On Tue, Dec 13, 2022 at 12:51:26PM -0800, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > INFO: rcu detected stall in corrupted > > rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P4116 } 2668 jiffies s: 2777 root: 0x0/T > rcu: blocking rcu_node structures (internal RCU debug): > > > Tested on: > > commit: 830b3c68 Linux 6.1 > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ > console output: https://syzkaller.appspot.com/x/log.txt?x=12066e8b880000 > kernel config: https://syzkaller.appspot.com/x/.config?x=5a194ed4fc682723 > dashboard link: https://syzkaller.appspot.com/bug?extid=33d7ad66d65044b93f16 > compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 > patch: https://syzkaller.appspot.com/x/patch.diff?x=16793e8f880000 Let's see if this is related to the patch or something completely independent. Alan Stern #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 830b3c68c1fb drivers/usb/gadget/legacy/inode.c | 39 +++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) Index: usb-devel/drivers/usb/gadget/legacy/inode.c =================================================================== --- usb-devel.orig/drivers/usb/gadget/legacy/inode.c +++ usb-devel/drivers/usb/gadget/legacy/inode.c @@ -229,6 +229,7 @@ static void put_ep (struct ep_data *data */ static const char *CHIP; +static DEFINE_MUTEX(sb_mutex); /* Serialize superblock maintenance */ /*----------------------------------------------------------------------*/ @@ -2010,13 +2011,23 @@ gadgetfs_fill_super (struct super_block { struct inode *inode; struct dev_data *dev; + int rc; - if (the_device) - return -ESRCH; + printk(KERN_INFO "fill_super A\n"); + mutex_lock(&sb_mutex); + + if (the_device) { + rc = -ESRCH; + goto Done; + } + printk(KERN_INFO "fill_super B\n"); CHIP = usb_get_gadget_udc_name(); - if (!CHIP) - return -ENODEV; + if (!CHIP) { + rc = -ENODEV; + goto Done; + } + printk(KERN_INFO "fill_super C\n"); /* superblock */ sb->s_blocksize = PAGE_SIZE; @@ -2029,6 +2040,7 @@ gadgetfs_fill_super (struct super_block inode = gadgetfs_make_inode (sb, NULL, &simple_dir_operations, S_IFDIR | S_IRUGO | S_IXUGO); + printk(KERN_INFO "fill_super D\n"); if (!inode) goto Enomem; inode->i_op = &simple_dir_inode_operations; @@ -2039,11 +2051,13 @@ gadgetfs_fill_super (struct super_block * user mode code can use it for sanity checks, like we do. */ dev = dev_new (); + printk(KERN_INFO "fill_super E\n"); if (!dev) goto Enomem; dev->sb = sb; dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations); + printk(KERN_INFO "fill_super F\n"); if (!dev->dentry) { put_dev(dev); goto Enomem; @@ -2053,13 +2067,18 @@ gadgetfs_fill_super (struct super_block * from binding to a controller. */ the_device = dev; - return 0; + rc = 0; + goto Done; -Enomem: + Enomem: kfree(CHIP); CHIP = NULL; + rc = -ENOMEM; - return -ENOMEM; + Done: + printk(KERN_INFO "fill_super G\n"); + mutex_unlock(&sb_mutex); + return rc; } /* "mount -t gadgetfs path /dev/gadget" ends up here */ @@ -2081,13 +2100,19 @@ static int gadgetfs_init_fs_context(stru static void gadgetfs_kill_sb (struct super_block *sb) { + printk(KERN_INFO "kill_sb A\n"); + mutex_lock(&sb_mutex); + printk(KERN_INFO "kill_sb B\n"); kill_litter_super (sb); + printk(KERN_INFO "kill_sb C\n"); if (the_device) { put_dev (the_device); the_device = NULL; } kfree(CHIP); CHIP = NULL; + printk(KERN_INFO "kill_sb D\n"); + mutex_unlock(&sb_mutex); } /*----------------------------------------------------------------------*/