Re: BUG: unable to handle kernel paging request in do_con_write
10 views
Skip to first unread message
syzbot
Jul 10, 2020, 6:51:10āÆPM7/10/20
to brooke...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
syzkaller build failed: failed to run ["make" "target"]: exit status 2
GOOS=linux GOARCH=amd64 go install ./syz-fuzzer
# github.com/google/syzkaller/sys/akaros/gen
sys/akaros/gen/amd64.go:23:55: undefined: Field
sys/akaros/gen/amd64.go:26:61: undefined: Field
sys/akaros/gen/amd64.go:29:48: undefined: Field
sys/akaros/gen/amd64.go:34:44: undefined: Field
sys/akaros/gen/amd64.go:39:59: undefined: Field
sys/akaros/gen/amd64.go:43:46: undefined: Field
sys/akaros/gen/amd64.go:48:46: undefined: Field
sys/akaros/gen/amd64.go:51:56: undefined: Field
sys/akaros/gen/amd64.go:56:43: undefined: Field
sys/akaros/gen/amd64.go:62:48: undefined: Field
sys/akaros/gen/amd64.go:62:48: too many errors
# github.com/google/syzkaller/sys/netbsd/gen
sys/netbsd/gen/amd64.go:47:68: undefined: Field
sys/netbsd/gen/amd64.go:51:70: undefined: Field
sys/netbsd/gen/amd64.go:55:70: undefined: Field
sys/netbsd/gen/amd64.go:59:50: undefined: Field
sys/netbsd/gen/amd64.go:62:7: undefined: Ref
sys/netbsd/gen/amd64.go:63:54: undefined: Field
sys/netbsd/gen/amd64.go:67:58: undefined: Field
sys/netbsd/gen/amd64.go:71:52: undefined: Field
sys/netbsd/gen/amd64.go:75:60: undefined: Field
sys/netbsd/gen/amd64.go:80:62: undefined: Field
sys/netbsd/gen/amd64.go:80:62: too many errors
# github.com/google/syzkaller/sys/test/gen
sys/test/gen/32_fork_shmem.go:29:50: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:30:40: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:31:44: undefined: Ref
sys/test/gen/32_fork_shmem.go:31:53: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:32:47: undefined: Field
sys/test/gen/32_fork_shmem.go:34:3: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:35:58: undefined: Ref
sys/test/gen/32_fork_shmem.go:36:47: undefined: Field
sys/test/gen/32_fork_shmem.go:39:54: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: too many errors
# github.com/google/syzkaller/sys/openbsd/gen
sys/openbsd/gen/amd64.go:49:47: undefined: Field
sys/openbsd/gen/amd64.go:53:7: undefined: Ref
sys/openbsd/gen/amd64.go:54:52: undefined: Field
sys/openbsd/gen/amd64.go:58:7: undefined: Ref
sys/openbsd/gen/amd64.go:59:53: undefined: Field
sys/openbsd/gen/amd64.go:63:7: undefined: Ref
sys/openbsd/gen/amd64.go:64:52: undefined: Field
sys/openbsd/gen/amd64.go:68:7: undefined: Ref
sys/openbsd/gen/amd64.go:69:43: undefined: Field
sys/openbsd/gen/amd64.go:72:44: undefined: Field
sys/openbsd/gen/amd64.go:72:44: too many errors
# github.com/google/syzkaller/sys/freebsd/gen
sys/freebsd/gen/386.go:49:68: undefined: Field
sys/freebsd/gen/386.go:54:52: undefined: Field
sys/freebsd/gen/386.go:58:60: undefined: Field
sys/freebsd/gen/386.go:65:59: undefined: Field
sys/freebsd/gen/386.go:71:60: undefined: Field
sys/freebsd/gen/386.go:77:59: undefined: Field
sys/freebsd/gen/386.go:83:59: undefined: Field
sys/freebsd/gen/386.go:89:60: undefined: Field
sys/freebsd/gen/386.go:95:61: undefined: Field
sys/freebsd/gen/386.go:101:75: undefined: Field
sys/freebsd/gen/386.go:101:75: too many errors
# github.com/google/syzkaller/sys/fuchsia/gen
sys/fuchsia/gen/amd64.go:91:39: undefined: Field
sys/fuchsia/gen/amd64.go:94:39: undefined: Field
sys/fuchsia/gen/amd64.go:98:39: undefined: Field
sys/fuchsia/gen/amd64.go:103:39: undefined: Field
sys/fuchsia/gen/amd64.go:106:39: undefined: Field
sys/fuchsia/gen/amd64.go:109:7: undefined: Ref
sys/fuchsia/gen/amd64.go:110:35: undefined: Field
sys/fuchsia/gen/amd64.go:112:7: undefined: Ref
sys/fuchsia/gen/amd64.go:113:37: undefined: Field
sys/fuchsia/gen/amd64.go:116:7: undefined: Ref
sys/fuchsia/gen/amd64.go:116:7: too many errors
# github.com/google/syzkaller/sys/windows/gen
sys/windows/gen/amd64.go:23:45: undefined: Field
sys/windows/gen/amd64.go:26:47: undefined: Field
sys/windows/gen/amd64.go:29:53: undefined: Field
sys/windows/gen/amd64.go:32:69: undefined: Field
sys/windows/gen/amd64.go:35:45: undefined: Field
sys/windows/gen/amd64.go:45:51: undefined: Field
sys/windows/gen/amd64.go:55:79: undefined: Field
sys/windows/gen/amd64.go:66:63: undefined: Field
sys/windows/gen/amd64.go:77:91: undefined: Field
sys/windows/gen/amd64.go:88:83: undefined: Field
sys/windows/gen/amd64.go:88:83: too many errors
# github.com/google/syzkaller/sys/linux/gen
sys/linux/gen/386.go:305:50: undefined: Field
sys/linux/gen/386.go:310:7: undefined: Ref
sys/linux/gen/386.go:311:54: undefined: Field
sys/linux/gen/386.go:316:7: undefined: Ref
sys/linux/gen/386.go:317:55: undefined: Field
sys/linux/gen/386.go:322:7: undefined: Ref
sys/linux/gen/386.go:323:59: undefined: Field
sys/linux/gen/386.go:328:7: undefined: Ref
sys/linux/gen/386.go:329:55: undefined: Field
sys/linux/gen/386.go:334:7: undefined: Ref
sys/linux/gen/386.go:334:7: too many errors
Makefile:113: recipe for target 'target' failed
make: *** [target] Error 2
go env (err=<nil>)
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/syzkaller/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build830919647=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 0342f8c7
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: sys/akaros/gen/amd64.go
modified: sys/freebsd/gen/386.go
modified: sys/freebsd/gen/amd64.go
modified: sys/fuchsia/gen/amd64.go
modified: sys/fuchsia/gen/arm64.go
modified: sys/linux/gen/386.go
modified: sys/linux/gen/amd64.go
modified: sys/linux/gen/arm.go
modified: sys/linux/gen/arm64.go
modified: sys/linux/gen/mips64le.go
modified: sys/linux/gen/ppc64le.go
modified: sys/netbsd/gen/amd64.go
modified: sys/openbsd/gen/amd64.go
modified: sys/test/gen/32_fork_shmem.go
modified: sys/test/gen/32_shmem.go
modified: sys/test/gen/64.go
modified: sys/test/gen/64_fork.go
modified: sys/trusty/gen/arm.go
modified: sys/windows/gen/amd64.go
Untracked files:
(use "git add <file>..." to include in what will be committed)
sys/linux/gen/riscv64.go
sys/linux/gen/s390x.go
no changes added to commit (use "git add" and/or "git commit -a")
Tested on:
commit: [unknown
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=d8cbeb7028cd2950172e
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syzbot tried to test the proposed patch but build/boot failed:
syzkaller build failed: failed to run ["make" "target"]: exit status 2
GOOS=linux GOARCH=amd64 go install ./syz-fuzzer
# github.com/google/syzkaller/sys/akaros/gen
sys/akaros/gen/amd64.go:23:55: undefined: Field
sys/akaros/gen/amd64.go:26:61: undefined: Field
sys/akaros/gen/amd64.go:29:48: undefined: Field
sys/akaros/gen/amd64.go:34:44: undefined: Field
sys/akaros/gen/amd64.go:39:59: undefined: Field
sys/akaros/gen/amd64.go:43:46: undefined: Field
sys/akaros/gen/amd64.go:48:46: undefined: Field
sys/akaros/gen/amd64.go:51:56: undefined: Field
sys/akaros/gen/amd64.go:56:43: undefined: Field
sys/akaros/gen/amd64.go:62:48: undefined: Field
sys/akaros/gen/amd64.go:62:48: too many errors
# github.com/google/syzkaller/sys/netbsd/gen
sys/netbsd/gen/amd64.go:47:68: undefined: Field
sys/netbsd/gen/amd64.go:51:70: undefined: Field
sys/netbsd/gen/amd64.go:55:70: undefined: Field
sys/netbsd/gen/amd64.go:59:50: undefined: Field
sys/netbsd/gen/amd64.go:62:7: undefined: Ref
sys/netbsd/gen/amd64.go:63:54: undefined: Field
sys/netbsd/gen/amd64.go:67:58: undefined: Field
sys/netbsd/gen/amd64.go:71:52: undefined: Field
sys/netbsd/gen/amd64.go:75:60: undefined: Field
sys/netbsd/gen/amd64.go:80:62: undefined: Field
sys/netbsd/gen/amd64.go:80:62: too many errors
# github.com/google/syzkaller/sys/test/gen
sys/test/gen/32_fork_shmem.go:29:50: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:30:40: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:31:44: undefined: Ref
sys/test/gen/32_fork_shmem.go:31:53: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:32:47: undefined: Field
sys/test/gen/32_fork_shmem.go:34:3: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:35:58: undefined: Ref
sys/test/gen/32_fork_shmem.go:36:47: undefined: Field
sys/test/gen/32_fork_shmem.go:39:54: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: undefined: Field
sys/test/gen/32_fork_shmem.go:42:42: too many errors
# github.com/google/syzkaller/sys/openbsd/gen
sys/openbsd/gen/amd64.go:49:47: undefined: Field
sys/openbsd/gen/amd64.go:53:7: undefined: Ref
sys/openbsd/gen/amd64.go:54:52: undefined: Field
sys/openbsd/gen/amd64.go:58:7: undefined: Ref
sys/openbsd/gen/amd64.go:59:53: undefined: Field
sys/openbsd/gen/amd64.go:63:7: undefined: Ref
sys/openbsd/gen/amd64.go:64:52: undefined: Field
sys/openbsd/gen/amd64.go:68:7: undefined: Ref
sys/openbsd/gen/amd64.go:69:43: undefined: Field
sys/openbsd/gen/amd64.go:72:44: undefined: Field
sys/openbsd/gen/amd64.go:72:44: too many errors
# github.com/google/syzkaller/sys/freebsd/gen
sys/freebsd/gen/386.go:49:68: undefined: Field
sys/freebsd/gen/386.go:54:52: undefined: Field
sys/freebsd/gen/386.go:58:60: undefined: Field
sys/freebsd/gen/386.go:65:59: undefined: Field
sys/freebsd/gen/386.go:71:60: undefined: Field
sys/freebsd/gen/386.go:77:59: undefined: Field
sys/freebsd/gen/386.go:83:59: undefined: Field
sys/freebsd/gen/386.go:89:60: undefined: Field
sys/freebsd/gen/386.go:95:61: undefined: Field
sys/freebsd/gen/386.go:101:75: undefined: Field
sys/freebsd/gen/386.go:101:75: too many errors
# github.com/google/syzkaller/sys/fuchsia/gen
sys/fuchsia/gen/amd64.go:91:39: undefined: Field
sys/fuchsia/gen/amd64.go:94:39: undefined: Field
sys/fuchsia/gen/amd64.go:98:39: undefined: Field
sys/fuchsia/gen/amd64.go:103:39: undefined: Field
sys/fuchsia/gen/amd64.go:106:39: undefined: Field
sys/fuchsia/gen/amd64.go:109:7: undefined: Ref
sys/fuchsia/gen/amd64.go:110:35: undefined: Field
sys/fuchsia/gen/amd64.go:112:7: undefined: Ref
sys/fuchsia/gen/amd64.go:113:37: undefined: Field
sys/fuchsia/gen/amd64.go:116:7: undefined: Ref
sys/fuchsia/gen/amd64.go:116:7: too many errors
# github.com/google/syzkaller/sys/windows/gen
sys/windows/gen/amd64.go:23:45: undefined: Field
sys/windows/gen/amd64.go:26:47: undefined: Field
sys/windows/gen/amd64.go:29:53: undefined: Field
sys/windows/gen/amd64.go:32:69: undefined: Field
sys/windows/gen/amd64.go:35:45: undefined: Field
sys/windows/gen/amd64.go:45:51: undefined: Field
sys/windows/gen/amd64.go:55:79: undefined: Field
sys/windows/gen/amd64.go:66:63: undefined: Field
sys/windows/gen/amd64.go:77:91: undefined: Field
sys/windows/gen/amd64.go:88:83: undefined: Field
sys/windows/gen/amd64.go:88:83: too many errors
# github.com/google/syzkaller/sys/linux/gen
sys/linux/gen/386.go:305:50: undefined: Field
sys/linux/gen/386.go:310:7: undefined: Ref
sys/linux/gen/386.go:311:54: undefined: Field
sys/linux/gen/386.go:316:7: undefined: Ref
sys/linux/gen/386.go:317:55: undefined: Field
sys/linux/gen/386.go:322:7: undefined: Ref
sys/linux/gen/386.go:323:59: undefined: Field
sys/linux/gen/386.go:328:7: undefined: Ref
sys/linux/gen/386.go:329:55: undefined: Field
sys/linux/gen/386.go:334:7: undefined: Ref
sys/linux/gen/386.go:334:7: too many errors
Makefile:113: recipe for target 'target' failed
make: *** [target] Error 2
go env (err=<nil>)
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/syzkaller/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build830919647=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 0342f8c7
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: sys/akaros/gen/amd64.go
modified: sys/freebsd/gen/386.go
modified: sys/freebsd/gen/amd64.go
modified: sys/fuchsia/gen/amd64.go
modified: sys/fuchsia/gen/arm64.go
modified: sys/linux/gen/386.go
modified: sys/linux/gen/amd64.go
modified: sys/linux/gen/arm.go
modified: sys/linux/gen/arm64.go
modified: sys/linux/gen/mips64le.go
modified: sys/linux/gen/ppc64le.go
modified: sys/netbsd/gen/amd64.go
modified: sys/openbsd/gen/amd64.go
modified: sys/test/gen/32_fork_shmem.go
modified: sys/test/gen/32_shmem.go
modified: sys/test/gen/64.go
modified: sys/test/gen/64_fork.go
modified: sys/trusty/gen/arm.go
modified: sys/windows/gen/amd64.go
Untracked files:
(use "git add <file>..." to include in what will be committed)
sys/linux/gen/riscv64.go
sys/linux/gen/s390x.go
no changes added to commit (use "git add" and/or "git commit -a")
Tested on:
commit: [unknown
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=d8cbeb7028cd2950172e
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Dmitry Vyukov
Jul 12, 2020, 2:48:35āÆAM7/12/20
to syzbot, brooke...@gmail.com, syzkaller-bugs
This was a bug on syzkaller side, hopefully fixed now with:
https://github.com/google/syzkaller/commit/1ad470c26510d8ad078a0c4cfbd26010491692be
Let's try again:
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
master
syzbot
Jul 12, 2020, 4:21:08āÆAM7/12/20
to brooke...@gmail.com, dvy...@google.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel paging request in do_con_write
BUG: unable to handle page fault for address: 000000010000000e
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD a673c067 P4D a673c067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8206 Comm: syz-executor.0 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x9f62/0xf360 drivers/tty/vt/vt.c:2823
Code: 00 00 00 00 00 fc ff df 8a 04 08 84 c0 0f 85 1d 44 00 00 48 8b 84 24 a0 00 00 00 0f b7 00 44 89 f9 81 e1 ff ff ff 7f 4c 89 f7 <f3> 66 ab 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 50 8a 04 01 84
RSP: 0018:ffffc9000a7e78e0 EFLAGS: 00010202
RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8967e340 RDI: 000000010000000e
RBP: ffffc9000a7e7bc8 R08: 0000000000000005 R09: ffffffff840aa798
R10: 0000000000000003 R11: ffff88808d294540 R12: 0000000000000000
R13: dffffc0000000000 R14: 000000010000000e R15: 0000000000000001
FS: 00007ffb0fa44700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a65a9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
con_write+0x25/0x40 drivers/tty/vt/vt.c:3159
process_output_block drivers/tty/n_tty.c:595 [inline]
n_tty_write+0xd0c/0x1200 drivers/tty/n_tty.c:2333
do_tty_write drivers/tty/tty_io.c:962 [inline]
tty_write+0x5a1/0x950 drivers/tty/tty_io.c:1046
vfs_write+0x2f5/0xcb0 fs/read_write.c:576
ksys_write+0x11d/0x220 fs/read_write.c:631
__do_sys_write fs/read_write.c:643 [inline]
__se_sys_write fs/read_write.c:640 [inline]
__x64_sys_write+0x7b/0x90 fs/read_write.c:640
do_syscall_64+0x76/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b3c9
Code: Bad RIP value.
RSP: 002b:00007ffb0fa43c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007ffb0fa446d4 RCX: 000000000045b3c9
RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c79 R14: 00000000004cd676 R15: 000000000075bfd4
Modules linked in:
CR2: 000000010000000e
---[ end trace 94e172fe1fb11243 ]---
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x9f62/0xf360 drivers/tty/vt/vt.c:2823
Code: 00 00 00 00 00 fc ff df 8a 04 08 84 c0 0f 85 1d 44 00 00 48 8b 84 24 a0 00 00 00 0f b7 00 44 89 f9 81 e1 ff ff ff 7f 4c 89 f7 <f3> 66 ab 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 50 8a 04 01 84
RSP: 0018:ffffc9000a7e78e0 EFLAGS: 00010202
RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8967e340 RDI: 000000010000000e
RBP: ffffc9000a7e7bc8 R08: 0000000000000005 R09: ffffffff840aa798
R10: 0000000000000003 R11: ffff88808d294540 R12: 0000000000000000
R13: dffffc0000000000 R14: 000000010000000e R15: 0000000000000001
FS: 00007ffb0fa44700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a65a9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1194ab0b100000
kernel config: https://syzkaller.appspot.com/x/.config?x=da04774a46123452
syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel paging request in do_con_write
BUG: unable to handle page fault for address: 000000010000000e
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD a673c067 P4D a673c067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8206 Comm: syz-executor.0 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x9f62/0xf360 drivers/tty/vt/vt.c:2823
Code: 00 00 00 00 00 fc ff df 8a 04 08 84 c0 0f 85 1d 44 00 00 48 8b 84 24 a0 00 00 00 0f b7 00 44 89 f9 81 e1 ff ff ff 7f 4c 89 f7 <f3> 66 ab 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 50 8a 04 01 84
RSP: 0018:ffffc9000a7e78e0 EFLAGS: 00010202
RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8967e340 RDI: 000000010000000e
RBP: ffffc9000a7e7bc8 R08: 0000000000000005 R09: ffffffff840aa798
R10: 0000000000000003 R11: ffff88808d294540 R12: 0000000000000000
R13: dffffc0000000000 R14: 000000010000000e R15: 0000000000000001
FS: 00007ffb0fa44700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a65a9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
con_write+0x25/0x40 drivers/tty/vt/vt.c:3159
process_output_block drivers/tty/n_tty.c:595 [inline]
n_tty_write+0xd0c/0x1200 drivers/tty/n_tty.c:2333
do_tty_write drivers/tty/tty_io.c:962 [inline]
tty_write+0x5a1/0x950 drivers/tty/tty_io.c:1046
vfs_write+0x2f5/0xcb0 fs/read_write.c:576
ksys_write+0x11d/0x220 fs/read_write.c:631
__do_sys_write fs/read_write.c:643 [inline]
__se_sys_write fs/read_write.c:640 [inline]
__x64_sys_write+0x7b/0x90 fs/read_write.c:640
do_syscall_64+0x76/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b3c9
Code: Bad RIP value.
RSP: 002b:00007ffb0fa43c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007ffb0fa446d4 RCX: 000000000045b3c9
RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c79 R14: 00000000004cd676 R15: 000000000075bfd4
Modules linked in:
CR2: 000000010000000e
---[ end trace 94e172fe1fb11243 ]---
RIP: 0010:memset16 arch/x86/include/asm/string_64.h:25 [inline]
RIP: 0010:scr_memsetw include/linux/vt_buffer.h:36 [inline]
RIP: 0010:csi_K drivers/tty/vt/vt.c:1588 [inline]
RIP: 0010:do_con_trol drivers/tty/vt/vt.c:2398 [inline]
RIP: 0010:do_con_write+0x9f62/0xf360 drivers/tty/vt/vt.c:2823
Code: 00 00 00 00 00 fc ff df 8a 04 08 84 c0 0f 85 1d 44 00 00 48 8b 84 24 a0 00 00 00 0f b7 00 44 89 f9 81 e1 ff ff ff 7f 4c 89 f7 <f3> 66 ab 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 50 8a 04 01 84
RSP: 0018:ffffc9000a7e78e0 EFLAGS: 00010202
RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8967e340 RDI: 000000010000000e
RBP: ffffc9000a7e7bc8 R08: 0000000000000005 R09: ffffffff840aa798
R10: 0000000000000003 R11: ffff88808d294540 R12: 0000000000000000
R13: dffffc0000000000 R14: 000000010000000e R15: 0000000000000001
FS: 00007ffb0fa44700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000010000000e CR3: 00000000a65a9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1194ab0b100000
kernel config: https://syzkaller.appspot.com/x/.config?x=da04774a46123452
syzbot
Jul 19, 2020, 7:22:07āÆAM7/19/20
to brooke...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/tty/vt/vt.c
patch: **** unexpected end of file in patch
Tested on:
commit: f932d58a Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
git tree: upstream
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/tty/vt/vt.c
patch: **** unexpected end of file in patch
Tested on:
commit: f932d58a Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=d8cbeb7028cd2950172e
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
patch: https://syzkaller.appspot.com/x/patch.diff?x=13c6e2f0900000
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syzbot
Jul 19, 2020, 7:38:08āÆAM7/19/20
to brooke...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d8cbeb...@syzkaller.appspotmail.com
kernel config: https://syzkaller.appspot.com/x/.config?x=96373ac035146271
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d8cbeb...@syzkaller.appspotmail.com
kernel config: https://syzkaller.appspot.com/x/.config?x=96373ac035146271
dashboard link: https://syzkaller.appspot.com/bug?extid=d8cbeb7028cd2950172e
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
patch: https://syzkaller.appspot.com/x/patch.diff?x=1543736f100000
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Note: testing is done by a robot and is best-effort only.
syzbot
Jul 20, 2020, 6:47:41āÆPM7/20/20
to Tetsuo Handa, penguin...@i-love.sakura.ne.jp, syzkall...@googlegroups.com
> #syz dup: general protection fault in do_con_write
Your 'dup:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Your 'dup:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Reply all
Reply to author
Forward
0 new messages