linux-stable/drivers
Alan Stern 22f0081286 USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
The syzbot fuzzer found that the interrupt-URB completion callback in
the cdc-wdm driver was taking too long, and the driver's immediate
resubmission of interrupt URBs with -EPROTO status combined with the
dummy-hcd emulation to cause a CPU lockup:

cdc_wdm 1-1:1.0: nonzero urb status received: -71
cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
CPU#0 Utilization every 4s during lockup:
	#1:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
	#2:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
	#3:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
	#4:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
	#5:  98% system,	  1% softirq,	  3% hardirq,	  0% idle
Modules linked in:
irq event stamp: 73096
hardirqs last  enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
hardirqs last  enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last  enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G        W          6.10.0-rc2-syzkaller-g8867bbd4a056 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024

Testing showed that the problem did not occur if the two error
messages -- the first two lines above -- were removed; apparently adding
material to the kernel log takes a surprisingly large amount of time.

In any case, the best approach for preventing these lockups and to
avoid spamming the log with thousands of error messages per second is
to ratelimit the two dev_err() calls.  Therefore we replace them with
dev_err_ratelimited().

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Suggested-by: Greg KH <gregkh@linuxfoundation.org>
Reported-and-tested-by: syzbot+5f996b83575ef4058638@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-usb/00000000000073d54b061a6a1c65@google.com/
Reported-and-tested-by: syzbot+1b2abad17596ad03dcff@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-usb/000000000000f45085061aa9b37e@google.com/
Fixes: 9908a32e94 ("USB: remove err() macro from usb class drivers")
Link: https://lore.kernel.org/linux-usb/40dfa45b-5f21-4eef-a8c1-51a2f320e267@rowland.harvard.edu/
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/29855215-52f5-4385-b058-91f42c2bee18@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-14 08:47:59 +02:00
..
accel The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
accessibility Char/Misc bugfix for 6.10-rc1 2024-05-24 08:43:25 -07:00
acpi Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
amba
android binder: fix max_thread type inconsistency 2024-05-04 18:59:47 +02:00
ata ata: libata-core: Add ATA_HORKAGE_NOLPM for Apacer AS340 2024-05-31 15:14:06 +02:00
atm atm/fore200e: Delete unused 'fore200e_boards' 2024-05-06 18:26:47 -07:00
auxdisplay - Fix-ups 2024-05-22 10:45:12 -07:00
base regmap-i2c: Subtract reg size from max_write 2024-05-27 01:30:33 +01:00
bcma
block null_blk: Do not allow runt zone with zone capacity smaller then zone size 2024-05-30 15:03:52 -06:00
bluetooth virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
bus tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
cache
cdrom cdrom: rearrange last_media_change check to avoid unintentional overflow 2024-05-15 12:59:55 -06:00
cdx
char This push fixes a new run-time warning triggered by tpm. 2024-05-29 09:12:58 -07:00
clk I'm actually surprised this time. There aren't any new Qualcomm SoC clk 2024-05-18 12:48:37 -07:00
clocksource RISC-V Patches for the 6.10 Merge Window, Part 1 2024-05-22 09:56:00 -07:00
comedi
connector
counter
cpufreq Power management fixes for 6.10-rc1 2024-05-21 11:40:49 -07:00
cpuidle pmdomain core: 2024-05-16 08:50:32 -07:00
crypto virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
cxl tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
dax The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
dca
devfreq PM / devfreq: exynos: Use DEFINE_SIMPLE_DEV_PM_OPS for PM functions 2024-05-09 00:30:37 +09:00
dio
dma dmaengine updates for v6.10 2024-05-21 11:15:56 -07:00
dma-buf Merge remote-tracking branch 'drm/drm-fixes' into drm-misc-fixes 2024-05-28 22:21:34 +02:00
dpll dpll: fix return value check for kmemdup 2024-05-13 16:53:53 -07:00
edac - Have skx_edac decode error addresses belonging to SGX properly 2024-05-14 08:31:10 -07:00
eisa alpha: remove DECpc AXP150 (Jensen) support 2024-05-03 22:09:50 +02:00
extcon extcon: adc-jack: Document missing struct members 2024-05-09 01:03:39 +09:00
firewire firewire: add missing MODULE_DESCRIPTION() to test modules 2024-05-27 07:34:58 +09:00
firmware virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
fpga Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
fsi
gnss
gpio virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
gpu Short summary of fixes pull: 2024-05-31 11:51:20 +10:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-05-04 18:59:41 +02:00
hid - Fix-ups 2024-05-22 10:45:12 -07:00
hsi
hte
hv Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
hwmon hwmon: (shtc1) Fix property misspelling 2024-05-30 09:05:19 -07:00
hwspinlock
hwtracing Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
i2c I2C core removes an argument from the i2c_mux_add_adapter() call to 2024-05-20 08:55:18 -07:00
i3c i3c: dw: Add hot-join support. 2024-05-23 00:29:19 +02:00
idle
iio Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
infiniband tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
input Input updates for v6.10-rc0 2024-05-24 09:01:21 -07:00
interconnect tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
iommu tracing: Remove second argument of __assign_str() 2024-05-23 12:28:01 -07:00
ipack
irqchip irqchip: riscv-imsic: Fixup riscv_ipi_set_virq_range() conflict 2024-05-23 04:48:40 -07:00
isdn
leds leds: mt6370: Remove unused field 'reg_cfgs' from 'struct mt6370_priv' 2024-05-02 18:12:27 +01:00
macintosh powerpc updates for 6.10 2024-05-17 09:05:46 -07:00
mailbox mailbox: zynqmp-ipi: drop irq_to_desc() call 2024-05-31 12:39:15 -05:00
mcb
md bcache: code cleanup in __bch_bucket_alloc_set() 2024-05-28 06:55:59 -06:00
media tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
memory ARM development updates for v6.10-rc1 2024-05-17 08:53:47 -07:00
memstick
message SCSI misc on 20240514 2024-05-14 18:25:53 -07:00
mfd pci-v6.10-changes 2024-05-21 10:09:28 -07:00
misc tracing: Remove second argument of __assign_str() 2024-05-23 12:28:01 -07:00
mmc MMC core: 2024-05-16 08:56:49 -07:00
most
mtd bd_inode series 2024-05-21 09:51:42 -07:00
mux
net ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound 2024-05-30 12:05:52 +02:00
nfc nfc/nci: Add the inconsistency check between the input data length and count 2024-05-29 13:08:31 +01:00
ntb
nubus
nvdimm virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
nvme nvmet: fix a possible leak when destroy a ctrl during qp establishment 2024-05-28 10:01:52 -07:00
nvmem nvmem: meson-mx-efuse: Remove nvmem_device from efuse struct 2024-05-03 07:26:39 +02:00
of I2C core removes an argument from the i2c_mux_add_adapter() call to 2024-05-20 08:55:18 -07:00
opp OPP Updates for 6.10 2024-05-17 13:01:24 +02:00
parisc
parport
pci pci-v6.10-changes 2024-05-21 10:09:28 -07:00
pcmcia
peci
perf arm64 fixes for -rc1 2024-05-23 12:09:22 -07:00
phy phy-for-6.10 2024-05-21 11:19:18 -07:00
pinctrl - New Device Support 2024-05-22 10:41:14 -07:00
platform platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro 2024-05-27 11:43:03 +02:00
pmdomain pmdomain providers: 2024-05-27 08:18:31 -07:00
pnp
power I2C core removes an argument from the i2c_mux_add_adapter() call to 2024-05-20 08:55:18 -07:00
powercap powercap: intel_rapl_tpmi: Enable PMU support 2024-04-30 21:10:37 +02:00
pps
ps3
ptp Networking changes for 6.10. 2024-05-14 19:42:24 -07:00
pwm pwm: pca9685: Drop explicit initialization of struct i2c_device_id::driver_data to 0 2024-05-10 07:30:27 +02:00
rapidio rapidio: remove choice for enumeration 2024-05-14 23:36:19 +09:00
ras
regulator regulator: rtq2208: Fix invalid memory access when devm_of_regulator_put_matches is called 2024-05-28 13:22:54 +01:00
remoteproc remoteproc: k3-r5: Jump to error handling labels in start/stop errors 2024-05-06 13:34:12 -06:00
reset I'm actually surprised this time. There aren't any new Qualcomm SoC clk 2024-05-18 12:48:37 -07:00
rpmsg virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
rtc pcf8563: add wakeup-source support 2024-05-07 23:40:46 +02:00
s390 more s390 updates for 6.10 merge window 2024-05-21 12:09:36 -07:00
sbus
scsi hardening fixes for v6.10-rc2-take2 2024-06-02 09:15:28 -07:00
sh
siox
slimbus Linux 6.9-rc7 2024-05-08 19:21:51 +01:00
soc tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
soundwire soundwire updates for 6.10 2024-05-21 11:23:36 -07:00
spi spi: stm32: Don't warn about spurious interrupts 2024-05-29 19:12:09 +01:00
spmi spmi: pmic-arb: Add multi bus support 2024-05-08 19:46:11 +01:00
ssb
staging Staging driver changes for 6.10-rc1 2024-05-22 12:11:48 -07:00
target Assorted commits that had missed the last merge window... 2024-05-21 13:11:44 -07:00
tc
tee
thermal tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
thunderbolt thunderbolt: debugfs: Fix margin debugfs node creation condition 2024-05-31 13:13:39 +03:00
tty TTY/Serial fixes for 6.10-rc1 2024-05-24 08:38:28 -07:00
ufs SCSI misc on 20240514 2024-05-14 18:25:53 -07:00
uio
usb USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages 2024-06-14 08:47:59 +02:00
vdpa Merge tag 'stable/vduse-virtio-net' into vhost 2024-05-22 08:32:48 -04:00
vfio VFIO updates for v6.10-rc1 2024-05-20 14:56:50 -07:00
vhost virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
video - Fix-ups 2024-05-22 10:45:12 -07:00
virt The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
virtio virtio: features, fixes, cleanups 2024-05-23 12:04:36 -07:00
w1
watchdog watchdog: LENOVO_SE10_WDT should depend on X86 && DMI 2024-05-11 11:32:06 +02:00
xen xen: branch for v6.10-rc1 2024-05-24 10:24:49 -07:00
zorro
Kconfig
Makefile kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00