Hello, syzbot found the following issue on: HEAD commit: 1613e604df0c Linux 6.10-rc1 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes console output: https://syzkaller.appspot.com/x/log.txt?x=12338b3c980000 kernel config: https://syzkaller.appspot.com/x/.config?x=71e27a66e3476b52 dashboard link: https://syzkaller.appspot.com/bug?extid=fda41ea3324f13031be5 compiler: riscv64-linux-gnu-gcc (Debian 12.2.0-13) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: riscv64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-1613e604.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/e531dbb975b3/vmlinux-1613e604.xz kernel image: https://storage.googleapis.com/syzbot-assets/f0f763ab94b0/Image-1613e604.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+fda41ea3324f13031be5@xxxxxxxxxxxxxxxxxxxxxxxxx microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 Kernel panic - not syncing: corrupted stack end detected inside scheduler CPU: 0 PID: 16261 Comm: kworker/0:2 Not tainted 6.10.0-rc1-syzkaller-g1613e604df0c #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: usb_hub_wq hub_event Call Trace: [<ffffffff8000f6f8>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:129 [<ffffffff85c29e7c>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:135 [<ffffffff85c83b6a>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff85c83b6a>] dump_stack_lvl+0x108/0x196 lib/dump_stack.c:114 [<ffffffff85c83c14>] dump_stack+0x1c/0x24 lib/dump_stack.c:123 [<ffffffff85c2aa42>] panic+0x382/0x800 kernel/panic.c:347 [<ffffffff85c92b18>] schedule_debug kernel/sched/core.c:5962 [inline] [<ffffffff85c92b18>] __schedule+0x342e/0x3486 kernel/sched/core.c:6628 [<ffffffff85c930cc>] preempt_schedule_common kernel/sched/core.c:6924 [inline] [<ffffffff85c930cc>] preempt_schedule+0xd2/0x1e2 kernel/sched/core.c:6948 [<ffffffff80c0afdc>] idr_preload_end include/linux/idr.h:174 [inline] [<ffffffff80c0afdc>] __kernfs_new_node+0x7ac/0x8ee fs/kernfs/dir.c:636 [<ffffffff80c0f740>] kernfs_new_node+0x14e/0x200 fs/kernfs/dir.c:700 [<ffffffff80c10aa2>] kernfs_create_dir_ns+0x3e/0x172 fs/kernfs/dir.c:1061 [<ffffffff80c1a1bc>] sysfs_create_dir_ns+0x132/0x276 fs/sysfs/dir.c:59 [<ffffffff85baa520>] create_dir lib/kobject.c:73 [inline] [<ffffffff85baa520>] kobject_add_internal+0x26c/0x8aa lib/kobject.c:240 [<ffffffff85bab7c2>] kobject_add_varg lib/kobject.c:374 [inline] [<ffffffff85bab7c2>] kobject_add+0x12e/0x1ea lib/kobject.c:426 [<ffffffff8272744c>] class_dir_create_and_add drivers/base/core.c:3264 [inline] [<ffffffff8272744c>] get_device_parent+0x340/0x45c drivers/base/core.c:3315 [<ffffffff8272d234>] device_add+0x1b0/0x181a drivers/base/core.c:3645 [<ffffffff83ae7f46>] __power_supply_register+0x96a/0x12c6 drivers/power/supply/power_supply_core.c:1418 [<ffffffff83ae88ca>] power_supply_register+0x28/0x36 drivers/power/supply/power_supply_core.c:1488 [<ffffffff8425b596>] hidinput_setup_battery.isra.0+0x5be/0xb16 drivers/hid/hid-input.c:589 [<ffffffff84260a08>] hidinput_configure_usage drivers/hid/hid-input.c:993 [inline] [<ffffffff84260a08>] hidinput_configure_usages drivers/hid/hid-input.c:2267 [inline] [<ffffffff84260a08>] hidinput_connect+0x2f9c/0x8ce0 drivers/hid/hid-input.c:2334 [<ffffffff84253a5e>] hid_connect+0x126a/0x16be drivers/hid/hid-core.c:2194 [<ffffffff84253f68>] hid_hw_start drivers/hid/hid-core.c:2309 [inline] [<ffffffff84253f68>] hid_hw_start+0xb6/0x13c drivers/hid/hid-core.c:2300 [<ffffffff842deb40>] ms_probe+0x15e/0x4f2 drivers/hid/hid-microsoft.c:391 [<ffffffff84254616>] __hid_device_probe drivers/hid/hid-core.c:2633 [inline] [<ffffffff84254616>] hid_device_probe+0x2a4/0x3f2 drivers/hid/hid-core.c:2670 [<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline] [<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656 [<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798 [<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828 [<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956 [<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457 [<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028 [<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077 [<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532 [<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721 [<ffffffff8424d8b6>] hid_add_device+0x374/0x9d8 drivers/hid/hid-core.c:2816 [<ffffffff843a0728>] usbhid_probe+0xa52/0xf86 drivers/hid/usbhid/hid-core.c:1429 [<ffffffff832d8336>] usb_probe_interface+0x2d8/0x8c6 drivers/usb/core/driver.c:399 [<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline] [<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656 [<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798 [<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828 [<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956 [<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457 [<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028 [<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077 [<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532 [<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721 [<ffffffff832d1c6c>] usb_set_configuration+0xf08/0x19dc drivers/usb/core/message.c:2210 [<ffffffff832f9692>] usb_generic_driver_probe+0xae/0x128 drivers/usb/core/generic.c:254 [<ffffffff832d3906>] usb_probe_device+0xd6/0x360 drivers/usb/core/driver.c:294 [<ffffffff827382e2>] call_driver_probe drivers/base/dd.c:578 [inline] [<ffffffff827382e2>] really_probe+0x232/0x9be drivers/base/dd.c:656 [<ffffffff82738c42>] __driver_probe_device+0x1d4/0x3f2 drivers/base/dd.c:798 [<ffffffff82738ec0>] driver_probe_device+0x60/0x1ce drivers/base/dd.c:828 [<ffffffff82739210>] __device_attach_driver+0x1e2/0x2fc drivers/base/dd.c:956 [<ffffffff82732b4e>] bus_for_each_drv+0x142/0x1da drivers/base/bus.c:457 [<ffffffff82739e32>] __device_attach+0x1c4/0x462 drivers/base/dd.c:1028 [<ffffffff8273a458>] device_initial_probe+0x1c/0x26 drivers/base/dd.c:1077 [<ffffffff827355d0>] bus_probe_device+0x15c/0x192 drivers/base/bus.c:532 [<ffffffff8272e15c>] device_add+0x10d8/0x181a drivers/base/core.c:3721 [<ffffffff832ad9fa>] usb_new_device+0x960/0x1750 drivers/usb/core/hub.c:2651 [<ffffffff832b4022>] hub_port_connect drivers/usb/core/hub.c:5521 [inline] [<ffffffff832b4022>] hub_port_connect_change drivers/usb/core/hub.c:5661 [inline] [<ffffffff832b4022>] port_event drivers/usb/core/hub.c:5821 [inline] [<ffffffff832b4022>] hub_event+0x2a2a/0x4a5c drivers/usb/core/hub.c:5903 [<ffffffff8012d1ea>] process_one_work+0x938/0x1d5c kernel/workqueue.c:3231 [<ffffffff8012ebcc>] process_scheduled_works kernel/workqueue.c:3312 [inline] [<ffffffff8012ebcc>] worker_thread+0x5be/0xe24 kernel/workqueue.c:3393 [<ffffffff8014d7b4>] kthread+0x28c/0x3a6 kernel/kthread.c:389 [<ffffffff85ca884e>] ret_from_fork+0xe/0x1c arch/riscv/kernel/entry.S:232 SMP: stopping secondary CPUs Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
