syzbot

 sign-in | mailing list | source | docs
🐞 Open [1492]
Subsystems
🐞 Fixed [6693]
🐞 Invalid [17162]
Missing Backports [216]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: user-memory-access Write in n_tty_set_termios

Status: fixed on 2019/01/15 20:25
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+3aa9784721dfb90e984d@syzkaller.appspotmail.com
Fix commit: 83d817f41070 tty: Hold tty_ldisc_lock() during tty_reopen()
First crash: 2770d, last: 2499d
Duplicate bugs (3)
duplicates (3):
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
general protection fault in n_tty_set_termios serial 2 C 13 2520d 2740d 0/29 closed as dup on 2018/05/01 10:15
general protection fault in n_tty_flush_buffer serial 2 C 11 2537d 2723d 0/29 closed as dup on 2018/05/17 10:46
general protection fault in n_tty_receive_buf_common serial 2 48 2543d 2925d 0/29 closed as dup on 2018/07/17 10:20
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 4.19 00/99] 4.19.17-stable review 109 (109) 2019/04/22 19:40
[PATCH 4.14 00/59] 4.14.95-stable review 65 (65) 2019/01/23 12:55
[PATCH 4.9 00/51] 4.9.152-stable review 56 (56) 2019/01/23 09:06
[PATCH 4.20 000/111] 4.20.4-stable review 120 (120) 2019/01/23 06:43
[PATCHv6 0/7] tty: Hold write ldisc sem in tty_reopen() 12 (12) 2018/12/07 15:23
[PATCHv5 0/7] tty: Hold write ldisc sem in tty_reopen() 23 (23) 2018/10/15 13:37
[PATCHv4 0/7] tty: Hold write ldisc sem in tty_reopen() 10 (10) 2018/09/14 15:56
[PATCHv3 0/6] tty: Hold write ldisc sem in tty_reopen() 24 (24) 2018/09/11 15:04
[PATCH 0/4] tty: Hold write ldisc sem in tty_reopen() 30 (30) 2018/09/10 18:50
[PATCHv2 0/4] tty: Hold write ldisc sem in tty_reopen() 11 (11) 2018/09/04 09:03
[PATCH] n_tty: Protect tty->disc_data using refcount. 7 (7) 2018/08/29 15:02
KASAN: user-memory-access Write in n_tty_set_termios 2 (3) 2018/04/06 10:06
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 KASAN: user-memory-access Write in n_tty_set_termios 23 syz 24 2483d 2395d 0/1 public: reported syz repro on 2019/04/10 16:04
android-49 KASAN: user-memory-access Write in n_tty_set_termios 23 C 10 2504d 2393d 0/3 public: reported C repro on 2019/04/13 00:00

Sample crash report:
==================================================================
BUG: KASAN: user-memory-access in memset include/linux/string.h:330 [inline]
BUG: KASAN: user-memory-access in bitmap_zero include/linux/bitmap.h:216 [inline]
BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80 drivers/tty/n_tty.c:1784
Write of size 512 at addr 0000000000001060 by task syz-executor795/20053

CPU: 0 PID: 20053 Comm: syz-executor795 Not tainted 4.19.0-rc8+ #75
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b6 lib/dump_stack.c:113
 kasan_report_error mm/kasan/report.c:352 [inline]
 kasan_report.cold.9+0x6d/0x309 mm/kasan/report.c:412
 check_memory_region_inline mm/kasan/kasan.c:260 [inline]
 check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
 memset+0x23/0x40 mm/kasan/kasan.c:285
 memset include/linux/string.h:330 [inline]
 bitmap_zero include/linux/bitmap.h:216 [inline]
 n_tty_set_termios+0x106/0xe80 drivers/tty/n_tty.c:1784
 tty_set_termios+0x7a0/0xac0 drivers/tty/tty_ioctl.c:341
 set_termios+0x41e/0x7d0 drivers/tty/tty_ioctl.c:414
 tty_mode_ioctl+0x857/0xb40 drivers/tty/tty_ioctl.c:749
 n_tty_ioctl_helper+0x54/0x3b0 drivers/tty/tty_ioctl.c:940
 n_tty_ioctl+0x54/0x360 drivers/tty/n_tty.c:2450
 tty_ioctl+0x5ad/0x1820 drivers/tty/tty_io.c:2660
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446aa9
Code: e8 bc b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f666e8a6da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446aa9
RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000007
RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 6d74702f7665642f R14: 6c756e2f7665642f R15: 00000000006dcd2c
==================================================================

Crashes (85):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/10/22 02:20 upstream 467e050e9760 ecb386fe .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/05/20 02:16 upstream 0b449a441dac f48c20b8 .config console log report syz C ci-upstream-kasan-gce-root
2018/05/19 15:46 upstream 73fcb1a370c7 849705db .config console log report syz C ci-upstream-kasan-gce-root
2018/04/29 02:07 upstream bf8f5de17442 d5a5d045 .config console log report syz C ci-upstream-kasan-gce-root
2018/04/01 03:47 upstream 10b84daddbec 0174c6c8 .config console log report syz C ci-upstream-kasan-gce-root
2018/12/28 04:06 upstream b71acb0e3721 af317504 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/12/27 07:55 upstream eed9688f8513 e747ec98 .config console log report syz ci-upstream-kasan-gce-root
2018/12/27 07:23 upstream eed9688f8513 e747ec98 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/11/28 14:12 upstream ef78e5ec9214 4b6d14f2 .config console log report syz ci-upstream-kasan-gce-root
2018/11/28 07:55 upstream ef78e5ec9214 4b6d14f2 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/11/28 07:18 upstream ef78e5ec9214 4b6d14f2 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/11/25 00:00 upstream 7c98a4261827 ecc7c870 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/11/24 22:34 upstream 7c98a4261827 ecc7c870 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/11/18 04:10 upstream 1ce80e0fe98e adf636a8 .config console log report syz ci-upstream-kasan-gce-root
2018/11/17 23:26 upstream 1ce80e0fe98e adf636a8 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/11/17 22:40 upstream 1ce80e0fe98e adf636a8 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/11/14 10:01 upstream ccda4af0f4b9 5f5f6d14 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/11/14 07:36 upstream ccda4af0f4b9 5f5f6d14 .config console log report syz ci-upstream-kasan-gce-root
2018/11/14 07:30 upstream ccda4af0f4b9 5f5f6d14 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/10/23 01:17 upstream 84df9525b0c2 ecb386fe .config console log report syz ci-upstream-kasan-gce-root
2018/10/22 16:27 upstream 84df9525b0c2 ecb386fe .config console log report syz ci-upstream-kasan-gce-smack-root
2018/09/22 18:09 upstream 10dc890d4228 37079712 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/09/03 12:32 upstream 60c1f89241d4 a4718693 .config console log report syz ci-upstream-kasan-gce-root
2018/09/03 10:48 upstream 60c1f89241d4 a4718693 .config console log report syz ci-upstream-kasan-gce-root
2018/09/02 21:45 upstream 899ba79553cf a4718693 .config console log report syz ci-upstream-kasan-gce-root
2018/11/28 13:19 linux-next 442b8cea2477 4b6d14f2 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/11/24 22:12 linux-next 442b8cea2477 ecc7c870 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/11/18 01:34 linux-next 442b8cea2477 adf636a8 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/11/14 12:47 linux-next 442b8cea2477 5f5f6d14 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/22 10:22 linux-next 8c60c36d0b8c ecb386fe .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/09/03 11:00 linux-next dceb9092b16b a4718693 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/09/03 08:29 linux-next dceb9092b16b a4718693 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/09/02 21:46 linux-next a880148cb2af a4718693 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/12/16 15:19 upstream 6531e115b7ab def91db3 .config console log report ci-upstream-kasan-gce-root
2018/11/16 11:52 upstream da5322e65940 f5e275d1 .config console log report ci-upstream-kasan-gce-selinux-root
2018/11/12 07:21 upstream e12e00e388de 7b5f8621 .config console log report ci-upstream-kasan-gce-smack-root
2018/09/03 21:47 upstream 60c1f89241d4 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/08/14 00:46 upstream 7796916146b8 7a88b141 .config console log report ci-upstream-kasan-gce-root
2018/08/13 22:09 upstream 94710cac0ef4 7a88b141 .config console log report ci-upstream-kasan-gce-root
2018/08/01 19:11 upstream 44960f2a7b63 0a7cf4ec .config console log report ci-upstream-kasan-gce-root
2018/08/01 11:34 upstream c1d61e7fe376 1477993e .config console log report ci-upstream-kasan-gce-root
2018/07/29 02:38 upstream dd63bf22fccd ebf656d7 .config console log report ci-upstream-kasan-gce-root
2018/07/28 10:59 upstream 864af0d40cdc ebf656d7 .config console log report ci-upstream-kasan-gce-root
2018/07/27 03:25 upstream cd3f77d74ac3 375a3e31 .config console log report ci-upstream-kasan-gce-root
2018/07/24 04:17 upstream d72e90f33aa4 912c93d7 .config console log report ci-upstream-kasan-gce-root
2018/07/23 13:19 upstream d72e90f33aa4 f69c5fcd .config console log report ci-upstream-kasan-gce-root
2018/07/11 02:45 upstream 30c2c32d7f70 2e0e3130 .config console log report ci-upstream-kasan-gce-root
2018/06/30 13:37 upstream 1904148a361a dba0b50e .config console log report ci-upstream-kasan-gce-root
2018/06/28 16:40 upstream f57494321cbf dba0b50e .config console log report ci-upstream-kasan-gce-root
2018/06/20 13:04 upstream 81e97f01371f 095ef806 .config console log report ci-upstream-kasan-gce-root
2018/06/17 19:37 upstream ce397d215ccd 27c5f59f .config console log report ci-upstream-kasan-gce-root
2018/06/17 01:27 upstream 35773c93817c 27c5f59f .config console log report ci-upstream-kasan-gce-root
2018/06/16 13:44 upstream 9215310cf13b 27c5f59f .config console log report ci-upstream-kasan-gce-root
2018/05/29 05:24 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/29 04:51 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/29 01:15 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/28 19:55 upstream b04e217704b7 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/28 19:34 upstream b04e217704b7 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/27 07:30 upstream 7fbb6157630f f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/23 16:45 upstream a048a07d7f45 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/23 02:21 upstream a048a07d7f45 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/21 08:55 upstream 771c577c23ba f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/20 03:41 upstream 0b449a441dac f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/14 04:07 upstream 66e1c94db3cd 481f030c .config console log report ci-upstream-kasan-gce-root
2018/04/01 03:31 upstream 10b84daddbec 0174c6c8 .config console log report ci-upstream-kasan-gce-root
2018/12/06 17:05 linux-next 442b8cea2477 3ab38479 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/11/19 19:24 linux-next 442b8cea2477 adf636a8 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/07 08:39 linux-next 12ffaa1197f5 8b311eaf .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/05 15:30 linux-next f2b6e66e9885 196410e4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/17 08:36 linux-next d7857ae43dcc 9ccc1d45 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/08 06:42 linux-next 2b769bb85b48 1beb8136 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/04 22:08 linux-next 116b181bb646 3476a2df .config console log report ci-upstream-linux-next-kasan-gce-root
2018/07/27 14:52 linux-next d1e0b8e0cb7a 788351b1 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/07/23 16:53 linux-next 89cf55353308 f69c5fcd .config console log report ci-upstream-linux-next-kasan-gce-root
2018/07/20 11:21 linux-next 89cf55353308 49f35839 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/07/18 17:19 linux-next 0b742fe187f7 809256c3 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.