Re: [syzbot] [usb?] INFO: rcu detected stall in raw_ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 10, 2024 at 01:12:03PM -0700, syzbot wrote:
> Hello,
> 
> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
> 
> Reported-and-tested-by: syzbot+5f996b83575ef4058638@xxxxxxxxxxxxxxxxxxxxxxxxx
> 
> Tested on:
> 
> commit:         8867bbd4 mm: arm64: Fix the out-of-bounds issue in con..
> git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
> console output: https://syzkaller.appspot.com/x/log.txt?x=15f51bce980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3b4350cf56c61c80
> dashboard link: https://syzkaller.appspot.com/bug?extid=5f996b83575ef4058638
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> patch:          https://syzkaller.appspot.com/x/patch.diff?x=151b5fce980000
> 
> Note: testing is done by a robot and is best-effort only.

That's not much use.  Let's see what happens without all the error 
messages filling up the log, and let's test how well the timer emulation 
works.

The kernel config has CONFIG_HZ set to 100, which is not a very good 
value for dummy-hcd although it should still work.  But the 
multiple-millisecond intervals between timer interrupts are worrisome.

Alan Stern

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git 8867bbd4a056

Index: usb-devel/drivers/usb/class/cdc-wdm.c
===================================================================
--- usb-devel.orig/drivers/usb/class/cdc-wdm.c
+++ usb-devel/drivers/usb/class/cdc-wdm.c
@@ -265,18 +265,11 @@ static void wdm_int_callback(struct urb
 			set_bit(WDM_INT_STALL, &desc->flags);
 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
 			goto sw; /* halt is cleared in work */
-		default:
-			dev_err(&desc->intf->dev,
-				"nonzero urb status received: %d\n", status);
-			break;
 		}
 	}
 
-	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
-		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
-			urb->actual_length);
+	if (urb->actual_length < sizeof(struct usb_cdc_notification))
 		goto exit;
-	}
 
 	switch (dr->bNotificationType) {
 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
Index: usb-devel/drivers/usb/gadget/legacy/raw_gadget.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/legacy/raw_gadget.c
+++ usb-devel/drivers/usb/gadget/legacy/raw_gadget.c
@@ -596,8 +596,6 @@ static int raw_ioctl_run(struct raw_dev
 
 	spin_lock_irqsave(&dev->lock, flags);
 	if (ret) {
-		dev_err(dev->dev,
-			"fail, usb_gadget_register_driver returned %d\n", ret);
 		dev->state = STATE_DEV_FAILED;
 		goto out_unlock;
 	}
Index: usb-devel/drivers/usb/gadget/udc/core.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/core.c
+++ usb-devel/drivers/usb/gadget/udc/core.c
@@ -1699,8 +1699,6 @@ int usb_gadget_register_driver_owner(str
 	mutex_lock(&udc_lock);
 	if (!driver->is_bound) {
 		if (driver->match_existing_only) {
-			pr_warn("%s: couldn't find an available UDC or it's busy\n",
-					driver->function);
 			ret = -EBUSY;
 		} else {
 			pr_info("%s: couldn't find an available UDC\n",
Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
+++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
@@ -989,12 +989,42 @@ static DEVICE_ATTR_RO(function);
  * for each driver that registers:  just add to a big root hub.
  */
 
+static struct timer_list	alan_timer;
+static int			alan_count;
+#define ALAN_MAX		20
+
+static void alan_callback(struct timer_list *t)
+{
+	if (++alan_count >= ALAN_MAX)
+		return;
+	mod_timer(&alan_timer, jiffies + msecs_to_jiffies(1));
+}
+
+static void test_alan_timer(void)
+{
+	int	alan_prev;
+
+	alan_prev = alan_count = 0;
+	mod_timer(&alan_timer, jiffies + msecs_to_jiffies(1));
+	for (;;) {
+		if (alan_prev != alan_count) {
+			alan_prev = alan_count;
+			pr_info("alan_count %d\n", alan_prev);
+			if (alan_prev >= ALAN_MAX)
+				break;
+		}
+		cpu_relax();
+	}
+}
+
 static int dummy_udc_start(struct usb_gadget *g,
 		struct usb_gadget_driver *driver)
 {
 	struct dummy_hcd	*dum_hcd = gadget_to_dummy_hcd(g);
 	struct dummy		*dum = dum_hcd->dum;
 
+	test_alan_timer();
+
 	switch (g->speed) {
 	/* All the speeds we support */
 	case USB_SPEED_LOW:
@@ -2769,6 +2799,8 @@ static int __init dummy_hcd_init(void)
 	int	i;
 	struct	dummy *dum[MAX_NUM_UDC] = {};
 
+	timer_setup(&alan_timer, alan_callback, TIMER_PINNED);
+
 	if (usb_disabled())
 		return -ENODEV;
 




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux