Re: BUG: unable to handle kernel paging request in do_con_trol
4 views
Skip to first unread message
syzbot
Jul 10, 2020, 7:02:06 PM7/10/20
to brooke...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
syzkaller build failed: failed to run ["make" "target"]: exit status 2
GOOS=linux GOARCH=amd64 go install ./syz-fuzzer
# github.com/google/syzkaller/sys/akaros/gen
sys/akaros/gen/amd64.go:23:55: undefined: Field
sys/akaros/gen/amd64.go:26:61: undefined: Field
sys/akaros/gen/amd64.go:29:48: undefined: Field
sys/akaros/gen/amd64.go:34:44: undefined: Field
sys/akaros/gen/amd64.go:39:59: undefined: Field
sys/akaros/gen/amd64.go:43:46: undefined: Field
sys/akaros/gen/amd64.go:48:46: undefined: Field
sys/akaros/gen/amd64.go:51:56: undefined: Field
sys/akaros/gen/amd64.go:56:43: undefined: Field
sys/akaros/gen/amd64.go:62:48: undefined: Field
sys/akaros/gen/amd64.go:62:48: too many errors
# github.com/google/syzkaller/sys/netbsd/gen
sys/netbsd/gen/amd64.go:47:50: undefined: Field
sys/netbsd/gen/amd64.go:50:7: undefined: Ref
sys/netbsd/gen/amd64.go:51:52: undefined: Field
sys/netbsd/gen/amd64.go:55:55: undefined: Field
sys/netbsd/gen/amd64.go:59:51: undefined: Ref
sys/netbsd/gen/amd64.go:60:62: undefined: Field
sys/netbsd/gen/amd64.go:63:58: undefined: Field
sys/netbsd/gen/amd64.go:68:52: undefined: Field
sys/netbsd/gen/amd64.go:72:58: undefined: Field
sys/netbsd/gen/amd64.go:76:60: undefined: Field
sys/netbsd/gen/amd64.go:76:60: too many errors
# github.com/google/syzkaller/sys/openbsd/gen
sys/openbsd/gen/amd64.go:49:47: undefined: Field
sys/openbsd/gen/amd64.go:53:7: undefined: Ref
sys/openbsd/gen/amd64.go:54:52: undefined: Field
sys/openbsd/gen/amd64.go:58:7: undefined: Ref
sys/openbsd/gen/amd64.go:59:53: undefined: Field
sys/openbsd/gen/amd64.go:63:7: undefined: Ref
sys/openbsd/gen/amd64.go:64:52: undefined: Field
sys/openbsd/gen/amd64.go:68:7: undefined: Ref
sys/openbsd/gen/amd64.go:69:43: undefined: Field
sys/openbsd/gen/amd64.go:72:44: undefined: Field
sys/openbsd/gen/amd64.go:72:44: too many errors
# github.com/google/syzkaller/sys/test/gen
sys/test/gen/32_fork_shmem.go:29:50: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:30:40: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:31:44: undefined: Ref
sys/test/gen/32_fork_shmem.go:31:53: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:32:47: undefined: Field
sys/test/gen/32_fork_shmem.go:34:3: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:35:58: undefined: Ref
sys/test/gen/32_fork_shmem.go:36:47: undefined: Field
sys/test/gen/32_fork_shmem.go:39:54: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: too many errors
# github.com/google/syzkaller/sys/freebsd/gen
sys/freebsd/gen/386.go:49:68: undefined: Field
sys/freebsd/gen/386.go:54:52: undefined: Field
sys/freebsd/gen/386.go:58:60: undefined: Field
sys/freebsd/gen/386.go:65:59: undefined: Field
sys/freebsd/gen/386.go:71:60: undefined: Field
sys/freebsd/gen/386.go:77:59: undefined: Field
sys/freebsd/gen/386.go:83:59: undefined: Field
sys/freebsd/gen/386.go:89:60: undefined: Field
sys/freebsd/gen/386.go:95:61: undefined: Field
sys/freebsd/gen/386.go:101:75: undefined: Field
sys/freebsd/gen/386.go:101:75: too many errors
# github.com/google/syzkaller/sys/windows/gen
sys/windows/gen/amd64.go:23:45: undefined: Field
sys/windows/gen/amd64.go:26:47: undefined: Field
sys/windows/gen/amd64.go:29:53: undefined: Field
sys/windows/gen/amd64.go:32:69: undefined: Field
sys/windows/gen/amd64.go:35:45: undefined: Field
sys/windows/gen/amd64.go:45:51: undefined: Field
sys/windows/gen/amd64.go:55:79: undefined: Field
sys/windows/gen/amd64.go:66:63: undefined: Field
sys/windows/gen/amd64.go:77:91: undefined: Field
sys/windows/gen/amd64.go:88:83: undefined: Field
sys/windows/gen/amd64.go:88:83: too many errors
# github.com/google/syzkaller/sys/fuchsia/gen
sys/fuchsia/gen/amd64.go:96:39: undefined: Field
sys/fuchsia/gen/amd64.go:99:39: undefined: Field
sys/fuchsia/gen/amd64.go:103:39: undefined: Field
sys/fuchsia/gen/amd64.go:108:39: undefined: Field
sys/fuchsia/gen/amd64.go:111:39: undefined: Field
sys/fuchsia/gen/amd64.go:114:7: undefined: Ref
sys/fuchsia/gen/amd64.go:115:35: undefined: Field
sys/fuchsia/gen/amd64.go:117:7: undefined: Ref
sys/fuchsia/gen/amd64.go:118:37: undefined: Field
sys/fuchsia/gen/amd64.go:121:7: undefined: Ref
sys/fuchsia/gen/amd64.go:121:7: too many errors
# github.com/google/syzkaller/sys/linux/gen
sys/linux/gen/386.go:296:50: undefined: Field
sys/linux/gen/386.go:301:7: undefined: Ref
sys/linux/gen/386.go:302:54: undefined: Field
sys/linux/gen/386.go:307:7: undefined: Ref
sys/linux/gen/386.go:308:55: undefined: Field
sys/linux/gen/386.go:313:7: undefined: Ref
sys/linux/gen/386.go:314:59: undefined: Field
sys/linux/gen/386.go:319:7: undefined: Ref
sys/linux/gen/386.go:320:55: undefined: Field
sys/linux/gen/386.go:325:7: undefined: Ref
sys/linux/gen/386.go:325:7: too many errors
Makefile:113: recipe for target 'target' failed
make: *** [target] Error 2
go env (err=<nil>)
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/syzkaller/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build390159329=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 8eda0b95
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: sys/akaros/gen/amd64.go
modified: sys/freebsd/gen/386.go
modified: sys/freebsd/gen/amd64.go
modified: sys/fuchsia/gen/amd64.go
modified: sys/fuchsia/gen/arm64.go
modified: sys/linux/gen/386.go
modified: sys/linux/gen/amd64.go
modified: sys/linux/gen/arm.go
modified: sys/linux/gen/arm64.go
modified: sys/linux/gen/mips64le.go
modified: sys/linux/gen/ppc64le.go
modified: sys/netbsd/gen/amd64.go
modified: sys/openbsd/gen/amd64.go
modified: sys/test/gen/32_fork_shmem.go
modified: sys/test/gen/32_shmem.go
modified: sys/test/gen/64.go
modified: sys/test/gen/64_fork.go
modified: sys/trusty/gen/arm.go
modified: sys/windows/gen/amd64.go
no changes added to commit (use "git add" and/or "git commit -a")
Tested on:
commit: [unknown
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=9bce437b96dc287eafef
compiler: gcc (GCC) 10.1.0-syz 20200507
syzbot tried to test the proposed patch but build/boot failed:
syzkaller build failed: failed to run ["make" "target"]: exit status 2
GOOS=linux GOARCH=amd64 go install ./syz-fuzzer
# github.com/google/syzkaller/sys/akaros/gen
sys/akaros/gen/amd64.go:23:55: undefined: Field
sys/akaros/gen/amd64.go:26:61: undefined: Field
sys/akaros/gen/amd64.go:29:48: undefined: Field
sys/akaros/gen/amd64.go:34:44: undefined: Field
sys/akaros/gen/amd64.go:39:59: undefined: Field
sys/akaros/gen/amd64.go:43:46: undefined: Field
sys/akaros/gen/amd64.go:48:46: undefined: Field
sys/akaros/gen/amd64.go:51:56: undefined: Field
sys/akaros/gen/amd64.go:56:43: undefined: Field
sys/akaros/gen/amd64.go:62:48: undefined: Field
sys/akaros/gen/amd64.go:62:48: too many errors
# github.com/google/syzkaller/sys/netbsd/gen
sys/netbsd/gen/amd64.go:47:50: undefined: Field
sys/netbsd/gen/amd64.go:50:7: undefined: Ref
sys/netbsd/gen/amd64.go:51:52: undefined: Field
sys/netbsd/gen/amd64.go:55:55: undefined: Field
sys/netbsd/gen/amd64.go:59:51: undefined: Ref
sys/netbsd/gen/amd64.go:60:62: undefined: Field
sys/netbsd/gen/amd64.go:63:58: undefined: Field
sys/netbsd/gen/amd64.go:68:52: undefined: Field
sys/netbsd/gen/amd64.go:72:58: undefined: Field
sys/netbsd/gen/amd64.go:76:60: undefined: Field
sys/netbsd/gen/amd64.go:76:60: too many errors
# github.com/google/syzkaller/sys/openbsd/gen
sys/openbsd/gen/amd64.go:49:47: undefined: Field
sys/openbsd/gen/amd64.go:53:7: undefined: Ref
sys/openbsd/gen/amd64.go:54:52: undefined: Field
sys/openbsd/gen/amd64.go:58:7: undefined: Ref
sys/openbsd/gen/amd64.go:59:53: undefined: Field
sys/openbsd/gen/amd64.go:63:7: undefined: Ref
sys/openbsd/gen/amd64.go:64:52: undefined: Field
sys/openbsd/gen/amd64.go:68:7: undefined: Ref
sys/openbsd/gen/amd64.go:69:43: undefined: Field
sys/openbsd/gen/amd64.go:72:44: undefined: Field
sys/openbsd/gen/amd64.go:72:44: too many errors
# github.com/google/syzkaller/sys/test/gen
sys/test/gen/32_fork_shmem.go:29:50: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:30:40: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:31:44: undefined: Ref
sys/test/gen/32_fork_shmem.go:31:53: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:32:47: undefined: Field
sys/test/gen/32_fork_shmem.go:34:3: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:35:58: undefined: Ref
sys/test/gen/32_fork_shmem.go:36:47: undefined: Field
sys/test/gen/32_fork_shmem.go:39:54: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: too many errors
# github.com/google/syzkaller/sys/freebsd/gen
sys/freebsd/gen/386.go:49:68: undefined: Field
sys/freebsd/gen/386.go:54:52: undefined: Field
sys/freebsd/gen/386.go:58:60: undefined: Field
sys/freebsd/gen/386.go:65:59: undefined: Field
sys/freebsd/gen/386.go:71:60: undefined: Field
sys/freebsd/gen/386.go:77:59: undefined: Field
sys/freebsd/gen/386.go:83:59: undefined: Field
sys/freebsd/gen/386.go:89:60: undefined: Field
sys/freebsd/gen/386.go:95:61: undefined: Field
sys/freebsd/gen/386.go:101:75: undefined: Field
sys/freebsd/gen/386.go:101:75: too many errors
# github.com/google/syzkaller/sys/windows/gen
sys/windows/gen/amd64.go:23:45: undefined: Field
sys/windows/gen/amd64.go:26:47: undefined: Field
sys/windows/gen/amd64.go:29:53: undefined: Field
sys/windows/gen/amd64.go:32:69: undefined: Field
sys/windows/gen/amd64.go:35:45: undefined: Field
sys/windows/gen/amd64.go:45:51: undefined: Field
sys/windows/gen/amd64.go:55:79: undefined: Field
sys/windows/gen/amd64.go:66:63: undefined: Field
sys/windows/gen/amd64.go:77:91: undefined: Field
sys/windows/gen/amd64.go:88:83: undefined: Field
sys/windows/gen/amd64.go:88:83: too many errors
# github.com/google/syzkaller/sys/fuchsia/gen
sys/fuchsia/gen/amd64.go:96:39: undefined: Field
sys/fuchsia/gen/amd64.go:99:39: undefined: Field
sys/fuchsia/gen/amd64.go:103:39: undefined: Field
sys/fuchsia/gen/amd64.go:108:39: undefined: Field
sys/fuchsia/gen/amd64.go:111:39: undefined: Field
sys/fuchsia/gen/amd64.go:114:7: undefined: Ref
sys/fuchsia/gen/amd64.go:115:35: undefined: Field
sys/fuchsia/gen/amd64.go:117:7: undefined: Ref
sys/fuchsia/gen/amd64.go:118:37: undefined: Field
sys/fuchsia/gen/amd64.go:121:7: undefined: Ref
sys/fuchsia/gen/amd64.go:121:7: too many errors
# github.com/google/syzkaller/sys/linux/gen
sys/linux/gen/386.go:296:50: undefined: Field
sys/linux/gen/386.go:301:7: undefined: Ref
sys/linux/gen/386.go:302:54: undefined: Field
sys/linux/gen/386.go:307:7: undefined: Ref
sys/linux/gen/386.go:308:55: undefined: Field
sys/linux/gen/386.go:313:7: undefined: Ref
sys/linux/gen/386.go:314:59: undefined: Field
sys/linux/gen/386.go:319:7: undefined: Ref
sys/linux/gen/386.go:320:55: undefined: Field
sys/linux/gen/386.go:325:7: undefined: Ref
sys/linux/gen/386.go:325:7: too many errors
Makefile:113: recipe for target 'target' failed
make: *** [target] Error 2
go env (err=<nil>)
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/syzkaller/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build390159329=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 8eda0b95
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: sys/akaros/gen/amd64.go
modified: sys/freebsd/gen/386.go
modified: sys/freebsd/gen/amd64.go
modified: sys/fuchsia/gen/amd64.go
modified: sys/fuchsia/gen/arm64.go
modified: sys/linux/gen/386.go
modified: sys/linux/gen/amd64.go
modified: sys/linux/gen/arm.go
modified: sys/linux/gen/arm64.go
modified: sys/linux/gen/mips64le.go
modified: sys/linux/gen/ppc64le.go
modified: sys/netbsd/gen/amd64.go
modified: sys/openbsd/gen/amd64.go
modified: sys/test/gen/32_fork_shmem.go
modified: sys/test/gen/32_shmem.go
modified: sys/test/gen/64.go
modified: sys/test/gen/64_fork.go
modified: sys/trusty/gen/arm.go
modified: sys/windows/gen/amd64.go
no changes added to commit (use "git add" and/or "git commit -a")
Tested on:
commit: [unknown
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=9bce437b96dc287eafef
compiler: gcc (GCC) 10.1.0-syz 20200507
Dmitry Vyukov
Jul 12, 2020, 2:49:27 AM7/12/20
to syzbot, brooke...@gmail.com, syzkaller-bugs
This was a bug on syzkaller side, hopefully fixed now with:
https://github.com/google/syzkaller/commit/1ad470c26510d8ad078a0c4cfbd26010491692be
Let's try again:
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
master
syzbot
Jul 12, 2020, 4:31:09 AM7/12/20
to brooke...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel paging request in do_con_write
BUG: unable to handle page fault for address: 000000010000000e
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD a88be067 P4D a88be067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8190 Comm: syz-executor.1 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x69bf/0x7770 drivers/tty/vt/vt.c:2823
Code: 18 84 c0 74 08 2c 01 0f 8e a7 00 00 00 4d 63 ed 44 89 f1 41 0f b7 87 18 04 00 00 4d 01 ed 4c 03 ad c8 fe ff ff d1 e9 4c 89 ef <f3> 66 ab 49 8d bf d0 04 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84
RSP: 0018:ffffc9000a4d79d8 EFLAGS: 00010202
RAX: 0000000000000720 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff88808dfee440 RSI: ffffffff84030370 RDI: 000000010000000e
RBP: ffffc9000a4d7bc0 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 000000010000000e R14: 0000000000000002 R15: ffff8880969bd000
FS: 00007fd79fc09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a88bf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
con_write+0x27/0xb0 drivers/tty/vt/vt.c:3159
process_output_block drivers/tty/n_tty.c:595 [inline]
n_tty_write+0x40e/0x10e0 drivers/tty/n_tty.c:2333
do_tty_write drivers/tty/tty_io.c:962 [inline]
tty_write+0x4df/0x850 drivers/tty/tty_io.c:1046
vfs_write+0x2bc/0x6c0 fs/read_write.c:576
ksys_write+0x155/0x290 fs/read_write.c:631
__do_sys_write fs/read_write.c:643 [inline]
__se_sys_write fs/read_write.c:640 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:640
do_syscall_64+0x64/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b3c9
Code: Bad RIP value.
RSP: 002b:00007fd79fc08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd79fc096d4 RCX: 000000000045b3c9
RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c79 R14: 00000000004cd676 R15: 000000000075bf2c
Modules linked in:
CR2: 000000010000000e
---[ end trace b7c7a1f0d841365a ]---
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x69bf/0x7770 drivers/tty/vt/vt.c:2823
Code: 18 84 c0 74 08 2c 01 0f 8e a7 00 00 00 4d 63 ed 44 89 f1 41 0f b7 87 18 04 00 00 4d 01 ed 4c 03 ad c8 fe ff ff d1 e9 4c 89 ef <f3> 66 ab 49 8d bf d0 04 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84
RSP: 0018:ffffc9000a4d79d8 EFLAGS: 00010202
RAX: 0000000000000720 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff88808dfee440 RSI: ffffffff84030370 RDI: 000000010000000e
RBP: ffffc9000a4d7bc0 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 000000010000000e R14: 0000000000000002 R15: ffff8880969bd000
FS: 00007fd79fc09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a88bf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13a6563f100000
kernel config: https://syzkaller.appspot.com/x/.config?x=5e8df50ee17e13b1
syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel paging request in do_con_write
BUG: unable to handle page fault for address: 000000010000000e
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD a88be067 P4D a88be067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8190 Comm: syz-executor.1 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x69bf/0x7770 drivers/tty/vt/vt.c:2823
Code: 18 84 c0 74 08 2c 01 0f 8e a7 00 00 00 4d 63 ed 44 89 f1 41 0f b7 87 18 04 00 00 4d 01 ed 4c 03 ad c8 fe ff ff d1 e9 4c 89 ef <f3> 66 ab 49 8d bf d0 04 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84
RSP: 0018:ffffc9000a4d79d8 EFLAGS: 00010202
RAX: 0000000000000720 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff88808dfee440 RSI: ffffffff84030370 RDI: 000000010000000e
RBP: ffffc9000a4d7bc0 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 000000010000000e R14: 0000000000000002 R15: ffff8880969bd000
FS: 00007fd79fc09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a88bf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
con_write+0x27/0xb0 drivers/tty/vt/vt.c:3159
process_output_block drivers/tty/n_tty.c:595 [inline]
n_tty_write+0x40e/0x10e0 drivers/tty/n_tty.c:2333
do_tty_write drivers/tty/tty_io.c:962 [inline]
tty_write+0x4df/0x850 drivers/tty/tty_io.c:1046
vfs_write+0x2bc/0x6c0 fs/read_write.c:576
ksys_write+0x155/0x290 fs/read_write.c:631
__do_sys_write fs/read_write.c:643 [inline]
__se_sys_write fs/read_write.c:640 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:640
do_syscall_64+0x64/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b3c9
Code: Bad RIP value.
RSP: 002b:00007fd79fc08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd79fc096d4 RCX: 000000000045b3c9
RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c79 R14: 00000000004cd676 R15: 000000000075bf2c
Modules linked in:
CR2: 000000010000000e
---[ end trace b7c7a1f0d841365a ]---
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x69bf/0x7770 drivers/tty/vt/vt.c:2823
Code: 18 84 c0 74 08 2c 01 0f 8e a7 00 00 00 4d 63 ed 44 89 f1 41 0f b7 87 18 04 00 00 4d 01 ed 4c 03 ad c8 fe ff ff d1 e9 4c 89 ef <f3> 66 ab 49 8d bf d0 04 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84
RSP: 0018:ffffc9000a4d79d8 EFLAGS: 00010202
RAX: 0000000000000720 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff88808dfee440 RSI: ffffffff84030370 RDI: 000000010000000e
RBP: ffffc9000a4d7bc0 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 000000010000000e R14: 0000000000000002 R15: ffff8880969bd000
FS: 00007fd79fc09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a88bf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13a6563f100000
kernel config: https://syzkaller.appspot.com/x/.config?x=5e8df50ee17e13b1
syzbot
Jul 20, 2020, 6:52:23 PM7/20/20
to Tetsuo Handa, penguin...@i-love.sakura.ne.jp, syzkall...@googlegroups.com
> #syz dup: general protection fault in do_con_write
Your 'dup:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Your 'dup:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Reply all
Reply to author
Forward
0 new messages