Re: INFO: rcu detected stall in dummy_timer (3)
0 views
Skip to first unread message
syzbot
12:05 PM (4 hours ago) 12:05 PM
to st...@rowland.harvard.edu, linu...@vger.kernel.org, st...@rowland.harvard.edu, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> I'm revisiting an old syzbot bug caused by a tight resubmit loop, this
> one in mceusb. The bug was fixed by commit 476db72e5219 ("media:
> mceusb: return without resubmitting URB in case of -EPROTO error."), but
> I want to try fixing it a different way, by changing dummy-hcd.
>
> This is a preliminary test, to make sure the bug can still be triggered.
> The patch below doesn't do anything -- yet!
>
> Alan Stern
>
> #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 811d22141369
This bug is already marked as fixed. No point in testing.
>
> Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
> ===================================================================
> --- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
> +++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
> @@ -231,6 +231,7 @@ struct urbp {
> struct list_head urbp_list;
> struct sg_mapping_iter miter;
> u32 miter_started;
> + int missing_ep_delay;
> };
>
>
> @@ -1275,6 +1276,7 @@ static int dummy_urb_enqueue(
> return -ENOMEM;
> urbp->urb = urb;
> urbp->miter_started = 0;
> + urbp->missing_ep_delay = 80; /* Microframes -> 10 ms */
>
> dum_hcd = hcd_to_dummy_hcd(hcd);
> spin_lock_irqsave(&dum_hcd->dum->lock, flags);
> @@ -1863,6 +1865,8 @@ restart:
> address |= USB_DIR_IN;
> ep = find_endpoint(dum, address);
> if (!ep) {
> +// if (--urbp->missing_ep_delay > 0)
> +// continue;
> /* set_configuration() disagreement */
> dev_dbg(dummy_dev(dum_hcd),
> "no ep configured for urb %p\n",
> one in mceusb. The bug was fixed by commit 476db72e5219 ("media:
> mceusb: return without resubmitting URB in case of -EPROTO error."), but
> I want to try fixing it a different way, by changing dummy-hcd.
>
> This is a preliminary test, to make sure the bug can still be triggered.
> The patch below doesn't do anything -- yet!
>
> Alan Stern
>
> #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 811d22141369
This bug is already marked as fixed. No point in testing.
>
> Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
> ===================================================================
> --- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c
> +++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c
> @@ -231,6 +231,7 @@ struct urbp {
> struct list_head urbp_list;
> struct sg_mapping_iter miter;
> u32 miter_started;
> + int missing_ep_delay;
> };
>
>
> @@ -1275,6 +1276,7 @@ static int dummy_urb_enqueue(
> return -ENOMEM;
> urbp->urb = urb;
> urbp->miter_started = 0;
> + urbp->missing_ep_delay = 80; /* Microframes -> 10 ms */
>
> dum_hcd = hcd_to_dummy_hcd(hcd);
> spin_lock_irqsave(&dum_hcd->dum->lock, flags);
> @@ -1863,6 +1865,8 @@ restart:
> address |= USB_DIR_IN;
> ep = find_endpoint(dum, address);
> if (!ep) {
> +// if (--urbp->missing_ep_delay > 0)
> +// continue;
> /* set_configuration() disagreement */
> dev_dbg(dummy_dev(dum_hcd),
> "no ep configured for urb %p\n",
Alan Stern
12:11 PM (4 hours ago) 12:11 PM
to syzbot, linu...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Thu, Apr 23, 2026 at 09:05:38AM -0700, syzbot wrote:
> > I'm revisiting an old syzbot bug caused by a tight resubmit loop, this
> > one in mceusb. The bug was fixed by commit 476db72e5219 ("media:
> > mceusb: return without resubmitting URB in case of -EPROTO error."), but
> > I want to try fixing it a different way, by changing dummy-hcd.
> >
> > This is a preliminary test, to make sure the bug can still be triggered.
> > The patch below doesn't do anything -- yet!
> >
> > Alan Stern
> >
> > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 811d22141369
>
> This bug is already marked as fixed. No point in testing.
All right. I'm going to do something rather heavy-handed to convince
> > I'm revisiting an old syzbot bug caused by a tight resubmit loop, this
> > one in mceusb. The bug was fixed by commit 476db72e5219 ("media:
> > mceusb: return without resubmitting URB in case of -EPROTO error."), but
> > I want to try fixing it a different way, by changing dummy-hcd.
> >
> > This is a preliminary test, to make sure the bug can still be triggered.
> > The patch below doesn't do anything -- yet!
> >
> > Alan Stern
> >
> > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 811d22141369
>
> This bug is already marked as fixed. No point in testing.
syzbot to run the test. I'll try to remember to undo this action after
the testing is all finished.
Alan Stern
#syz unfix
Reply all
Reply to author
Forward
0 new messages