Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp519237yba; Thu, 18 Apr 2019 05:23:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqz39V5mgFsOvVcJTYrF8l30abVBi226tBDJXHmVUCT4TS2akfi0ZcilcK97U8sCom1qedm0 X-Received: by 2002:a65:4589:: with SMTP id o9mr71810572pgq.381.1555590220427; Thu, 18 Apr 2019 05:23:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555590220; cv=none; d=google.com; s=arc-20160816; b=BRNCeXquKSMQHhh+ZoBAILW87LGs9Z5MTf//SZCQqKwU62T9NtE2tUcsq6V2WedaGO Retzr1C+qpYr31+Ea0Vju/9fNZsSV+ZPVja9nNS2u3FF9CjsY075ht7HO369wvtTcstN e2VwGjHIvpdWWLB+Nssk0i9OSPGvZUbHiAHmX1f2s5LtFtfv2UUQfZaa02Vsm7zp0XGJ 3yl2yr/Yyi4XB9L8kB1Yln187qWMZHYrMy3RiBSzo+XW9zRBB2n7vS/XX/OyYK9Pw28t 03sAd0taM83G38yNSKLCsGPWfSGBzWZFAuZBhsdWmgUDbOApDLmYFkwOQYRsZuKsedar Dweg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=1SYKp7+MfElXRd1sO4ET6eRMz9V6tyIBHsQE06h7vZE=; b=q10ARUMHBcm6z6jJPzVRdKobfYS8VLPGsIzpIXOgGnPwF24lxzlUT4AHefPMja1XrT tuvA3Hhc82XyBRq0AzAmyByIwkn3zjIcre1ofI9oPX2jKGgqdGvjK7nqLhAYmXD82B48 f+5bgh6KLQ5uKGF4TOJK0kMrWRM0kHaBKaAMM4DmUbvnn5e2aAySDzx69hysThMMdhml 66OswqEBhwDV2gPhxsJ13Swz00vBSjK7DePZzVmCNvC5/CQfO7eXJov/4ZMC7GtAOhzA ReLx8ZViZJRoOh5J+N/WK6wIR6I/27kGmTmt8QMh5xyGHeCqoX+RDkOzuK/bacrXnYqg 4IDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=knVBa7D2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si1848082plp.296.2019.04.18.05.23.25; Thu, 18 Apr 2019 05:23:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=knVBa7D2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388974AbfDRMVz (ORCPT + 99 others); Thu, 18 Apr 2019 08:21:55 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:34097 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388375AbfDRMVz (ORCPT ); Thu, 18 Apr 2019 08:21:55 -0400 Received: by mail-pf1-f195.google.com with SMTP id b3so1057339pfd.1 for ; Thu, 18 Apr 2019 05:21:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1SYKp7+MfElXRd1sO4ET6eRMz9V6tyIBHsQE06h7vZE=; b=knVBa7D2GK6+IVYWe87tEasDbQE6ueo+Kwxp0FCbYULPfZmphTeVj/chyphkT0VxKD Hf4ixPul1+kOVFyzemdEb5ex6hClEXQipSJrwlsE7P7iYWLgWEhqSNISgHPPf5OsoERZ cdz3E4LE4XWbT08mDB19MgOyj2GycnfY77jXxo9lkG2DQEwsy+Dg41wDOeJcfbz0FdfL L3vktzL8p8N/KSczzuXNRJpXtBwO0m+g/3VH26MXm4emsmkmFRuXypJG0/DZiaqiPm7o URIMV3cWx8JlEmzHj7BBhzd1S8Edyu76rIsnm+8muYd0iR4925nj2Y+FIvo1pSB1WeE8 Ds6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1SYKp7+MfElXRd1sO4ET6eRMz9V6tyIBHsQE06h7vZE=; b=pmgDwPqtjWCoyIGg05/v78Tbr8IE8+mxXsB0MjsINdvVniQrcrf2oeTJpRFkFQi1il y0S2yJrBLcJjttMaYrKYqeKP0GoxQQ+73v3qNPTwLv71mASlIXAGDehSSPZVF6ZuyOnz UoBkJa4d9ADtTELLIX0n8cHk0XpW0oURGaYdlj4bdbw8AvDE4YSUVvUgdrJLoB8Kc67B RDYD3WanDE3l1CdcZj5RF1s2DXPLnR2Jc+g20Pyxw0PulzxnkjhK5otx2cmt2e4KWytJ Os73Pdu05mP4yjuS1WJGn4onaShqvXu/0xSyyaj8v8xT714hFHVfS6OSuBbEgrYXJmsn rp3Q== X-Gm-Message-State: APjAAAWlhGOh04u0jKi3iL8IZBwuCxVQyWAkv3TzWlRTveLQd3NjZNXf EMKCiG0lCT22EW4Yn2sxnSIWu+YMY0rS979Cx5q+2Q== X-Received: by 2002:a63:5b4b:: with SMTP id l11mr58047437pgm.95.1555590114070; Thu, 18 Apr 2019 05:21:54 -0700 (PDT) MIME-Version: 1.0 References: <000000000000edf1630586acca2b@google.com> In-Reply-To: From: Andrey Konovalov Date: Thu, 18 Apr 2019 14:21:42 +0200 Message-ID: Subject: Re: INFO: task hung in usb_kill_urb To: Alan Stern Cc: syzbot , Andrey Konovalov , Greg Kroah-Hartman , "Gustavo A. R. Silva" , LKML , USB list , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 17, 2019 at 9:09 PM Alan Stern wrote: > > On Tue, 16 Apr 2019, syzbot wrote: > > > Hello, > > > > syzbot has tested the proposed patch but the reproducer still triggered > > crash: > > INFO: task hung in usb_kill_urb > > That's surprising. This patch was awfully similar to the previous one, > which did prevent the crash earlier. > > > Tested on: > > > > commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan/tree/usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=10b5e057200000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > patch: https://syzkaller.appspot.com/x/patch.diff?x=131dca6b200000 > > Andrey, is there any way to increase the console output buffer size? Hm, I'm not sure why it got truncated here, the previous one was full. I would try running the syz test command again in this case. > The link above doesn't go all the way back to the beginning of the test > (it starts at timestamp 486.614697). > > Also, here's a slightly revised patch for testing. > > Alan Stern > > > #syz test: https://github.com/google/kasan.git usb-fuzzer > > --- a/drivers/usb/gadget/udc/dummy_hcd.c > +++ b/drivers/usb/gadget/udc/dummy_hcd.c > @@ -979,8 +979,18 @@ static int dummy_udc_start(struct usb_ga > struct dummy_hcd *dum_hcd = gadget_to_dummy_hcd(g); > struct dummy *dum = dum_hcd->dum; > > - if (driver->max_speed == USB_SPEED_UNKNOWN) > + switch (g->speed) { > + /* All the speeds we support */ > + case USB_SPEED_LOW: > + case USB_SPEED_FULL: > + case USB_SPEED_HIGH: > + case USB_SPEED_SUPER: > + break; > + default: > + dev_err(dummy_dev(dum_hcd), "Unsupported driver max speed %d\n", > + driver->max_speed); > return -EINVAL; > + } > > /* > * SLAVE side init ... the layer above hardware, which > @@ -1784,9 +1794,10 @@ static void dummy_timer(struct timer_lis > /* Bus speed is 500000 bytes/ms, so use a little less */ > total = 490000; > break; > - default: > + default: /* Can't happen */ > dev_err(dummy_dev(dum_hcd), "bogus device speed\n"); > - return; > + total = 0; > + break; > } > > /* FIXME if HZ != 1000 this will probably misbehave ... */ > @@ -1828,7 +1839,7 @@ restart: > > /* Used up this frame's bandwidth? */ > if (total <= 0) > - break; > + continue; > > /* find the gadget's ep for this request (if configured) */ > address = usb_pipeendpoint (urb->pipe); >