======================================================== WARNING: possible irq lock inversion dependency detected 5.5.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor.5/4868 just changed the state of lock: ffff8881d4de8018 (&(&dum_hcd->dum->lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] ffff8881d4de8018 (&(&dum_hcd->dum->lock)->rlock){+.-.}, at: dummy_timer+0x1245/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1967 but this lock was taken by another, HARDIRQ-safe lock in the past: (&(&dev->event_lock)->rlock){-.-.} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &(&dev->event_lock)->rlock --> &(&xpad->odata_lock)->rlock --> &(&dum_hcd->dum->lock)->rlock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&dum_hcd->dum->lock)->rlock); local_irq_disable(); lock(&(&dev->event_lock)->rlock); lock(&(&xpad->odata_lock)->rlock); lock(&(&dev->event_lock)->rlock); *** DEADLOCK *** 3 locks held by syz-executor.5/4868: #0: ffff8881da1ba410 (sb_writers){.+.+}, at: sb_start_write include/linux/fs.h:1650 [inline] #0: ffff8881da1ba410 (sb_writers){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff8881d10c51a8 (&sb->s_type->i_mutex_key#5){+.+.}, at: inode_lock include/linux/fs.h:791 [inline] #1: ffff8881d10c51a8 (&sb->s_type->i_mutex_key#5){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:62 #2: ffff8881db309d70 ((&dum_hcd->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:172 [inline] #2: ffff8881db309d70 ((&dum_hcd->timer)){+.-.}, at: call_timer_fn+0xcd/0x650 kernel/time/timer.c:1394 the shortest dependencies between 2nd lock and 1st lock: -> (&(&dev->event_lock)->rlock){-.-.} { IN-HARDIRQ-W at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 input_event drivers/input/input.c:439 [inline] input_event+0x7b/0xb0 drivers/input/input.c:432 input_report_key include/linux/input.h:417 [inline] psmouse_report_standard_buttons+0x2c/0x80 drivers/input/mouse/psmouse-base.c:123 psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline] psmouse_process_byte+0x1e1/0x890 drivers/input/mouse/psmouse-base.c:232 psmouse_handle_byte+0x41/0x1b0 drivers/input/mouse/psmouse-base.c:274 psmouse_interrupt+0x2f7/0xe90 drivers/input/mouse/psmouse-base.c:426 serio_interrupt+0x88/0x150 drivers/input/serio/serio.c:1002 i8042_interrupt+0x266/0x500 drivers/input/serio/i8042.c:596 __handle_irq_event_percpu+0xee/0x7d0 kernel/irq/handle.c:149 handle_irq_event_percpu+0x76/0x160 kernel/irq/handle.c:189 handle_irq_event+0xa2/0x12d kernel/irq/handle.c:206 handle_edge_irq+0x233/0x8a0 kernel/irq/chip.c:830 generic_handle_irq_desc include/linux/irqdesc.h:156 [inline] do_IRQ+0x99/0x210 arch/x86/kernel/irq.c:250 ret_from_intr+0x0/0x31 preempt_count arch/x86/include/asm/preempt.h:26 [inline] rcu_lockdep_current_cpu_online+0x7/0xd0 kernel/rcu/tree.c:967 rcu_read_lock_held_common kernel/rcu/update.c:109 [inline] rcu_read_lock_held_common+0xcb/0x170 kernel/rcu/update.c:99 rcu_read_lock_held+0x5a/0xb0 kernel/rcu/update.c:281 netlink_has_listeners+0x289/0x3c0 net/netlink/af_netlink.c:1355 uevent_net_broadcast_untagged lib/kobject_uevent.c:320 [inline] kobject_uevent_net_broadcast lib/kobject_uevent.c:408 [inline] kobject_uevent_env+0x870/0x11f0 lib/kobject_uevent.c:592 driver_register+0x27f/0x330 drivers/base/driver.c:178 usb_register_driver+0x244/0x460 drivers/usb/core/driver.c:962 do_one_initcall+0xf0/0x620 init/main.c:939 do_initcall_level init/main.c:1007 [inline] do_initcalls init/main.c:1015 [inline] do_basic_setup init/main.c:1032 [inline] kernel_init_freeable+0x4a4/0x548 init/main.c:1216 kernel_init+0xd/0x1b9 init/main.c:1110 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 IN-SOFTIRQ-W at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 input_event drivers/input/input.c:439 [inline] input_event+0x7b/0xb0 drivers/input/input.c:432 hidinput_hid_event+0x1236/0x15d3 drivers/hid/hid-input.c:1382 hid_process_event+0x4a0/0x580 drivers/hid/hid-core.c:1506 hid_input_field drivers/hid/hid-core.c:1550 [inline] hid_report_raw_event+0xabb/0xed0 drivers/hid/hid-core.c:1757 hid_input_report+0x315/0x3f0 drivers/hid/hid-core.c:1824 hid_irq_in+0x50e/0x690 drivers/hid/usbhid/hid-core.c:284 __usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716 dummy_timer+0x123d/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1966 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] console_unlock+0xa1b/0xc30 kernel/printk/printk.c:2481 vprintk_emit+0x171/0x3d0 kernel/printk/printk.c:1996 dev_vprintk_emit+0x4fc/0x541 drivers/base/core.c:3603 dev_printk_emit+0xba/0xf1 drivers/base/core.c:3614 __netdev_printk net/core/dev.c:10217 [inline] __netdev_printk+0x1c6/0x27c net/core/dev.c:10213 netdev_warn+0xd7/0x109 net/core/dev.c:10270 asix_write_cmd.cold+0x3a/0x46 drivers/net/usb/asix_common.c:52 asix_set_sw_mii+0x27/0x50 drivers/net/usb/asix_common.c:275 asix_mdio_read+0xc1/0x250 drivers/net/usb/asix_common.c:454 __mdiobus_read+0x68/0x2e0 drivers/net/phy/mdio_bus.c:555 mdiobus_read+0x51/0x70 drivers/net/phy/mdio_bus.c:632 get_phy_id drivers/net/phy/phy_device.c:786 [inline] get_phy_device+0xc9/0x450 drivers/net/phy/phy_device.c:823 mdiobus_scan+0x79/0x340 drivers/net/phy/mdio_bus.c:519 __mdiobus_register+0x3a7/0x680 drivers/net/phy/mdio_bus.c:418 ax88172a_init_mdio drivers/net/usb/ax88172a.c:105 [inline] ax88172a_bind+0x582/0x7a2 drivers/net/usb/ax88172a.c:243 usbnet_probe+0xb43/0x2470 drivers/net/usb/usbnet.c:1737 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_set_configuration+0xe67/0x1740 drivers/usb/core/message.c:2023 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537 hub_port_connect drivers/usb/core/hub.c:5184 [inline] hub_port_connect_change drivers/usb/core/hub.c:5324 [inline] port_event drivers/usb/core/hub.c:5470 [inline] hub_event+0x1e59/0x3860 drivers/usb/core/hub.c:5552 process_one_work+0x92b/0x1530 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INITIAL USE at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 input_inject_event+0xa6/0x31e drivers/input/input.c:465 __led_set_brightness drivers/leds/led-core.c:46 [inline] led_set_brightness_nopm+0x48/0xf0 drivers/leds/led-core.c:273 led_set_brightness_nosleep drivers/leds/led-core.c:290 [inline] led_set_brightness drivers/leds/led-core.c:265 [inline] led_set_brightness+0x11c/0x240 drivers/leds/led-core.c:241 led_trigger_event drivers/leds/led-triggers.c:373 [inline] led_trigger_event+0x70/0xd0 drivers/leds/led-triggers.c:363 kbd_led_trigger_activate+0xf5/0x130 drivers/tty/vt/keyboard.c:998 led_trigger_set+0x61a/0xbd0 drivers/leds/led-triggers.c:185 led_trigger_set_default drivers/leds/led-triggers.c:248 [inline] led_trigger_set_default+0x135/0x1a0 drivers/leds/led-triggers.c:236 led_classdev_register_ext+0x4e1/0x670 drivers/leds/led-class.c:316 led_classdev_register include/linux/leds.h:181 [inline] input_leds_connect+0x3df/0x6af drivers/input/input-leds.c:139 input_attach_handler+0x194/0x200 drivers/input/input.c:1024 input_register_device.cold+0xf5/0x246 drivers/input/input.c:2224 atkbd_connect+0x63b/0x800 drivers/input/keyboard/atkbd.c:1198 serio_connect_driver+0x46/0x70 drivers/input/serio/serio.c:47 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 device_driver_attach+0x108/0x140 drivers/base/dd.c:995 __driver_attach+0xda/0x240 drivers/base/dd.c:1072 bus_for_each_dev+0x14b/0x1d0 drivers/base/bus.c:304 serio_attach_driver drivers/input/serio/serio.c:808 [inline] serio_handle_event+0x54a/0x850 drivers/input/serio/serio.c:227 process_one_work+0x92b/0x1530 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.35515+0x0/0x40 ... acquired at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 xpad_play_effect+0xfe/0xc50 drivers/input/joystick/xpad.c:1225 ml_play_effects+0x817/0x1270 drivers/input/ff-memless.c:398 ml_ff_playback+0x285/0x3d0 drivers/input/ff-memless.c:460 input_ff_event+0x13a/0x2e0 drivers/input/ff-core.c:286 input_handle_event+0x732/0x13a0 drivers/input/input.c:375 input_inject_event+0x305/0x31e drivers/input/input.c:470 evdev_write+0x2c9/0x410 drivers/input/evdev.c:542 __vfs_write+0x76/0x100 fs/read_write.c:494 vfs_write+0x262/0x5c0 fs/read_write.c:558 ksys_write+0x1e8/0x250 fs/read_write.c:611 do_syscall_64+0xb6/0x5c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> (&(&xpad->odata_lock)->rlock){..-.} { IN-SOFTIRQ-W at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 xpad_irq_out+0x9e/0x2b0 drivers/input/joystick/xpad.c:1036 __usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716 dummy_timer+0x123d/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1966 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x3b/0x40 kernel/locking/spinlock.c:191 __debug_check_no_obj_freed lib/debugobjects.c:973 [inline] debug_check_no_obj_freed+0x20f/0x443 lib/debugobjects.c:994 slab_free_hook mm/slub.c:1422 [inline] slab_free_freelist_hook mm/slub.c:1458 [inline] slab_free mm/slub.c:3005 [inline] kfree+0x152/0x310 mm/slub.c:3957 kobject_uevent_env+0x294/0x11f0 lib/kobject_uevent.c:624 device_add+0xad2/0x1c20 drivers/base/core.c:2460 cdev_device_add+0x12f/0x1b0 fs/char_dev.c:546 evdev_connect+0x3c6/0x4d0 drivers/input/evdev.c:1400 input_attach_handler+0x194/0x200 drivers/input/input.c:1024 input_register_device.cold+0xf5/0x246 drivers/input/input.c:2224 xpad_init_input+0xad8/0x1160 drivers/input/joystick/xpad.c:1685 xpad_probe+0x1129/0x1b20 drivers/input/joystick/xpad.c:1827 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_set_configuration+0xe67/0x1740 drivers/usb/core/message.c:2023 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537 hub_port_connect drivers/usb/core/hub.c:5184 [inline] hub_port_connect_change drivers/usb/core/hub.c:5324 [inline] port_event drivers/usb/core/hub.c:5470 [inline] hub_event+0x1e59/0x3860 drivers/usb/core/hub.c:5552 process_one_work+0x92b/0x1530 kernel/workqueue.c:2264 process_scheduled_works kernel/workqueue.c:2326 [inline] worker_thread+0x7ab/0xe20 kernel/workqueue.c:2412 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INITIAL USE at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 xpad_send_led_command drivers/input/joystick/xpad.c:1356 [inline] xpad_led_set+0x59/0x5a0 drivers/input/joystick/xpad.c:1405 __led_set_brightness drivers/leds/led-core.c:46 [inline] led_set_brightness_nopm+0x48/0xf0 drivers/leds/led-core.c:273 led_set_brightness_nosleep drivers/leds/led-core.c:290 [inline] led_set_brightness drivers/leds/led-core.c:265 [inline] led_set_brightness+0x11c/0x240 drivers/leds/led-core.c:241 xpad_identify_controller drivers/input/joystick/xpad.c:1396 [inline] xpad_led_probe drivers/input/joystick/xpad.c:1439 [inline] xpad_init_input+0xdc0/0x1160 drivers/input/joystick/xpad.c:1681 xpad_probe+0x1129/0x1b20 drivers/input/joystick/xpad.c:1827 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_set_configuration+0xe67/0x1740 drivers/usb/core/message.c:2023 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537 hub_port_connect drivers/usb/core/hub.c:5184 [inline] hub_port_connect_change drivers/usb/core/hub.c:5324 [inline] port_event drivers/usb/core/hub.c:5470 [inline] hub_event+0x1e59/0x3860 drivers/usb/core/hub.c:5552 process_one_work+0x92b/0x1530 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.33357+0x0/0x40 ... acquired at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 dummy_urb_enqueue+0x109/0x890 drivers/usb/gadget/udc/dummy_hcd.c:1257 usb_hcd_submit_urb+0x2aa/0x1ee0 drivers/usb/core/hcd.c:1547 usb_submit_urb+0x6e5/0x13b0 drivers/usb/core/urb.c:570 xpad_try_sending_next_out_packet drivers/input/joystick/xpad.c:1013 [inline] xpad_try_sending_next_out_packet+0xf3/0x170 drivers/input/joystick/xpad.c:1007 xpad_send_led_command drivers/input/joystick/xpad.c:1385 [inline] xpad_led_set+0x3b1/0x5a0 drivers/input/joystick/xpad.c:1405 __led_set_brightness drivers/leds/led-core.c:46 [inline] led_set_brightness_nopm+0x48/0xf0 drivers/leds/led-core.c:273 led_set_brightness_nosleep drivers/leds/led-core.c:290 [inline] led_set_brightness drivers/leds/led-core.c:265 [inline] led_set_brightness+0x11c/0x240 drivers/leds/led-core.c:241 xpad_identify_controller drivers/input/joystick/xpad.c:1396 [inline] xpad_led_probe drivers/input/joystick/xpad.c:1439 [inline] xpad_init_input+0xdc0/0x1160 drivers/input/joystick/xpad.c:1681 xpad_probe+0x1129/0x1b20 drivers/input/joystick/xpad.c:1827 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_set_configuration+0xe67/0x1740 drivers/usb/core/message.c:2023 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537 hub_port_connect drivers/usb/core/hub.c:5184 [inline] hub_port_connect_change drivers/usb/core/hub.c:5324 [inline] port_event drivers/usb/core/hub.c:5470 [inline] hub_event+0x1e59/0x3860 drivers/usb/core/hub.c:5552 process_one_work+0x92b/0x1530 kernel/workqueue.c:2264 process_scheduled_works kernel/workqueue.c:2326 [inline] worker_thread+0x7ab/0xe20 kernel/workqueue.c:2412 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 -> (&(&dum_hcd->dum->lock)->rlock){+.-.} { HARDIRQ-ON-W at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] dummy_timer+0x1245/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1967 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 __read_once_size include/linux/compiler.h:199 [inline] __sanitizer_cov_trace_pc+0x40/0x60 kernel/kcov.c:203 truncate_cleanup_page+0x34/0x2d0 mm/truncate.c:184 truncate_inode_page+0x7d/0xd0 mm/truncate.c:227 shmem_undo_range+0x569/0x1560 mm/shmem.c:864 shmem_truncate_range+0x27/0xa0 mm/shmem.c:992 shmem_setattr+0x6e7/0x8d0 mm/shmem.c:1051 notify_change+0xb09/0xf90 fs/attr.c:337 do_truncate+0x134/0x1f0 fs/open.c:64 handle_truncate fs/namei.c:3015 [inline] do_last fs/namei.c:3426 [inline] path_openat+0x192d/0x3e70 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x580 fs/open.c:1097 do_syscall_64+0xb6/0x5c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe IN-SOFTIRQ-W at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 dummy_hub_status+0x47/0x330 drivers/usb/gadget/udc/dummy_hcd.c:2000 usb_hcd_poll_rh_status+0x125/0x600 drivers/usb/core/hcd.c:765 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 _cond_resched+0x0/0x20 down_read+0x79/0x420 kernel/locking/rwsem.c:1494 anon_vma_lock_read include/linux/rmap.h:130 [inline] validate_mm+0xd3/0x610 mm/mmap.c:407 remove_vma_list mm/mmap.c:2585 [inline] __do_munmap+0x5de/0x11c0 mm/mmap.c:2826 __vm_munmap+0xe6/0x170 mm/mmap.c:2846 __do_sys_munmap mm/mmap.c:2872 [inline] __se_sys_munmap mm/mmap.c:2868 [inline] __x64_sys_munmap+0x62/0x80 mm/mmap.c:2868 do_syscall_64+0xb6/0x5c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159 dummy_hub_control+0xa3/0x13f0 drivers/usb/gadget/udc/dummy_hcd.c:2088 rh_call_control drivers/usb/core/hcd.c:683 [inline] rh_urb_enqueue drivers/usb/core/hcd.c:842 [inline] usb_hcd_submit_urb+0xe6d/0x1ee0 drivers/usb/core/hcd.c:1543 usb_submit_urb+0x6e5/0x13b0 drivers/usb/core/urb.c:570 usb_start_wait_urb+0x108/0x2b0 drivers/usb/core/message.c:57 usb_internal_control_msg drivers/usb/core/message.c:101 [inline] usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:152 get_hub_descriptor drivers/usb/core/hub.c:387 [inline] hub_configure drivers/usb/core/hub.c:1393 [inline] hub_probe.cold+0xbb8/0x2204 drivers/usb/core/hub.c:1865 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_set_configuration+0xe67/0x1740 drivers/usb/core/message.c:2023 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537 register_root_hub drivers/usb/core/hcd.c:1009 [inline] usb_add_hcd.cold+0x1103/0x14aa drivers/usb/core/hcd.c:2793 dummy_hcd_probe+0x19f/0x312 drivers/usb/gadget/udc/dummy_hcd.c:2639 platform_drv_probe+0xce/0x1a0 drivers/base/platform.c:725 really_probe+0x281/0x6d0 drivers/base/dd.c:548 driver_probe_device+0x104/0x210 drivers/base/dd.c:721 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430 __device_attach+0x217/0x360 drivers/base/dd.c:894 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490 device_add+0x1480/0x1c20 drivers/base/core.c:2487 platform_device_add+0x34d/0x6c0 drivers/base/platform.c:562 init+0x4b5/0x997 drivers/char/agp/backend.c:340 do_one_initcall+0xf0/0x620 init/main.c:939 do_initcall_level init/main.c:1007 [inline] do_initcalls init/main.c:1015 [inline] do_basic_setup init/main.c:1032 [inline] kernel_init_freeable+0x4a4/0x548 init/main.c:1216 kernel_init+0xd/0x1b9 init/main.c:1110 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.37266+0x0/0x40 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3317 [inline] mark_lock+0x510/0x1160 kernel/locking/lockdep.c:3666 mark_usage kernel/locking/lockdep.c:3580 [inline] __lock_acquire+0x1188/0x3b60 kernel/locking/lockdep.c:3909 lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] dummy_timer+0x1245/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1967 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 __read_once_size include/linux/compiler.h:199 [inline] __sanitizer_cov_trace_pc+0x40/0x60 kernel/kcov.c:203 truncate_cleanup_page+0x34/0x2d0 mm/truncate.c:184 truncate_inode_page+0x7d/0xd0 mm/truncate.c:227 shmem_undo_range+0x569/0x1560 mm/shmem.c:864 shmem_truncate_range+0x27/0xa0 mm/shmem.c:992 shmem_setattr+0x6e7/0x8d0 mm/shmem.c:1051 notify_change+0xb09/0xf90 fs/attr.c:337 do_truncate+0x134/0x1f0 fs/open.c:64 handle_truncate fs/namei.c:3015 [inline] do_last fs/namei.c:3426 [inline] path_openat+0x192d/0x3e70 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x580 fs/open.c:1097 do_syscall_64+0xb6/0x5c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 1 PID: 4868 Comm: syz-executor.5 Not tainted 5.5.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xef/0x16e lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3180 [inline] check_usage_backwards.cold+0x1d/0x26 kernel/locking/lockdep.c:3231 mark_lock_irq kernel/locking/lockdep.c:3317 [inline] mark_lock+0x510/0x1160 kernel/locking/lockdep.c:3666 mark_usage kernel/locking/lockdep.c:3580 [inline] __lock_acquire+0x1188/0x3b60 kernel/locking/lockdep.c:3909 lock_acquire+0x127/0x320 kernel/locking/lockdep.c:4485 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] dummy_timer+0x1245/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1967 call_timer_fn+0x179/0x650 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786 __do_softirq+0x221/0x912 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x178/0x1a0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:__sanitizer_cov_trace_pc+0x40/0x60 kernel/kcov.c:203 Code: 48 8b 34 24 74 09 80 b8 d4 12 00 00 00 74 2b 8b 90 b0 12 00 00 83 fa 02 75 20 48 8b 88 b8 12 00 00 8b 80 b4 12 00 00 48 8b 11 <48> 83 c2 01 48 39 d0 76 07 48 89 34 d1 48 89 11 c3 0f 1f 44 00 00 RSP: 0018:ffff8881d283f6c8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000040000 RBX: ffffea00069e2400 RCX: ffffc900044c5000 RDX: 000000000001b0f1 RSI: ffffffff8152f274 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffff8881cf893100 R09: fffff94000d3c487 R10: fffff94000d3c486 R11: ffffea00069e2433 R12: ffff8881d10c5260 R13: 0000000000000000 R14: 0000000000000000 R15: ffffea00069e2400 truncate_cleanup_page+0x34/0x2d0 mm/truncate.c:184 truncate_inode_page+0x7d/0xd0 mm/truncate.c:227 shmem_undo_range+0x569/0x1560 mm/shmem.c:864 shmem_truncate_range+0x27/0xa0 mm/shmem.c:992 shmem_setattr+0x6e7/0x8d0 mm/shmem.c:1051 notify_change+0xb09/0xf90 fs/attr.c:337 do_truncate+0x134/0x1f0 fs/open.c:64 handle_truncate fs/namei.c:3015 [inline] do_last fs/namei.c:3426 [inline] path_openat+0x192d/0x3e70 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x580 fs/open.c:1097 do_syscall_64+0xb6/0x5c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4146b1 Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f4a75fc67a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004146b1 RDX: 0000000000000000 RSI: 0000000000000201 RDI: 00007f4a75fc6850 RBP: 000000000075bf20 R08: 00007f4a75fc67b0 R09: 000000000075bf20 R10: 0000000000000004 R11: 0000000000000293 R12: 00007f4a75fc76d4 R13: 00000000004cafb6 R14: 00000000004e4510 R15: 00000000ffffffff