lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250703000946.2200-1-hdanton@sina.com>
Date: Thu,  3 Jul 2025 08:09:45 +0800
From: Hillf Danton <hdanton@...a.com>
To: Alan Stern <stern@...land.harvard.edu>
Cc: syzbot <syzbot+d630bd89141124cc543e@...kaller.appspotmail.com>,
	gregkh@...uxfoundation.org,
	linux-kernel@...r.kernel.org,
	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
	Boqun Feng <boqun.feng@...il.com>,
	linux-usb@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [usb?] INFO: task hung in hub_activate (3)

On Wed, 2 Jul 2025 10:34:51 -0400 Alan Stern wrote:
> On Wed, Jul 02, 2025 at 04:05:14PM +0800, Hillf Danton wrote:
> > On Tue, 01 Jul 2025 17:50:28 -0700
> > > Hello,
> > > 
> > > syzbot found the following issue on:
> > > 
> > > HEAD commit:    1343433ed389 Add linux-next specific files for 20250630
> > > git tree:       linux-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=10d1f88c580000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=66357ac5b0466f16
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=d630bd89141124cc543e
> > > compiler:       Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
> > > 
> > > Unfortunately, I don't have any reproducer for this issue yet.
> > > 
> > > Downloadable assets:
> > > disk image: https://storage.googleapis.com/syzbot-assets/b005e1db0f8c/disk-1343433e.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/cb3aa8bfd514/vmlinux-1343433e.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/e01227599a09/bzImage-1343433e.xz
> > > 
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+d630bd89141124cc543e@...kaller.appspotmail.com
> > > 
> > > INFO: task kworker/0:0:9 blocked for more than 143 seconds.
> > >       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
> > > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> > > task:kworker/0:0     state:D stack:21240 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
> > > Workqueue: events_power_efficient hub_init_func2
> > > Call Trace:
> > >  <TASK>
> > >  context_switch kernel/sched/core.c:5313 [inline]
> > >  __schedule+0x16f5/0x4d00 kernel/sched/core.c:6696
> > >  __schedule_loop kernel/sched/core.c:6774 [inline]
> > >  schedule+0x165/0x360 kernel/sched/core.c:6789
> > >  schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6846
> > >  __mutex_lock_common kernel/locking/mutex.c:679 [inline]
> > >  __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:747
> > >  device_lock include/linux/device.h:884 [inline]
> > >  hub_activate+0xb7/0x1ea0 drivers/usb/core/hub.c:1096
> > >  process_one_work kernel/workqueue.c:3239 [inline]
> > >  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3322
> > >  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3403
> > >  kthread+0x70e/0x8a0 kernel/kthread.c:463
> > >  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
> > >  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
> > >  </TASK>
> > 
> > Due to lockdep_set_novalidate_class(&dev->mutex) in device_initialize(),
> > task hung instead of deadlock is reported once more.
> > 
> > 	kworker/0:0:9		kworker/0:5:5923
> > 	---			---
> > 	hub_init_func2()	usb_disconnect()
> > 				device_lock()
> > 	device_lock()		hub_disconnect()
> > 				hub_quiesce()
> > 				flush_delayed_work(&hub->init_work);
> > 	*** DEADLOCK ***
> 
> This analysis looks right.  How would you fix the deadlock?  Make 
> hub_disconnect do device_unlock() and device_lock() around the 
> flush_delayed_work() call?
> 
I will try it once a reproducer is available.

Hillf

> Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ