[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0000000000004d1b5605e3573f8e@google.com>
Date: Fri, 08 Jul 2022 20:52:27 -0700
From: syzbot <syzbot+879882be5b42e60d4d98@...kaller.appspotmail.com>
To: bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
mingo@...hat.com, pbonzini@...hat.com,
syzkaller-bugs@...glegroups.com, tglx@...utronix.de,
vkuznets@...hat.com, wanpengli@...cent.com, x86@...nel.org
Subject: [syzbot] INFO: rcu detected stall in dummy_timer (4)
Hello,
syzbot found the following issue on:
HEAD commit: c1084b6c5620 Merge tag 'soc-fixes-5.19-2' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=127615f4080000
kernel config: https://syzkaller.appspot.com/x/.config?x=f3bf7765b1ebd721
dashboard link: https://syzkaller.appspot.com/bug?extid=879882be5b42e60d4d98
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ef6948080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c44524080000
Bisection is inconclusive: the issue happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16a1bf04080000
final oops: https://syzkaller.appspot.com/x/report.txt?x=15a1bf04080000
console output: https://syzkaller.appspot.com/x/log.txt?x=11a1bf04080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+879882be5b42e60d4d98@...kaller.appspotmail.com
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 1-...!: (1 GPs behind) idle=a7b/1/0x4000000000000000 softirq=26067/26069 fqs=3
(t=10500 jiffies g=29121 q=209 ncpus=2)
rcu: rcu_preempt kthread starved for 10494 jiffies! g29121 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:26424 pid: 16 ppid: 2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5146 [inline]
__schedule+0x957/0xe20 kernel/sched/core.c:6458
schedule+0xeb/0x1b0 kernel/sched/core.c:6530
schedule_timeout+0x1b9/0x300 kernel/time/timer.c:1935
rcu_gp_fqs_loop+0x2b9/0xfb0 kernel/rcu/tree.c:1999
rcu_gp_kthread+0xa5/0x360 kernel/rcu/tree.c:2187
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4628 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
RIP: 0010:arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
RIP: 0010:kvm_wait+0x1b0/0x1f0 arch/x86/kernel/kvm.c:1067
Code: 4c 89 e0 48 c1 e8 03 42 8a 04 28 84 c0 75 41 45 8a 34 24 e8 12 05 53 00 44 3a 74 24 1c 75 10 66 90 0f 00 2d f2 05 4f 09 fb f4 <e9> cc fe ff ff fb e9 c6 fe ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 57
RSP: 0018:ffffc9000475f960 EFLAGS: 00000246
RAX: c1a516943b300f00 RBX: 1ffff920008ebf30 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: ffffffff8ae99700
RBP: ffffc9000475fa30 R08: dffffc0000000000 R09: fffffbfff1fa9204
R10: fffffbfff1fa9204 R11: 1ffffffff1fa9203 R12: ffff888144f9ea10
R13: dffffc0000000000 R14: 1ffff920008ebf03 R15: ffffc9000475f9a0
FS: 00005555558e1300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f88c0e041f0 CR3: 0000000018135000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
pv_wait arch/x86/include/asm/paravirt.h:603 [inline]
pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
__pv_queued_spin_lock_slowpath+0x70d/0xc60 kernel/locking/qspinlock.c:511
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline]
queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
do_raw_spin_lock+0x264/0x360 kernel/locking/spinlock_debug.c:115
spin_lock include/linux/spinlock.h:349 [inline]
kset_find_obj+0x2e/0x110 lib/kobject.c:881
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.011 msecs
NMI backtrace for cpu 1
CPU: 1 PID: 4627 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x473/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x168/0x280 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x236/0x3a0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:667 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:751 [inline]
rcu_pending kernel/rcu/tree.c:3977 [inline]
rcu_sched_clock_irq+0xfee/0x19d0 kernel/rcu/tree.c:2675
update_process_times+0x148/0x1b0 kernel/time/timer.c:1839
tick_sched_handle kernel/time/tick-sched.c:243 [inline]
tick_sched_timer+0x377/0x540 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x4cb/0xa60 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x3a6/0xfd0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0xf9/0x280 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x3e/0xb0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 72 31 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c7 cd 27 f7 65 8b 05 c8 37 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc900001e07e0 EFLAGS: 00000206
RAX: d93f2df2dd9f9600 RBX: 1ffff9200003c100 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
RBP: ffffc900001e0870 R08: dffffc0000000000 R09: fffffbfff1fa921b
R10: fffffbfff1fa921b R11: 1ffffffff1fa921a R12: dffffc0000000000
R13: 1ffff9200003c0fc R14: ffffc900001e0800 R15: 0000000000000246
dummy_timer+0x301c/0x3110
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x382/0x793 kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:strcmp+0x39/0xa0 lib/string.c:347
Code: bf 00 00 00 00 00 fc ff df 31 db 66 0f 1f 44 00 00 49 8d 3c 1c 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 29 41 0f b6 2c 1c <49> 8d 3c 1e 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 20 41 3a
RSP: 0018:ffffc900044dfc10 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802065bb00
RDX: 0000000000000000 RSI: ffffffff8b478fc0 RDI: ffff888016e8bf50
RBP: 0000000000000073 R08: ffffffff846362b6 R09: fffff5200089bf78
R10: fffff5200089bf79 R11: 1ffff9200089bf78 R12: ffff888016e8bf50
R13: ffff8881458e3a80 R14: ffffffff8b478fc0 R15: dffffc0000000000
kset_find_obj+0x7b/0x110 lib/kobject.c:884
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
================================
WARNING: inconsistent lock state
5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor415/4627 [HC1[1]:SC1[1]:HE0:SE0] takes:
ffffffff8cbed438 (vmap_area_lock){?.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
ffffffff8cbed438 (vmap_area_lock){?.+.}-{2:2}, at: find_vmap_area+0x1d/0x120 mm/vmalloc.c:1805
{HARDIRQ-ON-W} state was registered at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
alloc_vmap_area+0x18bb/0x1ae0 mm/vmalloc.c:1586
__get_vm_area_node+0x18a/0x380 mm/vmalloc.c:2453
get_vm_area_caller+0x45/0x50 mm/vmalloc.c:2506
__ioremap_caller+0x510/0x920 arch/x86/mm/ioremap.c:280
acpi_os_ioremap include/acpi/acpi_io.h:13 [inline]
acpi_map drivers/acpi/osl.c:296 [inline]
acpi_os_map_iomem+0x226/0x4b0 drivers/acpi/osl.c:355
acpi_tb_acquire_table+0xf5/0x25d drivers/acpi/acpica/tbdata.c:142
acpi_tb_validate_table drivers/acpi/acpica/tbdata.c:317 [inline]
acpi_tb_validate_temp_table+0xa6/0x10b drivers/acpi/acpica/tbdata.c:400
acpi_tb_verify_temp_table+0x82/0x8ed drivers/acpi/acpica/tbdata.c:504
acpi_reallocate_root_table+0x328/0x584 drivers/acpi/acpica/tbxface.c:180
acpi_early_init+0xdb/0x536 drivers/acpi/bus.c:1200
start_kernel+0x40b/0x55b init/main.c:1098
secondary_startup_64_no_verify+0xcf/0xdb
irq event stamp: 78847
hardirqs last enabled at (78846): [<ffffffff8a3436eb>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (78846): [<ffffffff8a3436eb>] _raw_spin_unlock_irqrestore+0x8b/0x130 kernel/locking/spinlock.c:194
hardirqs last disabled at (78847): [<ffffffff8a2b421a>] sysvec_apic_timer_interrupt+0xa/0xb0 arch/x86/kernel/apic/apic.c:1106
softirqs last enabled at (0): [<ffffffff814f65c0>] copy_process+0x1530/0x3fa0 kernel/fork.c:2185
softirqs last disabled at (799): [<ffffffff81519a4c>] __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(vmap_area_lock);
<Interrupt>
lock(vmap_area_lock);
*** DEADLOCK ***
3 locks held by syz-executor415/4627:
#0: ffff888144f9ea28 (&k->list_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
#0: ffff888144f9ea28 (&k->list_lock){+.+.}-{2:2}, at: kset_find_obj+0x2e/0x110 lib/kobject.c:881
#1: ffffc900001e0be0 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:41 [inline]
#1: ffffc900001e0be0 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xbb/0x210 kernel/time/timer.c:1464
#2: ffffffff8cb23258 (rcu_node_0){-.-.}-{2:2}, at: rcu_dump_cpu_stacks+0xa5/0x3a0 kernel/rcu/tree_stall.h:366
stack backtrace:
CPU: 1 PID: 4627 Comm: syz-executor415 Not tainted 5.19.0-rc5-syzkaller-00049-gc1084b6c5620 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
mark_lock_irq+0xb20/0xf00
mark_lock+0x21c/0x350 kernel/locking/lockdep.c:4632
mark_usage kernel/locking/lockdep.c:4524 [inline]
__lock_acquire+0xb43/0x1f80 kernel/locking/lockdep.c:5007
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
find_vmap_area+0x1d/0x120 mm/vmalloc.c:1805
check_heap_object+0x30/0x820 mm/usercopy.c:176
__check_object_size+0xad/0x210 mm/usercopy.c:250
check_object_size include/linux/thread_info.h:199 [inline]
__copy_from_user_inatomic include/linux/uaccess.h:62 [inline]
copy_from_user_nmi+0x98/0x100 arch/x86/lib/usercopy.c:47
copy_code arch/x86/kernel/dumpstack.c:91 [inline]
show_opcodes+0xa2/0x120 arch/x86/kernel/dumpstack.c:121
show_ip arch/x86/kernel/dumpstack.c:144 [inline]
show_iret_regs+0x2f/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x29/0x500 arch/x86/kernel/process_64.c:74
show_regs_if_on_stack arch/x86/kernel/dumpstack.c:167 [inline]
show_trace_log_lvl+0x562/0x630 arch/x86/kernel/dumpstack.c:292
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x473/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x168/0x280 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x236/0x3a0 kernel/rcu/tree_stall.h:371
print_cpu_stall kernel/rcu/tree_stall.h:667 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:751 [inline]
rcu_pending kernel/rcu/tree.c:3977 [inline]
rcu_sched_clock_irq+0xfee/0x19d0 kernel/rcu/tree.c:2675
update_process_times+0x148/0x1b0 kernel/time/timer.c:1839
tick_sched_handle kernel/time/tick-sched.c:243 [inline]
tick_sched_timer+0x377/0x540 kernel/time/tick-sched.c:1480
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x4cb/0xa60 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x3a6/0xfd0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
__sysvec_apic_timer_interrupt+0xf9/0x280 arch/x86/kernel/apic/apic.c:1112
sysvec_apic_timer_interrupt+0x3e/0xb0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 72 31 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c7 cd 27 f7 65 8b 05 c8 37 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc900001e07e0 EFLAGS: 00000206
RAX: d93f2df2dd9f9600 RBX: 1ffff9200003c100 RCX: ffffffff816825e8
RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
RBP: ffffc900001e0870 R08: dffffc0000000000 R09: fffffbfff1fa921b
R10: fffffbfff1fa921b R11: 1ffffffff1fa921a R12: dffffc0000000000
R13: 1ffff9200003c0fc R14: ffffc900001e0800 R15: 0000000000000246
dummy_timer+0x301c/0x3110
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x382/0x793 kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:strcmp+0x39/0xa0 lib/string.c:347
Code: bf 00 00 00 00 00 fc ff df 31 db 66 0f 1f 44 00 00 49 8d 3c 1c 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 29 41 0f b6 2c 1c <49> 8d 3c 1e 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 20 41 3a
RSP: 0018:ffffc900044dfc10 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802065bb00
RDX: 0000000000000000 RSI: ffffffff8b478fc0 RDI: ffff888016e8bf50
RBP: 0000000000000073 R08: ffffffff846362b6 R09: fffff5200089bf78
R10: fffff5200089bf79 R11: 1ffff9200089bf78 R12: ffff888016e8bf50
R13: ffff8881458e3a80 R14: ffffffff8b478fc0 R15: dffffc0000000000
kset_find_obj+0x7b/0x110 lib/kobject.c:884
module_add_driver+0x1b1/0x2e0 drivers/base/module.c:48
bus_add_driver+0x393/0x600 drivers/base/bus.c:622
driver_register+0x2e9/0x3e0 drivers/base/driver.c:240
usb_gadget_register_driver_owner+0xd9/0x230 drivers/usb/gadget/udc/core.c:1558
raw_ioctl_run+0xbd/0x300 drivers/usb/gadget/legacy/raw_gadget.c:546
raw_ioctl+0x163/0xc20 drivers/usb/gadget/legacy/raw_gadget.c:1253
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f88c0e2f467
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 c4 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc3099d248 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3099e2a0 RCX: 00007f88c0e2f467
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ffc3099d2c0 R11: 0000000000000246 R12: 00007ffc3099d270
R13: 0000000000000000 R14: 00007f88c0ea2440 R15: 0000000000000003
</TASK>
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored
----------------
Code disassembly (best guess):
0: 4c 89 e0 mov %r12,%rax
3: 48 c1 e8 03 shr $0x3,%rax
7: 42 8a 04 28 mov (%rax,%r13,1),%al
b: 84 c0 test %al,%al
d: 75 41 jne 0x50
f: 45 8a 34 24 mov (%r12),%r14b
13: e8 12 05 53 00 callq 0x53052a
18: 44 3a 74 24 1c cmp 0x1c(%rsp),%r14b
1d: 75 10 jne 0x2f
1f: 66 90 xchg %ax,%ax
21: 0f 00 2d f2 05 4f 09 verw 0x94f05f2(%rip) # 0x94f061a
28: fb sti
29: f4 hlt
* 2a: e9 cc fe ff ff jmpq 0xfffffefb <-- trapping instruction
2f: fb sti
30: e9 c6 fe ff ff jmpq 0xfffffefb
35: 44 89 e1 mov %r12d,%ecx
38: 80 e1 07 and $0x7,%cl
3b: 38 c1 cmp %al,%cl
3d: 0f .byte 0xf
3e: 8c .byte 0x8c
3f: 57 push %rdi
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists