On Wed, Jan 29, 2020 at 3:59 PM Dmitry Vyukov dvyukov@google.com wrote:
On Wed, Jan 29, 2020 at 3:40 PM Sergey Senozhatsky sergey.senozhatsky@gmail.com wrote:
Cc-ing Dmitry and Tetsuo
Original Message-id: CAA=061EoW8AmjUrBLsJy5nTDz-1jeArLeB+z6HJuyZud0zZXug@mail.gmail.com
On (20/01/29 23:17), Sergey Senozhatsky wrote:
Hmm. There is something strange about it. I use vga console quite often, and scrolling happens all the time, yet I can't get the same out-of-bounds report (nor have I ever seen it in the past), even with the reproducer. Is it supposed to be executed as it is, or are there any preconditions? Any chance that something that runs prior to that reproducer somehow impacts the system? Just asking.
These questions were addressed to anon anon (742991625abc@gmail.com), not to Bartlomiej.
Could this be GCC_PLUGIN related?
syzkaller repros are meant to be self-contained, but they don't capture the image and VM setup (or actual hardware). I suspect it may have something to do with these bugs. syzbot has reported a bunch of similar bugs in one of our internal kernels:
KASAN: slab-out-of-bounds Read in vgacon_scroll KASAN: slab-out-of-bounds Read in vgacon_invert_region KASAN: use-after-free Write in vgacon_scroll KASAN: use-after-free Read in vgacon_scroll KASAN: use-after-free Read in vgacon_invert_region BUG: unable to handle kernel paging request in vgacon_scroll
But none on upstream kernels. That may be some difference in config? I actually don't know what affects these things. When I tried to get at least some coverage of that code in syzkaller I just understood that relations between all these tty/pty/ptmx/vt/pt/ldisc/vcs/vcsu/fb/con/dri/drm/etc are complex to say the least...
It would also be good to figure out how we can cover this on syzbot/upstream.
Our upstream config is:
$ grep VGA upstream-kasan.config CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 # CONFIG_VGA_SWITCHEROO is not set CONFIG_FB_VGA16=y CONFIG_VGASTATE=y CONFIG_VGA_CONSOLE=y CONFIG_VGACON_SOFT_SCROLLBACK=y CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 # CONFIG_VGACON_SOFT_SCROLLBACK_PERSISTENT_ENABLE_BY_DEFAULT is not set CONFIG_LOGO_LINUX_VGA16=y # CONFIG_USB_SISUSBVGA is not set # CONFIG_VFIO_PCI_VGA is not set
where anon's is: CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 # CONFIG_VGA_SWITCHEROO is not set # CONFIG_FB_VGA16 is not set CONFIG_VGA_CONSOLE=y CONFIG_VGACON_SOFT_SCROLLBACK=y CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 # CONFIG_VGACON_SOFT_SCROLLBACK_PERSISTENT_ENABLE_BY_DEFAULT is not set # CONFIG_LOGO_LINUX_VGA16 is not set # CONFIG_USB_SISUSBVGA is not set
And the one on which are catching the bugs in vgacon on internal kernel is: CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 # CONFIG_VGA_SWITCHEROO is not set # CONFIG_VGASTATE is not set CONFIG_VGA_CONSOLE=y # CONFIG_VGACON_SOFT_SCROLLBACK is not set # CONFIG_USB_SISUSBVGA is not set # CONFIG_VFIO_PCI_VGA is not set
May it be related to CONFIG_VGASTATE?