[syzbot] [pm?] WARNING in enable_work
18 views
Skip to first unread message
syzbot
Aug 21, 2024, 6:14:28 AM8/21/24
to daniel....@linaro.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, lukas...@arm.com, raf...@kernel.org, rui....@intel.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e5fa841af679 Merge tag 'pull-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16b8adf3980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7229118d88b4a71b
dashboard link: https://syzkaller.appspot.com/bug?extid=7053fbd8757fecbbe492
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2f8ce1609883/disk-e5fa841a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a0d8aabc8a5/vmlinux-e5fa841a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7a7f6c33922b/bzImage-e5fa841a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7053fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
workqueue: work disable count underflowed
WARNING: CPU: 1 PID: 5233 at kernel/workqueue.c:4290 work_offqd_enable kernel/workqueue.c:4290 [inline]
WARNING: CPU: 1 PID: 5233 at kernel/workqueue.c:4290 enable_work+0x34d/0x360 kernel/workqueue.c:4461
Modules linked in:
CPU: 1 UID: 0 PID: 5233 Comm: kworker/1:3 Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:work_offqd_enable kernel/workqueue.c:4290 [inline]
RIP: 0010:enable_work+0x34d/0x360 kernel/workqueue.c:4461
Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 88 cd 92 0a e8 68 17 36 00 c6 05 bf 2e a4 0e 01 90 48 c7 c7 80 10 0a 8c e8 a4 3e f8 ff 90 <0f> 0b 90 90 e9 56 ff ff ff e8 e5 25 59 0a 0f 1f 44 00 00 90 90 90
RSP: 0018:ffffc900042270c0 EFLAGS: 00010046
RAX: 022b146294645100 RBX: 0000000000000000 RCX: 0000000000100000
RDX: ffffc900177a9000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc90004227190 R08: ffffffff8155b4d2 R09: 1ffff1101726519a
R10: dffffc0000000000 R11: ffffed101726519b R12: 1ffff92000844e1c
R13: 1ffff92000844e24 R14: 0000000000800001 R15: ffff88802d570738
FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3321bff8 CR3: 000000005bbf0000 CR4: 0000000000350ef0
Call Trace:
<TASK>
__cancel_work_sync+0xf5/0x110 kernel/workqueue.c:4331
thermal_zone_device_unregister+0x296/0x3f0 drivers/thermal/thermal_core.c:1660
psy_unregister_thermal drivers/power/supply/power_supply_core.c:1333 [inline]
power_supply_unregister+0xe8/0x140 drivers/power/supply/power_supply_core.c:1610
thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline]
shield_remove+0x72/0x120 drivers/hid/hid-nvidia-shield.c:1104
hid_device_remove+0x227/0x370
device_remove drivers/base/dd.c:566 [inline]
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x4ab/0x7c0 drivers/base/dd.c:1295
bus_remove_device+0x34f/0x420 drivers/base/bus.c:574
device_del+0x57a/0x9b0 drivers/base/core.c:3871
hid_remove_device drivers/hid/hid-core.c:2914 [inline]
hid_destroy_device+0x68/0x100 drivers/hid/hid-core.c:2934
usbhid_disconnect+0x9e/0xc0 drivers/hid/usbhid/hid-core.c:1458
usb_unbind_interface+0x260/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:568 [inline]
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x505/0x7c0 drivers/base/dd.c:1295
bus_remove_device+0x34f/0x420 drivers/base/bus.c:574
device_del+0x57a/0x9b0 drivers/base/core.c:3871
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2e/0x1830 kernel/workqueue.c:3312
worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e5fa841af679 Merge tag 'pull-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16b8adf3980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7229118d88b4a71b
dashboard link: https://syzkaller.appspot.com/bug?extid=7053fbd8757fecbbe492
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2f8ce1609883/disk-e5fa841a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a0d8aabc8a5/vmlinux-e5fa841a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7a7f6c33922b/bzImage-e5fa841a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7053fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
workqueue: work disable count underflowed
WARNING: CPU: 1 PID: 5233 at kernel/workqueue.c:4290 work_offqd_enable kernel/workqueue.c:4290 [inline]
WARNING: CPU: 1 PID: 5233 at kernel/workqueue.c:4290 enable_work+0x34d/0x360 kernel/workqueue.c:4461
Modules linked in:
CPU: 1 UID: 0 PID: 5233 Comm: kworker/1:3 Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:work_offqd_enable kernel/workqueue.c:4290 [inline]
RIP: 0010:enable_work+0x34d/0x360 kernel/workqueue.c:4461
Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 88 cd 92 0a e8 68 17 36 00 c6 05 bf 2e a4 0e 01 90 48 c7 c7 80 10 0a 8c e8 a4 3e f8 ff 90 <0f> 0b 90 90 e9 56 ff ff ff e8 e5 25 59 0a 0f 1f 44 00 00 90 90 90
RSP: 0018:ffffc900042270c0 EFLAGS: 00010046
RAX: 022b146294645100 RBX: 0000000000000000 RCX: 0000000000100000
RDX: ffffc900177a9000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc90004227190 R08: ffffffff8155b4d2 R09: 1ffff1101726519a
R10: dffffc0000000000 R11: ffffed101726519b R12: 1ffff92000844e1c
R13: 1ffff92000844e24 R14: 0000000000800001 R15: ffff88802d570738
FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3321bff8 CR3: 000000005bbf0000 CR4: 0000000000350ef0
Call Trace:
<TASK>
__cancel_work_sync+0xf5/0x110 kernel/workqueue.c:4331
thermal_zone_device_unregister+0x296/0x3f0 drivers/thermal/thermal_core.c:1660
psy_unregister_thermal drivers/power/supply/power_supply_core.c:1333 [inline]
power_supply_unregister+0xe8/0x140 drivers/power/supply/power_supply_core.c:1610
thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline]
shield_remove+0x72/0x120 drivers/hid/hid-nvidia-shield.c:1104
hid_device_remove+0x227/0x370
device_remove drivers/base/dd.c:566 [inline]
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x4ab/0x7c0 drivers/base/dd.c:1295
bus_remove_device+0x34f/0x420 drivers/base/bus.c:574
device_del+0x57a/0x9b0 drivers/base/core.c:3871
hid_remove_device drivers/hid/hid-core.c:2914 [inline]
hid_destroy_device+0x68/0x100 drivers/hid/hid-core.c:2934
usbhid_disconnect+0x9e/0xc0 drivers/hid/usbhid/hid-core.c:1458
usb_unbind_interface+0x260/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:568 [inline]
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x505/0x7c0 drivers/base/dd.c:1295
bus_remove_device+0x34f/0x420 drivers/base/bus.c:574
device_del+0x57a/0x9b0 drivers/base/core.c:3871
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2e/0x1830 kernel/workqueue.c:3312
worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 18, 2024, 12:50:26 AM9/18/24
to daniel....@linaro.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, lukas...@arm.com, raf...@kernel.org, rui....@intel.com, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: a940d9a43e62 Merge tag 'soc-arm-6.12' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1236bfc7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=44d46e514184cd24
dashboard link: https://syzkaller.appspot.com/bug?extid=7053fbd8757fecbbe492
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144a9207980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124a9207980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-a940d9a4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e9929bfe422c/vmlinux-a940d9a4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6c74ee261ed/bzImage-a940d9a4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7053fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
workqueue: work disable count underflowed
WARNING: CPU: 1 PID: 56 at kernel/workqueue.c:4298 work_offqd_enable kernel/workqueue.c:4298 [inline]
WARNING: CPU: 1 PID: 56 at kernel/workqueue.c:4298 enable_work+0x2fa/0x340 kernel/workqueue.c:4469
Modules linked in:
CPU: 1 UID: 0 PID: 56 Comm: kworker/1:1 Not tainted 6.11.0-syzkaller-03917-ga940d9a43e62 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:work_offqd_enable kernel/workqueue.c:4298 [inline]
RIP: 0010:enable_work+0x2fa/0x340 kernel/workqueue.c:4469
Code: 89 ee e8 f9 4d 35 00 45 84 ed 0f 85 28 fe ff ff e8 0b 4c 35 00 c6 05 50 81 af 0e 01 90 48 c7 c7 80 dc 4b 8b e8 47 32 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 05 09 94 00 e9 a9 fe ff ff
RSP: 0018:ffffc90000a87448 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e2c49
RDX: ffff88802052c880 RSI: ffffffff814e2c56 RDI: 0000000000000001
RBP: ffff888027663718 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000150e8a
R13: 0000000000000000 R14: ffffffff8f5ed040 R15: ffffffff8f5ed040
FS: 0000000000000000(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cancel_work_sync+0xe7/0x130 kernel/workqueue.c:4339
thermal_zone_device_unregister drivers/thermal/thermal_core.c:1599 [inline]
thermal_zone_device_unregister+0x27c/0x460 drivers/thermal/thermal_core.c:1569
psy_unregister_thermal drivers/power/supply/power_supply_core.c:1333 [inline]
power_supply_unregister+0x10a/0x150 drivers/power/supply/power_supply_core.c:1610
thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline]
shield_remove+0x75/0x130 drivers/hid/hid-nvidia-shield.c:1104
hid_device_remove+0xce/0x260 drivers/hid/hid-core.c:2730
device_remove+0xc8/0x170 drivers/base/dd.c:566
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1295
bus_remove_device+0x22f/0x420 drivers/base/bus.c:574
device_del+0x396/0x9f0 drivers/base/core.c:3871
hid_remove_device drivers/hid/hid-core.c:2914 [inline]
hid_destroy_device+0xe5/0x150 drivers/hid/hid-core.c:2934
usbhid_disconnect+0xa0/0xe0 drivers/hid/usbhid/hid-core.c:1458
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:568 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:560
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1295
bus_remove_device+0x22f/0x420 drivers/base/bus.c:574
device_del+0x396/0x9f0 drivers/base/core.c:3871
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: a940d9a43e62 Merge tag 'soc-arm-6.12' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1236bfc7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=44d46e514184cd24
dashboard link: https://syzkaller.appspot.com/bug?extid=7053fbd8757fecbbe492
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144a9207980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124a9207980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-a940d9a4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e9929bfe422c/vmlinux-a940d9a4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6c74ee261ed/bzImage-a940d9a4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7053fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
workqueue: work disable count underflowed
WARNING: CPU: 1 PID: 56 at kernel/workqueue.c:4298 enable_work+0x2fa/0x340 kernel/workqueue.c:4469
Modules linked in:
CPU: 1 UID: 0 PID: 56 Comm: kworker/1:1 Not tainted 6.11.0-syzkaller-03917-ga940d9a43e62 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:work_offqd_enable kernel/workqueue.c:4298 [inline]
RIP: 0010:enable_work+0x2fa/0x340 kernel/workqueue.c:4469
Code: 89 ee e8 f9 4d 35 00 45 84 ed 0f 85 28 fe ff ff e8 0b 4c 35 00 c6 05 50 81 af 0e 01 90 48 c7 c7 80 dc 4b 8b e8 47 32 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 05 09 94 00 e9 a9 fe ff ff
RSP: 0018:ffffc90000a87448 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e2c49
RDX: ffff88802052c880 RSI: ffffffff814e2c56 RDI: 0000000000000001
RBP: ffff888027663718 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000150e8a
R13: 0000000000000000 R14: ffffffff8f5ed040 R15: ffffffff8f5ed040
FS: 0000000000000000(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc995722e18 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cancel_work_sync+0xe7/0x130 kernel/workqueue.c:4339
thermal_zone_device_unregister drivers/thermal/thermal_core.c:1599 [inline]
thermal_zone_device_unregister+0x27c/0x460 drivers/thermal/thermal_core.c:1569
psy_unregister_thermal drivers/power/supply/power_supply_core.c:1333 [inline]
power_supply_unregister+0x10a/0x150 drivers/power/supply/power_supply_core.c:1610
thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline]
shield_remove+0x75/0x130 drivers/hid/hid-nvidia-shield.c:1104
hid_device_remove+0xce/0x260 drivers/hid/hid-core.c:2730
device_remove+0xc8/0x170 drivers/base/dd.c:566
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1295
bus_remove_device+0x22f/0x420 drivers/base/bus.c:574
device_del+0x396/0x9f0 drivers/base/core.c:3871
hid_remove_device drivers/hid/hid-core.c:2914 [inline]
hid_destroy_device+0xe5/0x150 drivers/hid/hid-core.c:2934
usbhid_disconnect+0xa0/0xe0 drivers/hid/usbhid/hid-core.c:1458
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:568 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:560
__device_release_driver drivers/base/dd.c:1272 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1295
bus_remove_device+0x22f/0x420 drivers/base/bus.c:574
device_del+0x396/0x9f0 drivers/base/core.c:3871
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1da5/0x4e10 drivers/usb/core/hub.c:5903
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
If you want syzbot to run the reproducer, reply with:
</TASK>
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
9:38 AM (10 hours ago) 9:38 AM
to syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
syzkall...@googlegroups.com.
***
Subject: Re: WARNING in enable_work
Author: penguin...@i-love.sakura.ne.jp
#syz test
diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h
index ab6cb70ca1a5..f5c3cc85a1e7 100644
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -267,7 +267,10 @@ static inline unsigned int work_static(struct work_struct *work)
return *work_data_bits(work) & WORK_STRUCT_STATIC;
}
#else
-static inline void __init_work(struct work_struct *work, int onstack) { }
+static inline void __init_work(struct work_struct *work, int onstack) {
+ atomic_set(&work->enable_count, 0);
+ atomic_set(&work->disable_count, 0);
+}
static inline void destroy_work_on_stack(struct work_struct *work) { }
static inline void destroy_delayed_work_on_stack(struct delayed_work *work) { }
static inline unsigned int work_static(struct work_struct *work) { return 0; }
diff --git a/include/linux/workqueue_types.h b/include/linux/workqueue_types.h
index 4c38824f3ab4..a9f5d74fe814 100644
--- a/include/linux/workqueue_types.h
+++ b/include/linux/workqueue_types.h
@@ -20,6 +20,8 @@ struct work_struct {
#ifdef CONFIG_LOCKDEP
struct lockdep_map lockdep_map;
#endif
+ atomic_t enable_count;
+ atomic_t disable_count;
};
#endif /* _LINUX_WORKQUEUE_TYPES_H */
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 5f747f241a5f..48e8d572fa33 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -689,6 +689,8 @@ static inline void debug_work_deactivate(struct work_struct *work)
void __init_work(struct work_struct *work, int onstack)
{
+ atomic_set(&work->enable_count, 0);
+ atomic_set(&work->disable_count, 0);
if (onstack)
debug_object_init_on_stack(work, &work_debug_descr);
else
@@ -4418,22 +4420,28 @@ bool flush_rcu_work(struct rcu_work *rwork)
}
EXPORT_SYMBOL(flush_rcu_work);
-static void work_offqd_disable(struct work_offq_data *offqd)
+static void work_offqd_disable(struct work_struct *work, struct work_offq_data *offqd)
{
const unsigned long max = (1lu << WORK_OFFQ_DISABLE_BITS) - 1;
+ atomic_inc(&work->disable_count);
if (likely(offqd->disable < max))
offqd->disable++;
else
- WARN_ONCE(true, "workqueue: work disable count overflowed\n");
+ WARN_ONCE(true, "workqueue: work disable count overflowed: %d %d %d\n",
+ offqd->disable, atomic_read(&work->disable_count),
+ atomic_read(&work->enable_count));
}
-static void work_offqd_enable(struct work_offq_data *offqd)
+static void work_offqd_enable(struct work_struct *work, struct work_offq_data *offqd)
{
+ atomic_inc(&work->enable_count);
if (likely(offqd->disable > 0))
offqd->disable--;
else
- WARN_ONCE(true, "workqueue: work disable count underflowed\n");
+ WARN_ONCE(true, "workqueue: work disable count underflowed: %d %d %d\n",
+ offqd->disable, atomic_read(&work->disable_count),
+ atomic_read(&work->enable_count));
}
static bool __cancel_work(struct work_struct *work, u32 cflags)
@@ -4447,7 +4455,7 @@ static bool __cancel_work(struct work_struct *work, u32 cflags)
work_offqd_unpack(&offqd, *work_data_bits(work));
if (cflags & WORK_CANCEL_DISABLE)
- work_offqd_disable(&offqd);
+ work_offqd_disable(work, &offqd);
set_work_pool_and_clear_pending(work, offqd.pool_id,
work_offqd_pack_flags(&offqd));
@@ -4604,7 +4612,7 @@ bool enable_work(struct work_struct *work)
work_grab_pending(work, 0, &irq_flags);
work_offqd_unpack(&offqd, *work_data_bits(work));
- work_offqd_enable(&offqd);
+ work_offqd_enable(work, &offqd);
set_work_pool_and_clear_pending(work, offqd.pool_id,
work_offqd_pack_flags(&offqd));
local_irq_restore(irq_flags);
syzkall...@googlegroups.com.
***
Subject: Re: WARNING in enable_work
Author: penguin...@i-love.sakura.ne.jp
#syz test
diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h
index ab6cb70ca1a5..f5c3cc85a1e7 100644
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -267,7 +267,10 @@ static inline unsigned int work_static(struct work_struct *work)
return *work_data_bits(work) & WORK_STRUCT_STATIC;
}
#else
-static inline void __init_work(struct work_struct *work, int onstack) { }
+static inline void __init_work(struct work_struct *work, int onstack) {
+ atomic_set(&work->enable_count, 0);
+ atomic_set(&work->disable_count, 0);
+}
static inline void destroy_work_on_stack(struct work_struct *work) { }
static inline void destroy_delayed_work_on_stack(struct delayed_work *work) { }
static inline unsigned int work_static(struct work_struct *work) { return 0; }
diff --git a/include/linux/workqueue_types.h b/include/linux/workqueue_types.h
index 4c38824f3ab4..a9f5d74fe814 100644
--- a/include/linux/workqueue_types.h
+++ b/include/linux/workqueue_types.h
@@ -20,6 +20,8 @@ struct work_struct {
#ifdef CONFIG_LOCKDEP
struct lockdep_map lockdep_map;
#endif
+ atomic_t enable_count;
+ atomic_t disable_count;
};
#endif /* _LINUX_WORKQUEUE_TYPES_H */
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 5f747f241a5f..48e8d572fa33 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -689,6 +689,8 @@ static inline void debug_work_deactivate(struct work_struct *work)
void __init_work(struct work_struct *work, int onstack)
{
+ atomic_set(&work->enable_count, 0);
+ atomic_set(&work->disable_count, 0);
if (onstack)
debug_object_init_on_stack(work, &work_debug_descr);
else
@@ -4418,22 +4420,28 @@ bool flush_rcu_work(struct rcu_work *rwork)
}
EXPORT_SYMBOL(flush_rcu_work);
-static void work_offqd_disable(struct work_offq_data *offqd)
+static void work_offqd_disable(struct work_struct *work, struct work_offq_data *offqd)
{
const unsigned long max = (1lu << WORK_OFFQ_DISABLE_BITS) - 1;
+ atomic_inc(&work->disable_count);
if (likely(offqd->disable < max))
offqd->disable++;
else
- WARN_ONCE(true, "workqueue: work disable count overflowed\n");
+ WARN_ONCE(true, "workqueue: work disable count overflowed: %d %d %d\n",
+ offqd->disable, atomic_read(&work->disable_count),
+ atomic_read(&work->enable_count));
}
-static void work_offqd_enable(struct work_offq_data *offqd)
+static void work_offqd_enable(struct work_struct *work, struct work_offq_data *offqd)
{
+ atomic_inc(&work->enable_count);
if (likely(offqd->disable > 0))
offqd->disable--;
else
- WARN_ONCE(true, "workqueue: work disable count underflowed\n");
+ WARN_ONCE(true, "workqueue: work disable count underflowed: %d %d %d\n",
+ offqd->disable, atomic_read(&work->disable_count),
+ atomic_read(&work->enable_count));
}
static bool __cancel_work(struct work_struct *work, u32 cflags)
@@ -4447,7 +4455,7 @@ static bool __cancel_work(struct work_struct *work, u32 cflags)
work_offqd_unpack(&offqd, *work_data_bits(work));
if (cflags & WORK_CANCEL_DISABLE)
- work_offqd_disable(&offqd);
+ work_offqd_disable(work, &offqd);
set_work_pool_and_clear_pending(work, offqd.pool_id,
work_offqd_pack_flags(&offqd));
@@ -4604,7 +4612,7 @@ bool enable_work(struct work_struct *work)
work_grab_pending(work, 0, &irq_flags);
work_offqd_unpack(&offqd, *work_data_bits(work));
- work_offqd_enable(&offqd);
+ work_offqd_enable(work, &offqd);
set_work_pool_and_clear_pending(work, offqd.pool_id,
work_offqd_pack_flags(&offqd));
local_irq_restore(irq_flags);
Reply all
Reply to author
Forward
0 new messages