Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6997466imu;
        Wed, 14 Nov 2018 10:03:26 -0800 (PST)
X-Google-Smtp-Source: AJdET5dZSud0wPs39iek+FnMrmMhObMADXdgoD39myWk7H8jd7SdlaiQQm7GOfZD4txKoRkPVi9S
X-Received: by 2002:a63:c0f:: with SMTP id b15mr2709323pgl.314.1542218606700;
        Wed, 14 Nov 2018 10:03:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542218606; cv=none;
        d=google.com; s=arc-20160816;
        b=DO7RN8mh3rPiEKs2L2hIbWF2rBb4JwmzLjItRHlSIcjXx1w1riJmgwQMoz0YbgvwYt
         ow1zLY0hdjZA4sjo5OqxffXJ3NLRcBbNH0LSHGB0Rd8yu+ppjo6IzBVVcbcf3ZkXwM2u
         XkCNQtrsWI/XFH6E2edKkMOqhw44flNd1pjGLq44fkIX2ZAjuMsfLr39jo4lB9Rad7xI
         5rBSsw1RGc46Yu9AXm7HwqYISG8iOOgp2BT+lY+dous+Yfen7oM8LP3OMI1Nt0g9AO68
         bQsfS7xtcWOEO3gftsSxTKlKqBc+rhHxt/bnzvTJ2FOhLD9zbrSZWx8J3pzK0A+es3lN
         FwkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature;
        bh=+u9cfa/TTF/uy2o+d2SBUGl/+F7AsRzMtsTN9wc4rW0=;
        b=R2L4+nQ5CRnrxCW+SmvBi2e5QermAnY0i5/6Fe7hyrTAG5cDatOXI/1crY20fLtms5
         Rz49k78zH/79Gfpqul08pKaKkOGd2Va265HI3V9RF9H5LFY4rs31g6oCVs9pZ8/oLmnG
         HwTmf2aFwqGYUm/c6NXk67tZCH6t3U+HjpQiFXgLL/68Xa+pyGeIhblL02qxiToZuYlX
         e/Gae4wwzLV9MKRJXxaMm1YcN4YrUrNICePdrrri4MIpgZF5zOiFQWz1oVfLZfIIqmGA
         LamFpqWcYXd6OPzD6KOUS6e/uXcpHXRaBQUXo9lzQ8fVr0QmonWEUyXtukGPs71xLhxN
         xwjA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=hALzE4eW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q32si24141249pgm.410.2018.11.14.10.03.05;
        Wed, 14 Nov 2018 10:03:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=hALzE4eW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731921AbeKOEGX (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Wed, 14 Nov 2018 23:06:23 -0500
Received: from mail-it1-f196.google.com ([209.85.166.196]:36232 "EHLO
        mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727821AbeKOEGX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Nov 2018 23:06:23 -0500
Received: by mail-it1-f196.google.com with SMTP id w7-v6so25260683itd.1
        for <linux-kernel@vger.kernel.org>; Wed, 14 Nov 2018 10:02:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=+u9cfa/TTF/uy2o+d2SBUGl/+F7AsRzMtsTN9wc4rW0=;
        b=hALzE4eWK9dzsmS9Pxdaht0tHKnRuKiRI59nvdvANVeTcaB3sBX0iDrgsK9D1zv5J0
         trcZOqG5sB3N41i7f+mBCOcvwJtdU9fFO73FHVewaFuLlMw/PZdJE+1DHgpqAuNhHvG+
         G+kaF67JZ6K/OuoEModdU35BrClI63NXbqrENh3La9yweDEQ0LvWwCyH6tEqLVzOyg4m
         C5n4801az1bVUUUqS/xff33jAABRQdspxfE5PRcYwo5/uLVkaecu46g6fEXpBWH36zRC
         nLC/PwPnEy/SxgO9CkTymr/46nGQPxSp7y2yITDhDQc2QMGOLinb303P4Y/+9TDawnRa
         iWbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=+u9cfa/TTF/uy2o+d2SBUGl/+F7AsRzMtsTN9wc4rW0=;
        b=Z3KTkTqGpzWe/RGneWQLmGx7GbOVCP0WcekeUkoOOc76Xu1awQSNkASxovboZyq/dQ
         HuSAlOGTeCcyFgoE7c98UtZnSnB1S5yZaYz0IcZtHSoHEvxtpRIWyivwpMUdmOdqeXdQ
         aCgPAzVNL0ElpIFquZx7nci+7ynJSoKoddCdNWLr5etyZ3rkz1WZqA0CYurwcqMJCAU7
         KnQsxWiHswQPM7Wvh36t29uCcRRL9kCxvNvnM6RxYaZvIJQMlLz3FhjpoxVWMIAMnPn6
         1qMBbR8F7WshBmjoiqGXI3YK3AGHDt/ft8EH6g7K9M9TUncSGW8oDDH4yOXHGYN1eMgq
         ktzA==
X-Gm-Message-State: AA+aEWZoZM4GwkCGJaraqocQkPyfV8Cl/ErYsyn7RRyLlGQbJTKqgMUa
        fmjxeEgPDXZTGuVRGl1bq/t5mZDVnXoDNogVsU1syQ==
X-Received: by 2002:a24:e0b:: with SMTP id 11-v6mr2519346ite.41.1542218529866;
 Wed, 14 Nov 2018 10:02:09 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a02:7050:0:0:0:0:0 with HTTP; Wed, 14 Nov 2018 10:02:09
 -0800 (PST)
In-Reply-To: <Pine.LNX.4.44L0.1811131532270.1503-100000@iolanthe.rowland.org>
References: <000000000000214dc1057a74d206@google.com> <Pine.LNX.4.44L0.1811131532270.1503-100000@iolanthe.rowland.org>
From:   Andrey Konovalov <andreyknvl@google.com>
Date:   Wed, 14 Nov 2018 19:02:09 +0100
Message-ID: <CAAeHK+xVmCd6xEB42ML8wjUrwi0YcuoXdrykxCNs7sKjMo0QWQ@mail.gmail.com>
Subject: Re: WARNING in usb_submit_urb (4)
To:     Alan Stern <stern@rowland.harvard.edu>
Cc:     syzbot <syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com>,
        Thinh.Nguyen@synopsys.com,
        Felipe Balbi <felipe.balbi@linux.intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        USB list <linux-usb@vger.kernel.org>,
        Shuah Khan <shuah@kernel.org>, syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Nov 13, 2018 at 9:37 PM, Alan Stern <stern@rowland.harvard.edu> wrote:
> On Mon, 12 Nov 2018, syzbot wrote:
>
>> syzbot has found a reproducer for the following crash on:
>>
>> HEAD commit:    e12e00e388de Merge tag 'kbuild-fixes-v4.20' of git://git.k..
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=100e4ef5400000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=8f215f21f041a0d7
>> dashboard link: https://syzkaller.appspot.com/bug?extid=7634edaea4d0b341c625
>> compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11ce6fbd400000
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com
>
> I tried reproducing this bug on my own system, following the
> instructions at
>
> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>
> The reproducer failed to run properly.  It produced the following
> output:
>
>
> $ ./syz-execprog -cover=0 -threaded=1 -repeat=1 -procs=4 /tmp/repro.syz
> 2018/11/13 15:29:32 parsed 1 programs
> 2018/11/13 15:29:32 executed programs: 0
> 2018/11/13 15:29:32 result: failed=false hanged=false err=executor 3: failed: tun: ioctl(TUNSETIFF) failed (errno 1)
> loop failed (errno 0)
>
>
> tun: ioctl(TUNSETIFF) failed (errno 1)
> loop failed (errno 0)
>
>
> The system is Fedora 28 running the 4.18.16-200.fc28.x86_64 kernel.
> What should I do to investigate further?

Hi Alan,

Looking at "errno 1", it seems that syz-execprog doesn't have enough
privileges to execute this ioctl, so you might need to run it as root.

However the absence of a C reproducer points to the fact that this is
some kind of a race condition. Those are quite sensitive to timing,
and any difference in the used setup might affect their
reproducibility. I would recommend building the exact kernel revision
with the provided config. For me it took around 3 minutes to
syz-execprog before I saw the WARNING.

Thanks!