Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp424905lqp; Tue, 11 Jun 2024 08:21:12 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCViH3xBF3Bdm+mLbPVTkJtcG6OeE0RGMk9JJAFPj5JMDQtAZcc4xRW4q9NswEsJniIiBSADDoj/HUpDuk18xSnzHFXtQrTCOxuwVe7OAQ== X-Google-Smtp-Source: AGHT+IFM7yczdLHHFA9qLS7Ou12JKupdKWw8f2tHaMtI+3dOrLXg+FoGPRw8vFe6wGc8TnMzoTrB X-Received: by 2002:a05:6a00:1990:b0:704:2bdd:82fe with SMTP id d2e1a72fcca58-7042bdd8a6bmr10500990b3a.15.1718119271779; Tue, 11 Jun 2024 08:21:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718119271; cv=pass; d=google.com; s=arc-20160816; b=HCM7hXEMjSs2DAsDCDr/jn0LYw3U1sbuVwmTwy1+6gf9WWOLQ5NpTyr/R4TGNDt205 Zq0FMYDegttBblgcrndVRe8WanEd9E5R+sQgDSmifQ+09aXmpa2/c6/rvg5jNcI0WQIL Rpb/kFmkUFdTXbK0PRnst7ZVWifInNMdEuW8CbEM6QHd1E9HQfRu61wIgxnKSTJOhKaA 6Zr5ALaXV8XBb5+LXhwCfKDlfGtbMOMArVdYJbDTkqeJTXpYfiZWCKSAgOJHt/qNQYWN DjGSu/kX3Qf0R5DRN8QLmgPgBvOA4g61wJEOvFJg4rCQG0o1kYzYyoXSVLYt/krW5bS9 dIWA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=v92sZNP6vHI+N0JbZ5XItfe1pYbgS3fKclIexQRQdIM=; fh=az2dZpEYiEm4vtTr4+qsX4XJoeJGU4fUES6heyq65CU=; b=b4Lktei3FVk0G8oEpgYTeNTdhA0++kR+j4YFkZt1REsHhCauUsbIE0cIXYC8f+ZyOA LMayph/Kmaxyfgdj+EEK+lhorWrUHN30uRMkjDs+42ZurqTq/5C5faW/1h8lLDXMvDSb 8V7CrSAEGpNTEOm5js3KUAR6bBGDBoxyD/aQinLrkfbiZ1YSFqoSLoTKUAnBeo+2YpzR F1erJWgi+QJCdOlw5f3sy6kfetGi680PgnWXToZ2SbpYZJ2MNlwx4HxffjUtPO6HjQDs lxUwRKuW/woHv5r/iU3aiSnMKxeKbpOZ15YEloKG2YaSIm5//xibpKWlwY0b6N9cqoB/ bTzQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=netrider.rowland.org); spf=pass (google.com: domain of linux-kernel+bounces-210142-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210142-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d2e1a72fcca58-7059778f0fbsi3666753b3a.252.2024.06.11.08.21.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jun 2024 08:21:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-210142-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=netrider.rowland.org); spf=pass (google.com: domain of linux-kernel+bounces-210142-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210142-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 641C72829CD for ; Tue, 11 Jun 2024 15:21:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B450423767; Tue, 11 Jun 2024 15:21:02 +0000 (UTC) Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by smtp.subspace.kernel.org (Postfix) with SMTP id C270B17554 for ; Tue, 11 Jun 2024 15:20:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.131.102.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718119262; cv=none; b=oSIRwWW5a+DDCVLFbbz6US0sKcRstXvG2fMQ2USpk3n/kj+kaU/4hikU9NPIDVIF+VwOoyDnaAuKMJWM7AV+1J4K6E5Vz1mabq4aYMLv/GUIjNIOO1/29VG1Yzoe3WVd2TMv0+hCh7JUq8CAKlH6dIA5HGBnlNXD3QysT3H2BOY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718119262; c=relaxed/simple; bh=Er6PA3/Modh6YaGC9UL3eMxeB6uHpwFIoxsNj22/flE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=H69r7s4kaK6u3erC9TMDL8cLLAy8RmwNXPNP42sWFr9u59Z4blY5k0mEe5oATdp9E1+z7g73AjCSoKOBOeVforv/PgWrt8nyKN3nIJzbcAz5+vq8JizYukPgEr0Z/CCwYj+7dahP/eiSngPF4KtnxcdqNqqxt72xT8JIMBYZz6c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=rowland.harvard.edu; spf=pass smtp.mailfrom=netrider.rowland.org; arc=none smtp.client-ip=192.131.102.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=rowland.harvard.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=netrider.rowland.org Received: (qmail 189524 invoked by uid 1000); 11 Jun 2024 11:20:57 -0400 Date: Tue, 11 Jun 2024 11:20:57 -0400 From: Alan Stern To: syzbot Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [usb?] INFO: rcu detected stall in raw_ioctl Message-ID: <23b1962c-044d-4dbd-a705-58754f0914cb@rowland.harvard.edu> References: <000000000000386b64061a8ec33d@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000000000000386b64061a8ec33d@google.com> On Mon, Jun 10, 2024 at 01:12:03PM -0700, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any issue: > > Reported-and-tested-by: syzbot+5f996b83575ef4058638@syzkaller.appspotmail.com > > Tested on: > > commit: 8867bbd4 mm: arm64: Fix the out-of-bounds issue in con.. > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git > console output: https://syzkaller.appspot.com/x/log.txt?x=15f51bce980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=3b4350cf56c61c80 > dashboard link: https://syzkaller.appspot.com/bug?extid=5f996b83575ef4058638 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > userspace arch: arm64 > patch: https://syzkaller.appspot.com/x/patch.diff?x=151b5fce980000 > > Note: testing is done by a robot and is best-effort only. That's not much use. Let's see what happens without all the error messages filling up the log, and let's test how well the timer emulation works. The kernel config has CONFIG_HZ set to 100, which is not a very good value for dummy-hcd although it should still work. But the multiple-millisecond intervals between timer interrupts are worrisome. Alan Stern #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git 8867bbd4a056 Index: usb-devel/drivers/usb/class/cdc-wdm.c =================================================================== --- usb-devel.orig/drivers/usb/class/cdc-wdm.c +++ usb-devel/drivers/usb/class/cdc-wdm.c @@ -265,18 +265,11 @@ static void wdm_int_callback(struct urb set_bit(WDM_INT_STALL, &desc->flags); dev_err(&desc->intf->dev, "Stall on int endpoint\n"); goto sw; /* halt is cleared in work */ - default: - dev_err(&desc->intf->dev, - "nonzero urb status received: %d\n", status); - break; } } - if (urb->actual_length < sizeof(struct usb_cdc_notification)) { - dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n", - urb->actual_length); + if (urb->actual_length < sizeof(struct usb_cdc_notification)) goto exit; - } switch (dr->bNotificationType) { case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: Index: usb-devel/drivers/usb/gadget/legacy/raw_gadget.c =================================================================== --- usb-devel.orig/drivers/usb/gadget/legacy/raw_gadget.c +++ usb-devel/drivers/usb/gadget/legacy/raw_gadget.c @@ -596,8 +596,6 @@ static int raw_ioctl_run(struct raw_dev spin_lock_irqsave(&dev->lock, flags); if (ret) { - dev_err(dev->dev, - "fail, usb_gadget_register_driver returned %d\n", ret); dev->state = STATE_DEV_FAILED; goto out_unlock; } Index: usb-devel/drivers/usb/gadget/udc/core.c =================================================================== --- usb-devel.orig/drivers/usb/gadget/udc/core.c +++ usb-devel/drivers/usb/gadget/udc/core.c @@ -1699,8 +1699,6 @@ int usb_gadget_register_driver_owner(str mutex_lock(&udc_lock); if (!driver->is_bound) { if (driver->match_existing_only) { - pr_warn("%s: couldn't find an available UDC or it's busy\n", - driver->function); ret = -EBUSY; } else { pr_info("%s: couldn't find an available UDC\n", Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c =================================================================== --- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c +++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c @@ -989,12 +989,42 @@ static DEVICE_ATTR_RO(function); * for each driver that registers: just add to a big root hub. */ +static struct timer_list alan_timer; +static int alan_count; +#define ALAN_MAX 20 + +static void alan_callback(struct timer_list *t) +{ + if (++alan_count >= ALAN_MAX) + return; + mod_timer(&alan_timer, jiffies + msecs_to_jiffies(1)); +} + +static void test_alan_timer(void) +{ + int alan_prev; + + alan_prev = alan_count = 0; + mod_timer(&alan_timer, jiffies + msecs_to_jiffies(1)); + for (;;) { + if (alan_prev != alan_count) { + alan_prev = alan_count; + pr_info("alan_count %d\n", alan_prev); + if (alan_prev >= ALAN_MAX) + break; + } + cpu_relax(); + } +} + static int dummy_udc_start(struct usb_gadget *g, struct usb_gadget_driver *driver) { struct dummy_hcd *dum_hcd = gadget_to_dummy_hcd(g); struct dummy *dum = dum_hcd->dum; + test_alan_timer(); + switch (g->speed) { /* All the speeds we support */ case USB_SPEED_LOW: @@ -2769,6 +2799,8 @@ static int __init dummy_hcd_init(void) int i; struct dummy *dum[MAX_NUM_UDC] = {}; + timer_setup(&alan_timer, alan_callback, TIMER_PINNED); + if (usb_disabled()) return -ENODEV;