Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp442906ybc; Fri, 22 Nov 2019 07:39:07 -0800 (PST) X-Google-Smtp-Source: APXvYqzj4SBk9yzOVX+d35vqMe7pn3EE4uvBDM1M3tzFcV+7lVBFa1hxfOhCwmYcOs7f9lonZSIz X-Received: by 2002:a05:6402:184e:: with SMTP id v14mr1826164edy.138.1574437147661; Fri, 22 Nov 2019 07:39:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574437147; cv=none; d=google.com; s=arc-20160816; b=mfZyulgsJbv1ax2YeukdP/YlUqhvLnvtHDNTWwzrNCGeTvICkL4lXTHXThy/tQoQJr +qB6e8eWUnOikb48mDq0sfZjWpfuoTrzE+jxQyy6zSJ7CPMouMr+apfm/4RY/Z2unUda Z05APZdx5URNWKcpkiTbs2M3udZSBqD8BWcx7Ht+SgpuACzaa6Jc+tGNSSDThxBchgNC cXwQBBc2KP99Cq31EZQ6Hfisb7UOmM834jQP0eg/9zArk7tIu04CYCne+8dmYFtpGOFr kNCMfSY3mQ7vzpwZMRnxwEFdFsScjzdJhkV1Nj+9NBORvPlGHqoUH+oWkkW6cQ/Nvmbq QQHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=0sVHZMiyk1yUd3jLv5auwQiDWVsN8ays0sj+FghFVXU=; b=cUDKOPTpm+Elm13Jd78LMKjiREdF35JY6rb3C8XFSNEPCurw5ayujTmUyaGGuhj05S 1l0kXzmTCmt18KC2HrRzcZwGJmb8GeEQkJSNaqr2tAelNXSVHmkDNXO579TBp+TGrE8e MFP2SCxHPI0l4fsNcSu2JjQRiYklCE95fcbUDQUGpRSJuB4rgIPxWsT4Z5Pduf5FFml0 UZncxdxpjChTPRHdCj0V+lHpMpmuZ8XQrfEtYYs/fyO4D/bB7yW2OXNIT+61D7O65Crh C+dQXdEsQPyjnyE/wy0/BU8ZcKfxNERvcbgk3MzB8n087rHJx2O/skeCx6AUXxDvujlR DlpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s17si4464410ejr.267.2019.11.22.07.38.42; Fri, 22 Nov 2019 07:39:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726865AbfKVPfQ (ORCPT + 99 others); Fri, 22 Nov 2019 10:35:16 -0500 Received: from iolanthe.rowland.org ([192.131.102.54]:59376 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726633AbfKVPfP (ORCPT ); Fri, 22 Nov 2019 10:35:15 -0500 Received: (qmail 2808 invoked by uid 2102); 22 Nov 2019 10:35:14 -0500 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Nov 2019 10:35:14 -0500 Date: Fri, 22 Nov 2019 10:35:14 -0500 (EST) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: syzbot cc: andreyknvl@google.com, , , , , , , Subject: Re: KASAN: use-after-free Read in si470x_int_in_callback (2) In-Reply-To: <0000000000002d684a0597ecf0b5@google.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 22 Nov 2019, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer still triggered > crash: > INFO: rcu detected stall in dummy_timer > > radio-si470x 1-1:0.0: non-zero urb status (-71) > radio-si470x 4-1:0.0: non-zero urb status (-71) > radio-si470x 3-1:0.0: non-zero urb status (-71) Oliver: The reason for this stall is because the driver goes into a tight resubmit loop when the interrupt URB completes with an unrecognized error status. Instead, the driver should log an error message and avoid resubmitting. Error recovery can be done at a higher level. In other words, change the goto resubmit; /* Maybe we can recover. */ line in the completion handler into a return. Alan Stern