING;
dum_hcd->stream_en_ep = 0;
INIT_LIST_HEAD(&dum_hcd->urbp_list);
@@ -2497,8 +2494,7 @@ static int dummy_start(struct usb_hcd *h
return dummy_start_ss(dum_hcd);
spin_lock_init(&dum_hcd->dum->lock);
- hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
- dum_hcd->timer.function = dummy_timer;
+ timer_setup(&dum_hcd->timer, dummy_timer, 0);
dum_hcd->rh_state = DUMMY_RH_RUNNING;
INIT_LIST_HEAD(&dum_hcd->urbp_list);
@@ -2517,11 +2513,8 @@ static int dummy_start(struct usb_hcd *h
static void dummy_stop(struct usb_hcd *hcd)
{
- struct dummy_hcd *dum_hcd = hcd_to_dummy_hcd(hcd);
-
- hrtimer_cancel(&dum_hcd->timer);
- device_remove_file(dummy_dev(dum_hcd), &dev_attr_urbs);
- dev_info(dummy_dev(dum_hcd), "stopped\n");
+ device_remove_file(dummy_dev(hcd_to_dummy_hcd(hcd)), &dev_attr_urbs);
+ dev_info(dummy_dev(hcd_to_dummy_hcd(hcd)), "stopped\n");
}
/*-------------------------------------------------------------------------*/
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 14:55 ` Alan Stern
@ 2024-10-11 15:00 ` syzbot
2024-10-11 15:17 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-11 15:00 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/usb/gadget/udc/dummy_hcd.c
Hunk #4 FAILED at 1301.
Hunk #5 FAILED at 1323.
Hunk #6 succeeded at 1778 (offset 1 line).
Hunk #7 succeeded at 1809 (offset 1 line).
Hunk #8 succeeded at 1818 (offset 1 line).
Hunk #9 FAILED at 1995.
Hunk #10 FAILED at 2389.
Hunk #11 FAILED at 2467.
Hunk #12 FAILED at 2497.
Hunk #13 succeeded at 2519 (offset 2 lines).
6 out of 13 hunks FAILED
Tested on:
commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=12ae9fd0580000
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 15:00 ` syzbot
@ 2024-10-11 15:17 ` Alan Stern
2024-10-11 15:45 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-11 15:17 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Fri, Oct 11, 2024 at 08:00:05AM -0700, syzbot wrote:
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> failed to apply patch:
> checking file drivers/usb/gadget/udc/dummy_hcd.c
> Hunk #4 FAILED at 1301.
> Hunk #5 FAILED at 1323.
> Hunk #6 succeeded at 1778 (offset 1 line).
> Hunk #7 succeeded at 1809 (offset 1 line).
> Hunk #8 succeeded at 1818 (offset 1 line).
> Hunk #9 FAILED at 1995.
> Hunk #10 FAILED at 2389.
> Hunk #11 FAILED at 2467.
> Hunk #12 FAILED at 2497.
> Hunk #13 succeeded at 2519 (offset 2 lines).
> 6 out of 13 hunks FAILED
>
>
>
> Tested on:
>
> commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
All right, one more try, this time starting from the right commit.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -30,7 +30,7 @@
#include <linux/slab.h>
#include <linux/errno.h>
#include <linux/init.h>
-#include <linux/hrtimer.h>
+#include <linux/timer.h>
#include <linux/list.h>
#include <linux/interrupt.h>
#include <linux/platform_device.h>
@@ -50,8 +50,6 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
-
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -242,7 +240,7 @@ enum dummy_rh_state {
struct dummy_hcd {
struct dummy *dum;
enum dummy_rh_state rh_state;
- struct hrtimer timer;
+ struct timer_list timer;
u32 port_status;
u32 old_status;
unsigned long re_timeout;
@@ -1303,9 +1301,8 @@ static int dummy_urb_enqueue(
urb->error_count = 1; /* mark as a new urb */
/* kick the scheduler, it'll do the rest */
- if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
- HRTIMER_MODE_REL_SOFT);
+ if (!timer_pending(&dum_hcd->timer))
+ mod_timer(&dum_hcd->timer, jiffies + 1);
done:
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
@@ -1326,7 +1323,7 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ mod_timer(&dum_hcd->timer, jiffies);
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
@@ -1780,7 +1777,7 @@ static int handle_control_request(struct
* drivers except that the callbacks are invoked from soft interrupt
* context.
*/
-static enum hrtimer_restart dummy_timer(struct hrtimer *t)
+static void dummy_timer(struct timer_list *t)
{
struct dummy_hcd *dum_hcd = from_timer(dum_hcd, t, timer);
struct dummy *dum = dum_hcd->dum;
@@ -1811,6 +1808,8 @@ static enum hrtimer_restart dummy_timer(
break;
}
+ /* FIXME if HZ != 1000 this will probably misbehave ... */
+
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
@@ -1818,7 +1817,7 @@ static enum hrtimer_restart dummy_timer(
dev_err(dummy_dev(dum_hcd),
"timer fired with no URBs pending?\n");
spin_unlock_irqrestore(&dum->lock, flags);
- return HRTIMER_NORESTART;
+ return;
}
dum_hcd->next_frame_urbp = NULL;
@@ -1996,13 +1995,10 @@ return_urb:
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
/* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
- HRTIMER_MODE_REL_SOFT);
+ mod_timer(&dum_hcd->timer, jiffies + msecs_to_jiffies(1));
}
spin_unlock_irqrestore(&dum->lock, flags);
-
- return HRTIMER_NORESTART;
}
/*-------------------------------------------------------------------------*/
@@ -2391,7 +2387,7 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ mod_timer(&dum_hcd->timer, jiffies);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
@@ -2469,8 +2465,7 @@ static DEVICE_ATTR_RO(urbs);
static int dummy_start_ss(struct dummy_hcd *dum_hcd)
{
- hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT);
- dum_hcd->timer.function = dummy_timer;
+ timer_setup(&dum_hcd->timer, dummy_timer, 0);
dum_hcd->rh_state = DUMMY_RH_RUNNING;
dum_hcd->stream_en_ep = 0;
INIT_LIST_HEAD(&dum_hcd->urbp_list);
@@ -2499,8 +2494,7 @@ static int dummy_start(struct usb_hcd *h
return dummy_start_ss(dum_hcd);
spin_lock_init(&dum_hcd->dum->lock);
- hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT);
- dum_hcd->timer.function = dummy_timer;
+ timer_setup(&dum_hcd->timer, dummy_timer, 0);
dum_hcd->rh_state = DUMMY_RH_RUNNING;
INIT_LIST_HEAD(&dum_hcd->urbp_list);
@@ -2519,11 +2513,8 @@ static int dummy_start(struct usb_hcd *h
static void dummy_stop(struct usb_hcd *hcd)
{
- struct dummy_hcd *dum_hcd = hcd_to_dummy_hcd(hcd);
-
- hrtimer_cancel(&dum_hcd->timer);
- device_remove_file(dummy_dev(dum_hcd), &dev_attr_urbs);
- dev_info(dummy_dev(dum_hcd), "stopped\n");
+ device_remove_file(dummy_dev(hcd_to_dummy_hcd(hcd)), &dev_attr_urbs);
+ dev_info(dummy_dev(hcd_to_dummy_hcd(hcd)), "stopped\n");
}
/*-------------------------------------------------------------------------*/
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 15:17 ` Alan Stern
@ 2024-10-11 15:45 ` syzbot
2024-10-12 0:48 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-11 15:45 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested on:
commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=15346f07980000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1456db27980000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 15:45 ` syzbot
@ 2024-10-12 0:48 ` Alan Stern
2024-10-12 1:14 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-12 0:48 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Fri, Oct 11, 2024 at 08:45:03AM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
>
> Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
> Tested-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
>
> Tested on:
>
> commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> console output: https://syzkaller.appspot.com/x/log.txt?x=15346f07980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
> dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> patch: https://syzkaller.appspot.com/x/patch.diff?x=1456db27980000
>
> Note: testing is done by a robot and is best-effort only.
Maybe the problem occurs because the hrtimer subsystem doesn't like
timeouts set to the current moment. Let's try changing them all to be
in the future.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -1304,7 +1304,7 @@ static int dummy_urb_enqueue(
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1326,7 +1326,8 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
@@ -1995,8 +1996,7 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
@@ -2391,7 +2391,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-12 0:48 ` Alan Stern
@ 2024-10-12 1:14 ` syzbot
2024-10-13 1:09 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-12 1:14 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_port_suspend
INFO: task kworker/0:1:9 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1 state:D stack:22896 pid:9 tgid:9 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_put_sync_autosuspend include/linux/pm_runtime.h:524 [inline]
usb_new_device+0x1087/0x1a10 drivers/usb/core/hub.c:2683
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:2:803 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:24064 pid:803 tgid:803 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:3:6535 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3 state:D stack:24272 pid:6535 tgid:6535 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:4:6563 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:4 state:D stack:24704 pid:6563 tgid:6563 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.4.39:6580 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.39 state:D stack:27856 pid:6580 tgid:6580 ppid:4263 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_manage_power+0x1d/0xa0 drivers/usb/class/cdc-wdm.c:1134
wdm_release+0x26a/0x440 drivers/usb/class/cdc-wdm.c:779
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa49844dff9
RSP: 002b:00007fff7cd05398 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000001e9c1 RCX: 00007fa49844dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fa498607a80 R08: 0000000000000001 R09: 00007fff7cd0568f
R10: 00007fa4982ca000 R11: 0000000000000246 R12: 000000000001ec9c
R13: 00007fff7cd054a0 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.0.40:6585 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.40 state:D stack:28192 pid:6585 tgid:6582 ppid:4249 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f087becc990
RSP: 002b:00007f087b948b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f087becc990
RDX: 0000000000000002 RSI: 00007f087b948c10 RDI: 00000000ffffff9c
RBP: 00007f087b948c10 R08: 0000000000000000 R09: 00007f087b948987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f087c085f80 R15: 00007fff605cc188
</TASK>
INFO: task syz.3.41:6586 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.41 state:D stack:28224 pid:6586 tgid:6583 ppid:4258 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7ff07ac990
RSP: 002b:00007f7ff022eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7ff07ac990
RDX: 0000000000000002 RSI: 00007f7ff022ec10 RDI: 00000000ffffff9c
RBP: 00007f7ff022ec10 R08: 0000000000000000 R09: 00007f7ff022e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f7ff0965f80 R15: 00007ffc7915f428
</TASK>
INFO: task syz.1.42:6587 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.42 state:D stack:28192 pid:6587 tgid:6584 ppid:4250 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9bb1bc990
RSP: 002b:00007ff9bac3eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff9bb1bc990
RDX: 0000000000000002 RSI: 00007ff9bac3ec10 RDI: 00000000ffffff9c
RBP: 00007ff9bac3ec10 R08: 0000000000000000 R09: 00007ff9bac3e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff9bb375f80 R15: 00007ffc4d422d68
</TASK>
INFO: task syz.2.43:6589 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.43 state:D stack:28288 pid:6589 tgid:6588 ppid:4253 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fab01e9c990
RSP: 002b:00007fab01918b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fab01e9c990
RDX: 0000000000000002 RSI: 00007fab01918c10 RDI: 00000000ffffff9c
RBP: 00007fab01918c10 R08: 0000000000000000 R09: 00007fab01918987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fab02055f80 R15: 00007ffc5d3515e8
</TASK>
Showing all locks held in the system:
4 locks held by kworker/0:1/9:
#0: ffff8881062c3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000009fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109ba5190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109ba5190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888109bb0508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#3: ffff888109bb0508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
6 locks held by kworker/0:2/803:
#0: ffff8881062c3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001e0fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888106b7e190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888106b7e190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888113f6f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888113f6f190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff88811dfcd160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88811dfcd160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
2 locks held by getty/2605:
#0: ffff8881146210a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
6 locks held by kworker/0:3/6535:
#0: ffff8881062c3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900018a7d80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097ae190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881097ae190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888113f6e190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888113f6e190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff88811dfcb160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88811dfcb160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
6 locks held by kworker/0:4/6563:
#0: ffff8881062c3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001477d80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b21190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b21190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811dfcf190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811dfcf190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888127339160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888127339160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
1 lock held by syz.4.39/6580:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.0.40/6585:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.3.41/6586:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.42/6587:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.43/6589:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.44/8607:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.48/8849:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.45/8866:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.46/8871:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.47/8874:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.49/10394:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.51/11122:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.50/11142:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.53/11167:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.52/11181:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.54/11615:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.55/13538:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.58/13772:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.56/13774:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.57/13777:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.59/13902:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.60/15429:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.61/16122:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.62/16144:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.63/16153:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.64/16188:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
3 locks held by modprobe/16364:
#0: ffff8881f593d6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:593 [inline]
#0: ffff8881f593d6d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1505 [inline]
#0: ffff8881f593d6d8 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1804 [inline]
#0: ffff8881f593d6d8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x293/0x34b0 kernel/sched/core.c:6575
#1: ffff88810be8a518 (&sighand->siglock){....}-{2:2}, at: do_notify_parent+0x778/0x1040 kernel/signal.c:2114
#2: ffff8881007d47b8 (&sig->wait_chldexit){....}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:105 [inline]
#2: ffff8881007d47b8 (&sig->wait_chldexit){....}-{2:2}, at: __wake_up_sync_key+0x1c/0x50 kernel/sched/wait.c:173
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 16371 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:_compound_head include/linux/page-flags.h:244 [inline]
RIP: 0010:virt_to_folio include/linux/mm.h:1284 [inline]
RIP: 0010:virt_to_slab mm/slab.h:206 [inline]
RIP: 0010:kmem_cache_free+0x99/0x480 mm/slub.c:4682
Code: 48 89 df 48 89 44 24 10 e8 74 c3 6f ff 48 c1 e8 0c 49 89 c2 48 b8 00 00 00 00 00 ea ff ff 49 c1 e2 06 4d 8d 34 02 49 8b 46 08 <a8> 01 0f 85 62 02 00 00 0f 1f 44 00 00 31 c0 41 80 7e 33 f5 48 89
RSP: 0018:ffffc90004d5fd20 EFLAGS: 00000202
RAX: ffffea00046f2801 RBX: ffff88811bca6600 RCX: ffffffff8116adac
RDX: ffff888115f09d40 RSI: ffffffff8116adb6 RDI: 0000000000000007
RBP: ffffc90004d5fd80 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000046f2980 R11: 0000000000000000 R12: ffff888100add140
R13: 000000000003c40c R14: ffffea00046f2980 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f76c8ff3270 CR3: 000000011a3fa000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
putname+0x12e/0x170 fs/namei.c:280
do_sys_openat2+0x160/0x1e0 fs/open.c:1423
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f76c929aa46
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 0a 48 01 00 48 83 c8 ff c3 31
RSP: 002b:00007ffe0b165df8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffe0b166058 RCX: 00007f76c929aa46
RDX: 0000000000080000 RSI: 00007ffe0b165e70 RDI: 00000000ffffff9c
RBP: 00007ffe0b165e60 R08: 0000000000080000 R09: 00007ffe0b165e70
R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffe0b165e70
R13: 0000000000000005 R14: 00007ffe0b16603f R15: 00000000ffffffff
</TASK>
Tested on:
commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=112c305f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=147e3b27980000
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-12 1:14 ` syzbot
@ 2024-10-13 1:09 ` Alan Stern
2024-10-13 2:10 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 1:09 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Fri, Oct 11, 2024 at 06:14:03PM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> INFO: task hung in usb_port_suspend
Okay, let's do some closer tracking of URBs waiting to be dequeued.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -276,6 +276,7 @@ struct dummy {
unsigned ints_enabled:1;
unsigned udc_suspended:1;
unsigned pullup:1;
+ bool alanflag;
/*
* HOST side support
@@ -1304,7 +1305,7 @@ static int dummy_urb_enqueue(
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1326,13 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ dum_hcd->dum->alanflag = true;
+ dev_info(udc_dev(dum_hcd->dum), "Dequeue %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else
+ dev_info(udc_dev(dum_hcd->dum), "Failed dequeue\n");
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1788,6 +1793,7 @@ static enum hrtimer_restart dummy_timer(
unsigned long flags;
int limit, total;
int i;
+ int alancnt = 0;
/* simplistic model for one frame's bandwidth */
/* FIXME: account for transaction and packet overhead */
@@ -1984,6 +1990,9 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ if (dum->alanflag)
+ dev_info(udc_dev(dum), "Give back %p\n", urb);
+ ++alancnt;
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,11 +2004,14 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
+ if (dum->alanflag) {
+ dev_info(udc_dev(dum), "Gave back %d URBs\n", alancnt);
+ dum->alanflag = false;
+ }
spin_unlock_irqrestore(&dum->lock, flags);
return HRTIMER_NORESTART;
@@ -2391,7 +2403,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 1:09 ` Alan Stern
@ 2024-10-13 2:10 ` syzbot
2024-10-13 2:43 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-13 2:10 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_register_dev
INFO: task kworker/0:1:9 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1 state:D stack:23536 pid:9 tgid:9 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:0:24 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:23520 pid:24 tgid:24 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:4:6535 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:4 state:D stack:23808 pid:6535 tgid:6535 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_disconnect+0xd1/0x440 drivers/usb/class/cdc-wdm.c:1216
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:561
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x396/0x9f0 drivers/base/core.c:3864
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1bed/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:5:6618 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5 state:D stack:23808 pid:6618 tgid:6618 ppid:2 flags:0x00004000
Workqueue: pm pm_runtime_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_autosuspend include/linux/pm_runtime.h:342 [inline]
usb_runtime_idle+0x4c/0x60 drivers/usb/core/driver.c:2005
rpm_idle+0x2f7/0x740 drivers/base/power/runtime.c:524
pm_runtime_work+0x120/0x150 drivers/base/power/runtime.c:970
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.0.153:6813 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.153 state:D stack:27856 pid:6813 tgid:6813 ppid:4254 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_manage_power+0x1d/0xa0 drivers/usb/class/cdc-wdm.c:1134
wdm_release+0x26a/0x440 drivers/usb/class/cdc-wdm.c:779
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd6be98dff9
RSP: 002b:00007fff6697d688 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fd6beb47a80 RCX: 00007fd6be98dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fd6beb47a80 R08: 0000000000000000 R09: 00007fff6697d97f
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000002877f
R13: 00007fff6697d790 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.3.154:6816 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.154 state:D stack:28432 pid:6816 tgid:6815 ppid:4265 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcc2d80c990
RSP: 002b:00007fcc2d288b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcc2d80c990
RDX: 0000000000000002 RSI: 00007fcc2d288c10 RDI: 00000000ffffff9c
RBP: 00007fcc2d288c10 R08: 0000000000000000 R09: 00007fcc2d288987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcc2d9c5f80 R15: 00007ffdaaac7d78
</TASK>
INFO: task syz.1.155:6818 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.155 state:D stack:28432 pid:6818 tgid:6817 ppid:4257 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbbeae4c990
RSP: 002b:00007fbbea8ceb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fbbeae4c990
RDX: 0000000000000002 RSI: 00007fbbea8cec10 RDI: 00000000ffffff9c
RBP: 00007fbbea8cec10 R08: 0000000000000000 R09: 00007fbbea8ce987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbbeb005f80 R15: 00007ffc2c04c228
</TASK>
INFO: task syz.2.156:6820 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.156 state:D stack:28432 pid:6820 tgid:6819 ppid:4253 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f09b775c990
RSP: 002b:00007f09b71deb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f09b775c990
RDX: 0000000000000002 RSI: 00007f09b71dec10 RDI: 00000000ffffff9c
RBP: 00007f09b71dec10 R08: 0000000000000000 R09: 00007f09b71de987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f09b7915f80 R15: 00007ffdd5aecd28
</TASK>
Showing all locks held in the system:
6 locks held by kworker/0:1/9:
#0: ffff888105adf548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000009fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109f5c190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109f5c190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888118de7190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888118de7190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888113596160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888113596160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
6 locks held by kworker/1:0/24:
#0: ffff888105adf548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000019fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff88810879c190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff88810879c190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811861e190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811861e190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888130520160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888130520160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:5/161:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900015cfd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:7/1133:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000223fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by getty/2607:
#0: ffff88810f7bd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:4/6535:
#0: ffff888105adf548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000235fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff88810a304190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff88810a304190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888117915190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888117915190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x10a/0x920 drivers/usb/core/hub.c:2295
#4: ffff8881056e2160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff8881056e2160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff8881056e2160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x610 drivers/base/dd.c:1293
#5: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_disconnect+0xd1/0x440 drivers/usb/class/cdc-wdm.c:1216
3 locks held by kworker/1:5/6618:
#0: ffff888100eed548 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000218fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109bc7508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff888109bc7508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
1 lock held by syz.0.153/6813:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.3.154/6816:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.1.155/6818:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.156/6820:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.160/8460:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.162/8635:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.164/8668:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.163/8675:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.175/10078:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.177/10433:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.179/10523:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.178/10526:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.189/11409:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.191/12312:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.193/12444:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.194/12453:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.200/12833:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.205/14069:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.207/14487:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.208/14512:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.211/14675:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.218/15414:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.221/16371:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.222/16514:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by modprobe/16662:
2 locks held by modprobe/16675:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 16680 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__lock_acquire+0x31f/0x3ce0 kernel/locking/lockdep.c:5138
Code: 00 00 49 8d 45 18 4d 89 65 10 48 89 c2 48 89 44 24 48 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 eb 2b 00 00 <48> 8b 44 24 10 49 8d bf 7c 0a 00 00 45 31 e4 48 89 fa 49 89 45 18
RSP: 0018:ffffc90005fef1c0 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11022b528ac
RDX: 1ffff11022b528b0 RSI: 0000000000000038 RDI: ffff888115a94570
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 000000000000000a R11: 0000000000000000 R12: ffff8881082ab9d8
R13: ffff888115a94568 R14: 0000000000000038 R15: ffff888115a93a80
FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa627f8a3b0 CR3: 000000012e598000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
__pte_offset_map_lock+0xf1/0x300 mm/pgtable-generic.c:375
pte_offset_map_lock include/linux/mm.h:3014 [inline]
zap_pte_range mm/memory.c:1600 [inline]
zap_pmd_range mm/memory.c:1739 [inline]
zap_pud_range mm/memory.c:1768 [inline]
zap_p4d_range mm/memory.c:1789 [inline]
unmap_page_range+0x5d4/0x2fa0 mm/memory.c:1810
unmap_single_vma+0x194/0x2b0 mm/memory.c:1856
unmap_vmas+0x22f/0x490 mm/memory.c:1900
vms_clear_ptes+0x426/0x780 mm/vma.c:1089
vms_clean_up_area+0x6b/0x240 mm/vma.c:1108
mmap_region+0x10c5/0x2900 mm/mmap.c:1439
do_mmap+0xc00/0xfc0 mm/mmap.c:496
vm_mmap_pgoff+0x1ba/0x350 mm/util.c:588
ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa628203b74
Code: 63 08 44 89 e8 5b 41 5c 41 5d c3 41 89 ca 41 f7 c1 ff 0f 00 00 74 0c c7 05 f5 46 01 00 16 00 00 00 eb 17 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 dc 46 01 00 48 83 c8 ff c3 0f
RSP: 002b:00007fff0688db38 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fff0688db78 RCX: 00007fa628203b74
RDX: 0000000000000005 RSI: 0000000000006000 RDI: 00007fa627f5f000
RBP: 00007fff0688df10 R08: 0000000000000000 R09: 0000000000003000
R10: 0000000000000812 R11: 0000000000000246 R12: 00007fa6281e0ac0
R13: 00007fff0688df98 R14: 0000000000002ee0 R15: 0000000000000000
</TASK>
Tested on:
commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=17411087980000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15161087980000
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 2:10 ` syzbot
@ 2024-10-13 2:43 ` Alan Stern
2024-10-13 3:05 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 2:43 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Sat, Oct 12, 2024 at 07:10:05PM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> INFO: task hung in usb_register_dev
The console log shows a lot of dequeue failures. Let's find out why
they are failing.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -276,6 +276,7 @@ struct dummy {
unsigned ints_enabled:1;
unsigned udc_suspended:1;
unsigned pullup:1;
+ bool alanflag;
/*
* HOST side support
@@ -1304,7 +1305,7 @@ static int dummy_urb_enqueue(
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1326,15 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ dum_hcd->dum->alanflag = true;
+ dev_info(udc_dev(dum_hcd->dum), "Dequeue %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else
+ dev_info(udc_dev(dum_hcd->dum), "Failed dequeue: %d %d %d\n",
+ rc, dum_hcd->rh_state,
+ list_empty(&dum_hcd->urbp_list));
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1788,6 +1795,7 @@ static enum hrtimer_restart dummy_timer(
unsigned long flags;
int limit, total;
int i;
+ int alancnt = 0;
/* simplistic model for one frame's bandwidth */
/* FIXME: account for transaction and packet overhead */
@@ -1984,6 +1992,9 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ if (dum->alanflag)
+ dev_info(udc_dev(dum), "Give back %p\n", urb);
+ ++alancnt;
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,11 +2006,14 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
+ if (dum->alanflag) {
+ dev_info(udc_dev(dum), "Gave back %d URBs\n", alancnt);
+ dum->alanflag = false;
+ }
spin_unlock_irqrestore(&dum->lock, flags);
return HRTIMER_NORESTART;
@@ -2391,7 +2405,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 2:43 ` Alan Stern
@ 2024-10-13 3:05 ` syzbot
2024-10-13 14:30 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-13 3:05 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_register_dev
INFO: task kworker/0:1:9 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1 state:D stack:23264 pid:9 tgid:9 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:6:6753 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:6 state:D stack:23440 pid:6753 tgid:6753 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
wdm_disconnect+0x25/0x440 drivers/usb/class/cdc-wdm.c:1214
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:561
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x396/0x9f0 drivers/base/core.c:3864
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1bed/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.4.420:7346 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.420 state:D stack:27856 pid:7346 tgid:7346 ppid:4266 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f303702dff9
RSP: 002b:00007ffd93148178 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f30371e7a80 RCX: 00007f303702dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f30371e7a80 R08: 0000000000000000 R09: 00007ffd9314846f
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000003aee8
R13: 00007ffd93148280 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.2.421:7348 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.421 state:D stack:27856 pid:7348 tgid:7348 ppid:4257 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4e8801dff9
RSP: 002b:00007ffe1f7d36a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f4e881d7a80 RCX: 00007f4e8801dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f4e881d7a80 R08: 0000000000000000 R09: 00007ffe1f7d399f
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000003af53
R13: 00007ffe1f7d37b0 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.3.422:7351 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.422 state:D stack:28352 pid:7351 tgid:7350 ppid:4259 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_open+0x24a/0x630 drivers/usb/class/cdc-wdm.c:730
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb2ca20c990
RSP: 002b:00007fb2c9c88b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb2ca20c990
RDX: 0000000000000002 RSI: 00007fb2c9c88c10 RDI: 00000000ffffff9c
RBP: 00007fb2c9c88c10 R08: 0000000000000000 R09: 00007fb2c9c88987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fb2ca3c5f80 R15: 00007fff7f2b3468
</TASK>
INFO: task syz.1.423:7353 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.423 state:D stack:28432 pid:7353 tgid:7352 ppid:4252 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d754ac990
RSP: 002b:00007f2d74f2eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2d754ac990
RDX: 0000000000000002 RSI: 00007f2d74f2ec10 RDI: 00000000ffffff9c
RBP: 00007f2d74f2ec10 R08: 0000000000000000 R09: 00007f2d74f2e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f2d75665f80 R15: 00007ffc6abf00b8
</TASK>
Showing all locks held in the system:
6 locks held by kworker/0:1/9:
#0: ffff8881066c4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000009fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b47190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b47190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff8881158fc190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8881158fc190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888105e99160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888105e99160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:3/46:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90000517d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:4/52:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90000537d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:6/1273:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000263fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:7/1278:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900028dfd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:9/1292:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000291fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by getty/2607:
#0: ffff88810f77c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:3/6523:
#0: ffff8881022f8948 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000271fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097ba508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff8881097ba508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
6 locks held by kworker/1:6/6753:
#0: ffff8881066c4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000219fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888107f29190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888107f29190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811ca06190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811ca06190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x10a/0x920 drivers/usb/core/hub.c:2295
#4: ffff8881056bb160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff8881056bb160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff8881056bb160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x610 drivers/base/dd.c:1293
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
1 lock held by syz.4.420/7346:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
1 lock held by syz.2.421/7348:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.3.422/7351:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.1.423/7353:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.427/9127:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.428/9134:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.431/9194:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.430/9202:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.443/11017:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.444/11022:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.442/11035:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.446/11054:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.460/12868:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.459/12898:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.457/12900:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.458/12906:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.472/14705:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.473/14736:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.474/14738:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.476/14758:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by kworker/u8:4/15060:
1 lock held by modprobe/15085:
5 locks held by modprobe/15086:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 15093 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:write_comp_data+0x42/0x90 kernel/kcov.c:246
Code: a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 0f 00 75 60 a9 00 00 f0 00 75 59 8b 82 54 15 00 00 85 c0 74 4f 8b 82 30 15 00 00 <83> f8 03 75 44 48 8b 82 38 15 00 00 8b 92 34 15 00 00 48 8b 38 48
RSP: 0018:ffffc9000372f608 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000004 RCX: ffffffff86e38149
RDX: ffff888101b0ba80 RSI: 0000000000000003 RDI: 0000000000000005
RBP: ffffffff88107300 R08: 0000000000000005 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000005 R14: 0000000000000004 R15: 00007f6e25c01fff
FS: 00007f6e25b75380(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e25c82c39 CR3: 000000010f392000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__sanitizer_cov_trace_switch+0x54/0x90 kernel/kcov.c:351
ma_slots lib/maple_tree.c:761 [inline]
mas_get_slot lib/maple_tree.c:7065 [inline]
mas_validate_gaps lib/maple_tree.c:7331 [inline]
mt_validate+0x2809/0x41b0 lib/maple_tree.c:7606
validate_mm+0xae/0x4d0 mm/vma.c:534
__split_vma+0xcd3/0x1130 mm/vma.c:431
split_vma mm/vma.c:460 [inline]
vma_modify+0x156b/0x2400 mm/vma.c:1433
vma_modify_flags+0x1c4/0x250 mm/vma.c:1451
mprotect_fixup+0x2c2/0xbe0 mm/mprotect.c:664
do_mprotect_pkey+0x98e/0xd00 mm/mprotect.c:838
__do_sys_mprotect mm/mprotect.c:859 [inline]
__se_sys_mprotect mm/mprotect.c:856 [inline]
__x64_sys_mprotect+0x78/0xc0 mm/mprotect.c:856
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e25e99bb7
Code: 00 00 00 b8 0b 00 00 00 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 8d 0d b9 46 01 00 f7 d8 89 01 48 83 c8 ff c3 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 99 46 01 00 f7 d8 89 01 48 83
RSP: 002b:00007ffe2a205b08 EFLAGS: 00000206 ORIG_RAX: 000000000000000a
RAX: ffffffffffffffda RBX: 00007f6e25e765c0 RCX: 00007f6e25e99bb7
RDX: 0000000000000001 RSI: 0000000000004000 RDI: 00007f6e25da0000
RBP: 00007ffe2a205c20 R08: 00007ffe2a200000 R09: 00007f6e25eadab0
R10: 00007f6e25c06ab8 R11: 0000000000000206 R12: 00007f6e25e765c0
R13: 00007f6e25ea1eda R14: 00007f6e25da3bf8 R15: 00007f6e25da3b70
</TASK>
Tested on:
commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=15babfd0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16dc8440580000
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 3:05 ` syzbot
@ 2024-10-13 14:30 ` Alan Stern
2024-10-13 15:02 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 14:30 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Sat, Oct 12, 2024 at 08:05:02PM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> INFO: task hung in usb_register_dev
That wasn't particularly helpful. In fact, it gives the impression
that the problem is caused by something else, not a bad dequeue. None
of the tasks listed in the console log are waiting inside usb_kill_urb().
This time let's see all the enqueues, dequeues, and givebacks for
non-control URBs. I don't know that the problem is related to a
non-control URB, but I do know that a bunch of control URBs succeed so
it might help to keep the focus away from them.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -1301,10 +1301,12 @@ static int dummy_urb_enqueue(
dum_hcd->next_frame_urbp = urbp;
if (usb_pipetype(urb->pipe) == PIPE_CONTROL)
urb->error_count = 1; /* mark as a new urb */
+ else
+ dev_info(dummy_dev(dum_hcd), "Enqueue %p\n", urb);
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1327,15 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ if (usb_pipetype(urb->pipe) != PIPE_CONTROL)
+ dev_info(dummy_dev(dum_hcd), "Dequeue restart %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else if (usb_pipetype(urb->pipe) != PIPE_CONTROL) {
+ dev_info(dummy_dev(dum_hcd), "Dequeue norestart: %d %p\n",
+ rc, urb);
+ }
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1984,6 +1992,8 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ if (usb_pipetype(urb->pipe) != PIPE_CONTROL)
+ dev_info(dummy_dev(dum_hcd), "Giveback %p\n", urb);
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,8 +2005,7 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
@@ -2391,7 +2400,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 14:30 ` Alan Stern
@ 2024-10-13 15:02 ` syzbot
2024-10-13 15:45 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-13 15:02 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_register_dev
INFO: task kworker/0:2:651 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:23728 pid:651 tgid:651 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:2:2510 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:24272 pid:2510 tgid:2510 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:3:3669 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 state:D stack:24064 pid:3669 tgid:3669 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:3:6517 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3 state:D stack:24240 pid:6517 tgid:6517 ppid:2 flags:0x00004000
Workqueue: pm pm_runtime_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_autosuspend include/linux/pm_runtime.h:342 [inline]
usb_runtime_idle+0x4c/0x60 drivers/usb/core/driver.c:2005
rpm_idle+0x2f7/0x740 drivers/base/power/runtime.c:524
pm_runtime_work+0x120/0x150 drivers/base/power/runtime.c:970
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.1.28:6553 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.28 state:D stack:27856 pid:6553 tgid:6553 ppid:4256 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_manage_power+0x1d/0xa0 drivers/usb/class/cdc-wdm.c:1134
wdm_release+0x26a/0x440 drivers/usb/class/cdc-wdm.c:779
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4b61e6dff9
RSP: 002b:00007ffee4286af8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f4b62027a80 RCX: 00007f4b61e6dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f4b62027a80 R08: 0000000000000000 R09: 00007ffee4286def
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000001e0b9
R13: 00007ffee4286c00 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.4.29:6556 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.29 state:D stack:28432 pid:6556 tgid:6555 ppid:4255 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f66f2eac990
RSP: 002b:00007f66f292eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f66f2eac990
RDX: 0000000000000002 RSI: 00007f66f292ec10 RDI: 00000000ffffff9c
RBP: 00007f66f292ec10 R08: 0000000000000000 R09: 00007f66f292e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f66f3065f80 R15: 00007ffdfdf2e9a8
</TASK>
INFO: task syz.2.30:6558 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.30 state:D stack:28192 pid:6558 tgid:6557 ppid:4252 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38ad10c990
RSP: 002b:00007f38acb8eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f38ad10c990
RDX: 0000000000000002 RSI: 00007f38acb8ec10 RDI: 00000000ffffff9c
RBP: 00007f38acb8ec10 R08: 0000000000000000 R09: 00007f38acb8e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f38ad2c5f80 R15: 00007fff6b525768
</TASK>
INFO: task syz.3.31:6560 blocked for more than 146 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.31 state:D stack:28000 pid:6560 tgid:6559 ppid:4254 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc73276c990
RSP: 002b:00007fc7321eeb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc73276c990
RDX: 0000000000000002 RSI: 00007fc7321eec10 RDI: 00000000ffffff9c
RBP: 00007fc7321eec10 R08: 0000000000000000 R09: 00007fc7321ee987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc732925f80 R15: 00007ffda361dcc8
</TASK>
INFO: task syz.0.32:6562 blocked for more than 147 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.32 state:D stack:28064 pid:6562 tgid:6561 ppid:4248 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f53a37ac990
RSP: 002b:00007f53a3228b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f53a37ac990
RDX: 0000000000000002 RSI: 00007f53a3228c10 RDI: 00000000ffffff9c
RBP: 00007f53a3228c10 R08: 0000000000000000 R09: 00007f53a3228987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f53a3965f80 R15: 00007ffcaaeb5738
</TASK>
Showing all locks held in the system:
2 locks held by kworker/u8:0/11:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900000bfd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:1/28:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900001e7d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:5/266:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900016ffd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
6 locks held by kworker/0:2/651:
#0: ffff8881066c4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001b1fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881097b4190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881097b4190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811e7a1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811e7a1190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff88811e988160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88811e988160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
2 locks held by kworker/u8:6/1332:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000298fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
6 locks held by kworker/1:2/2510:
#0: ffff8881066c4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000513fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b71190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b71190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811e35a190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811e35a190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff88811e35f160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88811e35f160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
2 locks held by getty/2605:
#0: ffff888108ae70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:3/3669:
#0: ffff8881066c4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000146fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b89190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b89190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88811e35b190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88811e35b190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888115bd6160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888115bd6160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
3 locks held by kworker/0:3/6517:
#0: ffff8881022f8948 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001a4fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888107b7a508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff888107b7a508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
1 lock held by syz.1.28/6553:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.4.29/6556:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.2.30/6558:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.31/6560:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.32/6562:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.33/8577:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.35/8827:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.34/8839:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.36/8844:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.37/8847:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.38/10336:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.39/11108:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.41/11117:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.40/11129:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.42/11140:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.43/11588:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.45/13714:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.47/13729:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.46/13737:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.44/13742:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.48/13873:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.49/16089:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.52/16088:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.51/16103:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.2.50/16122:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.53/16157:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
2 locks held by modprobe/16340:
1 lock held by modprobe/16341:
1 lock held by modprobe/16342:
5 locks held by modprobe/16343:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 16350 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:80 [inline]
RIP: 0010:__orc_find+0x83/0xf0 arch/x86/kernel/unwind_orc.c:102
Code: 02 48 01 f2 48 d1 fa 48 8d 5c 95 00 48 89 da 48 c1 ea 03 0f b6 34 0a 48 89 da 83 e2 07 83 c2 03 40 38 f2 7c 05 40 84 f6 75 4b <48> 63 13 48 01 da 49 39 d5 73 af 4c 8d 63 fc 49 39 ec 73 b2 4d 29
RSP: 0018:ffffc90004ccf358 EFLAGS: 00000246
RAX: ffffffff8b1f20be RBX: ffffffff8aa91620 RCX: dffffc0000000000
RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff8aa91604
RBP: ffffffff8aa91604 R08: ffffffff8b1f2184 R09: ffffffff8b1e59d2
R10: ffffc90004ccf408 R11: 0000000000060001 R12: ffffffff8aa91640
R13: ffffffff8700012f R14: ffffffff8aa91604 R15: ffffffff8aa91604
FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0fc1ced020 CR3: 0000000119916000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
unwind_next_frame+0x2be/0x20c0 arch/x86/kernel/unwind_orc.c:494
arch_stack_walk+0x95/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:319 [inline]
__kasan_slab_alloc+0x6e/0x70 mm/kasan/common.c:345
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
kmem_cache_alloc_noprof+0x11c/0x2b0 mm/slub.c:4142
mt_alloc_one lib/maple_tree.c:162 [inline]
mas_alloc_nodes+0x176/0x860 lib/maple_tree.c:1241
mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1321
mas_preallocate+0x53b/0xcd0 lib/maple_tree.c:5546
vma_iter_prealloc mm/vma.h:432 [inline]
mmap_region+0x14fa/0x2900 mm/mmap.c:1508
do_mmap+0xc00/0xfc0 mm/mmap.c:496
vm_mmap_pgoff+0x1ba/0x350 mm/util.c:588
ksys_mmap_pgoff+0x7d/0x5c0 mm/mmap.c:542
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0fc1d0ab74
Code: 63 08 44 89 e8 5b 41 5c 41 5d c3 41 89 ca 41 f7 c1 ff 0f 00 00 74 0c c7 05 f5 46 01 00 16 00 00 00 eb 17 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 dc 46 01 00 48 83 c8 ff c3 0f
RSP: 002b:00007ffc1b344d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00000000000000a0 RCX: 00007f0fc1d0ab74
RDX: 0000000000000003 RSI: 0000000000002000 RDI: 0000000000000000
RBP: 0000000000002000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000000 R15: 00007f0fc1d1f2a0
</TASK>
Tested on:
commit: d73dc7b1 USB: chaoskey: Fix possible deadlock chaoskey..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=12bf9087980000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1089e440580000
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 15:02 ` syzbot
@ 2024-10-13 15:45 ` Alan Stern
2024-10-13 16:14 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 15:45 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Sun, Oct 13, 2024 at 08:02:02AM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> INFO: task hung in usb_register_dev
All right, that's more like it. Now there's a smoking gun:
> INFO: task kworker/0:3:6517 blocked for more than 144 seconds.
> Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/0:3 state:D stack:24240 pid:6517 tgid:6517 ppid:2 flags:0x00004000
> Workqueue: pm pm_runtime_work
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5315 [inline]
> __schedule+0x105f/0x34b0 kernel/sched/core.c:6675
> __schedule_loop kernel/sched/core.c:6752 [inline]
> schedule+0xe7/0x350 kernel/sched/core.c:6767
> usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
> usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
> usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
> usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
> usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
Unforunately the URB not getting dequeued _is_ a control URB. So
let's trace enqueues and dequeues for all URBs. And let's see when
the timer handler runs.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -1301,10 +1301,12 @@ static int dummy_urb_enqueue(
dum_hcd->next_frame_urbp = urbp;
if (usb_pipetype(urb->pipe) == PIPE_CONTROL)
urb->error_count = 1; /* mark as a new urb */
+ dev_info(dummy_dev(dum_hcd), "Enqueue %p type %d\n", urb,
+ usb_pipetype(urb->pipe));
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1327,14 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ dev_info(dummy_dev(dum_hcd), "Dequeue restart %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else {
+ dev_info(dummy_dev(dum_hcd), "Dequeue norestart: %d %p\n",
+ rc, urb);
+ }
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1813,6 +1820,7 @@ static enum hrtimer_restart dummy_timer(
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
+ dev_info(dummy_dev(dum_hcd), "Timer handler\n");
if (!dum_hcd->udev) {
dev_err(dummy_dev(dum_hcd),
@@ -1984,6 +1992,7 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ dev_info(dummy_dev(dum_hcd), "Giveback %p\n", urb);
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,8 +2004,7 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
@@ -2391,7 +2399,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 15:45 ` Alan Stern
@ 2024-10-13 16:14 ` syzbot
2024-10-13 18:02 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-13 16:14 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested on:
commit: d73dc7b1 USB: chaoskey: Fix possible deadlock chaoskey..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=14c45087980000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16768727980000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 16:14 ` syzbot
@ 2024-10-13 18:02 ` Alan Stern
2024-10-13 18:38 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 18:02 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Sun, Oct 13, 2024 at 09:14:05AM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
No good. The console log shows too many prints from the timer handler.
Let's just print the message when a dequeue is pending.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -257,6 +257,8 @@ struct dummy_hcd {
unsigned active:1;
unsigned old_active:1;
unsigned resuming:1;
+
+ bool alanflag;
};
struct dummy {
@@ -1301,10 +1303,12 @@ static int dummy_urb_enqueue(
dum_hcd->next_frame_urbp = urbp;
if (usb_pipetype(urb->pipe) == PIPE_CONTROL)
urb->error_count = 1; /* mark as a new urb */
+ dev_info(dummy_dev(dum_hcd), "Enqueue %p type %d\n", urb,
+ usb_pipetype(urb->pipe));
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1329,15 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ dev_info(dummy_dev(dum_hcd), "Dequeue restart %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else {
+ dev_info(dummy_dev(dum_hcd), "Dequeue norestart: %d %p\n",
+ rc, urb);
+ }
+ dum_hcd->alanflag = true;
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1813,6 +1823,10 @@ static enum hrtimer_restart dummy_timer(
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
+ if (dum_hcd->alanflag) {
+ dum_hcd->alanflag = false;
+ dev_info(dummy_dev(dum_hcd), "Timer handler\n");
+ }
if (!dum_hcd->udev) {
dev_err(dummy_dev(dum_hcd),
@@ -1984,6 +1998,7 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ dev_info(dummy_dev(dum_hcd), "Giveback %p\n", urb);
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,8 +2010,7 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
@@ -2391,7 +2405,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 18:02 ` Alan Stern
@ 2024-10-13 18:38 ` syzbot
2024-10-13 19:24 ` Alan Stern
0 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-13 18:38 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
Tested on:
commit: d73dc7b1 USB: chaoskey: Fix possible deadlock chaoskey..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=1150ffd0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15df7fd0580000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 18:38 ` syzbot
@ 2024-10-13 19:24 ` Alan Stern
2024-10-13 20:34 ` syzbot
0 siblings, 1 reply; 28+ messages in thread
From: Alan Stern @ 2024-10-13 19:24 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Sun, Oct 13, 2024 at 11:38:03AM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Evidently there's still too much debugging output. Reduce it even more.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -257,6 +257,8 @@ struct dummy_hcd {
unsigned active:1;
unsigned old_active:1;
unsigned resuming:1;
+
+ bool alanflag;
};
struct dummy {
@@ -1304,7 +1306,7 @@ static int dummy_urb_enqueue(
/* kick the scheduler, it'll do the rest */
if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
done:
@@ -1325,9 +1327,15 @@ static int dummy_urb_dequeue(struct usb_
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ !list_empty(&dum_hcd->urbp_list)) {
+ dev_info(dummy_dev(dum_hcd), "Dequeue restart %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ } else {
+ dev_info(dummy_dev(dum_hcd), "Dequeue norestart: %d %p\n",
+ rc, urb);
+ }
+ dum_hcd->alanflag = true;
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1813,6 +1821,8 @@ static enum hrtimer_restart dummy_timer(
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
+ if (dum_hcd->alanflag)
+ dev_info(dummy_dev(dum_hcd), "Timer handler\n");
if (!dum_hcd->udev) {
dev_err(dummy_dev(dum_hcd),
@@ -1984,6 +1994,8 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ if (dum_hcd->alanflag)
+ dev_info(dummy_dev(dum_hcd), "Giveback %p\n", urb);
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,11 +2007,11 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
}
+ dum_hcd->alanflag = false;
spin_unlock_irqrestore(&dum->lock, flags);
return HRTIMER_NORESTART;
@@ -2391,7 +2403,8 @@ static int dummy_bus_resume(struct usb_h
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-13 19:24 ` Alan Stern
@ 2024-10-13 20:34 ` syzbot
0 siblings, 0 replies; 28+ messages in thread
From: syzbot @ 2024-10-13 20:34 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in usb_port_suspend
INFO: task kworker/1:4:6523 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:4 state:D stack:23856 pid:6523 tgid:6523 ppid:2 flags:0x00004000
Workqueue: pm pm_runtime_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_autosuspend include/linux/pm_runtime.h:342 [inline]
usb_runtime_idle+0x4c/0x60 drivers/usb/core/driver.c:2005
rpm_idle+0x2f7/0x740 drivers/base/power/runtime.c:524
pm_runtime_work+0x120/0x150 drivers/base/power/runtime.c:970
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:5:6539 blocked for more than 143 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5 state:D stack:24144 pid:6539 tgid:6539 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_write_slowpath+0x539/0x12a0 kernel/locking/rwsem.c:1176
__down_write_common kernel/locking/rwsem.c:1304 [inline]
__down_write kernel/locking/rwsem.c:1313 [inline]
down_write+0x1d8/0x200 kernel/locking/rwsem.c:1578
usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
wdm_create+0x1269/0x1870 drivers/usb/class/cdc-wdm.c:1113
wdm_probe+0x239/0x2e0 drivers/usb/class/cdc-wdm.c:1165
usb_probe_interface+0x309/0x9d0 drivers/usb/core/driver.c:399
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:254
usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:294
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3675
usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
hub_port_connect drivers/usb/core/hub.c:5521 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:5:6542 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:5 state:D stack:23808 pid:6542 tgid:6542 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_disconnect+0xd1/0x440 drivers/usb/class/cdc-wdm.c:1216
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:561
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x396/0x9f0 drivers/base/core.c:3864
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1bed/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz.3.60:6614 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.60 state:D stack:27856 pid:6614 tgid:6614 ppid:4249 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_manage_power+0x1d/0xa0 drivers/usb/class/cdc-wdm.c:1134
wdm_release+0x26a/0x440 drivers/usb/class/cdc-wdm.c:779
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x24e/0x260 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f34c0e8dff9
RSP: 002b:00007ffe019b50a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f34c1047a80 RCX: 00007f34c0e8dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f34c1047a80 R08: 0000000000000000 R09: 00007ffe019b539f
R10: 000000000003fdc8 R11: 0000000000000246 R12: 000000000001fd9e
R13: 00007ffe019b51b0 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
INFO: task syz.1.61:6617 blocked for more than 144 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.61 state:D stack:28224 pid:6617 tgid:6616 ppid:4247 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcada75c990
RSP: 002b:00007fcada1d8b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcada75c990
RDX: 0000000000000002 RSI: 00007fcada1d8c10 RDI: 00000000ffffff9c
RBP: 00007fcada1d8c10 R08: 0000000000000000 R09: 00007fcada1d8987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcada915f80 R15: 00007ffff2a253b8
</TASK>
INFO: task syz.0.62:6619 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.62 state:D stack:28224 pid:6619 tgid:6618 ppid:4241 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6f5d80c990
RSP: 002b:00007f6f5d28eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6f5d80c990
RDX: 0000000000000002 RSI: 00007f6f5d28ec10 RDI: 00000000ffffff9c
RBP: 00007f6f5d28ec10 R08: 0000000000000000 R09: 00007f6f5d28e987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f6f5d9c5f80 R15: 00007ffd2a1ce9f8
</TASK>
INFO: task syz.4.63:6621 blocked for more than 145 seconds.
Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.63 state:D stack:28400 pid:6621 tgid:6620 ppid:4258 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
usb_open+0x23/0x220 drivers/usb/core/file.c:38
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0fd791c990
RSP: 002b:00007f0fd7398b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fd791c990
RDX: 0000000000000002 RSI: 00007f0fd7398c10 RDI: 00000000ffffff9c
RBP: 00007f0fd7398c10 R08: 0000000000000000 R09: 00007f0fd7398987
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f0fd7ad5f80 R15: 00007fff6fe2a278
</TASK>
Showing all locks held in the system:
2 locks held by kworker/u8:1/28:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900001e7d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:4/50:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90000537d80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by kworker/u8:8/1179:
#0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000280fd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
2 locks held by getty/2606:
#0: ffff88810f72f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:4/6523:
#0: ffff888100eed548 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc900050afd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b7b508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff888109b7b508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
6 locks held by kworker/1:5/6539:
#0: ffff8881062f5948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001d2fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b90190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b90190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff88812c090190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88812c090190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#4: ffff888115874160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888115874160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 drivers/base/dd.c:1005
#5: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_register_dev+0x11c/0x550 drivers/usb/core/file.c:134
6 locks held by kworker/0:5/6542:
#0: ffff8881062f5948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc90001d1fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff888109b68190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888109b68190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
#3: ffff888131374190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff888131374190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x10a/0x920 drivers/usb/core/hub.c:2295
#4: ffff888112d1e160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888112d1e160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff888112d1e160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x610 drivers/base/dd.c:1293
#5: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_disconnect+0xd1/0x440 drivers/usb/class/cdc-wdm.c:1216
1 lock held by syz.3.60/6614:
#0: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz.1.61/6617:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a967e8 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz.0.62/6619:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.63/6621:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.68/8248:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.69/8441:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.71/8467:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.70/8471:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.82/9920:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.86/10298:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.83/10318:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.85/10320:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.95/11163:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.98/12158:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.99/12188:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.100/12234:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.107/12623:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.111/14041:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.4.114/14281:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.1.113/14308:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.3.117/14465:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by syz.0.125/15573:
#0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
1 lock held by modprobe/16087:
1 lock held by modprobe/16088:
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 16093 Comm: modprobe Not tainted 6.12.0-rc1-syzkaller-00028-gd73dc7b182be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x20 kernel/kcov.c:320
Code: 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <48> 89 f2 48 89 fe bf 07 00 00 00 e9 f8 fd ff ff 0f 1f 84 00 00 00
RSP: 0018:ffffc9000551f768 EFLAGS: 00000282
RAX: ffffea0004559c40 RBX: ffffea0004559c40 RCX: ffffffff81895a98
RDX: ffff88811a830000 RSI: ffffea0004559c40 RDI: fffffffffffff000
RBP: ffffc9000551f930 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 000000000003c40c
R13: 0000000000000000 R14: ffffc9000551f940 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055baab35c008 CR3: 0000000119afa000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
filemap_fault+0x228/0x2a10 mm/filemap.c:3323
__do_fault+0x10a/0x490 mm/memory.c:4876
do_cow_fault mm/memory.c:5312 [inline]
do_fault mm/memory.c:5418 [inline]
do_pte_missing mm/memory.c:3965 [inline]
handle_pte_fault mm/memory.c:5751 [inline]
__handle_mm_fault+0x7e1/0x3390 mm/memory.c:5894
handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6062
do_user_addr_fault+0x79f/0x12c0 arch/x86/mm/fault.c:1389
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_stos_alternative+0x40/0x80 arch/x86/lib/clear_page_64.S:96
Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
RSP: 0018:ffffc9000551fbb8 EFLAGS: 00050206
RAX: 0000000000000000 RBX: ffff888109b42918 RCX: 0000000000000ff8
RDX: ffff88811a830000 RSI: ffffffff81cef4f5 RDI: 000055baab35c008
RBP: 000055baab35c008 R08: 0000000000000000 R09: fffffbfff14ac851
R10: ffffffff8a56428f R11: 0000000000000000 R12: 0000000000000008
R13: 000055baab35b000 R14: ffff888109b42938 R15: ffff888109b42928
__clear_user arch/x86/include/asm/uaccess_64.h:183 [inline]
clear_user arch/x86/include/asm/uaccess_64.h:200 [inline]
padzero fs/binfmt_elf.c:125 [inline]
elf_load+0x6aa/0x880 fs/binfmt_elf.c:421
load_elf_binary+0xc19/0x4e20 fs/binfmt_elf.c:1167
search_binary_handler fs/exec.c:1752 [inline]
exec_binprm fs/exec.c:1794 [inline]
bprm_execve fs/exec.c:1845 [inline]
bprm_execve+0x703/0x1950 fs/exec.c:1821
kernel_execve+0x2ef/0x3b0 fs/exec.c:2012
call_usermodehelper_exec_async+0x255/0x4c0 kernel/umh.c:110
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Tested on:
commit: d73dc7b1 USB: chaoskey: Fix possible deadlock chaoskey..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=163cffd0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4510af5d637450fb
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15115087980000
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
2024-10-11 14:08 ` Alan Stern
@ 2024-10-14 1:24 ` syzbot
2024-10-20 16:38 ` syzbot
2024-10-22 10:46 ` Hillf Danton
3 siblings, 0 replies; 28+ messages in thread
From: syzbot @ 2024-10-14 1:24 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
Author: stern@rowland.harvard.edu
On Sun, Oct 13, 2024 at 01:34:05PM -0700, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
Okay, that's more like it. This exercise has focused my mind on one
particular spot in the code, and I believe I see the problem. The
driver needs to do a more careful job keeping track of whether the
hrtimer callback is pending; neither hrtimer_active() nor
dum_hcd->rh_state is quite the right thing to test. In particular, the
root hub can be in the DUMMY_RH_RUNNING state without the timer being
active.
This patch adds a flag for a pending timer callback, on top of all the
other debugging material. Let's see if it fixes the problem.
Alan Stern
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
usb-testing
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -50,7 +50,7 @@
#define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */
#define POWER_BUDGET_3 900 /* in mA */
-#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */
+#define DUMMY_INT_KTIME ns_to_ktime(125000) /* 1 microframe */
static const char driver_name[] = "dummy_hcd";
static const char driver_desc[] = "USB Host+Gadget Emulator";
@@ -254,9 +254,12 @@ struct dummy_hcd {
u32 stream_en_ep;
u8 num_stream[30 / 2];
+ unsigned timer_pending:1;
unsigned active:1;
unsigned old_active:1;
unsigned resuming:1;
+
+ bool alanflag;
};
struct dummy {
@@ -1303,9 +1306,11 @@ static int dummy_urb_enqueue(
urb->error_count = 1; /* mark as a new urb */
/* kick the scheduler, it'll do the rest */
- if (!hrtimer_active(&dum_hcd->timer))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ if (!dum_hcd->timer_pending) {
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
+ dum_hcd->timer_pending = 1;
+ }
done:
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
@@ -1324,10 +1329,17 @@ static int dummy_urb_dequeue(struct usb_
spin_lock_irqsave(&dum_hcd->dum->lock, flags);
rc = usb_hcd_check_unlink_urb(hcd, urb, status);
- if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING &&
- !list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
-
+ if (!rc && !dum_hcd->timer_pending &&
+ !list_empty(&dum_hcd->urbp_list)) {
+ dev_info(dummy_dev(dum_hcd), "Dequeue restart %p\n", urb);
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ dum_hcd->timer_pending = 1;
+ } else {
+ dev_info(dummy_dev(dum_hcd), "Dequeue norestart: %d %p\n",
+ rc, urb);
+ }
+ dum_hcd->alanflag = true;
spin_unlock_irqrestore(&dum_hcd->dum->lock, flags);
return rc;
}
@@ -1813,6 +1825,9 @@ static enum hrtimer_restart dummy_timer(
/* look at each urb queued by the host side driver */
spin_lock_irqsave(&dum->lock, flags);
+ dum_hcd->timer_pending = 0;
+ if (dum_hcd->alanflag)
+ dev_info(dummy_dev(dum_hcd), "Timer handler\n");
if (!dum_hcd->udev) {
dev_err(dummy_dev(dum_hcd),
@@ -1984,6 +1999,8 @@ return_urb:
ep->already_seen = ep->setup_stage = 0;
usb_hcd_unlink_urb_from_ep(dummy_hcd_to_hcd(dum_hcd), urb);
+ if (dum_hcd->alanflag)
+ dev_info(dummy_dev(dum_hcd), "Giveback %p\n", urb);
spin_unlock(&dum->lock);
usb_hcd_giveback_urb(dummy_hcd_to_hcd(dum_hcd), urb, status);
spin_lock(&dum->lock);
@@ -1995,11 +2012,12 @@ return_urb:
usb_put_dev(dum_hcd->udev);
dum_hcd->udev = NULL;
} else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) {
- /* want a 1 msec delay here */
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
HRTIMER_MODE_REL_SOFT);
+ dum_hcd->timer_pending = 1;
}
+ dum_hcd->alanflag = false;
spin_unlock_irqrestore(&dum->lock, flags);
return HRTIMER_NORESTART;
@@ -2390,8 +2408,11 @@ static int dummy_bus_resume(struct usb_h
} else {
dum_hcd->rh_state = DUMMY_RH_RUNNING;
set_link_state(dum_hcd);
- if (!list_empty(&dum_hcd->urbp_list))
- hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT);
+ if (!list_empty(&dum_hcd->urbp_list)) {
+ hrtimer_start(&dum_hcd->timer, DUMMY_INT_KTIME,
+ HRTIMER_MODE_REL_SOFT);
+ dum_hcd->timer_pending = 1;
+ }
hcd->state = HC_STATE_RUNNING;
}
spin_unlock_irq(&dum_hcd->dum->lock);
@@ -2522,6 +2543,7 @@ static void dummy_stop(struct usb_hcd *h
struct dummy_hcd *dum_hcd = hcd_to_dummy_hcd(hcd);
hrtimer_cancel(&dum_hcd->timer);
+ dum_hcd->timer_pending = 0;
device_remove_file(dummy_dev(dum_hcd), &dev_attr_urbs);
dev_info(dummy_dev(dum_hcd), "stopped\n");
}
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
2024-10-11 14:08 ` Alan Stern
2024-10-14 1:24 ` [syzbot] " syzbot
@ 2024-10-20 16:38 ` syzbot
2024-10-21 8:04 ` Oliver Neukum
2024-10-22 10:46 ` Hillf Danton
3 siblings, 1 reply; 28+ messages in thread
From: syzbot @ 2024-10-20 16:38 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, stern, sylv, syzkaller-bugs
syzbot has found a reproducer for the following issue on:
HEAD commit: 07b887f8236e xhci: add helper to stop endpoint and wait fo..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=11e9425f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=9878fe11046ea2c6
dashboard link: https://syzkaller.appspot.com/bug?extid=f342ea16c9d06d80b585
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13a36c87980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17a36c87980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c447438ae517/disk-07b887f8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1430abb44ca1/vmlinux-07b887f8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/53e62be3705b/bzImage-07b887f8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f342ea16c9d06d80b585@syzkaller.appspotmail.com
INFO: task kworker/0:0:8 blocked for more than 143 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:24544 pid:8 tgid:8 ppid:2 flags:0x00004000
Workqueue: pm pm_runtime_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
__rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394
rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448
rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672
__pm_runtime_suspend+0xbc/0x160 drivers/base/power/runtime.c:1142
pm_runtime_autosuspend include/linux/pm_runtime.h:342 [inline]
usb_runtime_idle+0x4c/0x60 drivers/usb/core/driver.c:2005
rpm_idle+0x2f7/0x740 drivers/base/power/runtime.c:524
pm_runtime_work+0x120/0x150 drivers/base/power/runtime.c:970
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz-executor264:2749 blocked for more than 143 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor264 state:D stack:27120 pid:2749 tgid:2749 ppid:2655 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
rpm_resume+0x5a8/0x1330 drivers/base/power/runtime.c:834
rpm_resume+0x750/0x1330 drivers/base/power/runtime.c:892
__pm_runtime_resume+0xb6/0x170 drivers/base/power/runtime.c:1172
pm_runtime_resume_and_get include/linux/pm_runtime.h:430 [inline]
usb_autopm_get_interface+0x20/0xe0 drivers/usb/core/driver.c:1833
wdm_open+0x24a/0x630 drivers/usb/class/cdc-wdm.c:730
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5497b6aa11
RSP: 002b:00007fff3baf7250 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5497b6aa11
RDX: 0000000000000002 RSI: 00007fff3baf72e0 RDI: 00000000ffffff9c
RBP: 00007fff3baf72e0 R08: 000000000000000f R09: 00007fff3baf7067
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000002ff58
R13: 00007fff3baf770c R14: 00007fff3baf7720 R15: 00007fff3baf7710
</TASK>
INFO: task syz-executor264:2750 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor264 state:D stack:28384 pid:2750 tgid:2750 ppid:2656 flags:0x00000006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5497b6aa11
RSP: 002b:00007fff3baf7250 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5497b6aa11
RDX: 0000000000000002 RSI: 00007fff3baf72e0 RDI: 00000000ffffff9c
RBP: 00007fff3baf72e0 R08: 000000000000000f R09: 00007fff3baf7067
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000002ff82
R13: 00007fff3baf770c R14: 00007fff3baf7720 R15: 00007fff3baf7710
</TASK>
INFO: task syz-executor264:2751 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor264 state:D stack:28224 pid:2751 tgid:2751 ppid:2654 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
__fput+0x3f6/0xb60 fs/file_table.c:431
task_work_run+0x14e/0x250 kernel/task_work.c:228
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0xadd/0x2ce0 kernel/exit.c:939
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5497b69ab9
RSP: 002b:00007fff3baf7698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5497b69ab9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f5497be4370 R08: ffffffffffffffb8 R09: ffffffffffffffff
R10: 00007f5497be43c0 R11: 0000000000000246 R12: 00007f5497be4370
R13: 0000000000000000 R14: 00007f5497be8080 R15: 00007f5497b37c80
</TASK>
INFO: task syz-executor264:2753 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor264 state:D stack:26016 pid:2753 tgid:2753 ppid:2652 flags:0x00000006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5497b6aa11
RSP: 002b:00007fff3baf7250 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5497b6aa11
RDX: 0000000000000002 RSI: 00007fff3baf72e0 RDI: 00000000ffffff9c
RBP: 00007fff3baf72e0 R08: 000000000000000f R09: 00007fff3baf7067
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000030341
R13: 00007fff3baf770c R14: 00007fff3baf7720 R15: 00007fff3baf7710
</TASK>
INFO: task syz-executor264:2754 blocked for more than 144 seconds.
Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor264 state:D stack:27936 pid:2754 tgid:2754 ppid:2657 flags:0x00000006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__schedule_loop kernel/sched/core.c:6759 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5497b6aa11
RSP: 002b:00007fff3baf7250 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5497b6aa11
RDX: 0000000000000002 RSI: 00007fff3baf72e0 RDI: 00000000ffffff9c
RBP: 00007fff3baf72e0 R08: 000000000000000f R09: 00007fff3baf7067
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000030406
R13: 00007fff3baf770c R14: 00007fff3baf7720 R15: 00007fff3baf7710
</TASK>
Showing all locks held in the system:
3 locks held by kworker/0:0/8:
#0: ffff888100eed548 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
#1: ffffc9000008fd80 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
#2: ffff8881077f7508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3206 [inline]
#2: ffff8881077f7508 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x255/0xf10 drivers/usb/core/hub.c:3463
1 lock held by khungtaskd/30:
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff88ebb100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by getty/2609:
#0: ffff88810f7650a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
2 locks held by syz-executor264/2749:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a96908 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
2 locks held by syz-executor264/2750:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a96908 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
1 lock held by syz-executor264/2751:
#0: ffffffff89a96908 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4b/0x440 drivers/usb/class/cdc-wdm.c:764
2 locks held by syz-executor264/2753:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a96908 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
2 locks held by syz-executor264/2754:
#0: ffffffff899dae90 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 drivers/usb/core/file.c:38
#1: ffffffff89a96908 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x5d/0x630 drivers/usb/class/cdc-wdm.c:715
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xf0c/0x1240 kernel/hung_task.c:379
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:106 [inline]
NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:111
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-20 16:38 ` syzbot
@ 2024-10-21 8:04 ` Oliver Neukum
2024-10-21 13:37 ` Alan Stern
2024-10-22 11:42 ` Hillf Danton
0 siblings, 2 replies; 28+ messages in thread
From: Oliver Neukum @ 2024-10-21 8:04 UTC (permalink / raw)
To: syzbot, gregkh, linux-kernel, linux-usb, stern, sylv,
syzkaller-bugs
On 20.10.24 18:38, syzbot wrote:
> INFO: task kworker/0:0:8 blocked for more than 143 seconds.
> Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/0:0 state:D stack:24544 pid:8 tgid:8 ppid:2 flags:0x00004000
> Workqueue: pm pm_runtime_work
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5322 [inline]
> __schedule+0x105f/0x34b0 kernel/sched/core.c:6682
> __schedule_loop kernel/sched/core.c:6759 [inline]
> schedule+0xe7/0x350 kernel/sched/core.c:6774
And this sleeps forever. This must not happen.
> usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
> usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
We are changing our mind, presumably due to a timeout
> usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
We are sending a control message, presumably to enable
remote wakeup
> usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
> usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
> usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
> usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
Suspending ...
> usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
> usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
> usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
> usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
This very much looks like the HC driver used to run these tests
can hand in unlink. If that happens there is nothing usbcore
or a driver can do.
As this is now reproducible I would suggest a bisection. Brute force,
but I see no good alternative.
Syzbot is an important tool and if the HC driver it uses is unreliable,
the whole thing becomes unreliable and that is most undesirable.
Regards
Oliver
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-21 8:04 ` Oliver Neukum
@ 2024-10-21 13:37 ` Alan Stern
2024-10-22 11:42 ` Hillf Danton
1 sibling, 0 replies; 28+ messages in thread
From: Alan Stern @ 2024-10-21 13:37 UTC (permalink / raw)
To: Oliver Neukum
Cc: syzbot, gregkh, linux-kernel, linux-usb, sylv, syzkaller-bugs
On Mon, Oct 21, 2024 at 10:04:52AM +0200, Oliver Neukum wrote:
> On 20.10.24 18:38, syzbot wrote:
> > INFO: task kworker/0:0:8 blocked for more than 143 seconds.
> > Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
> > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> > task:kworker/0:0 state:D stack:24544 pid:8 tgid:8 ppid:2 flags:0x00004000
> > Workqueue: pm pm_runtime_work
> > Call Trace:
> > <TASK>
> > context_switch kernel/sched/core.c:5322 [inline]
> > __schedule+0x105f/0x34b0 kernel/sched/core.c:6682
> > __schedule_loop kernel/sched/core.c:6759 [inline]
> > schedule+0xe7/0x350 kernel/sched/core.c:6774
>
> And this sleeps forever. This must not happen.
> > usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
> > usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
>
> We are changing our mind, presumably due to a timeout
> > usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
>
> We are sending a control message, presumably to enable
> remote wakeup
> > usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
> > usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
> > usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
> > usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
>
> Suspending ...
> > usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
> > usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
> > usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
> > usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
>
> This very much looks like the HC driver used to run these tests
> can hand in unlink. If that happens there is nothing usbcore
> or a driver can do.
> As this is now reproducible I would suggest a bisection. Brute force,
> but I see no good alternative.
>
> Syzbot is an important tool and if the HC driver it uses is unreliable,
> the whole thing becomes unreliable and that is most undesirable.
This issue should be fixed by commit 5189df7b8088 ("USB: gadget:
dummy-hcd: Fix "task hung" problem").
Alan Stern
^ permalink raw reply [flat|nested] 28+ messages in thread* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-21 8:04 ` Oliver Neukum
2024-10-21 13:37 ` Alan Stern
@ 2024-10-22 11:42 ` Hillf Danton
1 sibling, 0 replies; 28+ messages in thread
From: Hillf Danton @ 2024-10-22 11:42 UTC (permalink / raw)
To: Oliver Neukum; +Cc: syzbot, linux-kernel, linux-usb, stern, syzkaller-bugs
On Mon, 21 Oct 2024 10:04:52 +0200 Oliver Neukum <oneukum@suse.com>
> On 20.10.24 18:38, syzbot wrote:
>
> > INFO: task kworker/0:0:8 blocked for more than 143 seconds.
> > Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
> > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> > task:kworker/0:0 state:D stack:24544 pid:8 tgid:8 ppid:2 flags:0x00004000
> > Workqueue: pm pm_runtime_work
> > Call Trace:
> > <TASK>
> > context_switch kernel/sched/core.c:5322 [inline]
> > __schedule+0x105f/0x34b0 kernel/sched/core.c:6682
> > __schedule_loop kernel/sched/core.c:6759 [inline]
> > schedule+0xe7/0x350 kernel/sched/core.c:6774
>
> And this sleeps forever. This must not happen.
> > usb_kill_urb.part.0+0x1ca/0x250 drivers/usb/core/urb.c:713
> > usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702
>
> We are changing our mind, presumably due to a timeout
> > usb_start_wait_urb+0x255/0x4c0 drivers/usb/core/message.c:65
>
> We are sending a control message, presumably to enable
> remote wakeup
> > usb_internal_control_msg drivers/usb/core/message.c:103 [inline]
> > usb_control_msg+0x327/0x4b0 drivers/usb/core/message.c:154
> > usb_enable_remote_wakeup drivers/usb/core/hub.c:3365 [inline]
> > usb_port_suspend+0x339/0xf10 drivers/usb/core/hub.c:3472
>
> Suspending ...
> > usb_generic_driver_suspend+0xeb/0x1d0 drivers/usb/core/generic.c:302
> > usb_suspend_device drivers/usb/core/driver.c:1272 [inline]
> > usb_suspend_both+0x66d/0x9c0 drivers/usb/core/driver.c:1443
> > usb_runtime_suspend+0x49/0x180 drivers/usb/core/driver.c:1968
>
> This very much looks like the HC driver used to run these tests
> can hand in unlink. If that happens there is nothing usbcore
> or a driver can do.
>
A one-line change could survive the reproducer [1].
[1] https://yhbt.net/lore/lkml/67178c80.050a0220.1e4b4d.0075.GAE@google.com/
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [syzbot] [usb?] INFO: task hung in usb_port_suspend
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
` (2 preceding siblings ...)
2024-10-20 16:38 ` syzbot
@ 2024-10-22 10:46 ` Hillf Danton
2024-10-22 11:29 ` syzbot
3 siblings, 1 reply; 28+ messages in thread
From: Hillf Danton @ 2024-10-22 10:46 UTC (permalink / raw)
To: syzbot; +Cc: linux-kernel, syzkaller-bugs
On Fri, 11 Oct 2024 06:08:30 -0700
> syzbot found the following issue on:
>
> HEAD commit: 4a9fe2a8ac53 dt-bindings: usb: dwc3-imx8mp: add compatible..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1312c327980000
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git v6.12-rc3
--- x/drivers/usb/gadget/udc/dummy_hcd.c
+++ y/drivers/usb/gadget/udc/dummy_hcd.c
@@ -1303,7 +1303,7 @@ static int dummy_urb_enqueue(
urb->error_count = 1; /* mark as a new urb */
/* kick the scheduler, it'll do the rest */
- if (!hrtimer_active(&dum_hcd->timer))
+ if (!hrtimer_is_queued(&dum_hcd->timer))
hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS),
HRTIMER_MODE_REL_SOFT);
--
^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2024-10-22 11:42 UTC | newest]
Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-11 13:08 [syzbot] [usb?] INFO: task hung in usb_port_suspend syzbot
2024-10-11 14:08 ` Alan Stern
2024-10-11 14:35 ` syzbot
2024-10-11 14:55 ` Alan Stern
2024-10-11 15:00 ` syzbot
2024-10-11 15:17 ` Alan Stern
2024-10-11 15:45 ` syzbot
2024-10-12 0:48 ` Alan Stern
2024-10-12 1:14 ` syzbot
2024-10-13 1:09 ` Alan Stern
2024-10-13 2:10 ` syzbot
2024-10-13 2:43 ` Alan Stern
2024-10-13 3:05 ` syzbot
2024-10-13 14:30 ` Alan Stern
2024-10-13 15:02 ` syzbot
2024-10-13 15:45 ` Alan Stern
2024-10-13 16:14 ` syzbot
2024-10-13 18:02 ` Alan Stern
2024-10-13 18:38 ` syzbot
2024-10-13 19:24 ` Alan Stern
2024-10-13 20:34 ` syzbot
2024-10-14 1:24 ` [syzbot] " syzbot
2024-10-20 16:38 ` syzbot
2024-10-21 8:04 ` Oliver Neukum
2024-10-21 13:37 ` Alan Stern
2024-10-22 11:42 ` Hillf Danton
2024-10-22 10:46 ` Hillf Danton
2024-10-22 11:29 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox