On Sat, Jun 10, 2023 at 07:09:26PM +0900, Tetsuo Handa wrote:
> Regarding drivers/media/rc/ directory, igorplugusb_callback() and irtoy_in_callback() and
> mceusb_dev_recv() are handling -EPROTO error, by calling usb_unlink_urb() and returning
> instead of calling usb_submit_urb() again. This indicates that lack of -EPROTO (and some
> other error codes) handling in usb_rx_callback_intf0() is causing infinite resubmit loop.
> So, which error codes does usb_rx_callback_intf0() need to handle?
It depends on how much error handling you want to do.
In theory some USB errors are transient, so they can be worked around by
retrying over a period of several seconds. In practice I haven't found
those sorts of error to occur often enough to be worth the trouble,
although other people may disagree.
Some drivers just give up completely on any unrecognized error. That's
not an unreasonable approach. But it does make any sort of recovery
difficult -- the user may need to unbind and rebind the driver, or reset
the device, or even unplug and replug the device. (Of course, if the
reason for the error occurring in the first place was because the user
hot-unplugged the device, these considerations are moot.)
However, you should realize that the testing done by syzbot differs from
normal device operation in a signficant way: Instead of using real
hardware with real packet timings and so on, syzbot uses a software
emulator. The emulation isn't perfect, and the difference tends to show
up when drivers immediately resubmit failed URBs. The resubmitted URB
quickly fails for the same reason as before, is resubmitted again, etc.
This puts the emulator into a tight loop, much of which runs in
interrupt or softirq context, causing the system to stall. Real
hardware would not behave the same way.
Alan Stern
> static void usb_rx_callback_intf0(struct urb *urb)
> {
> dev_warn(ictx->dev, "imon %s: status(%d): ignored\n",
> __func__, urb->status);
> usb_submit_urb(ictx->rx_urb_intf0, GFP_ATOMIC);
> }
>
> #syz set subsystems: usb
>
> On 2023/06/10 18:07, syzbot wrote:
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: d37537a1f7cf Merge 6.4-rc5 into usb-next
> > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> > console output: https://syzkaller.appspot.com/x/log.txt?x=15d9b771280000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=9e12d6d7f5296037
> > dashboard link: https://syzkaller.appspot.com/bug?extid=96127c74434e19e4609d
> > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=153d7959280000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15bcb6b5280000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/752b1860c3b6/disk-d37537a1.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/6f9c9f2751b2/vmlinux-d37537a1.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/bf7433b7dd12/bzImage-d37537a1.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+96127c74434e19e4609d@xxxxxxxxxxxxxxxxxxxxxxxxx
>
