Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp789039ybl;
        Wed, 11 Dec 2019 07:32:19 -0800 (PST)
X-Google-Smtp-Source: APXvYqwF/iN3OBfRwYVA8DcZvfC8Mmwg0Un89lxyhrOPmaf/SoBIuVPpuszHAPu3NAD0fUicP7PD
X-Received: by 2002:aca:3285:: with SMTP id y127mr3210532oiy.67.1576078339354;
        Wed, 11 Dec 2019 07:32:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576078339; cv=none;
        d=google.com; s=arc-20160816;
        b=x2wyMBSOsX8gE/Vt4N82mGS0yR1Huac/hBUM58H4/PlQcd8cM9Z8/JPRISIg+AKWWv
         pwe0DaP04ZyAaLnzmnQudIdQHDLN2gi/cCabG/36E3zxC49XZaFbrlJnLu+yQnYC7fB4
         bJVqBMc+GM6MgQCXm0ivqEcXM7h1Jr9Drw88PxbAzjJOBWGUEzYtieP87+gXuynv3NZ3
         VYw97VrbHGZxsCQhXILpfYAuK98sMn++CSd6AaguW8nW1W8182NJ9GYaEPmmlYqRaiQ+
         WgEqnLF9o52cISvt777Z7UXkxTUGZlVenoEZtaglBpiNm6oBef8h1MOKtoTI1IUtrA2N
         JkWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=7gIWTbNCIzJwL9xUV5DD3mPfI7Jx6t2VjpSZrx1r784=;
        b=Q8VR1etYy6mFnCJSjdI02X66yi6l+SdgHA1RaK2Hp5LTWbzOaEaX56qmViaJxyvtNC
         /sMwNRyDU7M4aPBmBpc6Xf0eE1rkFeoYN1RWKZzqRQk6d8dyjdhuT38Mb66dM9vOD4pN
         2Z/OVqGL2FWdcuIN9I05pmowghWee0MLeejmacAleR1zY2GnSfd6lP8uCIaS9UaZOnnE
         WhtRiKee6f1ynuwnbHv8E/kiqevNdK9LtOT1BVzkFGRfiNhzdEVJed3Rd9MfxK7I/+7v
         1ZBenrHbH0EVTXfVwwFiLesDYhSCMXidQlyQN/N2y7Cf6Glkgd1PuEx5ARE14UmyrR6U
         O49A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=vYZAFWNO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b20si1297716oii.169.2019.12.11.07.32.07;
        Wed, 11 Dec 2019 07:32:19 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=vYZAFWNO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387660AbfLKPaZ (ORCPT <rfc822;epontan@gmail.com> + 99 others);
        Wed, 11 Dec 2019 10:30:25 -0500
Received: from mail-qk1-f195.google.com ([209.85.222.195]:44181 "EHLO
        mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387557AbfLKPaU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Dec 2019 10:30:20 -0500
Received: by mail-qk1-f195.google.com with SMTP id w127so8156047qkb.11
        for <linux-kernel@vger.kernel.org>; Wed, 11 Dec 2019 07:30:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=7gIWTbNCIzJwL9xUV5DD3mPfI7Jx6t2VjpSZrx1r784=;
        b=vYZAFWNOCXrTdUXacREX512Q1z9yDyARAcKw3YXP92ObelIWEgxEkn2uK5+eYh6Xll
         5azZ2vZrN0W7AYcHJ5PPZ5Y16505hme4EKPIlf3c9Mb+FYPl4tYcg1rClPgoUB4Sn8DA
         BG97fdDQW5BxlUQHf387cnIkiA0Miyi7c6ikFC7G/OQhXZP6AH6GzUd2nn0UTEapB5nU
         7TTE+fCOftymUTuxRpLo5zDOFBu3hgMlWq+ScX8SMfmlJz63wIVNzw5ZjqI6zhbHFUbW
         itdKSZzBzk3AvaRQc7NKT9Cjmu13FDnMEO2pnzNiEOztmPMOObrIJkKtkacVTrL/eJJR
         p+pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=7gIWTbNCIzJwL9xUV5DD3mPfI7Jx6t2VjpSZrx1r784=;
        b=l7504RZ0DaaIJ5c3CvXxkBsiT75x3PE0kPqvYmThHupXLYgAXO5wWC7BWGC5iK9TVU
         kuCDgBRkr9czm4DHVFhNPCtBAdbGTBHZZ9NPmYEGxFnkPIj0mvKi2cXcmycm7/xU83NW
         MDH7bsHFBPOf8fq1z4mLzj9x2uHKdyU4CaWvXDoJfr3zUv+konDElKlSAbbTD/RNcHdE
         VUKswA/hVUVGPMqNbI3JJxX7ERtuDDuEudSDmq5q8Bgybwq7quhe6d05Wf3n77F+IabD
         WRZPjFcxEgXsGp5rD7DEbQhTL5wj0ciG6Hg1Dzo008EwyYMlWqbBHNSlvjkmn89sUOs7
         3Cug==
X-Gm-Message-State: APjAAAWt/+D68q7dyRjnWBPDdmNF8Dk8ShkyqXV8GS6qFXftXB1qCmq3
        mszzKg759fg3oHonnsqVH/nTGX1/otXVZ2ugJV7q3w==
X-Received: by 2002:ae9:eb48:: with SMTP id b69mr3401822qkg.43.1576078219045;
 Wed, 11 Dec 2019 07:30:19 -0800 (PST)
MIME-Version: 1.0
References: <CAAeHK+wY+35uBvr0=FnKsWOj91QhXuVE++V7frn5AihAPLvo5Q@mail.gmail.com>
 <Pine.LNX.4.44L0.1912101508470.1647-100000@iolanthe.rowland.org> <CAAeHK+xTjUdP5D+DzRD-ZBd-8MmhWxT5n=CqO5u37FrEy6T-8Q@mail.gmail.com>
In-Reply-To: <CAAeHK+xTjUdP5D+DzRD-ZBd-8MmhWxT5n=CqO5u37FrEy6T-8Q@mail.gmail.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Wed, 11 Dec 2019 16:30:06 +0100
Message-ID: <CACT4Y+ZSmwr4y2VrUxZSvFCL0Ws4cp6T5FwyVRg_CqhCf354HQ@mail.gmail.com>
Subject: Re: KASAN: use-after-free Read in usbvision_v4l2_open
To:     Andrey Konovalov <andreyknvl@google.com>
Cc:     Alan Stern <stern@rowland.harvard.edu>,
        syzbot <syzbot+c7b0ec009a216143df30@syzkaller.appspotmail.com>,
        Hans Verkuil <hverkuil@xs4all.nl>,
        Souptick Joarder <jrdr.linux@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>, linux-media@vger.kernel.org,
        USB list <linux-usb@vger.kernel.org>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        Richard Fontana <rfontana@redhat.com>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Thomas Gleixner <tglx@linutronix.de>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 11, 2019 at 3:23 PM Andrey Konovalov <andreyknvl@google.com> wrote:
>
> On Tue, Dec 10, 2019 at 9:13 PM Alan Stern <stern@rowland.harvard.edu> wrote:
> >
> > On Tue, 10 Dec 2019, Andrey Konovalov wrote:
> >
> > > On Tue, Dec 10, 2019 at 8:48 PM Alan Stern <stern@rowland.harvard.edu> wrote:
> >
> > > > This looks like a race in v4l2_open(): The function drops the
> > > > videodev_lock mutex before calling the video driver's open routine, and
> > > > the device can be unregistered during the short time between.
> > > >
> > > > This patch tries to make the race much more likely to happen, for
> > > > testing and verification.
> > > >
> > > > Andrey, will syzbot run the same test with this patch, even though it
> > > > says it doesn't have a reproducer?
> > >
> > > Hi Alan,
> > >
> > > No, unfortunately there's nothing to run if there's no reproducer.
> > > It's technically possible to run the same program log that triggered
> > > the bug initially, but since the bug wasn't reproduced with this log
> > > even without the patch, there isn't much sense in running it with the
> > > patch applied.
> >
> > Actually it does make sense.  That bug was caused by a race, and the
> > patch tries to make the race much more likely to happen, so the same
> > test should fail again.
> >
> > But never mind; I'll try a different approach.  There's another syzbot
> > bug report, one with a reproducer, and with this patch in place it
> > should trigger the same race.  I'll try submitting it that way.
> >
> > By the way, do you know why syzbot sent _two_ reply messages?  One with
> > message ID <00000000000031a0af05995eca0b@google.com> and the other with
> > message ID <000000000000441a4205995eca11@google.com>?  It seems like
> > overkill.
>
> Hm, I'm not sure. Dmitry?

I would assume it received 2 emails (second from syzkaller-bugs@
mailing list) and deduplication logic did not work somehow. So it
replied to both.