Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp5529951ybh; Wed, 7 Aug 2019 07:27:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1s0OdtXddEN11eQ21Xjw31hWkKBATJC9xWMEXhLsLe82YJw//ANOVvzEjw4TLdObQVeEm X-Received: by 2002:aa7:9146:: with SMTP id 6mr9271309pfi.67.1565188077500; Wed, 07 Aug 2019 07:27:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565188077; cv=none; d=google.com; s=arc-20160816; b=CuNGJSxbNSDhERC8yRsOPxfUW6OKfMYUIp2WcyS0A56j5Np1BzSM8wnev+qK/xdanT nwgr0Uafo9MtlOGgsOJRH1Bl9UOKeiX0Ez+/D6ZFp66rlIVUZKI4YqLsrepDHmiRM5wK +noikF4/Gk1tCJ7+/uXRYgmnlUKpdVY7DFN3C1x+t11gLaQ+PK+dlIC/L/+Zoxs/DCVK SbBcbomAtvtaNzz43dx75TNWShDUiALty+fDvOWJmLj/jLQYWVUNf0BuPy0waE66okDX B5GD4A0/cVCAtzIXz7VjcKcZMSn22maE4vRc1B8qdQ9s/3uZXzWYF4iyBClyeT+pEMnv qHsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ZlIS4sFKGB9QUqkab9uyn0cIcDUJQjrBtJJiDktbZd4=; b=uUzS6Dbng2eKCuHpTMfsI1HMugci2kqyvoCa091/KFveaTNQS4xDPiLp5mWA/EXk42 XoJLXxVXiQkKixV/DZeo0+VJvQ8eMYBH02NEaxUhTRVEP+1xnbrm52U/3MfmiewH4qD7 YcQ+77YZZNGffwxG+7C36PjOSpBMmWk1MWzyylnloL/NOpstztIFqLwlIIFFneqdpJEa rggba9N0TbTIUmBHKOGTT6o1I/YKZIMVrNoDdeIko5xhyJgjlJfg4BUcpjGFZCyHzpwP csgVFoIg2MxahOvVLj0yEZlZRTTJg5eRx11/nx/Jir0TKDM0S8vBRaYjUluLmCYVxFi8 td2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=X0yVFRrH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5si42360300plr.124.2019.08.07.07.27.41; Wed, 07 Aug 2019 07:27:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=X0yVFRrH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388227AbfHGOZF (ORCPT + 99 others); Wed, 7 Aug 2019 10:25:05 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:44155 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387957AbfHGOZE (ORCPT ); Wed, 7 Aug 2019 10:25:04 -0400 Received: by mail-pl1-f193.google.com with SMTP id t14so41050152plr.11 for ; Wed, 07 Aug 2019 07:25:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZlIS4sFKGB9QUqkab9uyn0cIcDUJQjrBtJJiDktbZd4=; b=X0yVFRrH/tJ3aPHb2X9Fa93c7HCr1gnyun62DMXETxFPkUh5Cku5EmG/hAGUv8nqxj 7OLsdDr6O+1nMUi5e8P7/OQZfhs43/UzGHigbaAmTB5yAVNDEe//qLC8KDKuNn6mmCJU qsBiZBlAdlRtYuFC93nj/oPYIW8NyNKLUk0gIjg4JGGH7ODrhEh9TxCSkkn3NTw+S1DP RoGf+TqA6ka+3wcwVsZxLQqEiYeTZGLgnWd5KKHYXOGoGQm8UqQd8LXQId6XSVv4jHHG ZCkUarITfOYE9aC91lDBt3GMdw1ZbTFrmU4+AJY5D0vFhg4PtptnjLagzmy4hMqGpAbC P++A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZlIS4sFKGB9QUqkab9uyn0cIcDUJQjrBtJJiDktbZd4=; b=BJRjqFcxwYQHDqwfHmFKOAdj9gQi73d4m0PPiJxvkXpDI2YlS1ck1LaR519bHoyLG1 Tasyk1QnpY/gbAraoOskPc5FwxbCgh1GJrY9dzItK3DgDKAFLb/2668WoN1fUCFSQm3T tPVZoHkd3L2UM+XcuGGPAhQqhwu1QapklxIM+g8IdEEZUT+cwi3MSKojM2o9kY4wFbu+ 6tmLEaF5zJ3pXqvsMjoINLivWf0Ksjoq3ZZZltn7qlg38cL1FROLLyR3X/yMAI8c4j0g sx8hK29EtMsJPDB9lOZyijqze+Ji2tfMS6bcsjyM6AkrpGXp+cNj37PawTflgfW5Mx8j p5kQ== X-Gm-Message-State: APjAAAUYhRsoDKg1RkZMeF7IwMLbwK/D+Mr1TDlemS2VoVD7mMxPbwQG VuwhHn1Jr2yIvCwHrrAjeFC7N7JQ+wKEnfZ3HDInIw== X-Received: by 2002:a65:4b8b:: with SMTP id t11mr7936826pgq.130.1565187903551; Wed, 07 Aug 2019 07:25:03 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andrey Konovalov Date: Wed, 7 Aug 2019 16:24:52 +0200 Message-ID: Subject: Re: possible deadlock in open_rio To: Alan Stern Cc: syzbot , Greg Kroah-Hartman , LKML , USB list , Cesar Miquel , rio500-users@lists.sourceforge.net, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 7, 2019 at 4:01 PM Alan Stern wrote: > > On Wed, 7 Aug 2019, Andrey Konovalov wrote: > > > On Tue, Aug 6, 2019 at 9:13 PM Alan Stern wrote: > > > > > > On Thu, 1 Aug 2019, syzbot wrote: > > > > > > > Hello, > > > > > > > > syzbot found the following crash on: > > > > > > > > HEAD commit: 7f7867ff usb-fuzzer: main usb gadget fuzzer driver > > > > git tree: https://github.com/google/kasan.git usb-fuzzer > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=136b6aec600000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=792eb47789f57810 > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=7bbcbe9c9ff0cd49592a > > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > > > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > > Reported-by: syzbot+7bbcbe9c9ff0cd49592a@syzkaller.appspotmail.com > > > > > > > > ====================================================== > > > > WARNING: possible circular locking dependency detected > > > > 5.3.0-rc2+ #23 Not tainted > > > > ------------------------------------------------------ > > > > > > Andrey: > > > > > > This should be completely reproducible, since it's a simple ABBA > > > locking violation. Maybe just introducing a time delay (to avoid races > > > and give the open() call time to run) between the gadget creation and > > > gadget removal would be enough to do it. > > > > I've tried some simple approaches to reproducing this, but failed. > > Should this require two rio500 devices to trigger? > > No, one device should be enough. Just plug it in and then try to open > the character device file. OK, I've reproduced it, so I can test a patch manually. The reason syzbot couldn't do that, is because it doesn't open character devices. Right now the USB fuzzing instance only opens /dev/input*, /dev/hidraw* and /dev/usb/hiddev* (only the devices that are created by USB HID devices as I've been working on adding USB HID targeted fuzzing support lately). I guess we should open /dev/chr/* as well. The problem is that there 300+ devices there even without connecting USB devices and opening them blindly probably won't work. Is there a way to know which character devices are created by USB devices? Maybe they are exposed over /sys/bus/usb or via some other way? > > Alan Stern > > > > Is there any way you can test this? > > > > Not yet. > > > > > > > > Alan Stern >