Re: [syzbot] [tomoyo?] [fs?] INFO: rcu detected stall in newfstatat (3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jun 10, 2023 at 07:09:26PM +0900, Tetsuo Handa wrote:
> Regarding drivers/media/rc/ directory, igorplugusb_callback() and irtoy_in_callback() and
> mceusb_dev_recv() are handling -EPROTO error, by calling usb_unlink_urb() and returning
> instead of calling usb_submit_urb() again. This indicates that lack of -EPROTO (and some
> other error codes) handling in usb_rx_callback_intf0() is causing infinite resubmit loop.
> So, which error codes does usb_rx_callback_intf0() need to handle?

It depends on how much error handling you want to do.

In theory some USB errors are transient, so they can be worked around by 
retrying over a period of several seconds.  In practice I haven't found 
those sorts of error to occur often enough to be worth the trouble, 
although other people may disagree.

Some drivers just give up completely on any unrecognized error.  That's 
not an unreasonable approach.  But it does make any sort of recovery 
difficult -- the user may need to unbind and rebind the driver, or reset 
the device, or even unplug and replug the device.  (Of course, if the 
reason for the error occurring in the first place was because the user 
hot-unplugged the device, these considerations are moot.)

However, you should realize that the testing done by syzbot differs from 
normal device operation in a signficant way: Instead of using real 
hardware with real packet timings and so on, syzbot uses a software 
emulator.  The emulation isn't perfect, and the difference tends to show 
up when drivers immediately resubmit failed URBs.  The resubmitted URB 
quickly fails for the same reason as before, is resubmitted again, etc.  
This puts the emulator into a tight loop, much of which runs in 
interrupt or softirq context, causing the system to stall.  Real 
hardware would not behave the same way.

Alan Stern

> static void usb_rx_callback_intf0(struct urb *urb)
> {
> 	dev_warn(ictx->dev, "imon %s: status(%d): ignored\n",
> 		__func__, urb->status);
> 	usb_submit_urb(ictx->rx_urb_intf0, GFP_ATOMIC);
> }
> 
> #syz set subsystems: usb
> 
> On 2023/06/10 18:07, syzbot wrote:
> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    d37537a1f7cf Merge 6.4-rc5 into usb-next
> > git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> > console output: https://syzkaller.appspot.com/x/log.txt?x=15d9b771280000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=9e12d6d7f5296037
> > dashboard link: https://syzkaller.appspot.com/bug?extid=96127c74434e19e4609d
> > compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=153d7959280000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15bcb6b5280000
> > 
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/752b1860c3b6/disk-d37537a1.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/6f9c9f2751b2/vmlinux-d37537a1.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/bf7433b7dd12/bzImage-d37537a1.xz
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+96127c74434e19e4609d@xxxxxxxxxxxxxxxxxxxxxxxxx
> 



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux