syzbot

 sign-in | mailing list | source | docs
🐞 Open [196]
🐞 Fixed [42]
🐞 Invalid [470]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: null-ptr-deref Read in snd_timer_user_read

Status: public: reported C repro on 2019/04/11 08:44
Reported-by: syzbot+a44c5c4ae5e7fa9d6986@syzkaller.appspotmail.com
First crash: 2498d, last: 2135d

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in copy_to_user arch/x86/include/asm/uaccess.h:716 [inline]
BUG: KASAN: null-ptr-deref in snd_timer_user_read+0x510/0x700 sound/core/timer.c:2006
Read of size 32 at addr           (null) by task syzkaller300733/3329

CPU: 0 PID: 3329 Comm: syzkaller300733 Not tainted 4.9.77-g9c3804b #17
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c912f9d8 ffffffff81d941c9 0000000000000000 0000000000000020
 0000000000000000 ffff8801c912fba0 ffff8801c8d4cf48 ffff8801c912fa20
 ffffffff8153df9e ffffffff82da5800 0000000000000286 4ffe2257e229b61c
Call Trace:
 [<ffffffff81d941c9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d941c9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153df9e>] kasan_report_error mm/kasan/report.c:349 [inline]
 [<ffffffff8153df9e>] kasan_report+0x15e/0x360 mm/kasan/report.c:408
 [<ffffffff8153cac7>] check_memory_region_inline mm/kasan/kasan.c:318 [inline]
 [<ffffffff8153cac7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:325
 [<ffffffff8153cb31>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:330
 [<ffffffff82da5800>] copy_to_user arch/x86/include/asm/uaccess.h:716 [inline]
 [<ffffffff82da5800>] snd_timer_user_read+0x510/0x700 sound/core/timer.c:2006
 [<ffffffff8156c5c1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff81570430>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff81570430>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff815706e4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff81570806>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81573cf7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81573cf7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838b2c2e>] entry_SYSCALL_64_fastpath+0x29/0xe8
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 3329 Comm: syzkaller300733 Tainted: G    B           4.9.77-g9c3804b #17
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c912f8f8 ffffffff81d941c9 ffffffff841970ff ffff8801c912f9d0
 0000000000000000 ffff8801c912fba0 ffff8801c8d4cf48 ffff8801c912f9c0
 ffffffff8142f3c1 0000000041b58ab3 ffffffff8418ab70 ffffffff8142f205
Call Trace:
 [<ffffffff81d941c9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d941c9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8142f3c1>] panic+0x1bc/0x3a8 kernel/panic.c:179
 [<ffffffff8153db00>] kasan_end_report+0x50/0x50 mm/kasan/report.c:176
 [<ffffffff8153dfa7>] kasan_report_error mm/kasan/report.c:356 [inline]
 [<ffffffff8153dfa7>] kasan_report+0x167/0x360 mm/kasan/report.c:408
 [<ffffffff8153cac7>] check_memory_region_inline mm/kasan/kasan.c:318 [inline]
 [<ffffffff8153cac7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:325
 [<ffffffff8153cb31>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:330
 [<ffffffff82da5800>] copy_to_user arch/x86/include/asm/uaccess.h:716 [inline]
 [<ffffffff82da5800>] snd_timer_user_read+0x510/0x700 sound/core/timer.c:2006
 [<ffffffff8156c5c1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff81570430>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff81570430>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff815706e4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff81570806>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81573cf7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81573cf7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838b2c2e>] entry_SYSCALL_64_fastpath+0x29/0xe8
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (135):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/19 16:16 https://android.googlesource.com/kernel/common android-4.9 9c3804bc9b62 161c1d64 .config console log report syz C ci-android-49-kasan-gce
2018/01/21 11:01 https://android.googlesource.com/kernel/common android-4.9 e12a9c4458ff fbbdcd92 .config console log report syz C ci-android-49-kasan-gce-386
2019/01/16 17:32 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d538790b .config console log report ci-android-49-kasan-gce
2019/01/09 12:42 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 45c0c1b1 .config console log report ci-android-49-kasan-gce
2019/01/08 04:39 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 69d69aa9 .config console log report ci-android-49-kasan-gce
2019/01/08 00:47 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 69d69aa9 .config console log report ci-android-49-kasan-gce
2019/01/02 23:31 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 06a2b89f .config console log report ci-android-49-kasan-gce
2019/01/01 03:45 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce
2018/12/18 14:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 4edaba93 .config console log report ci-android-49-kasan-gce
2019/01/06 13:44 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 94f8adb5 .config console log report ci-android-49-kasan-gce-386
2019/01/06 06:39 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53be0a37 .config console log report ci-android-49-kasan-gce-386
2019/01/05 21:23 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53be0a37 .config console log report ci-android-49-kasan-gce-386
2019/01/05 19:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53be0a37 .config console log report ci-android-49-kasan-gce-386
2019/01/04 23:56 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 0127e3ba .config console log report ci-android-49-kasan-gce-386
2019/01/04 18:20 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 0127e3ba .config console log report ci-android-49-kasan-gce-386
2019/01/04 09:39 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 7da23925 .config console log report ci-android-49-kasan-gce-386
2019/01/04 05:51 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 7da23925 .config console log report ci-android-49-kasan-gce-386
2019/01/02 10:30 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2019/01/02 06:22 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2019/01/02 05:59 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2019/01/01 22:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2019/01/01 05:48 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2019/01/01 01:14 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3d85f48c .config console log report ci-android-49-kasan-gce-386
2018/12/31 00:10 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 2b42fdc8 .config console log report ci-android-49-kasan-gce-386
2018/12/30 14:54 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 9942de5f .config console log report ci-android-49-kasan-gce-386
2018/12/30 05:48 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 35e3f847 .config console log report ci-android-49-kasan-gce-386
2018/12/29 21:18 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a40793d7 .config console log report ci-android-49-kasan-gce-386
2018/12/29 16:57 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a40793d7 .config console log report ci-android-49-kasan-gce-386
2018/12/29 07:41 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e33ad0f1 .config console log report ci-android-49-kasan-gce-386
2018/12/29 01:55 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e33ad0f1 .config console log report ci-android-49-kasan-gce-386
2018/12/27 19:33 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 43cf01dd .config console log report ci-android-49-kasan-gce-386
2018/12/26 17:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8a41a0ad .config console log report ci-android-49-kasan-gce-386
2018/12/26 02:39 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8a41a0ad .config console log report ci-android-49-kasan-gce-386
2018/12/25 19:13 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8a41a0ad .config console log report ci-android-49-kasan-gce-386
2018/12/25 14:28 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8a41a0ad .config console log report ci-android-49-kasan-gce-386
2018/12/25 11:39 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8a41a0ad .config console log report ci-android-49-kasan-gce-386
2018/12/24 14:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 be79df56 .config console log report ci-android-49-kasan-gce-386
2018/12/23 18:01 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e3bd7ab8 .config console log report ci-android-49-kasan-gce-386
2018/12/22 16:20 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e3bd7ab8 .config console log report ci-android-49-kasan-gce-386
2018/12/21 14:50 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 588075e6 .config console log report ci-android-49-kasan-gce-386
2018/12/19 12:53 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 fe2dc057 .config console log report ci-android-49-kasan-gce-386
2018/12/19 04:29 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 4edaba93 .config console log report ci-android-49-kasan-gce-386
2018/12/18 21:04 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 4edaba93 .config console log report ci-android-49-kasan-gce-386
2018/12/18 18:45 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 4edaba93 .config console log report ci-android-49-kasan-gce-386
2018/12/17 15:59 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 def91db3 .config console log report ci-android-49-kasan-gce-386
2018/12/17 05:31 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 def91db3 .config console log report ci-android-49-kasan-gce-386
2018/12/17 02:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 def91db3 .config console log report ci-android-49-kasan-gce-386
2018/12/16 22:55 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 def91db3 .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.