[syzbot] [hwmon?] kernel panic: corrupted stack end in hub_event (3)
4 views
Skip to first unread message
syzbot
Jun 3, 2024, 1:27:21 AMJun 3
to gre...@linuxfoundation.org, jdel...@suse.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, li...@roeck-us.net, syzkall...@googlegroups.com, t...@kernel.org
Hello,
syzbot found the following issue on:
HEAD commit: 1613e604df0c Linux 6.10-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=12338b3c980000
kernel config: https://syzkaller.appspot.com/x/.config?x=71e27a66e3476b52
dashboard link: https://syzkaller.appspot.com/bug?extid=fda41ea3324f13031be5
compiler: riscv64-linux-gnu-gcc (Debian 12.2.0-13) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: riscv64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-1613e604.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e531dbb975b3/vmlinux-1613e604.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0f763ab94b0/Image-1613e604.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fda41e...@syzkaller.appspotmail.com
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
Kernel panic - not syncing: corrupted stack end detected inside scheduler
CPU: 0 PID: 16261 Comm: kworker/0:2 Not tainted 6.10.0-rc1-syzkaller-g1613e604df0c #0
Hardware name: riscv-virtio,qemu (DT)
Workqueue: usb_hub_wq hub_event
Call Trace:
[<ffffffff8000f6f8>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:129
[<ffffffff85c29e7c>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:135
[<ffffffff85c83b6a>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85c83b6a>] dump_stack_lvl+0x108/0x196 lib/dump_stack.c:114
[<ffffffff85c83c14>] dump_stack+0x1c/0x24 lib/dump_stack.c:123
[<ffffffff85c2aa42>] panic+0x382/0x800 kernel/panic.c:347
[<ffffffff85c92b18>] schedule_debug kernel/sched/core.c:5962 [inline]
[<ffffffff85c92b18>] __schedule+0x342e/0x3486 kernel/sched/core.c:6628
[<ffffffff85c930cc>] preempt_schedule_common kernel/sched/core.c:6924 [inline]
[<ffffffff85c930cc>] preempt_schedule+0xd2/0x1e2 kernel/sched/core.c:6948
[<ffffffff80c0afdc>] idr_preload_end include/linux/idr.h:174 [inline]
[<ffffffff80c0afdc>] __kernfs_new_node+0x7ac/0x8ee fs/kernfs/dir.c:636
[<ffffffff80c0f740>] kernfs_new_node+0x14e/0x200 fs/kernfs/dir.c:700
[<ffffffff80c10aa2>] kernfs_create_dir_ns+0x3e/0x172 fs/kernfs/dir.c:1061
[<ffffffff80c1a1bc>] sysfs_create_dir_ns+0x132/0x276 fs/sysfs/dir.c:59
[<ffffffff85baa520>] create_dir lib/kobject.c:73 [inline]
[<ffffffff85baa520>] kobject_add_internal+0x26c/0x8aa lib/kobject.c:240
[<ffffffff85bab7c2>] kobject_add_varg lib/kobject.c:374 [inline]
[<ffffffff85bab7c2>] kobject_add+0x12e/0x1ea lib/kobject.c:426
[<ffffffff8272744c>] class_dir_create_and_add drivers/base/core.c:3264 [inline]
[<ffffffff8272744c>] get_device_parent+0x340/0x45c drivers/base/core.c:3315
[<ffffffff8272d234>] device_add+0x1b0/0x181a drivers/base/core.c:3645
[<ffffffff83ae7f46>] __power_supply_register+0x96a/0x12c6 drivers/power/supply/power_supply_core.c:1418
[<ffffffff83ae88ca>] power_supply_register+0x28/0x36 drivers/power/supply/power_supply_core.c:1488
[<ffffffff8425b596>] hidinput_setup_battery.isra.0+0x5be/0xb16 drivers/hid/hid-input.c:589
[<ffffffff84260a08>] hidinput_configure_usage drivers/hid/hid-input.c:993 [inline]
[<ffffffff84260a08>] hidinput_configure_usages drivers/hid/hid-input.c:2267 [inline]
[<ffffffff84260a08>] hidinput_connect+0x2f9c/0x8ce0 drivers/hid/hid-input.c:2334
[<ffffffff84253a5e>] hid_connect+0x126a/0x16be drivers/hid/hid-core.c:2194
[<ffffffff84253f68>] hid_hw_start drivers/hid/hid-core.c:2309 [inline]
[<ffffffff84253f68>] hid_hw_start+0xb6/0x13c drivers/hid/hid-core.c:2300
[<ffffffff842deb40>] ms_probe+0x15e/0x4f2 drivers/hid/hid-microsoft.c:391
[<ffffffff84254616>] __hid_device_probe drivers/hid/hid-core.c:2633 [inline]
[<ffffffff84254616>] hid_device_probe+0x2a4/0x3f2 drivers/hid/hid-core.c:2670
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff8424d8b6>] hid_add_device+0x374/0x9d8 drivers/hid/hid-core.c:2816
[<ffffffff843a0728>] usbhid_probe+0xa52/0xf86 drivers/hid/usbhid/hid-core.c:1429
[<ffffffff832d8336>] usb_probe_interface+0x2d8/0x8c6 drivers/usb/core/driver.c:399
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff832d1c6c>] usb_set_configuration+0xf08/0x19dc drivers/usb/core/message.c:2210
[<ffffffff832f9692>] usb_generic_driver_probe+0xae/0x128 drivers/usb/core/generic.c:254
[<ffffffff832d3906>] usb_probe_device+0xd6/0x360 drivers/usb/core/driver.c:294
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff832ad9fa>] usb_new_device+0x960/0x1750 drivers/usb/core/hub.c:2651
[<ffffffff832b4022>] hub_port_connect drivers/usb/core/hub.c:5521 [inline]
[<ffffffff832b4022>] hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
[<ffffffff832b4022>] port_event drivers/usb/core/hub.c:5821 [inline]
[<ffffffff832b4022>] hub_event+0x2a2a/0x4a5c drivers/usb/core/hub.c:5903
[<ffffffff8012d1ea>] process_one_work+0x938/0x1d5c kernel/workqueue.c:3231
[<ffffffff8012ebcc>] process_scheduled_works kernel/workqueue.c:3312 [inline]
[<ffffffff8012ebcc>] worker_thread+0x5be/0xe24 kernel/workqueue.c:3393
[<ffffffff8014d7b4>] kthread+0x28c/0x3a6 kernel/kthread.c:389
[<ffffffff85ca884e>] ret_from_fork+0xe/0x1c arch/riscv/kernel/entry.S:232
SMP: stopping secondary CPUs
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 1613e604df0c Linux 6.10-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=12338b3c980000
kernel config: https://syzkaller.appspot.com/x/.config?x=71e27a66e3476b52
dashboard link: https://syzkaller.appspot.com/bug?extid=fda41ea3324f13031be5
compiler: riscv64-linux-gnu-gcc (Debian 12.2.0-13) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: riscv64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-1613e604.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e531dbb975b3/vmlinux-1613e604.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0f763ab94b0/Image-1613e604.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fda41e...@syzkaller.appspotmail.com
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
Kernel panic - not syncing: corrupted stack end detected inside scheduler
CPU: 0 PID: 16261 Comm: kworker/0:2 Not tainted 6.10.0-rc1-syzkaller-g1613e604df0c #0
Hardware name: riscv-virtio,qemu (DT)
Workqueue: usb_hub_wq hub_event
Call Trace:
[<ffffffff8000f6f8>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:129
[<ffffffff85c29e7c>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:135
[<ffffffff85c83b6a>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85c83b6a>] dump_stack_lvl+0x108/0x196 lib/dump_stack.c:114
[<ffffffff85c83c14>] dump_stack+0x1c/0x24 lib/dump_stack.c:123
[<ffffffff85c2aa42>] panic+0x382/0x800 kernel/panic.c:347
[<ffffffff85c92b18>] schedule_debug kernel/sched/core.c:5962 [inline]
[<ffffffff85c92b18>] __schedule+0x342e/0x3486 kernel/sched/core.c:6628
[<ffffffff85c930cc>] preempt_schedule_common kernel/sched/core.c:6924 [inline]
[<ffffffff85c930cc>] preempt_schedule+0xd2/0x1e2 kernel/sched/core.c:6948
[<ffffffff80c0afdc>] idr_preload_end include/linux/idr.h:174 [inline]
[<ffffffff80c0afdc>] __kernfs_new_node+0x7ac/0x8ee fs/kernfs/dir.c:636
[<ffffffff80c0f740>] kernfs_new_node+0x14e/0x200 fs/kernfs/dir.c:700
[<ffffffff80c10aa2>] kernfs_create_dir_ns+0x3e/0x172 fs/kernfs/dir.c:1061
[<ffffffff80c1a1bc>] sysfs_create_dir_ns+0x132/0x276 fs/sysfs/dir.c:59
[<ffffffff85baa520>] create_dir lib/kobject.c:73 [inline]
[<ffffffff85baa520>] kobject_add_internal+0x26c/0x8aa lib/kobject.c:240
[<ffffffff85bab7c2>] kobject_add_varg lib/kobject.c:374 [inline]
[<ffffffff85bab7c2>] kobject_add+0x12e/0x1ea lib/kobject.c:426
[<ffffffff8272744c>] class_dir_create_and_add drivers/base/core.c:3264 [inline]
[<ffffffff8272744c>] get_device_parent+0x340/0x45c drivers/base/core.c:3315
[<ffffffff8272d234>] device_add+0x1b0/0x181a drivers/base/core.c:3645
[<ffffffff83ae7f46>] __power_supply_register+0x96a/0x12c6 drivers/power/supply/power_supply_core.c:1418
[<ffffffff83ae88ca>] power_supply_register+0x28/0x36 drivers/power/supply/power_supply_core.c:1488
[<ffffffff8425b596>] hidinput_setup_battery.isra.0+0x5be/0xb16 drivers/hid/hid-input.c:589
[<ffffffff84260a08>] hidinput_configure_usage drivers/hid/hid-input.c:993 [inline]
[<ffffffff84260a08>] hidinput_configure_usages drivers/hid/hid-input.c:2267 [inline]
[<ffffffff84260a08>] hidinput_connect+0x2f9c/0x8ce0 drivers/hid/hid-input.c:2334
[<ffffffff84253a5e>] hid_connect+0x126a/0x16be drivers/hid/hid-core.c:2194
[<ffffffff84253f68>] hid_hw_start drivers/hid/hid-core.c:2309 [inline]
[<ffffffff84253f68>] hid_hw_start+0xb6/0x13c drivers/hid/hid-core.c:2300
[<ffffffff842deb40>] ms_probe+0x15e/0x4f2 drivers/hid/hid-microsoft.c:391
[<ffffffff84254616>] __hid_device_probe drivers/hid/hid-core.c:2633 [inline]
[<ffffffff84254616>] hid_device_probe+0x2a4/0x3f2 drivers/hid/hid-core.c:2670
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff8424d8b6>] hid_add_device+0x374/0x9d8 drivers/hid/hid-core.c:2816
[<ffffffff843a0728>] usbhid_probe+0xa52/0xf86 drivers/hid/usbhid/hid-core.c:1429
[<ffffffff832d8336>] usb_probe_interface+0x2d8/0x8c6 drivers/usb/core/driver.c:399
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff832d1c6c>] usb_set_configuration+0xf08/0x19dc drivers/usb/core/message.c:2210
[<ffffffff832f9692>] usb_generic_driver_probe+0xae/0x128 drivers/usb/core/generic.c:254
[<ffffffff832d3906>] usb_probe_device+0xd6/0x360 drivers/usb/core/driver.c:294
[<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline]
[<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656
[<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798
[<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828
[<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956
[<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457
[<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028
[<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077
[<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532
[<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721
[<ffffffff832ad9fa>] usb_new_device+0x960/0x1750 drivers/usb/core/hub.c:2651
[<ffffffff832b4022>] hub_port_connect drivers/usb/core/hub.c:5521 [inline]
[<ffffffff832b4022>] hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
[<ffffffff832b4022>] port_event drivers/usb/core/hub.c:5821 [inline]
[<ffffffff832b4022>] hub_event+0x2a2a/0x4a5c drivers/usb/core/hub.c:5903
[<ffffffff8012d1ea>] process_one_work+0x938/0x1d5c kernel/workqueue.c:3231
[<ffffffff8012ebcc>] process_scheduled_works kernel/workqueue.c:3312 [inline]
[<ffffffff8012ebcc>] worker_thread+0x5be/0xe24 kernel/workqueue.c:3393
[<ffffffff8014d7b4>] kthread+0x28c/0x3a6 kernel/kthread.c:389
[<ffffffff85ca884e>] ret_from_fork+0xe/0x1c arch/riscv/kernel/entry.S:232
SMP: stopping secondary CPUs
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages