Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753089AbeADONY (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 4 Jan 2018 09:13:24 -0500
Received: from mail-pf0-f194.google.com ([209.85.192.194]:43373 "EHLO
        mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752741AbeADONX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jan 2018 09:13:23 -0500
X-Google-Smtp-Source: ACJfBosvMKIlVC63USRW7JoBQRcpMVY5WwbJ9ml6Im7Xeks6GLthwoUG0q1Tk8QIgNxiK45DKkLmbo7f4YkKRYtVM9o=
MIME-Version: 1.0
In-Reply-To: <20180104140627.GB17490@kroah.com>
References: <f403043cd4eccf5d8b0561f3b42f@google.com> <20180104140627.GB17490@kroah.com>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 4 Jan 2018 15:13:01 +0100
Message-ID: <CACT4Y+YxWctjfEYuGXv6HZysELA4L1B=Qn2-tPNPL_Na=1Bmdw@mail.gmail.com>
Subject: Re: WARNING in ion_ioctl
To: Greg KH <gregkh@linuxfoundation.org>
Cc: syzbot <syzbot+fa2d5f63ee5904a0115a@syzkaller.appspotmail.com>,
        arve@android.com, devel@driverdev.osuosl.org,
        Laura Abbott <labbott@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>, maco@android.com,
        sumit.semwal@linaro.org, syzkaller-bugs@googlegroups.com,
        tkjos@android.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Thu, Jan 4, 2018 at 3:06 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Thu, Jan 04, 2018 at 05:57:01AM -0800, syzbot wrote:
>> Hello,
>>
>> syzkaller hit the following crash on
>> 71ee203389f7cb1c1927eab22b95baa01405791c
>> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
>> compiler: gcc (GCC) 7.1.1 20170620
>> .config is attached
>> Raw console output is attached.
>> C reproducer is attached
>> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
>> for information about syzkaller reproducers
>>
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+fa2d5f63ee5904a0115a@syzkaller.appspotmail.com
>> It will help syzbot understand when the bug is fixed. See footer for
>> details.
>> If you forward the report, please keep this part and the footer.
>>
>> audit: type=1400 audit(1514734723.062:7): avc:  denied  { map } for
>> pid=3502 comm="syzkaller809746" path="/root/syzkaller809746698" dev="sda1"
>> ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
>> WARNING: CPU: 0 PID: 3502 at drivers/staging/android/ion/ion-ioctl.c:73
>> ion_ioctl+0x2db/0x380 drivers/staging/android/ion/ion-ioctl.c:73
>> Kernel panic - not syncing: panic_on_warn set ...
>
> This is to be expected when you pass in a crappy ion ioctl structure.
>
> So don't do that :)
>
> Yeah, it's a harsh warning, but I think the userspace developers like it
> to ensure they got their implementation correct.
>
> After the warning is thrown, all keeps working just fine.

Hi Greg,

Or, don't do WARNINGs on EINVAL and do pr_warn instead, as useful but
also enables automated kernel testing with non-tainted reports, which
is kinda a useful property.