lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Nov 2018 19:02:09 +0100
From:   Andrey Konovalov <andreyknvl@...gle.com>
To:     Alan Stern <stern@...land.harvard.edu>
Cc:     syzbot <syzbot+7634edaea4d0b341c625@...kaller.appspotmail.com>,
        Thinh.Nguyen@...opsys.com,
        Felipe Balbi <felipe.balbi@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        USB list <linux-usb@...r.kernel.org>,
        Shuah Khan <shuah@...nel.org>, syzkaller-bugs@...glegroups.com
Subject: Re: WARNING in usb_submit_urb (4)

On Tue, Nov 13, 2018 at 9:37 PM, Alan Stern <stern@...land.harvard.edu> wrote:
> On Mon, 12 Nov 2018, syzbot wrote:
>
>> syzbot has found a reproducer for the following crash on:
>>
>> HEAD commit:    e12e00e388de Merge tag 'kbuild-fixes-v4.20' of git://git.k..
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=100e4ef5400000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=8f215f21f041a0d7
>> dashboard link: https://syzkaller.appspot.com/bug?extid=7634edaea4d0b341c625
>> compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11ce6fbd400000
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+7634edaea4d0b341c625@...kaller.appspotmail.com
>
> I tried reproducing this bug on my own system, following the
> instructions at
>
> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>
> The reproducer failed to run properly.  It produced the following
> output:
>
>
> $ ./syz-execprog -cover=0 -threaded=1 -repeat=1 -procs=4 /tmp/repro.syz
> 2018/11/13 15:29:32 parsed 1 programs
> 2018/11/13 15:29:32 executed programs: 0
> 2018/11/13 15:29:32 result: failed=false hanged=false err=executor 3: failed: tun: ioctl(TUNSETIFF) failed (errno 1)
> loop failed (errno 0)
>
>
> tun: ioctl(TUNSETIFF) failed (errno 1)
> loop failed (errno 0)
>
>
> The system is Fedora 28 running the 4.18.16-200.fc28.x86_64 kernel.
> What should I do to investigate further?

Hi Alan,

Looking at "errno 1", it seems that syz-execprog doesn't have enough
privileges to execute this ioctl, so you might need to run it as root.

However the absence of a C reproducer points to the fact that this is
some kind of a race condition. Those are quite sensitive to timing,
and any difference in the used setup might affect their
reproducibility. I would recommend building the exact kernel revision
with the provided config. For me it took around 3 minutes to
syz-execprog before I saw the WARNING.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ