syzbot


INFO: task hung in mxl5007t_release

Status: auto-closed as invalid on 2020/09/11 08:28
Subsystems: media
[Documentation on labels]
First crash: 1384d, last: 1384d

Sample crash report:
INFO: task kworker/0:6:3370 blocked for more than 143 seconds.
      Not tainted 5.7.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:6     D23064  3370      2 0x80004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:3430 [inline]
 __schedule+0x8a1/0x1db0 kernel/sched/core.c:4155
 schedule+0xcd/0x2b0 kernel/sched/core.c:4230
 schedule_preempt_disabled+0xc/0x20 kernel/sched/core.c:4289
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x884/0x1360 kernel/locking/mutex.c:1103
 mxl5007t_release+0x49/0xf0 drivers/media/tuners/mxl5007t.c:768
 mxl5007t_attach+0x23a/0x2db drivers/media/tuners/mxl5007t.c:916
 au0828_dvb_register+0x451/0x1350 drivers/media/usb/au0828/au0828-dvb.c:597
 au0828_usb_probe+0x56f/0x5d5 drivers/media/usb/au0828/au0828-core.c:738
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:525
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:807
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:873
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xb2b/0x1940 drivers/base/core.c:2680
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2032
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:525
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:807
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:873
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xb2b/0x1940 drivers/base/core.c:2680
 usb_new_device.cold+0x5a2/0xfd9 drivers/usb/core/hub.c:2554
 hub_port_connect drivers/usb/core/hub.c:5208 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]
 port_event drivers/usb/core/hub.c:5494 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5576
 process_one_work+0x965/0x1620 kernel/workqueue.c:2269
 worker_thread+0x96/0xe10 kernel/workqueue.c:2415
 kthread+0x352/0x460 kernel/kthread.c:291
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351

Showing all locks held in the system:
3 locks held by kworker/0:1/12:
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x844/0x1620 kernel/workqueue.c:2240
 #1: ffff8881da21fdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x878/0x1620 kernel/workqueue.c:2244
 #2: ffff8881d4464218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #2: ffff8881d4464218 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x43c0 drivers/usb/core/hub.c:5522
1 lock held by khungtaskd/23:
 #0: ffffffff8710fca0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x264 kernel/locking/lockdep.c:5779
7 locks held by kworker/1:3/127:
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x844/0x1620 kernel/workqueue.c:2240
 #1: ffff8881cfe57dc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x878/0x1620 kernel/workqueue.c:2244
 #2: ffff8881d453c218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #2: ffff8881d453c218 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x43c0 drivers/usb/core/hub.c:5522
 #3: ffff8881ceac3218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #3: ffff8881ceac3218 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7b/0x390 drivers/base/dd.c:850
 #4: ffff8881abf0c1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #4: ffff8881abf0c1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7b/0x390 drivers/base/dd.c:850
 #5: ffff8881c53d7698 (&dev->lock#8){+.+.}-{3:3}, at: au0828_usb_probe+0x195/0x5d5 drivers/media/usb/au0828/au0828-core.c:685
 #6: ffffffff878666e8 (mxl5007t_list_mutex){+.+.}-{3:3}, at: mxl5007t_release+0x49/0xf0 drivers/media/tuners/mxl5007t.c:768
3 locks held by kworker/0:3/141:
1 lock held by in:imklog/258:
 #0: ffff8881c92b74f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826
3 locks held by kworker/1:7/3183:
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff8881da028d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x844/0x1620 kernel/workqueue.c:2240
 #1: ffff8881ace57dc0 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x878/0x1620 kernel/workqueue.c:2244
 #2: ffff8881d4414218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #2: ffff8881d4414218 (&dev->mutex){....}-{3:3}, at: ath9k_hif_usb_firmware_fail drivers/net/wireless/ath/ath9k/hif_usb.c:1108 [inline]
 #2: ffff8881d4414218 (&dev->mutex){....}-{3:3}, at: ath9k_hif_usb_firmware_cb+0x388/0x510 drivers/net/wireless/ath/ath9k/hif_usb.c:1241
7 locks held by kworker/0:6/3370:
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff8881d8837138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x844/0x1620 kernel/workqueue.c:2240
 #1: ffff8881d2b47dc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x878/0x1620 kernel/workqueue.c:2244
 #2: ffff8881d4484218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #2: ffff8881d4484218 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x43c0 drivers/usb/core/hub.c:5522
 #3: ffff8881d8e6d218 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #3: ffff8881d8e6d218 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7b/0x390 drivers/base/dd.c:850
 #4: ffff8881c750e1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:768 [inline]
 #4: ffff8881c750e1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7b/0x390 drivers/base/dd.c:850
 #5: ffff8881ce867698 (&dev->lock#8){+.+.}-{3:3}, at: au0828_usb_probe+0x195/0x5d5 drivers/media/usb/au0828/au0828-core.c:685
 #6: ffffffff878666e8 (mxl5007t_list_mutex){+.+.}-{3:3}, at: mxl5007t_release+0x49/0xf0 drivers/media/tuners/mxl5007t.c:768
2 locks held by agetty/18178:
 #0: ffff8881ac928098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:267
 #1: ffffc9000e9dc2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x220/0x1b30 drivers/tty/n_tty.c:2156
14 locks held by kworker/1:1/32092:
6 locks held by kworker/1:8/9632:
2 locks held by agetty/16572:
 #0: ffff8881d16d6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:267
 #1: ffffc900106562e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x220/0x1b30 drivers/tty/n_tty.c:2156

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xf6/0x16e lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x190/0x1aa lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xcfe/0xff0 kernel/hung_task.c:295
 kthread+0x352/0x460 kernel/kthread.c:291
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9632 Comm: kworker/1:8 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:debug_lockdep_rcu_enabled+0x35/0xe0 kernel/rcu/update.c:289
Code: 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 87 00 00 00 8b 35 97 c5 52 02 <85> f6 74 79 48 c7 c0 54 6a ea 87 48 ba 00 00 00 00 00 fc ff df 48
RSP: 0018:ffff8881db309c80 EFLAGS: 00000046
RAX: 0000000000000007 RBX: ffff8881db309cc0 RCX: 1ffffffff0fd4b75
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff8881db309cc0
RBP: ffff8881cdce6400 R08: ffff8881db335468 R09: fffffbfff0fd4b5a
R10: ffffffff87ea5acf R11: fffffbfff0fd4b59 R12: 0000000000000001
R13: ffff8881db309d90 R14: 0000000000000006 R15: ffff8881cdce6ba8
FS:  0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe7f40d638 CR3: 00000001d2393000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rcu_read_lock_held_common+0x9/0xa0 kernel/rcu/update.c:114
 rcu_read_lock_sched_held+0x5a/0xd0 kernel/rcu/update.c:133
 trace_sched_wakeup include/trace/events/sched.h:96 [inline]
 trace_sched_wakeup include/trace/events/sched.h:96 [inline]
 ttwu_do_wakeup+0x437/0x550 kernel/sched/core.c:2204
 ttwu_queue kernel/sched/core.c:2402 [inline]
 try_to_wake_up+0x5e6/0x1400 kernel/sched/core.c:2640
 hrtimer_wakeup+0x43/0x60 kernel/time/hrtimer.c:1774
 __run_hrtimer kernel/time/hrtimer.c:1520 [inline]
 __hrtimer_run_queues+0x1ce/0xde0 kernel/time/hrtimer.c:1584
 hrtimer_interrupt+0x2e8/0x730 kernel/time/hrtimer.c:1646
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
 smp_apic_timer_interrupt+0xfe/0x540 arch/x86/kernel/apic/apic.c:1105
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:85 [inline]
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1790 [inline]
RIP: 0010:vprintk_emit+0x3c6/0x3d0 kernel/printk/printk.c:2031
Code: 00 83 fb ff 75 d6 e9 e2 fc ff ff e8 f4 0e 16 00 e8 df 67 1b 00 41 56 9d e9 b4 fd ff ff e8 e2 0e 16 00 e8 cd 67 1b 00 41 56 9d <e9> 2a ff ff ff 0f 1f 44 00 00 55 48 89 f5 53 48 89 fb e8 c3 0e 16
RSP: 0018:ffff8881a9baebe8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 1ffffffff0fd4d4a
RDX: 1ffff11038f93d87 RSI: 0000000000000000 RDI: ffff8881c7c9ec38
RBP: ffff8881a9baec30 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff8939479f R11: fffffbfff12728f3 R12: 0000000000000057
R13: ffff8881da27cb00 R14: 0000000000000246 R15: 0000000000000000
 dev_vprintk_emit+0x4f2/0x537 drivers/base/core.c:3883
 dev_printk_emit+0xba/0xf1 drivers/base/core.c:3894
 __netdev_printk net/core/dev.c:10422 [inline]
 __netdev_printk+0x1c6/0x27c net/core/dev.c:10418
 netdev_warn+0xd7/0x109 net/core/dev.c:10475
 asix_read_cmd.cold+0x3a/0x46 drivers/net/usb/asix_common.c:29
 asix_mdio_read+0x129/0x2d0 drivers/net/usb/asix_common.c:458
 asix_phy_reset.isra.0+0x109/0x170 drivers/net/usb/asix_devices.c:215
 ax88172_bind+0x41a/0x5d6 drivers/net/usb/asix_devices.c:272
 usbnet_probe+0xb47/0x2700 drivers/net/usb/usbnet.c:1737
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:525
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:807
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:873
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xb2b/0x1940 drivers/base/core.c:2680
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2032
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:525
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:807
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:873
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xb2b/0x1940 drivers/base/core.c:2680
 usb_new_device.cold+0x5a2/0xfd9 drivers/usb/core/hub.c:2554
 hub_port_connect drivers/usb/core/hub.c:5208 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]
 port_event drivers/usb/core/hub.c:5494 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5576
 process_one_work+0x965/0x1620 kernel/workqueue.c:2269
 process_scheduled_works kernel/workqueue.c:2331 [inline]
 worker_thread+0x7ab/0xe10 kernel/workqueue.c:2417
 kthread+0x352/0x460 kernel/kthread.c:291
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/13 08:28 https://github.com/google/kasan.git usb-fuzzer b791d1bdf921 f4724dd3 .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.