Re: general protection fault in usb_set_interface

From: Alan Stern
Date: Thu Dec 12 2019 - 11:52:56 EST

[CC: list trimmed slightly -- including syzkaller-bugs]

On Thu, 12 Dec 2019, Andrey Konovalov wrote:

> Yes, the patch failed due to msleep() being undefined in that source
> file. I'm not sure why syzbot didn't send a response. Could you try
> resending the patch as the reply to that other syzbot report?

This isn't literally a reply to the other syzbot report because I no
longer have any copies of it in my mailbox. But it uses the same To:
and Subject: lines, so hopefully it will be okay.

This version of the patch adds #include <linux/delay.h>, so now
msleep() should be declared and there won't be any build errors.

If you want me to send the old version that fails to build, let me

Alan Stern

#syz test: 1f22d15c

Index: usb-devel/drivers/media/usb/usbvision/usbvision-video.c
--- usb-devel.orig/drivers/media/usb/usbvision/usbvision-video.c
+++ usb-devel/drivers/media/usb/usbvision/usbvision-video.c
@@ -49,6 +49,7 @@
#include <media/tuner.h>

#include <linux/workqueue.h>
+#include <linux/delay.h>

#include "usbvision.h"
#include "usbvision-cards.h"
@@ -1585,6 +1586,7 @@ static void usbvision_disconnect(struct
} else {
+ msleep(100);

Index: usb-devel/drivers/media/v4l2-core/v4l2-dev.c
--- usb-devel.orig/drivers/media/v4l2-core/v4l2-dev.c
+++ usb-devel/drivers/media/v4l2-core/v4l2-dev.c
@@ -24,6 +24,7 @@
#include <linux/kmod.h>
#include <linux/slab.h>
#include <linux/uaccess.h>
+#include <linux/delay.h>

#include <media/v4l2-common.h>
#include <media/v4l2-device.h>
@@ -419,9 +420,10 @@ static int v4l2_open(struct inode *inode
if (vdev->fops->open) {
- if (video_is_registered(vdev))
+ if (video_is_registered(vdev)) {
+ msleep(200);
ret = vdev->fops->open(filp);
- else
+ } else
ret = -ENODEV;