Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp912167ybl;
        Fri, 10 Jan 2020 08:47:35 -0800 (PST)
X-Google-Smtp-Source: APXvYqyxs3c9UX5QFTIXQ9GNSc/GIBJ4yGqlCjh8xpqIhIbWexN4EppvLEQrErMP7bGzQbzatNm7
X-Received: by 2002:a05:6808:2d2:: with SMTP id a18mr2975654oid.120.1578674855031;
        Fri, 10 Jan 2020 08:47:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1578674855; cv=none;
        d=google.com; s=arc-20160816;
        b=vfa4F9jC0A4nJZC5LGyj8ZsTYYCjxEaHxgXEJhWwXojqbGMe/U0SqIuhAu7+Tbqa1y
         vWOWeTDLuJGmzz5CTmcomSZCm/6syC+xtiETCnhCWbGMLR5GWT+pcHk5bqlBgLpHSty/
         kReAVnhqF6F7TFYt8CkZYDGI+GEZVF1ov07ULgmsDkuCdG65fpG/Wsd6nAPezNdUCpAq
         OHNs89JdtPDWtK5IP30eWwHZ9ap4rpjOnzvcu7ADAxyXkYFpjOqh2KYfdczVp/Ssi3zb
         J/MWQKRx4cEdUTZ/wm/mjoWAHwuv/LeTQQg+kY9/JiIySI4/YprywDehcB+PLPRSztma
         8e8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=9Uld6qOjyUjE2LTXOlgxIe9R0z9puILcSA94rP9mPRA=;
        b=cGN/8Q8n4713hj91xJG+/c9ledNUgHHF/YrOhiM/XqpNVjVh54wg1+gehM5MsMy8Jl
         zoSCeYpgv8WqEwQ8RMOX/sqidCCJLSvx3rxrhEu9p+6n7taucCcxNxKuXbdgFT5qhP3h
         sa+MlAeOgCqkDKlgIVi6aL9o7c0rOv4iRLESQrwGskC8UWLkUal20oPKHbIsmj94W/i1
         9nmL51eb6qtMKoSn5G6btxYtLL/h9titsp5kv6RhId7QF+W665mqT6tNnncCzsLEkY4D
         86Qcxz+JK0YQakBTuo4r4vglKalFB4duXTcRMc6UjdJRJkAjQyz8VUSprQEDWG5M95C6
         l+EQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=gx00LFe3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y26si1664484otk.315.2020.01.10.08.47.23;
        Fri, 10 Jan 2020 08:47:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=gx00LFe3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728897AbgAJQqT (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Fri, 10 Jan 2020 11:46:19 -0500
Received: from mail-pf1-f193.google.com ([209.85.210.193]:37148 "EHLO
        mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728640AbgAJQqS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 10 Jan 2020 11:46:18 -0500
Received: by mail-pf1-f193.google.com with SMTP id p14so1401358pfn.4
        for <linux-kernel@vger.kernel.org>; Fri, 10 Jan 2020 08:46:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=9Uld6qOjyUjE2LTXOlgxIe9R0z9puILcSA94rP9mPRA=;
        b=gx00LFe3OFs7maYoP84n7LVW0q+yrcDlKbPCAx38cjU06EL2pZ6no5yntzGpToms6K
         qcInPPtKurkfkYnbWLA2XArjm+0vzmU8C9E9oZNYJlRkgTL6PVKG7XoIPdFADK+bTHtF
         QNzH22kV89dRp0wCPc+Ckwj+9KqZK/TuolqHhQHLgKrDwhMqSa+Rd0RVYys5ie+aDTGy
         ig9voZZ7tATFJoOaTBkqYBXpNbxepzE+jAoFD5nefNLzAIfBggUnRBGFohh1M2Ggsc5U
         UUIuesgxDVK7yL4RJsIJWii+1qjJ7fOd+4HlM8mkEiVSXv7Uy3PsF+43idlKUjHhSsUL
         EfcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=9Uld6qOjyUjE2LTXOlgxIe9R0z9puILcSA94rP9mPRA=;
        b=ljZKj0Y/F3e7DPIp/kSe0rTGp/3jypzdO/vJKKxxMNsVkJpsmoA9ich6fROawT/9zQ
         fz3QOR5cns9OkU+gGrud5XiCRDTF1gT/xdNl9GgfYIMDsHJMIbpVCGm6cn1NaFKGHyj4
         gCAt9khbdekN/7iMPHGcVQAokY3ynvUJ5wcL8tc5Gpe7scwMMfNMWhUpDkIxAHI7JmDc
         7I2F4488qSDOio4aGaVFu4+lhhnLMWgQPIRwqZG/dzRjvb30H/IvVQY6QP2uG2FJFo4O
         7ePLDAGNlr8XtZJo8EV9oOdskKJQbBAzPFw4P9PUhjpfRjUOiRvUwka3GDZSUjBQsTDz
         jJDg==
X-Gm-Message-State: APjAAAVWgd85dtZzbMjP9jyGFwkwBsvjJhijYQusGwKIHW2eB+fnwfQ3
        KNKS04mKqR+1SX19JgugOs3du+rV6WOGZuMoS4ZVFg==
X-Received: by 2002:a63:358a:: with SMTP id c132mr5568414pga.286.1578674777669;
 Fri, 10 Jan 2020 08:46:17 -0800 (PST)
MIME-Version: 1.0
References: <0000000000001b53f8059ba5431a@google.com> <Pine.LNX.4.44L0.2001091142281.1307-100000@iolanthe.rowland.org>
In-Reply-To: <Pine.LNX.4.44L0.2001091142281.1307-100000@iolanthe.rowland.org>
From:   Andrey Konovalov <andreyknvl@google.com>
Date:   Fri, 10 Jan 2020 17:46:06 +0100
Message-ID: <CAAeHK+x5psxWYNvgfxBiLoQt-o3n+-t_ZhLxueRJ8bHsv=Pmbg@mail.gmail.com>
Subject: Re: WARNING in usbhid_raw_request/usb_submit_urb (2)
To:     Alan Stern <stern@rowland.harvard.edu>
Cc:     syzbot <syzbot+10e5f68920f13587ab12@syzkaller.appspotmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        ingrassia@epigenesys.com, LKML <linux-kernel@vger.kernel.org>,
        USB list <linux-usb@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 9, 2020 at 5:46 PM Alan Stern <stern@rowland.harvard.edu> wrote:
>
> On Wed, 8 Jan 2020, syzbot wrote:
>
> > Hello,
> >
> > syzbot has tested the proposed patch and the reproducer did not trigger
> > crash:
> >
> > Reported-and-tested-by:
> > syzbot+10e5f68920f13587ab12@syzkaller.appspotmail.com
> >
> > Tested on:
> >
> > commit:         ecdf2214 usb: gadget: add raw-gadget interface
> > git tree:       https://github.com/google/kasan.git
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=b06a019075333661
> > dashboard link: https://syzkaller.appspot.com/bug?extid=10e5f68920f13587ab12
> > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > patch:          https://syzkaller.appspot.com/x/patch.diff?x=1583963ee00000
> >
> > Note: testing is done by a robot and is best-effort only.
>
> I'm at a loss for a way to track this down any farther.  The difference
> between this patch and the previous was very small and almost entirely
> confined to actions that take place _after_ the bug condition has been
> detected.
>
> If this is indeed caused by a race, it would be nice to know that the
> two racing threads are doing.  One of them we can see in the log output
> (it's calling usb_control_msg) but the other is a mystery.

I've tried to reproduce this manually, but failed :( I don't think
there's anything else we can do with this. Let's close this bug,
there's a chance syzbot comes up with a better reproducer.

#syz invalid