Re: general protection fault in usb_set_interface
From: Alan Stern
Date: Thu Dec 12 2019 - 11:52:56 EST
[CC: list trimmed slightly -- including syzkaller-bugs]
On Thu, 12 Dec 2019, Andrey Konovalov wrote:
> Yes, the patch failed due to msleep() being undefined in that source
> file. I'm not sure why syzbot didn't send a response. Could you try
> resending the patch as the reply to that other syzbot report?
This isn't literally a reply to the other syzbot report because I no
longer have any copies of it in my mailbox. But it uses the same To:
and Subject: lines, so hopefully it will be okay.
This version of the patch adds #include <linux/delay.h>, so now
msleep() should be declared and there won't be any build errors.
If you want me to send the old version that fails to build, let me
know.
Alan Stern
#syz test: https://github.com/google/kasan.git 1f22d15c
Index: usb-devel/drivers/media/usb/usbvision/usbvision-video.c
===================================================================
--- usb-devel.orig/drivers/media/usb/usbvision/usbvision-video.c
+++ usb-devel/drivers/media/usb/usbvision/usbvision-video.c
@@ -49,6 +49,7 @@
#include <media/tuner.h>
#include <linux/workqueue.h>
+#include <linux/delay.h>
#include "usbvision.h"
#include "usbvision-cards.h"
@@ -1585,6 +1586,7 @@ static void usbvision_disconnect(struct
wake_up_interruptible(&usbvision->wait_frame);
wake_up_interruptible(&usbvision->wait_stream);
} else {
+ msleep(100);
usbvision_release(usbvision);
}
Index: usb-devel/drivers/media/v4l2-core/v4l2-dev.c
===================================================================
--- usb-devel.orig/drivers/media/v4l2-core/v4l2-dev.c
+++ usb-devel/drivers/media/v4l2-core/v4l2-dev.c
@@ -24,6 +24,7 @@
#include <linux/kmod.h>
#include <linux/slab.h>
#include <linux/uaccess.h>
+#include <linux/delay.h>
#include <media/v4l2-common.h>
#include <media/v4l2-device.h>
@@ -419,9 +420,10 @@ static int v4l2_open(struct inode *inode
video_get(vdev);
mutex_unlock(&videodev_lock);
if (vdev->fops->open) {
- if (video_is_registered(vdev))
+ if (video_is_registered(vdev)) {
+ msleep(200);
ret = vdev->fops->open(filp);
- else
+ } else
ret = -ENODEV;
}