[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAAeHK+ym5BSmfaC1OXcFpyp3zighVU-dyW-bRRMCJdx6DjdjHg@mail.gmail.com>
Date: Thu, 8 Jun 2017 17:49:23 +0200
From: Andrey Konovalov <andreyknvl@...gle.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: 文羊 <lastingyang@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jslaby@...e.com>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>
Subject: Re: found "kernel panic: Couldn't open N_TTY ldisc for ptm0 --- error
-12. " with syzkaller
On Tue, Jun 6, 2017 at 9:01 AM, 'Dmitry Vyukov' via syzkaller
<syzkaller@...glegroups.com> wrote:
> On Tue, Jun 6, 2017 at 8:56 AM, 文羊 <lastingyang@...il.com> wrote:
>>
>> Hello all!
>>
>> I've got the following error report while fuzzing the kernel with syzkaller.
>>
>> On commit ba7b2387ad239a519041f2a2d35a1902bdd03dfb (v4.12-rc4).
>
> Hi,
>
> This is a known bug.
> See:
> https://groups.google.com/forum/#!msg/syzkaller/ty5IhaYWVp8/aTN_hZ8qBQAJ
> and this (whole thread):
> http://lists-archives.com/linux-kernel/28809064-tty-serial-driver-fixes-for-4-11-rc4.html
Is this supposed to be fixed then?
I still hit that on 4.12-rc4.
>
>
>> Crashes:
>> DescriptionCountLast TimeReport
>> kernel panic: Couldn't open N_TTY ldisc for ptm0 --- error -12.1Jun 06 2017 13:39:12 CSThas repro
>> kernel panic: Couldn't open N_TTY ldisc for ptm1 --- error -12.3Jun 06 2017 14:37:30 CSThas repro
>>
>> ==========================================================================
>>
>> Syzkaller hit 'kernel panic: Couldn't open N_TTY ldisc for ptm0 --- error -12.' bug on commit .
>>
>> Kernel panic - not syncing: Couldn't open N_TTY ldisc for ptm0 --- error -12.
>> CPU: 0 PID: 6160 Comm: syz-executor3 Not tainted 4.12.0-rc4+ #6
>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
>> Call Trace:
>> __dump_stack lib/dump_stack.c:16 [inline]
>> dump_stack+0xdc/0x155 lib/dump_stack.c:52
>> panic+0x165/0x327 kernel/panic.c:180
>> tty_ldisc_restore drivers/tty/tty_ldisc.c:523 [inline]
>> tty_set_ldisc+0x42e/0x480 drivers/tty/tty_ldisc.c:582
>> tiocsetd drivers/tty/tty_io.c:2166 [inline]
>> tty_ioctl+0x7ff/0x1020 drivers/tty/tty_io.c:2410
>> vfs_ioctl fs/ioctl.c:45 [inline]
>> do_vfs_ioctl+0x153/0xcc0 fs/ioctl.c:685
>> SYSC_ioctl fs/ioctl.c:700 [inline]
>> SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
>> entry_SYSCALL_64_fastpath+0x1a/0xa5
>> RIP: 0033:0x44fb79
>> RSP: 002b:00007f86205dfb58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
>> RAX: ffffffffffffffda RBX: 00000000007080a8 RCX: 000000000044fb79
>> RDX: 000000002000cffc RSI: 0000000000005423 RDI: 0000000000000005
>> RBP: 0000000000000450 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff
>> R13: 0000000000000005 R14: 0000000000080000 R15: 0000000000000000
>> Dumping ftrace buffer:
>> (ftrace buffer empty)
>> Kernel Offset: disabled
>> Rebooting in 86400 seconds..
>>
>>
>> Syzkaller reproducer:
>> # {Threaded:true Collide:false Repeat:true Procs:4 Sandbox:setuid Repro:false}
>> mmap(&(0x7f0000000000/0xe000)=nil, (0xe000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
>> r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002000-0xa)="2f6465762f70746d7800", 0x0, 0x0)
>> ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f000000a000)=0x1)
>> getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f000000b000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc)
>> ioctl$TIOCSETD(r0, 0x5423, &(0x7f000000d000-0x4)=0x2)
>>
>> ==========================================================================
>>
>> Syzkaller hit 'kernel panic: Couldn't open N_TTY ldisc for ptm1 --- error -12.' bug on commit .
>>
>> Kernel panic - not syncing: Couldn't open N_TTY ldisc for ptm1 --- error -12.
>> CPU: 3 PID: 15596 Comm: syz-executor2 Not tainted 4.12.0-rc4+ #6
>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
>> Call Trace:
>> __dump_stack lib/dump_stack.c:16 [inline]
>> dump_stack+0xdc/0x155 lib/dump_stack.c:52
>> panic+0x165/0x327 kernel/panic.c:180
>> tty_ldisc_restore drivers/tty/tty_ldisc.c:523 [inline]
>> tty_set_ldisc+0x42e/0x480 drivers/tty/tty_ldisc.c:582
>> tiocsetd drivers/tty/tty_io.c:2166 [inline]
>> tty_ioctl+0x7ff/0x1020 drivers/tty/tty_io.c:2410
>> vfs_ioctl fs/ioctl.c:45 [inline]
>> do_vfs_ioctl+0x153/0xcc0 fs/ioctl.c:685
>> SYSC_ioctl fs/ioctl.c:700 [inline]
>> SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
>> entry_SYSCALL_64_fastpath+0x1a/0xa5
>> RIP: 0033:0x44fb79
>> RSP: 002b:00007fa8f34d3b58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
>> RAX: ffffffffffffffda RBX: 00007fa8f34d4700 RCX: 000000000044fb79
>> RDX: 000000002000cffc RSI: 0000000000005423 RDI: 0000000000000019
>> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
>> R13: 00007ffcdd5dd48f R14: 00007fa8f34d49c0 R15: 0000000000000000
>> Dumping ftrace buffer:
>> (ftrace buffer empty)
>> Kernel Offset: disabled
>> Rebooting in 86400 seconds..
>>
>>
>> Syzkaller reproducer:
>> # {Threaded:true Collide:true Repeat:true Procs:1 Sandbox:setuid Repro:false}
>> mmap(&(0x7f0000000000/0xe000)=nil, (0xe000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
>> r0 = creat(&(0x7f0000001000)="2e2f66696c653000", 0x10)
>> msync(&(0x7f0000004000/0x1000)=nil, (0x1000), 0x1)
>> pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff, 0xffffffffffffffff}, 0x80000)
>> ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000001000-0x4)=0x0)
>> getegid()
>> splice(r1, 0x0, r0, 0x0, 0x6, 0x3)
>> setsockopt$SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000004000)=0x80000000, 0x4)
>> r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002000-0xa)="2f6465762f70746d7800", 0x0, 0x0)
>> ioctl$TCSETAW(r2, 0x5402, &(0x7f0000008000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x7, 0x3})
>> openat$mixer(0xffffffffffffff9c, &(0x7f000000b000-0xb)="2f6465762f6d6978657200", 0x1, 0x0)
>> ioctl$TCXONC(r2, 0x540a, 0x6)
>> capget(&(0x7f000000c000-0x8)={0x19980330, 0x0}, &(0x7f000000c000-0x18)={0xa, 0x7fff, 0xffffffffffffffc1, 0x10000, 0x9, 0x6})
>> ioctl$TIOCSETD(r2, 0x5423, &(0x7f000000d000-0x4)=0x2)
>>
>> ==========================================================================
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups "syzkaller" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Powered by blists - more mailing lists