Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2399726rdb; Wed, 21 Feb 2024 06:39:01 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXzyuKXpQBMRXFiwV6G77NI5MJchrohaYkQtpLsytu9YqmMEHEJFFOEKnwYQ74JeyxT9nGuJB2RApY6TK/etdgu899kK1+cbCzsbtgxBQ== X-Google-Smtp-Source: AGHT+IFxJ5kbkmRjJowD3CjO6XFqwsBH17VHA+S+fGnCiUq2SOFEMXcMczPKTS7LB7FoHENd7/5z X-Received: by 2002:a05:6402:26c8:b0:564:c704:ccb6 with SMTP id x8-20020a05640226c800b00564c704ccb6mr5177495edd.29.1708526341150; Wed, 21 Feb 2024 06:39:01 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708526341; cv=pass; d=google.com; s=arc-20160816; b=luLCgXjipvk/kgsm1zZT3yeX5cbIAVvBkDBYU6tOEQiWTm3WekQc78DhAiURqCcCO5 m0WbcJOl9XKLTGJxGxHs/cgPflXpvjIZTFL6xw7w+aoyFw9XsmKg82wIhrYWTrPhArSW /RMkiWnBBVGJN8nI478PZol/oOkAL/twDdqBkJXSZHB0lEVn18rsSQzV35gIrgwkObrp xQ7QDl91hixjSxamNA7G7qMsOq+m8cRICGEfVlECmUar0Ga525FHHRJtvGgsSX1YyxK5 nHPL/GQ+6ZbYbQ7jIadqnfYYubAvNHlLfV/NlCDsFXa1d9QVExbLYJZJq8uQ5KShOkBI 30Hg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=JIJZCuqquFbj9fBrsh7KhDgafUjD5ZTFyoE5iPugpOU=; fh=3oGub75Dp6ZRV0m6+jEK8SK6Hshrxf5PlBBZ1a8na/k=; b=kq2soGV1eR5I0M8Z1JZlIjYEnMFpetUVFK9DDqtYscoN+rjBRnMQuSIOj/VPX1xEb6 m06iNr0z9CwoXq55AWEiRTyFqDWbOyRkgcpQdfl9+dljETwgYT1UwL7brWzI/MrF4+Sq ZGVShI4e7pKC+qGu9GLXJVPNIh36YJOeNI3X/pjViuHPkrdILuaUUnZ0b/vYOMVL3JDV 1FL2p7hkW6+eAZIA1pvU71iyGQoz5fZ/eateXCgfA85OCnd6xZs8u/BJlpOqWvWLiIY8 M6y+BhZW7dAmFum7boWgE5MF+4mdBLoIQebHtR4ubrAISMkGHhrmWtbVOlM1wrvtfPmr ISgQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-74910-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74910-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id f18-20020a056402355200b005645bb0636bsi3524162edd.399.2024.02.21.06.39.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 06:39:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-74910-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-74910-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-74910-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E16EE1F23544 for ; Wed, 21 Feb 2024 14:39:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 557447FBAD; Wed, 21 Feb 2024 14:38:51 +0000 (UTC) Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB4337C0B8; Wed, 21 Feb 2024 14:38:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708526330; cv=none; b=C3lEbrRaNsU2N/aKGprU+alLHxhe8cEygsoMsQk2nlDqM3NRvbe1CnjZdnP9udjYV1WQFQ6TVCK0P94wIClEbdnMy9axKA0nHiyuN5rHJA9jHWNTFWDiomdFafc9A3uMHk3kObZRZlTPGSSaIHg5aWXdHg267pI7dphpQrlSY68= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708526330; c=relaxed/simple; bh=5YDxSVqC1zF2NM/ES7mlAm2LSM0vCdSoAN168O/YwvA=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=HklnfQRIpEKqOIqjdq0YU7H99O7QjmVELrbiumTL2S8HDe8o+1stpC+giN2egilEyR8ymNgZkdmU7i1bPYbsQkx2e2eXu9GIpriYnZvhmC2Vk8WPdboYzNgCuuJjPbJsvT2Vl/JGlmHjsKQajgT6mIhy1gx96tNIgN0MH98OlJ0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79489C433C7; Wed, 21 Feb 2024 14:38:48 +0000 (UTC) Message-ID: <4fa62e4f-9768-4434-8f7b-24aa3b2a3490@xs4all.nl> Date: Wed, 21 Feb 2024 15:38:47 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] media/cec/core: fix task hung in cec_claim_log_addrs Content-Language: en-US, nl To: Edward Adam Davis , syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, mchehab@kernel.org, syzkaller-bugs@googlegroups.com References: <0000000000006d96200611de3986@google.com> From: Hans Verkuil In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 21/02/2024 15:20, Edward Adam Davis wrote: > After unlocking adap->lock in cec_claim_log_addrs(), cec_claim_log_addrs() may > re-enter, causing this issue to occur. But if it is called again, then it should hit this at the start of the function: if (WARN_ON(adap->is_configuring || adap->is_configured)) return; I'm still not sure what causes the KASAN hung task since I cannot seem to reproduce it, and because it is hard for me to find enough time to dig into this. Regards, Hans > > In the thread function cec_config_thread_func() adap->lock is also used, so there > is no need to unlock adap->lock in cec_claim_log_addrs(), and then use adap->lock > in cec_config_thread_func() to protect. > > Reported-and-tested-by: syzbot+116b65a23bc791ae49a6@syzkaller.appspotmail.com > Signed-off-by: Edward Adam Davis > --- > drivers/media/cec/core/cec-adap.c | 5 ----- > 1 file changed, 5 deletions(-) > > diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c > index 5741adf09a2e..21b3ff504524 100644 > --- a/drivers/media/cec/core/cec-adap.c > +++ b/drivers/media/cec/core/cec-adap.c > @@ -1436,7 +1436,6 @@ static int cec_config_thread_func(void *arg) > int err; > int i, j; > > - mutex_lock(&adap->lock); > dprintk(1, "physical address: %x.%x.%x.%x, claim %d logical addresses\n", > cec_phys_addr_exp(adap->phys_addr), las->num_log_addrs); > las->log_addr_mask = 0; > @@ -1565,7 +1564,6 @@ static int cec_config_thread_func(void *arg) > } > adap->kthread_config = NULL; > complete(&adap->config_completion); > - mutex_unlock(&adap->lock); > call_void_op(adap, configured); > return 0; > > @@ -1577,7 +1575,6 @@ static int cec_config_thread_func(void *arg) > adap->must_reconfigure = false; > adap->kthread_config = NULL; > complete(&adap->config_completion); > - mutex_unlock(&adap->lock); > return 0; > } > > @@ -1602,9 +1599,7 @@ static void cec_claim_log_addrs(struct cec_adapter *adap, bool block) > adap->kthread_config = NULL; > adap->is_configuring = false; > } else if (block) { > - mutex_unlock(&adap->lock); > wait_for_completion(&adap->config_completion); > - mutex_lock(&adap->lock); > } > } >