Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752798AbeADTBL (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 4 Jan 2018 14:01:11 -0500
Received: from mail-ot0-f195.google.com ([74.125.82.195]:40374 "EHLO
        mail-ot0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750959AbeADTBK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jan 2018 14:01:10 -0500
X-Google-Smtp-Source: ACJfBosdNwML2G5FCrpvPA2E0YBZdV/s8iP8aT8zbG8uPeaczZLnfWd1GsJREMPlHHJForn7kVGhSg==
Subject: Re: WARNING in ion_ioctl
To: Dmitry Vyukov <dvyukov@google.com>,
        Greg KH <gregkh@linuxfoundation.org>
Cc: syzbot <syzbot+fa2d5f63ee5904a0115a@syzkaller.appspotmail.com>,
        arve@android.com, devel@driverdev.osuosl.org,
        LKML <linux-kernel@vger.kernel.org>, maco@android.com,
        sumit.semwal@linaro.org, syzkaller-bugs@googlegroups.com,
        tkjos@android.com
References: <f403043cd4eccf5d8b0561f3b42f@google.com>
 <20180104140627.GB17490@kroah.com>
 <CACT4Y+YxWctjfEYuGXv6HZysELA4L1B=Qn2-tPNPL_Na=1Bmdw@mail.gmail.com>
From: Laura Abbott <labbott@redhat.com>
Message-ID: <c3e9121c-0fbe-3569-7166-c60a41baa553@redhat.com>
Date: Thu, 4 Jan 2018 11:01:06 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CACT4Y+YxWctjfEYuGXv6HZysELA4L1B=Qn2-tPNPL_Na=1Bmdw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 01/04/2018 06:13 AM, Dmitry Vyukov wrote:
> On Thu, Jan 4, 2018 at 3:06 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
>> On Thu, Jan 04, 2018 at 05:57:01AM -0800, syzbot wrote:
>>> Hello,
>>>
>>> syzkaller hit the following crash on
>>> 71ee203389f7cb1c1927eab22b95baa01405791c
>>> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
>>> compiler: gcc (GCC) 7.1.1 20170620
>>> .config is attached
>>> Raw console output is attached.
>>> C reproducer is attached
>>> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
>>> for information about syzkaller reproducers
>>>
>>>
>>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>>> Reported-by: syzbot+fa2d5f63ee5904a0115a@syzkaller.appspotmail.com
>>> It will help syzbot understand when the bug is fixed. See footer for
>>> details.
>>> If you forward the report, please keep this part and the footer.
>>>
>>> audit: type=1400 audit(1514734723.062:7): avc:  denied  { map } for
>>> pid=3502 comm="syzkaller809746" path="/root/syzkaller809746698" dev="sda1"
>>> ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
>>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
>>> WARNING: CPU: 0 PID: 3502 at drivers/staging/android/ion/ion-ioctl.c:73
>>> ion_ioctl+0x2db/0x380 drivers/staging/android/ion/ion-ioctl.c:73
>>> Kernel panic - not syncing: panic_on_warn set ...
>>
>> This is to be expected when you pass in a crappy ion ioctl structure.
>>
>> So don't do that :)
>>
>> Yeah, it's a harsh warning, but I think the userspace developers like it
>> to ensure they got their implementation correct.
>>
>> After the warning is thrown, all keeps working just fine.
> 
> Hi Greg,
> 
> Or, don't do WARNINGs on EINVAL and do pr_warn instead, as useful but
> also enables automated kernel testing with non-tainted reports, which
> is kinda a useful property.
> 

 From past experience, pr_warn was too subtle for some developers but
I'm more interested in the fuzzing at this point so I'll see about
just switching it to a pr_warn_once.

Thanks,
Laura