syzbot


general protection fault in do_con_write

Status: fixed on 2020/09/16 22:51
Reported-by: syzbot+017265e8553724e514e8@syzkaller.appspotmail.com
Fix commit: ce684552a266 vt: Reject zero-sized screen buffer size.
First crash: 933d, last: 698d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: no output from test machine (log)
Repro: C syz .config
duplicates (15):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: user-memory-access Read in do_con_write (2) 1 726d 725d 0/22 closed as dup on 2020/07/20 22:50
KASAN: null-ptr-deref Read in insert_char C done error 12 769d 897d 0/22 closed as dup on 2020/08/16 01:43
BUG: unable to handle kernel paging request in insert_char C inconclusive done 173 728d 926d 0/22 closed as dup on 2020/07/27 22:45
KASAN: wild-memory-access Read in insert_char C done 3 699d 927d 0/22 closed as dup on 2020/08/16 01:41
KASAN: user-memory-access Read in do_con_trol 3 779d 777d 0/22 closed as dup on 2020/07/20 22:48
KASAN: user-memory-access Read in insert_char C done error 12 787d 927d 0/22 closed as dup on 2020/08/16 01:40
BUG: unable to handle kernel paging request in csi_J C done error 11 772d 898d 0/22 closed as dup on 2020/08/16 01:38
divide error in fbcon_switch C inconclusive done 326 729d 934d 0/22 closed as dup on 2020/07/27 22:47
KASAN: null-ptr-deref Read in do_con_trol C done error 6 799d 862d 0/22 closed as dup on 2020/07/20 22:49
KASAN: null-ptr-deref Read in do_con_write C done error 1 799d 862d 0/22 closed as dup on 2020/07/20 22:51
general protection fault in fbcon_cursor C done 53 699d 924d 0/22 closed as dup on 2020/07/27 23:02
kernel panic: Fatal exception (2) C done 11 671d 699d 0/22 closed as dup on 2020/07/26 02:43
BUG: unable to handle kernel paging request in do_con_write C done 44 706d 890d 0/22 closed as dup on 2020/07/20 22:47
general protection fault in redraw_screen C done error 4 795d 863d 0/22 closed as dup on 2020/08/16 01:19
BUG: unable to handle kernel paging request in do_con_trol C done 98 730d 928d 0/22 closed as dup on 2020/07/20 22:52
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in do_con_write C error 3499 150d 934d 0/1 upstream: reported C repro on 2019/12/03 10:33
linux-4.19 general protection fault in do_con_write C done 3008 695d 934d 1/1 fixed on 2020/09/01 18:34
Patch testing requests:
Created Duration User Patch Repo Result
2020/07/11 00:13 17m penguin-kernel@i-love.sakura.ne.jp patch upstream OK
2020/07/10 10:40 6m penguin-kernel@i-love.sakura.ne.jp patch upstream error
2020/07/09 00:14 0m penguin-kernel@i-love.sakura.ne.jp patch upstream error
2020/07/07 12:39 12m penguin-kernel@i-love.sakura.ne.jp patch upstream report log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0020000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000100000008-0x000000010000000f]
CPU: 0 PID: 6809 Comm: syz-executor114 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:do_con_write+0x979/0x7400 drivers/tty/vt/vt.c:2786
Code: a4 24 ca 00 00 00 44 01 e5 e8 33 19 86 fd 48 8b 44 24 50 80 38 00 0f 85 28 27 00 00 4d 8b a6 f0 03 00 00 4c 89 e0 48 c1 e8 03 <0f> b6 14 18 4c 89 e0 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 13
RSP: 0018:ffffc900015b7a10 EFLAGS: 00010203
RAX: 0000000020000001 RBX: dffffc0000000000 RCX: ffffffff83ed9dea
RDX: ffff8880a6670340 RSI: ffffffff83ed9e2d RDI: 0000000000000003
RBP: 00000000000007fe R08: ffffffff83ec9ab0 R09: ffff8880a6670c08
R10: 0000000000000000 R11: 0000000000000000 R12: 000000010000000c
R13: 0000000000000000 R14: ffff8880a0fc2000 R15: ffff8880a0fc23dc
FS:  00000000019e2880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004553a0 CR3: 00000000a719c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3159
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x3ce/0xf80 drivers/tty/n_tty.c:2333
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x4d9/0x870 drivers/tty/tty_io.c:1046
 __vfs_write+0x76/0x100 fs/read_write.c:495
 vfs_write+0x268/0x5d0 fs/read_write.c:559
 ksys_write+0x12d/0x250 fs/read_write.c:612
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440459
Code: Bad RIP value.
RSP: 002b:00007fff90c82ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440459
RDX: 0000000000001006 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 00000000006cb018 R08: 000000000000000e R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401d40
R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 6919ddc96f69345e ]---
RIP: 0010:do_con_write+0x979/0x7400 drivers/tty/vt/vt.c:2786
Code: a4 24 ca 00 00 00 44 01 e5 e8 33 19 86 fd 48 8b 44 24 50 80 38 00 0f 85 28 27 00 00 4d 8b a6 f0 03 00 00 4c 89 e0 48 c1 e8 03 <0f> b6 14 18 4c 89 e0 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 13
RSP: 0018:ffffc900015b7a10 EFLAGS: 00010203
RAX: 0000000020000001 RBX: dffffc0000000000 RCX: ffffffff83ed9dea
RDX: ffff8880a6670340 RSI: ffffffff83ed9e2d RDI: 0000000000000003
RBP: 00000000000007fe R08: ffffffff83ec9ab0 R09: ffff8880a6670c08
R10: 0000000000000000 R11: 0000000000000000 R12: 000000010000000c
R13: 0000000000000000 R14: ffff8880a0fc2000 R15: ffff8880a0fc23dc
FS:  00000000019e2880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004553a0 CR3: 00000000a719c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (10703):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/07/04 05:21 upstream 7cc2a8ea1048 51095195 .config log report syz C
ci-upstream-kasan-gce-root 2020/07/03 19:49 upstream cd77006e01b3 bed10395 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/07/03 19:01 upstream cd77006e01b3 bed10395 .config log report syz C
ci-upstream-kasan-gce 2020/07/03 17:42 upstream cd77006e01b3 bed10395 .config log report syz C
ci-upstream-kasan-gce-root 2020/06/10 20:36 upstream 7ae77150d94d a6f7998d .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/06/10 19:28 upstream 7ae77150d94d a6f7998d .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/05/03 23:16 upstream 262f7a6b8317 58ae5e18 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/05/03 13:50 upstream f66ed1ebbfde 5457883a .config log report syz C
ci-upstream-kasan-gce-root 2020/05/02 06:24 upstream 052c467cb587 bc734e7a .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/02/19 11:08 upstream 0a44cac81050 135c18aa .config log report syz C
ci-upstream-kasan-gce-root 2020/02/17 19:49 upstream 11a48a5a18c6 2b411596 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/02/16 14:37 upstream db70e26e33ee cf914200 .config log report syz C
ci-upstream-kasan-gce 2020/02/16 12:44 upstream db70e26e33ee cf914200 .config log report syz C
ci-upstream-kasan-gce-root 2020/01/28 06:51 upstream d5226fa6dbae 56cd6c9b .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/01/28 05:42 upstream a5b871c91d47 56cd6c9b .config log report syz C
ci-upstream-kasan-gce-root 2020/01/26 09:02 upstream 2821e26f3a0a f4e7270e .config log report syz C
ci-upstream-kasan-gce 2020/01/26 02:37 upstream 2821e26f3a0a f4e7270e .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/01/25 22:55 upstream d5d359b0ac3f 2e95ab33 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/01/24 15:35 upstream 4703d9119972 2e95ab33 .config log report syz C
ci-upstream-kasan-gce 2020/01/24 12:10 upstream 4703d9119972 2e95ab33 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2019/12/04 06:11 upstream 76bb8b05960c ae13a849 .config log report syz C
ci-upstream-kasan-gce-root 2019/12/04 05:44 upstream 76bb8b05960c ae13a849 .config log report syz C
ci-upstream-kasan-gce-386 2020/07/03 16:08 upstream cd77006e01b3 bed10395 .config log report syz C
ci-upstream-kasan-gce-386 2020/04/16 04:55 upstream 00086336a8d9 3f3c5574 .config log report syz C
ci-upstream-kasan-gce-386 2020/02/16 06:10 upstream 829e69446995 5d7b90f1 .config log report syz C
ci-upstream-kasan-gce-386 2020/01/26 05:59 upstream 2821e26f3a0a f4e7270e .config log report syz C
ci-upstream-kasan-gce-386 2020/01/24 12:03 upstream 4703d9119972 2e95ab33 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/07/04 02:12 linux-next 9e50b94b3eb0 51095195 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/06/10 19:52 linux-next e7b08814b16b a6f7998d .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/05/04 00:50 linux-next ac935d227366 58ae5e18 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/03/01 14:48 linux-next c99b17ac0399 c88c7b75 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/02/13 08:43 linux-next 51d5d207918d 84f4fc8a .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/02/11 18:03 linux-next ac431e2d7b1b 4d1ab643 .config log report syz C
ci-upstream-kasan-gce 2020/07/26 12:43 upstream 04300d66f0a0 51265195 .config log report
ci-upstream-kasan-gce-root 2020/07/26 12:21 upstream 04300d66f0a0 51265195 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/26 11:14 upstream 04300d66f0a0 51265195 .config log report
ci-upstream-kasan-gce-root 2020/07/26 05:56 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce-root 2020/07/25 22:05 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce 2020/07/25 17:40 upstream 68845a55c31b 1f7cc1ca .config log report
ci-upstream-kasan-gce-root 2020/07/25 07:31 upstream 68845a55c31b 1f7cc1ca .config log report
ci-upstream-kasan-gce 2020/07/25 06:08 upstream 68845a55c31b 554af388 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/24 19:34 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce 2020/07/24 17:23 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/24 16:07 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce 2020/07/24 15:02 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce 2020/07/24 13:15 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce-root 2020/07/24 12:14 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/24 10:31 upstream f37e99aca03f 70c104a1 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/24 09:30 upstream f37e99aca03f 70c104a1 .config log report
ci-upstream-kasan-gce 2020/07/24 07:07 upstream d15be546031c 70c104a1 .config log report
ci-upstream-kasan-gce 2020/07/24 01:56 upstream d15be546031c 70c104a1 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/23 17:58 upstream d15be546031c 70c104a1 .config log report
ci-upstream-kasan-gce 2020/07/23 16:44 upstream d15be546031c 340ea530 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/23 12:53 upstream d15be546031c 340ea530 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/23 11:48 upstream d15be546031c 340ea530 .config log report
ci-upstream-kasan-gce-root 2020/07/22 21:07 upstream 8c26c87b0532 128cd85f .config log report
ci-upstream-kasan-gce 2020/07/22 11:59 upstream 4fa640dc5230 128cd85f .config log report
ci-upstream-kasan-gce 2020/07/22 08:05 upstream 4fa640dc5230 128cd85f .config log report
ci-upstream-kasan-gce-root 2020/07/22 04:54 upstream 4fa640dc5230 21f1765e .config log report
ci-upstream-kasan-gce 2020/07/21 21:56 upstream 4fa640dc5230 21f1765e .config log report
ci-upstream-kasan-gce-smack-root 2020/07/21 16:31 upstream 4fa640dc5230 21f1765e .config log report
ci-upstream-kasan-gce-smack-root 2020/07/21 03:44 upstream 4fa640dc5230 d88894e6 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/21 02:08 upstream 5714ee50bb43 4285ffa3 .config log report
ci-upstream-kasan-gce 2020/07/21 00:16 upstream 5714ee50bb43 4285ffa3 .config log report
ci-upstream-kasan-gce 2020/07/20 22:34 upstream 5714ee50bb43 4285ffa3 .config log report
ci-upstream-kasan-gce-386 2020/07/26 09:35 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce-386 2020/07/26 07:07 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce-386 2020/07/26 00:47 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce-386 2020/07/24 22:10 upstream f37e99aca03f 554af388 .config log report
ci-upstream-kasan-gce-386 2020/07/24 04:26 upstream d15be546031c 70c104a1 .config log report
ci-upstream-kasan-gce-386 2020/07/23 13:57 upstream d15be546031c 340ea530 .config log report
ci-upstream-kasan-gce-386 2020/07/23 09:50 upstream 8c26c87b0532 340ea530 .config log report
ci-upstream-kasan-gce-386 2020/07/23 01:33 upstream 8c26c87b0532 340ea530 .config log report
ci-upstream-kasan-gce-386 2020/07/22 23:52 upstream 8c26c87b0532 340ea530 .config log report
ci-upstream-kasan-gce-386 2020/07/22 22:22 upstream 8c26c87b0532 340ea530 .config log report
ci-upstream-kasan-gce-386 2020/07/22 01:55 upstream 4fa640dc5230 21f1765e .config log report
ci-upstream-kasan-gce-386 2020/07/21 18:31 upstream 4fa640dc5230 21f1765e .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/22 07:05 linux-next de2e69cfe54a 128cd85f .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/21 17:20 linux-next de2e69cfe54a 21f1765e .config log report