Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp3711314ybl; Mon, 12 Aug 2019 05:13:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqxOj8jSmCNz2qMAyp3pB/9Mi0IgcxsuURPh9U4kGuJ1lLGJxJa4DnndzEpiPoLv6m1HvYVa X-Received: by 2002:a17:902:bf07:: with SMTP id bi7mr33275538plb.167.1565611998203; Mon, 12 Aug 2019 05:13:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565611998; cv=none; d=google.com; s=arc-20160816; b=slWqUBpMqFIIjkiOzcE/LUT1FAMo/bTEl+V754pMGxL86t44Sx8WLymrs0J21S1Z7E fiTh27Gnw6ci9RX8pUgb6qLycie/NLKmPzEKEkN6wOAEtLeFQC8sD69L2EBRHOI5aTF1 BIIQZfZ+klWJdLUSN+vo1BzQi7TqkInYhycBIgI6gcIYGSBXhO5MUvHT9OJXjc1CQtv6 tc3h15yDiWs7fQXfA3fivKTBAmVu671pnfn7MHKgssaarBLNx0WzjFkNnewECkgUSpdN cmx+EtYzsR7WSPe9kUMEiF7119sOyhAquxx7juDid2aJRzVhhTTRsYxtRsQt+LrYd3dk curQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=HSImECa5el0iQbQ9v8bXoLa86qat1X+sRH4ZYbDNvcE=; b=H/qjzl8IWQIo6lKQj6o/ubQLw8eyXZhonqPh/OtQ5GHDw+ji0UUNJTvuTiRHflJKSB RgDHdOYtHmQ+8qXpMNav1er+yWeou6LKWjy4ma2525vXyKys6nDbfxrSMAuJHWnPYd9f i6pT4jU24+q3nLFl/8BT7LIIqloNR2ZuT1QyLvEPHBqO4vtuU/lTdIaf5IoO8gFXumEA qs0z80jM7i1oo5LV4qWikIPaf8ezfyGXSHbarIGR5YmsG/iL86TQ8LW75sQgvwMuEH1V +/bnINBh9PdbrYYxYbV/pGIf8lFo2GEkkypmSQ48y56Qh/vRE4zlAzbnoP9mA2Fsq0LP McvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KAP64pq5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 16si1796220pfz.197.2019.08.12.05.13.02; Mon, 12 Aug 2019 05:13:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KAP64pq5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728416AbfHLMMH (ORCPT + 99 others); Mon, 12 Aug 2019 08:12:07 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:44934 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726200AbfHLMMH (ORCPT ); Mon, 12 Aug 2019 08:12:07 -0400 Received: by mail-pl1-f194.google.com with SMTP id t14so47770751plr.11 for ; Mon, 12 Aug 2019 05:12:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HSImECa5el0iQbQ9v8bXoLa86qat1X+sRH4ZYbDNvcE=; b=KAP64pq5qCqCvaIszyzRRyauR6jhBPus5MK8qUsQBBP1On5KDWpz06maD9E/Yju7zv mNMYGxq1N+LAI/FibuyCLrDED3l0h2wD0oXwCCSsOxzstoU3+8IQAh6C+Mjmr3iDx0kX 8WzUkSCz3lyh4+yaKs+BZcAgBWbDjEMY1Suo27tEwS9wJYZHJVeAlE4SUOTWeCm39mVi ZD+L3egcC1P1BdPMX0+IJPBCfuteHOgMe+thbFe+Air7cfiRZRVMwfS8DvTh6SwO0cRx klZoZ4MNSuSMi9jaDgK2VjbX7wryXxXNUYQVdDgaeMCAcdlhNOG9W636tM2AUX5byfEw RgjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HSImECa5el0iQbQ9v8bXoLa86qat1X+sRH4ZYbDNvcE=; b=M3DP6mh6AnZPu7r0k+3c5mdK7YJ0hfVq7h367DDVq52JGK7a+J14+LrbiKhEjfZy1F nthSeriYx1o76AtVkGnfapTARTFpeGNTEUV6Q+JU/Sd/BhO7mm0ZTh6E53Frvl6bB0Yc nQEEeuqippE5BbNGWbPsjnc9jGy88sTa1fv3a5nssHbdR95qIf0JkRLerkkr1XSp58XZ XDg74dacaEANONO0d8Zjt27QF0xzLD/zUYOP18iZITth15SJ8VP9d9/xQ9/1HhZ2gVTw WWzjSQ3Q9ZDY1mJdkbKuUb5rZv5UEq5M/msvb2K8D6CNrkciYusZdqjQ5FwrY/wrDY6d PQMw== X-Gm-Message-State: APjAAAXm/glaamx4sz2zc6Sec3Izt9C7jKLhYJimcvwdwCQEyFumvYha Lsipozm5NF8vmfWWoGzron5KO08RbkmzR0LnFHaFy3FH8Bvclg== X-Received: by 2002:a17:902:bb94:: with SMTP id m20mr250579pls.336.1565611926530; Mon, 12 Aug 2019 05:12:06 -0700 (PDT) MIME-Version: 1.0 References: <00000000000026d72f058fb33242@google.com> In-Reply-To: From: Andrey Konovalov Date: Mon, 12 Aug 2019 14:11:54 +0200 Message-ID: Subject: Re: possible deadlock in usb_deregister_dev To: Alan Stern Cc: syzbot , Greg Kroah-Hartman , LKML , USB list , oneukum@suse.de, syzkaller-bugs Content-Type: multipart/mixed; boundary="000000000000bd1494058fea6eae" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --000000000000bd1494058fea6eae Content-Type: text/plain; charset="UTF-8" On Fri, Aug 9, 2019 at 9:32 PM Alan Stern wrote: > > On Fri, 9 Aug 2019, syzbot wrote: > > > syzbot has found a reproducer for the following crash on: > > > > HEAD commit: e96407b4 usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=15bf780e600000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=cfa2c18fb6a8068e > > dashboard link: https://syzkaller.appspot.com/bug?extid=a64a382964bf6c71a9c0 > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16787574600000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=136cc4d2600000 > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+a64a382964bf6c71a9c0@syzkaller.appspotmail.com > > > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > > usb 1-1: config 0 descriptor?? > > iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now > > attached to iowarrior0 > > usb 1-1: USB disconnect, device number 2 > > ====================================================== > > WARNING: possible circular locking dependency detected > > 5.3.0-rc2+ #25 Not tainted > > ------------------------------------------------------ > > kworker/0:1/12 is trying to acquire lock: > > 00000000cd63e8f1 (minor_rwsem){++++}, at: usb_deregister_dev > > drivers/usb/core/file.c:238 [inline] > > 00000000cd63e8f1 (minor_rwsem){++++}, at: usb_deregister_dev+0x61/0x270 > > drivers/usb/core/file.c:230 > > > > but task is already holding lock: > > 000000001d1989ef (iowarrior_open_disc_lock){+.+.}, at: > > iowarrior_disconnect+0x45/0x2c0 drivers/usb/misc/iowarrior.c:867 > > > > which lock already depends on the new lock. > > https://syzkaller.appspot.com/bug?extid=ca52394faa436d8131df is > undoubtedly a duplicate of this. I've marked it as one, thanks! Now that we have a reproducer, let's retry Oliver's fix: #syz test: https://github.com/google/kasan.git e96407b4 --000000000000bd1494058fea6eae Content-Type: text/x-patch; charset="US-ASCII"; name="iowarrior.patch" Content-Disposition: attachment; filename="iowarrior.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_jz8cwrb50 ZGlmZiAtLWdpdCBhL2RyaXZlcnMvdXNiL21pc2MvaW93YXJyaW9yLmMgYi9kcml2ZXJzL3VzYi9t aXNjL2lvd2Fycmlvci5jCmluZGV4IGJhMDVkZDgwYTAyMC4uZjViZWQ5ZjI5ZTU2IDEwMDY0NAot LS0gYS9kcml2ZXJzL3VzYi9taXNjL2lvd2Fycmlvci5jCisrKyBiL2RyaXZlcnMvdXNiL21pc2Mv aW93YXJyaW9yLmMKQEAgLTg2NiwxOSArODY2LDIwIEBAIHN0YXRpYyB2b2lkIGlvd2Fycmlvcl9k aXNjb25uZWN0KHN0cnVjdCB1c2JfaW50ZXJmYWNlICppbnRlcmZhY2UpCiAJZGV2ID0gdXNiX2dl dF9pbnRmZGF0YShpbnRlcmZhY2UpOwogCW11dGV4X2xvY2soJmlvd2Fycmlvcl9vcGVuX2Rpc2Nf bG9jayk7CiAJdXNiX3NldF9pbnRmZGF0YShpbnRlcmZhY2UsIE5VTEwpOworCS8qIHByZXZlbnQg ZGV2aWNlIHJlYWQsIHdyaXRlIGFuZCBpb2N0bCAqLworCWRldi0+cHJlc2VudCA9IDA7CiAKIAlt aW5vciA9IGRldi0+bWlub3I7CisJbXV0ZXhfdW5sb2NrKCZpb3dhcnJpb3Jfb3Blbl9kaXNjX2xv Y2spOworCS8qIGdpdmUgYmFjayBvdXIgbWlub3IgLSB0aGlzIHdpbGwgY2FsbCBjbG9zZSgpIGxv Y2tzIG5lZWQgdG8gYmUgZHJvcHBlZCBhdCB0aGlzIHBvaW50Ki8KIAotCS8qIGdpdmUgYmFjayBv dXIgbWlub3IgKi8KIAl1c2JfZGVyZWdpc3Rlcl9kZXYoaW50ZXJmYWNlLCAmaW93YXJyaW9yX2Ns YXNzKTsKIAogCW11dGV4X2xvY2soJmRldi0+bXV0ZXgpOwogCiAJLyogcHJldmVudCBkZXZpY2Ug cmVhZCwgd3JpdGUgYW5kIGlvY3RsICovCi0JZGV2LT5wcmVzZW50ID0gMDsKIAogCW11dGV4X3Vu bG9jaygmZGV2LT5tdXRleCk7Ci0JbXV0ZXhfdW5sb2NrKCZpb3dhcnJpb3Jfb3Blbl9kaXNjX2xv Y2spOwogCiAJaWYgKGRldi0+b3BlbmVkKSB7CiAJCS8qIFRoZXJlIGlzIGEgcHJvY2VzcyB0aGF0 IGhvbGRzIGEgZmlsZWRlc2NyaXB0b3IgdG8gdGhlIGRldmljZSAsCg== --000000000000bd1494058fea6eae--