From: Oliver Neukum <oneukum@suse.com>
To: Alan Stern <stern@rowland.harvard.edu>,
syzbot <syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com>
Cc: andreyknvl@google.com, hverkuil@xs4all.nl,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linux-usb@vger.kernel.org, mchehab@kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: KASAN: use-after-free Read in si470x_int_in_callback (2)
Date: Fri, 22 Nov 2019 20:00:56 +0100 [thread overview]
Message-ID: <1574449256.2659.2.camel@suse.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1911221031300.1511-100000@iolanthe.rowland.org>
Am Freitag, den 22.11.2019, 10:35 -0500 schrieb Alan Stern:
> On Fri, 22 Nov 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot has tested the proposed patch but the reproducer still triggered
> > crash:
> > INFO: rcu detected stall in dummy_timer
> >
> > radio-si470x 1-1:0.0: non-zero urb status (-71)
> > radio-si470x 4-1:0.0: non-zero urb status (-71)
> > radio-si470x 3-1:0.0: non-zero urb status (-71)
>
> Oliver:
>
> The reason for this stall is because the driver goes into a tight
> resubmit loop when the interrupt URB completes with an unrecognized
> error status. Instead, the driver should log an error message and
> avoid resubmitting. Error recovery can be done at a higher level.
>
> In other words, change the
>
> goto resubmit; /* Maybe we can recover. */
>
> line in the completion handler into a return.
I thought so, too. That is why I poisoned the URB. Am I dense?
Regards
Oliver
next prev parent reply other threads:[~2019-11-22 19:17 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-18 14:53 KASAN: use-after-free Read in si470x_int_in_callback (2) syzbot
2019-11-18 13:44 ` Oliver Neukum
2019-11-19 9:10 ` syzbot
2019-11-20 10:32 ` Oliver Neukum
2019-11-20 23:50 ` syzbot
2019-11-21 12:00 ` Oliver Neukum
2019-11-22 10:33 ` syzbot
2019-11-22 15:35 ` Alan Stern
2019-11-22 19:00 ` Oliver Neukum [this message]
2019-11-22 20:12 ` Alan Stern
2019-11-27 10:27 ` Oliver Neukum
2019-11-27 16:30 ` syzbot
2019-11-27 18:07 ` Alan Stern
2019-11-27 20:55 ` syzbot
2019-11-27 21:11 ` Alan Stern
2019-11-28 15:19 ` Oliver Neukum
2019-11-28 17:25 ` Alan Stern
2019-11-28 10:51 ` Oliver Neukum
2019-11-28 17:33 ` Alan Stern
2019-11-28 11:10 ` Oliver Neukum
2019-11-28 13:53 ` syzbot
2019-12-04 15:03 ` Oliver Neukum
2019-12-04 18:17 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1574449256.2659.2.camel@suse.com \
--to=oneukum@suse.com \
--cc=andreyknvl@google.com \
--cc=hverkuil@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.