syzbot

 sign-in | mailing list | source | docs
🐞 Open [1028] Subsystems 🐞 Fixed [5274] 🐞 Invalid [12598] Missing Backports [86] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Read in insert_char

Status: closed as dup on 2020/08/16 01:43
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+7416b988c249396c5e2c@syzkaller.appspotmail.com
First crash: 1581d, last: 1453d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: general protection fault in insert_char (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
general protection fault in do_con_write C done 10703 1382d 1617d
Discussions (1)
Title Replies (including bot) Last reply
KASAN: null-ptr-deref Read in insert_char 0 (2) 2020/01/09 09:04
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: null-ptr-deref Read in insert_char C inconclusive 1 1431d 1581d 0/1 upstream: reported C repro on 2020/01/09 20:28
linux-4.19 KASAN: null-ptr-deref Read in insert_char C done 3 1396d 1591d 1/1 fixed on 2020/08/11 22:51
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2020/06/15 07:48 0m (5) bisect fix upstream error job log (0)
2020/05/16 07:28 20m bisect fix upstream job log (0) log
2020/04/16 07:09 19m bisect fix upstream job log (0) log
2020/03/16 20:38 20m bisect fix upstream job log (0) log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in memmove include/linux/string.h:395 [inline]
BUG: KASAN: null-ptr-deref in scr_memmovew include/linux/vt_buffer.h:68 [inline]
BUG: KASAN: null-ptr-deref in insert_char+0x206/0x400 drivers/tty/vt/vt.c:839
Read of size 4294967294 at addr 0000000000000010 by task syz-executor219/9746

CPU: 0 PID: 9746 Comm: syz-executor219 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 __kasan_report.cold+0x5/0x41 mm/kasan/report.c:510
 kasan_report+0x12/0x20 mm/kasan/common.c:639
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192
 memmove+0x24/0x50 mm/kasan/common.c:116
 memmove include/linux/string.h:395 [inline]
 scr_memmovew include/linux/vt_buffer.h:68 [inline]
 insert_char+0x206/0x400 drivers/tty/vt/vt.c:839
 csi_at drivers/tty/vt/vt.c:1964 [inline]
 do_con_trol+0x41a6/0x61b0 drivers/tty/vt/vt.c:2431
 do_con_write.part.0+0xfd9/0x1ef0 drivers/tty/vt/vt.c:2797
 do_con_write drivers/tty/vt/vt.c:2565 [inline]
 con_write+0x46/0xd0 drivers/tty/vt/vt.c:3135
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x40e/0x1080 drivers/tty/n_tty.c:2333
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x496/0x7f0 drivers/tty/tty_io.c:1046
 __vfs_write+0x8a/0x110 fs/read_write.c:494
 vfs_write+0x268/0x5d0 fs/read_write.c:558
 ksys_write+0x14f/0x290 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write fs/read_write.c:620 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:620
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4404f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcaea1f808 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9
RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0
R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
==================================================================

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/09 15:31 upstream b07f636fca1c ddc3e859 .config console log report syz C ci-upstream-kasan-gce-root
2020/01/09 09:43 upstream b07f636fca1c ddc3e859 .config console log report syz C ci-upstream-kasan-gce
2020/01/09 09:04 upstream b07f636fca1c ddc3e859 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/01/09 09:43 upstream b07f636fca1c ddc3e859 .config console log report syz C ci-upstream-kasan-gce-386
2020/01/15 10:50 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/15 10:18 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/15 10:05 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/15 09:57 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/09 07:07 upstream b07f636fca1c ddc3e859 .config console log report ci-upstream-kasan-gce-selinux-root
2020/01/12 03:55 upstream ac61145a725a 4c04afaa .config console log report ci-upstream-kasan-gce-386
2020/01/11 12:17 upstream bef1d88263ff 4c04afaa .config console log report ci-upstream-kasan-gce-386
2020/02/09 07:49 linux-next 6dff1565d69c 06150bf1 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.