All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alan Stern <stern@rowland.harvard.edu>
To: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: syzbot <syzbot+b6f11035e572f08bc20f@syzkaller.appspotmail.com>,
	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [usb?] INFO: task hung in hub_port_init (3)
Date: Wed, 8 Nov 2023 11:12:04 -0500	[thread overview]
Message-ID: <bd9c6508-0a99-432a-bf59-33440c5e12e4@rowland.harvard.edu> (raw)
In-Reply-To: <722c5417-d76a-44f3-b6d4-f585f54a3e02@collabora.com>

On Wed, Nov 08, 2023 at 04:25:45PM +0500, Muhammad Usama Anjum wrote:
> I've confirmed locally again that the logs belong to same urb. This kworker
> gets stuck:
> 
> [  131.064283] usb_control_msg
> [  131.065326] usb_internal_control_msg, urb: FFFF88814CC2AE00
> urb->use_count: 0
> [  131.066320] usb_start_wait_urb urb: FFFF88814CC2AE00 urb->use_count: 0
> [  131.069988] usb_submit_urb urb: FFFF88814CC2AE00 urb->use_count: 0
> [  131.070881] usb_hcd_submit_urb urb: FFFF88814CC2AE00 urb->use_count 1
> [  131.072268] usb_submit_urb 0 urb: FFFF88814CC2AE00 urb->use_count: 1
> [  131.073186] usb_start_wait_urb urb: FFFF88814CC2AE00 urb->use_count: 1
> [  136.151750] usb_start_wait_urb wait_for_completion
> [  136.153286] usb_kill_urb might_sleep
> [  136.153859] vhci_hcd: vhci_urb_dequeue:875: vhci_urb_dequeue
> [  136.154853] vhci_hcd: vhci_urb_dequeue:952: vhci_urb_dequeue return
> [  136.155773] usb_kill_urb usb_hcd_unlink_urb use_count: 1
> [  285.831355] INFO: task kworker/0:4:1586 blocked for more than 143 seconds.

Of course.  It's waiting for the vhci_urb_dequeue() call to finish 
unlinking the URB.

> > If you want to fix this problem (and probably a bunch of other ones in
> > syzbot's list of pending bugs), figure out what's wrong with the
> > ->urb_dequeue() callback routine in the usbip driver and fix it.
> I'm looking at it, haven't found anything yet.

I took a very quick look just now, and one thing stands out.  If 
vhci_urb_dequeue() is unable to allocate a vhci_unlink structure, it 
calls usbip_event_add() and then returns without doing anything else.  

But one of the things usbip_event_add() does is try to allocate a 
usbip_event structure, and if that allocation fails then it returns 
without doing anything.  Now, if the memory allocation attempt in 
vhci_urb_dequeue() fails then it seems quite likely that the attempt in 
usbip_event_add() will also fail.  Which means that nothing will happen 
-- and that is a bug.  URB-dequeue calls are not allowed to fail because 
of memory pressure.

Now, I don't know if this is the cause of the trouble in the syzbot 
test.  You should trace what's going on in vhci_urb_dequeue() to see 
exactly what it does.

Alan Stern

  reply	other threads:[~2023-11-08 16:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-28 12:23 [syzbot] [usb?] INFO: task hung in hub_port_init (3) syzbot
2023-06-09 19:25 ` syzbot
2023-11-03 14:03   ` Muhammad Usama Anjum
2023-11-03 15:04     ` Alan Stern
2023-11-08 11:25       ` Muhammad Usama Anjum
2023-11-08 16:12         ` Alan Stern [this message]
     [not found] <20231104010547.1505-1-hdanton@sina.com>
2023-11-04  1:23 ` syzbot
     [not found] <20231104074445.1237-1-hdanton@sina.com>
2023-11-04  8:07 ` syzbot
     [not found] <20231104112657.1312-1-hdanton@sina.com>
2023-11-04 12:50 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bd9c6508-0a99-432a-bf59-33440c5e12e4@rowland.harvard.edu \
    --to=stern@rowland.harvard.edu \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=syzbot+b6f11035e572f08bc20f@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=usama.anjum@collabora.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.