From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 054C0C433EF for ; Sun, 29 May 2022 00:56:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4BE338D0003; Sat, 28 May 2022 20:56:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 46E618D0001; Sat, 28 May 2022 20:56:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 381858D0003; Sat, 28 May 2022 20:56:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 23C0E8D0001 for ; Sat, 28 May 2022 20:56:19 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id D55CE2107C for ; Sun, 29 May 2022 00:56:18 +0000 (UTC) X-FDA: 79516964436.05.778A6CD Received: from r3-20.sinamail.sina.com.cn (r3-20.sinamail.sina.com.cn [202.108.3.20]) by imf11.hostedemail.com (Postfix) with SMTP id 52E8C4003D for ; Sun, 29 May 2022 00:56:08 +0000 (UTC) Received: from unknown (HELO localhost.localdomain)([114.249.57.134]) by sina.com (172.16.97.35) with ESMTP id 6292C4770001E176; Sun, 29 May 2022 08:55:21 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 31063515073502 From: Hillf Danton To: Alan Stern Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Hillf Danton Subject: Re: [syzbot] WARNING in driver_unregister Date: Sun, 29 May 2022 08:56:03 +0800 Message-Id: <20220529005603.4002-1-hdanton@sina.com> In-Reply-To: References: <0000000000007a6b3605e01620c8@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 52E8C4003D X-Stat-Signature: 91pfqo3fpo8zjfaz6dyhijtjgioutou6 Authentication-Results: imf11.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf11.hostedemail.com: domain of hdanton@sina.com designates 202.108.3.20 as permitted sender) smtp.mailfrom=hdanton@sina.com X-Rspam-User: X-HE-Tag: 1653785768-666454 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, 28 May 2022 16:22:56 -0400 Alan Stern wrote: > On Sat, May 28, 2022 at 10:55:22AM -0700, syzbot wrote: > > Hello, > > > > syzbot has tested the proposed patch and the reproducer did not trigger any issue: > > > > Reported-and-tested-by: syzbot+02b16343704b3af1667e@syzkaller.appspotmail.com > > > > Tested on: > > > > commit: 97fa5887 USB: new quirk for Dell Gen 2 devices > > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git > > kernel config: https://syzkaller.appspot.com/x/.config?x=d7b232ec3adf5c8d > > dashboard link: https://syzkaller.appspot.com/bug?extid=02b16343704b3af1667e > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > patch: https://syzkaller.appspot.com/x/patch.diff?x=10f44625f00000 > > > > Note: testing is done by a robot and is best-effort only. > > Yeah, I don't believe this result. > > In any case, I believe the second problem (unexpected unregistration) > arises because the driver has no protection against multiple threads > calling raw_ioctl_run() concurrently. Fixing that should be a second > patch, but for testing purposes the two are combined below. > > Alan Stern > > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 97fa5887cf28 > > Index: usb-devel/drivers/usb/gadget/legacy/raw_gadget.c > =================================================================== > --- usb-devel.orig/drivers/usb/gadget/legacy/raw_gadget.c > +++ usb-devel/drivers/usb/gadget/legacy/raw_gadget.c > @@ -11,6 +11,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -36,6 +37,9 @@ MODULE_LICENSE("GPL"); > > /*----------------------------------------------------------------------*/ > > +static DEFINE_IDA(driver_id_numbers); > +#define DRIVER_DRIVER_NAME_LENGTH_MAX 32 > + > #define RAW_EVENT_QUEUE_SIZE 16 > > struct raw_event_queue { > @@ -145,6 +149,7 @@ enum dev_state { > STATE_DEV_INVALID = 0, > STATE_DEV_OPENED, > STATE_DEV_INITIALIZED, > + STATE_DEV_REGISTERING, > STATE_DEV_RUNNING, > STATE_DEV_CLOSED, > STATE_DEV_FAILED Thanks for your plumber fix. Feel free to add Acked-by: Hillf Danton