INFO: task hung in misc_open (4)

INFO: task hung in misc_open (4)

Status: fixed on 2023/02/24 13:50
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+358c9ab4c93da7b7238c@syzkaller.appspotmail.com
Fix commit: 8386c414e27c PM: hibernate: defer device probing when resuming from hibernation
First crash: 1237d, last: 454d

Cause bisection: failed (error log, bisect log)

Fix bisection the fix commit could be any of (bisect log):
  2f7b98d1e55c Merge tag 'drm-fixes-2021-04-16' of git://anongit.freedesktop.org/drm/drm
  303392fd5c16 Merge tag 'leds-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds

▶ ▼ Discussions (19)

Title	Replies (including bot)	Last reply
[PATCH 5.4 000/389] 5.4.211-rc1 review	396 (396)	2022/10/26 16:43
[PATCH 5.15 000/779] 5.15.61-rc1 review	804 (804)	2022/09/23 09:30
[PATCH 5.10 000/545] 5.10.137-rc1 review	570 (570)	2022/08/29 08:17
[PATCH 4.19 000/287] 4.19.256-rc1 review	298 (298)	2022/08/25 10:11
[PATCH 4.14 000/229] 4.14.291-rc1 review	232 (232)	2022/08/24 06:23
[PATCH 5.18 0000/1095] 5.18.18-rc1 review	1101 (1101)	2022/08/21 13:22
[PATCH 5.19 0000/1157] 5.19.2-rc1 review	1184 (1184)	2022/08/21 08:05
[PATCH AUTOSEL 4.19 01/16] arm64: Do not forget syscall when starting a new thread.	17 (17)	2022/08/13 13:44
[PATCH AUTOSEL 5.19 01/58] x86: Handle idle=nomwait cmdline properly for x86_idle	59 (59)	2022/08/09 14:01
[PATCH AUTOSEL 5.15 01/45] x86: Handle idle=nomwait cmdline properly for x86_idle	45 (45)	2022/08/08 18:44
[PATCH AUTOSEL 4.9 1/8] arm64: fix oops in concurrently setting insn_emulation sysctls	8 (8)	2022/08/08 01:40
[PATCH AUTOSEL 4.14 01/12] arm64: Do not forget syscall when starting a new thread.	12 (12)	2022/08/08 01:39
[PATCH AUTOSEL 5.4 01/23] x86: Handle idle=nomwait cmdline properly for x86_idle	23 (23)	2022/08/08 01:38
[PATCH AUTOSEL 5.10 01/29] x86: Handle idle=nomwait cmdline properly for x86_idle	28 (28)	2022/08/08 01:37
[PATCH AUTOSEL 5.18 01/53] x86: Handle idle=nomwait cmdline properly for x86_idle	52 (52)	2022/08/08 01:33
[PATCH v3] PM: hibernate: defer device probing when resuming from hibernation	2 (2)	2022/07/26 18:41
[PATCH v2 1/4] char: misc: allow calling open() callback without misc_mtx held	15 (15)	2022/07/22 04:24
[PATCH] char: misc: make misc_open() and misc_register() killable	25 (25)	2022/07/10 02:27
INFO: task hung in misc_open (4)	0 (1)	2021/02/13 12:38

▶ ▼ Similar bugs (3)

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in misc_open (2) kernel				8	1675d	1676d	0/26	auto-closed as invalid on 2019/12/23 14:44
upstream	INFO: task hung in misc_open kernel				2	2012d	2092d	0/26	auto-closed as invalid on 2019/04/20 12:01
upstream	INFO: task hung in misc_open (3) kernel				2	1382d	1390d	0/26	auto-closed as invalid on 2020/10/12 03:30

▶ ▼ Last patch testing requests (5)


Created	Duration	User	Patch	Repo	Result
2022/07/15 01:28	18m	penguin-kernel@i-love.sakura.ne.jp	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.18	OK log
2022/07/05 13:23	18m	penguin-kernel@i-love.sakura.ne.jp	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.18	report log
2022/07/05 07:33	10m	penguin-kernel@i-love.sakura.ne.jp	patch	upstream	report log
2022/07/04 12:00	16m	penguin-kernel@i-love.sakura.ne.jp	patch	upstream	report log
2022/07/04 04:38	18m	penguin-kernel@i-love.sakura.ne.jp	patch	upstream	report log

▶ ▼ Fix bisection attempts (3)


Created	Duration	User	Patch	Repo	Result
2021/07/04 03:25	31m	bisect fix		upstream	job log (2)
2021/06/04 02:51	28m	bisect fix		upstream	job log (0) log
2021/04/03 03:40	27m	bisect fix		upstream	job log (0) log

▶ ▼ Cause bisection attempts (2)


Created	Duration	User	Patch	Repo	Result
2021/02/24 23:35	8h07m	bisect		upstream	error job log (0)
2021/02/09 12:30	0m	bisect		upstream	error job log (0)

Sample crash report:

INFO: task syz-executor254:3612 blocked for more than 143 seconds.
      Not tainted 5.19.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor254 state:D stack:28032 pid: 3612 ppid:  3609 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5146 [inline]
 __schedule+0xa00/0x4b50 kernel/sched/core.c:6458
 schedule+0xd2/0x1f0 kernel/sched/core.c:6530
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
 misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4a1/0x11f0 fs/open.c:848
 do_open fs/namei.c:3520 [inline]
 path_openat+0x1c71/0x2910 fs/namei.c:3653
 do_filp_open+0x1aa/0x400 fs/namei.c:3680
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f784a7ef217
RSP: 002b:00007fff02753f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00007f784a7ef217
RDX: 0000000000000002 RSI: 00007f784a87503b RDI: 00000000ffffff9c
RBP: 00007f784a87503b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00000000000000cf R15: 00007fff027560a0
 </TASK>
INFO: task syz-executor254:3617 blocked for more than 143 seconds.
      Not tainted 5.19.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor254 state:D stack:28032 pid: 3617 ppid:  3614 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5146 [inline]
 __schedule+0xa00/0x4b50 kernel/sched/core.c:6458
 schedule+0xd2/0x1f0 kernel/sched/core.c:6530
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
 misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4a1/0x11f0 fs/open.c:848
 do_open fs/namei.c:3520 [inline]
 path_openat+0x1c71/0x2910 fs/namei.c:3653
 do_filp_open+0x1aa/0x400 fs/namei.c:3680
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f784a7ef217
RSP: 002b:00007fff02753f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00007f784a7ef217
RDX: 0000000000000002 RSI: 00007f784a87503b RDI: 00000000ffffff9c
RBP: 00007f784a87503b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00000000000000cf R15: 00007fff027560a0
 </TASK>
INFO: task syz-executor254:3618 blocked for more than 143 seconds.
      Not tainted 5.19.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor254 state:D stack:28032 pid: 3618 ppid:  3613 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5146 [inline]
 __schedule+0xa00/0x4b50 kernel/sched/core.c:6458
 schedule+0xd2/0x1f0 kernel/sched/core.c:6530
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
 misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4a1/0x11f0 fs/open.c:848
 do_open fs/namei.c:3520 [inline]
 path_openat+0x1c71/0x2910 fs/namei.c:3653
 do_filp_open+0x1aa/0x400 fs/namei.c:3680
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f784a7ef217
RSP: 002b:00007fff02753f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00007f784a7ef217
RDX: 0000000000000002 RSI: 00007f784a87503b RDI: 00000000ffffff9c
RBP: 00007f784a87503b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00000000000000cf R15: 00007fff027560a0
 </TASK>
INFO: task syz-executor254:3619 blocked for more than 144 seconds.
      Not tainted 5.19.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor254 state:D stack:28032 pid: 3619 ppid:  3616 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5146 [inline]
 __schedule+0xa00/0x4b50 kernel/sched/core.c:6458
 schedule+0xd2/0x1f0 kernel/sched/core.c:6530
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
 misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4a1/0x11f0 fs/open.c:848
 do_open fs/namei.c:3520 [inline]
 path_openat+0x1c71/0x2910 fs/namei.c:3653
 do_filp_open+0x1aa/0x400 fs/namei.c:3680
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f784a7ef217
RSP: 002b:00007fff02753f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00007f784a7ef217
RDX: 0000000000000002 RSI: 00007f784a87503b RDI: 00000000ffffff9c
RBP: 00007f784a87503b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00000000000000cf R15: 00007fff027560a0
 </TASK>
INFO: task syz-executor254:3633 blocked for more than 144 seconds.
      Not tainted 5.19.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor254 state:D stack:28032 pid: 3633 ppid:  3608 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5146 [inline]
 __schedule+0xa00/0x4b50 kernel/sched/core.c:6458
 schedule+0xd2/0x1f0 kernel/sched/core.c:6530
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
 misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4a1/0x11f0 fs/open.c:848
 do_open fs/namei.c:3520 [inline]
 path_openat+0x1c71/0x2910 fs/namei.c:3653
 do_filp_open+0x1aa/0x400 fs/namei.c:3680
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f784a831449
RSP: 002b:00007fff02756088 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f784a831449
RDX: 0000000000000001 RSI: 0000000020000200 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 00007fff02755b00 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009deb
R13: 00007fff0275609c R14: 00007fff027560b0 R15: 00007fff027560a0
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/0:0/6:
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc900000b7da8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff888147485190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #2: ffff888147485190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 drivers/usb/core/hub.c:5691
 #3: ffff8880212a9190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #3: ffff8880212a9190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
 #4: ffff8880212ae118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #4: ffff8880212ae118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
5 locks held by kworker/0:1/14:
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc90000137da8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff8881473a5190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #2: ffff8881473a5190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 drivers/usb/core/hub.c:5691
 #3: ffff888017554190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #3: ffff888017554190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
 #4: ffff8880212ad118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #4: ffff8880212ad118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
1 lock held by khungtaskd/27:
 #0: ffffffff8bd87120 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491
5 locks held by kworker/0:2/143:
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc9000297fda8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff8881473cd190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #2: ffff8881473cd190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 drivers/usb/core/hub.c:5691
 #3: ffff8880212a8190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #3: ffff8880212a8190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
 #4: ffff8880212ab118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #4: ffff8880212ab118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
2 locks held by getty/3284:
 #0: ffff8880263f6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002d162e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 drivers/tty/n_tty.c:2124
1 lock held by syz-executor254/3612:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107
1 lock held by syz-executor254/3617:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107
1 lock held by syz-executor254/3618:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107
1 lock held by syz-executor254/3619:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107
3 locks held by udevd/3621:
 #0: ffff88801c56b488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:197 [inline]
 #0: ffff88801c56b488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6e0 fs/kernfs/file.c:236
 #1: ffff8881401ed490 (kn->active#84){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
 #1: ffff8881401ed490 (kn->active#84){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6e0 fs/kernfs/file.c:236
 #2: ffff8880212a8190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
 #2: ffff8880212a8190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
3 locks held by udevd/3622:
 #0: ffff8880251d9c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:197 [inline]
 #0: ffff8880251d9c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6e0 fs/kernfs/file.c:236
 #1: ffff88814013a830 (kn->active#84){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
 #1: ffff88814013a830 (kn->active#84){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6e0 fs/kernfs/file.c:236
 #2: ffff8880212aa190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
 #2: ffff8880212aa190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
5 locks held by kworker/0:3/3623:
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff8881456a4538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc9000332fda8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff88814746d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #2: ffff88814746d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 drivers/usb/core/hub.c:5691
 #3: ffff8880212aa190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #3: ffff8880212aa190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
 #4: ffff8880212ac118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #4: ffff8880212ac118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 drivers/base/dd.c:964
3 locks held by udevd/3629:
 #0: ffff88807a445088 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:197 [inline]
 #0: ffff88807a445088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6e0 fs/kernfs/file.c:236
 #1: ffff8881401ddda0 (kn->active#84){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
 #1: ffff8881401ddda0 (kn->active#84){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6e0 fs/kernfs/file.c:236
 #2: ffff888017554190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
 #2: ffff888017554190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
3 locks held by udevd/3631:
 #0: ffff88801f0fac88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:197 [inline]
 #0: ffff88801f0fac88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6e0 fs/kernfs/file.c:236
 #1: ffff888145021ae8 (kn->active#84){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
 #1: ffff888145021ae8 (kn->active#84){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6e0 fs/kernfs/file.c:236
 #2: ffff8880212a9190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
 #2: ffff8880212a9190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
2 locks held by syz-executor254/3632:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107
 #1: ffffffff8bc541a8 (system_transition_mutex){+.+.}-{3:3}, at: snapshot_open+0x3b/0x2a0 kernel/power/user.c:54
1 lock held by syz-executor254/3633:
 #0: ffffffff8c8317a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5f/0x4a0 drivers/char/misc.c:107

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.19.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xc1d/0xf50 kernel/hung_task.c:369
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.19.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:200
Code: 00 00 e9 76 26 82 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 d9 02 88 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 48 8b 14 25 80 6f 02 00 a9 00 01 ff 00 74 0e
RSP: 0018:ffffc900000d79e0 EFLAGS: 00000246
RAX: 0000000080000000 RBX: ffffc900000d7a78 RCX: 0000000080000000
RDX: ffff88813fea5880 RSI: ffffffff8424aab7 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000000000f R14: 1ffff9200001af49 R15: ffffffff89c694aa
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc49b2f2d8 CR3: 000000000ba8e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 insn_get_displacement+0x57/0x6c0 arch/x86/lib/insn.c:463
 insn_get_immediate arch/x86/lib/insn.c:632 [inline]
 insn_get_length arch/x86/lib/insn.c:707 [inline]
 insn_decode+0x35b/0x3b0 arch/x86/lib/insn.c:747
 text_poke_loc_init+0xa6/0x450 arch/x86/kernel/alternative.c:1578
 arch_jump_label_transform_queue+0x94/0x100 arch/x86/kernel/jump_label.c:138
 __jump_label_update+0x12e/0x400 kernel/jump_label.c:451
 jump_label_update+0x32f/0x410 kernel/jump_label.c:830
 static_key_disable_cpuslocked+0x152/0x1b0 kernel/jump_label.c:207
 static_key_disable+0x16/0x20 kernel/jump_label.c:215
 toggle_allocation_gate mm/kfence/core.c:825 [inline]
 toggle_allocation_gate+0x183/0x390 mm/kfence/core.c:803
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Crashes (144):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2022/07/18 05:08	upstream	ff6992735ade	95cb00d1	.config	strace log	report	syz	C			ci-upstream-kasan-gce-root	INFO: task hung in misc_open
2021/10/27 22:43	upstream	1fc596a56b33	373bf66b	.config	console log	report	syz	C			ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2021/08/24 10:10	upstream	d5ae8d7f85b7	b599f2fc	.config	console log	report	syz	C			ci-upstream-kasan-gce-smack-root	INFO: task hung in misc_open
2021/08/16 20:34	upstream	7c60610d4767	33c26cb7	.config	console log	report	syz	C			ci-upstream-kasan-gce-root	INFO: task hung in misc_open
2021/04/17 02:54	upstream	2f7b98d1e55c	7e2b734b	.config	console log	report	syz	C			ci-upstream-kasan-gce	INFO: task hung in misc_open
2021/02/09 12:30	upstream	e0756cfc7d7c	2bd9619f	.config	console log	report	syz	C			ci-upstream-kasan-gce	INFO: task hung in misc_open
2021/10/01 07:33	linux-next	c7b4d0e56a1d	1d849ab4	.config	console log	report	syz	C			ci-upstream-linux-next-kasan-gce-root	INFO: task can't die in misc_open
2023/01/27 08:38	upstream	7c46948a6e9c	9dfcf09c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	INFO: task hung in misc_open
2022/08/01 17:59	upstream	3d7cb6b04c3f	fef302b1	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/30 11:17	upstream	e65c6a46df94	fef302b1	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/29 06:36	upstream	33ea1340bafe	fb95c74d	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/28 01:36	upstream	6e7765cb477a	fb95c74d	.config	console log	report			info		ci-upstream-kasan-gce-root	INFO: task hung in misc_open
2022/07/27 03:46	upstream	5de64d44968e	279b89c2	.config	console log	report			info		ci-upstream-kasan-gce-root	INFO: task hung in misc_open
2022/07/26 03:35	upstream	e0dccc3b76fb	34795c51	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/25 19:19	upstream	e0dccc3b76fb	664c519c	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/25 16:51	upstream	e0dccc3b76fb	664c519c	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/24 14:38	upstream	515f71412bb7	22343af4	.config	console log	report			info		ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2022/07/23 07:51	upstream	4ba1329cbb94	22343af4	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/15 10:52	upstream	e5d523f1ae8f	5d921b08	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/14 07:00	upstream	4a57a8400075	5d921b08	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/12 19:22	upstream	72a8e05d4f66	d91dd8ea	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/10 17:14	upstream	b1c428b6c368	b5765a15	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/09 19:05	upstream	e5524c2a1fc4	b5765a15	.config	console log	report			info		ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2022/07/07 14:07	upstream	9f09069cde34	bff65f44	.config	console log	report			info		ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2022/07/02 19:33	upstream	089866061428	1434eec0	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/02 12:43	upstream	089866061428	1434eec0	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/02 05:50	upstream	089866061428	1434eec0	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/07/01 21:12	upstream	a175eca0f3d7	1434eec0	.config	console log	report			info		ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2022/07/01 15:18	upstream	a175eca0f3d7	1434eec0	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/28 05:09	upstream	941e3e791269	ef82eb2c	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/26 16:24	upstream	0840a7914caa	a371c43c	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/20 10:14	upstream	a111daf0c53a	8f633d84	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/19 20:35	upstream	05c6ca8512f2	8f633d84	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/11 23:00	upstream	fe43c0188911	0d5abf15	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/07 20:15	upstream	e71e60cd74df	c8857892	.config	console log	report			info		ci-upstream-kasan-gce-root	INFO: task hung in misc_open
2022/06/07 09:02	upstream	e71e60cd74df	c8857892	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/06/06 18:18	upstream	f2906aa86338	c8857892	.config	console log	report			info		ci-upstream-kasan-gce-selinux-root	INFO: task hung in misc_open
2022/05/28 03:26	upstream	8291eaafed36	a46af346	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/23 19:00	upstream	4b0986a3613c	4c7657cb	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/21 01:22	upstream	3d7285a335ed	bd37ad7e	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/18 21:21	upstream	ef1302160bfb	50c53f39	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/12 10:10	upstream	feb9c5e19e91	beb0b407	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/12 03:08	upstream	feb9c5e19e91	beb0b407	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/12 00:45	upstream	feb9c5e19e91	beb0b407	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/05/10 16:35	upstream	9be9ed2612b5	8b277b8e	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/29 03:34	upstream	259b897e5a79	e9076525	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/27 16:47	upstream	46cf2c613f4b	1fa34c1b	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/25 11:25	upstream	af2d861d4cd2	c889aef9	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/24 15:48	upstream	22da5264abf4	131df97d	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/23 22:02	upstream	13bc32bad705	131df97d	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/23 02:15	upstream	d569e86915b7	131df97d	.config	console log	report			info		ci-upstream-kasan-gce	INFO: task hung in misc_open
2022/04/09 12:31	upstream	6c7376da2358	e22c3da3	.config	console log	report			info		ci-upstream-kasan-gce-smack-root	INFO: task hung in misc_open
2022/07/24 13:18	upstream	515f71412bb7	22343af4	.config	console log	report			info		ci-upstream-kasan-gce-386	INFO: task hung in misc_open
2022/07/11 02:19	upstream	5867f3b88bb5	b5765a15	.config	console log	report			info		ci-upstream-kasan-gce-386	INFO: task hung in misc_open
2022/07/28 21:30	linux-next	cb71b93c2dc3	fb95c74d	.config	console log	report			info		ci-upstream-linux-next-kasan-gce-root	INFO: task hung in misc_open
2022/07/25 01:12	linux-next	cb71b93c2dc3	22343af4	.config	console log	report			info		ci-upstream-linux-next-kasan-gce-root	INFO: task hung in misc_open
2020/12/11 15:18	upstream	33dc9614dc20	ba24ffcd	.config	console log	report			info		ci-upstream-kasan-gce
2020/12/05 09:39	upstream	e87297fa080a	20366b87	.config	console log	report			info		ci-upstream-kasan-gce
2022/04/24 22:51	linux-next	f1244c81da13	131df97d	.config	console log	report			info		ci-upstream-linux-next-kasan-gce-root	INFO: task can't die in misc_open
2022/04/19 02:19	linux-next	40354149f4d7	8bcc32a6	.config	console log	report			info		ci-upstream-linux-next-kasan-gce-root	INFO: task can't die in misc_open

* ~~Struck through~~ repros no longer work on HEAD.