On Mon, Aug 21, 2023 at 09:48:01AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 7271b2a53042 Add linux-next specific files for 20230818 > git tree: linux-next > console+strace: https://syzkaller.appspot.com/x/log.txt?x=10e05763a80000 > kernel config: https://syzkaller.appspot.com/x/.config?x=1936af09cdef7dd6 > dashboard link: https://syzkaller.appspot.com/bug?extid=f7ac46d91cf13b4591a4 > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1085e265a80000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14290117a80000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/d81109bc02c1/disk-7271b2a5.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/4b3bf8e2a4f7/vmlinux-7271b2a5.xz > kernel image: https://storage.googleapis.com/syzbot-assets/6404cd473c1e/bzImage-7271b2a5.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+f7ac46d91cf13b4591a4@xxxxxxxxxxxxxxxxxxxxxxxxx > > INFO: task kworker/0:1:9 blocked for more than 143 seconds. > Not tainted 6.5.0-rc6-next-20230818-syzkaller #0 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:kworker/0:1 state:D stack:26768 pid:9 ppid:2 flags:0x00004000 > Workqueue: usb_hub_wq hub_event > Call Trace: > <TASK> > context_switch kernel/sched/core.c:5382 [inline] > __schedule+0xee1/0x59f0 kernel/sched/core.c:6695 > schedule+0xe7/0x1b0 kernel/sched/core.c:6771 > usb_kill_urb.part.0+0x1c6/0x250 drivers/usb/core/urb.c:713 > usb_kill_urb+0x83/0xa0 drivers/usb/core/urb.c:702 > usb_start_wait_urb+0x251/0x4c0 drivers/usb/core/message.c:65 > usb_internal_control_msg drivers/usb/core/message.c:103 [inline] > usb_control_msg+0x327/0x4a0 drivers/usb/core/message.c:154 > get_bMaxPacketSize0.constprop.0+0xa5/0x1c0 drivers/usb/core/hub.c:4725 > hub_port_init+0x680/0x3850 drivers/usb/core/hub.c:4921 > hub_port_connect drivers/usb/core/hub.c:5369 [inline] > hub_port_connect_change drivers/usb/core/hub.c:5580 [inline] > port_event drivers/usb/core/hub.c:5740 [inline] > hub_event+0x2b64/0x4e00 drivers/usb/core/hub.c:5822 > process_one_work+0x887/0x15d0 kernel/workqueue.c:2630 > process_scheduled_works kernel/workqueue.c:2703 [inline] > worker_thread+0x8bb/0x1290 kernel/workqueue.c:2784 > kthread+0x33a/0x430 kernel/kthread.c:388 > ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 > </TASK> Although it's not apparent from the bug report, this bug appears to stem from a problem in the usbip drivers, as can be seen in the console output URL given above. Apparently vhci_hcd sometimes fails to dequeue or complete an URB. As a result, a process calling usb_kill_urb() can hang indefinitely. This single issue is behind a bunch of outstanding syzbot bug reports. Alan Stern
