syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap

Status: fixed on 2019/08/05 13:45
Subsystems: usb media
[Documentation on labels]
Reported-by: syzbot+66010012fd4c531a1a96@syzkaller.appspotmail.com
Fix commit: 5d2e73a5f80a media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
First crash: 1826d, last: 1733d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.4 00/76] 4.4.211-stable review 81 (81) 2020/01/22 20:52
[PATCH 4.9 00/97] 4.9.211-stable review 102 (102) 2020/01/22 20:52
[PATCH 4.14 00/71] 4.14.166-stable review 76 (76) 2020/01/17 16:06
[PATCH 4.19 00/84] 4.19.97-stable review 89 (89) 2020/01/17 16:06
[PATCH 3.16 00/25] 3.16.77-rc1 review 28 (28) 2019/11/13 18:31
[PATCH 5.2 000/413] 5.2.3-stable review 444 (444) 2019/08/05 12:40
[PATCH 5.1 000/371] 5.1.20-stable review 384 (384) 2019/07/26 12:24
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it 267 (267) 2019/07/24 03:35
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it 219 (219) 2019/07/15 14:03
[PATCH] media:usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap 4 (4) 2019/05/22 08:36
KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap 0 (1) 2019/04/29 12:06

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 include/linux/compiler.h:275
Read of size 1 at addr 0000000000000000 by task v4l_id/1757

CPU: 1 PID: 1757 Comm: v4l_id Not tainted 5.2.0-rc6+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 __kasan_report.cold+0x5/0x32 mm/kasan/report.c:321
 kasan_report+0xe/0x20 mm/kasan/common.c:614
 read_word_at_a_time+0xe/0x20 include/linux/compiler.h:275
 strscpy+0x8a/0x280 lib/string.c:207
 zr364xx_vidioc_querycap+0xb0/0x210 drivers/media/usb/zr364xx/zr364xx.c:697
 v4l_querycap+0x121/0x340 drivers/media/v4l2-core/v4l2-ioctl.c:1058
 __video_do_ioctl+0x5b0/0xb30 drivers/media/v4l2-core/v4l2-ioctl.c:2871
 video_usercopy+0x446/0xee0 drivers/media/v4l2-core/v4l2-ioctl.c:3053
 v4l2_ioctl+0x147/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:360
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xcda/0x12e0 fs/ioctl.c:696
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
 do_syscall_64+0xb7/0x560 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fc3b802e347
Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64
RSP: 002b:00007ffc04c6eb48 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc3b802e347
RDX: 00007ffc04c6eb50 RSI: 0000000080685600 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000400884
R13: 00007ffc04c6eca0 R14: 0000000000000000 R15: 0000000000000000
==================================================================

Crashes (76):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/11 22:17 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 186a30b9 .config console log report syz C ci2-upstream-usb
2019/07/10 20:06 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/09 15:48 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/01 16:55 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 907bf746 .config console log report syz C ci2-upstream-usb
2019/06/30 06:05 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/29 16:53 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/28 20:50 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/28 13:47 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/27 17:13 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/12 18:41 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 794a1ad7 .config console log report syz C ci2-upstream-usb
2019/06/09 10:57 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 0159583c .config console log report syz C ci2-upstream-usb
2019/06/08 05:29 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f cf9c3a50 .config console log report syz C ci2-upstream-usb
2019/06/03 19:42 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 63bf051f .config console log report syz C ci2-upstream-usb
2019/04/30 19:57 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 618456b4 .config console log report syz C ci2-upstream-usb
2019/04/27 21:21 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce b617407b .config console log report syz C ci2-upstream-usb
2019/07/29 06:29 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 01:52 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 17:38 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/27 22:07 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/27 09:49 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/24 23:12 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 32329ceb .config console log report ci2-upstream-usb
2019/07/24 03:00 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 de453f34 .config console log report ci2-upstream-usb
2019/07/23 22:15 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 de453f34 .config console log report ci2-upstream-usb
2019/07/23 13:16 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 bb071d58 .config console log report ci2-upstream-usb
2019/07/23 04:37 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 55e0c077 .config console log report ci2-upstream-usb
2019/07/23 00:05 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 55e0c077 .config console log report ci2-upstream-usb
2019/07/22 20:17 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 55e0c077 .config console log report ci2-upstream-usb
2019/07/22 09:36 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 b3c615f5 .config console log report ci2-upstream-usb
2019/07/21 14:50 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 1656845f .config console log report ci2-upstream-usb
2019/07/20 21:39 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 1656845f .config console log report ci2-upstream-usb
2019/07/15 17:12 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 139ac68a .config console log report ci2-upstream-usb
2019/07/14 10:20 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 e6fb0f13 .config console log report ci2-upstream-usb
2019/07/12 17:41 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 baa5258a .config console log report ci2-upstream-usb
2019/07/12 14:51 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 baa5258a .config console log report ci2-upstream-usb
2019/07/11 11:53 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 ff7bf04c .config console log report ci2-upstream-usb
2019/07/10 19:20 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/10 11:41 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/09 15:13 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/09 07:24 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/08 16:27 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/07 23:58 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/07 03:38 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/05 22:33 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report ci2-upstream-usb
2019/07/03 10:42 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 55565fa0 .config console log report ci2-upstream-usb
2019/07/03 04:22 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 55565fa0 .config console log report ci2-upstream-usb
2019/07/01 22:24 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 907bf746 .config console log report ci2-upstream-usb
2019/06/29 20:12 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report ci2-upstream-usb
2019/06/27 17:36 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report ci2-upstream-usb
2019/06/27 17:34 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report ci2-upstream-usb
2019/06/24 22:18 https://github.com/google/kasan.git usb-fuzzer 9939f56ee6c0 2873954b .config console log report ci2-upstream-usb
2019/06/24 21:09 https://github.com/google/kasan.git usb-fuzzer 9939f56ee6c0 2873954b .config console log report ci2-upstream-usb
2019/06/22 02:25 https://github.com/google/kasan.git usb-fuzzer 9939f56ee6c0 34bf9440 .config console log report ci2-upstream-usb
2019/06/21 10:15 https://github.com/google/kasan.git usb-fuzzer 9939f56ee6c0 34bf9440 .config console log report ci2-upstream-usb
2019/06/16 10:05 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 442206d7 .config console log report ci2-upstream-usb
2019/06/14 15:33 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 998ccc76 .config console log report ci2-upstream-usb
2019/06/12 16:28 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 794a1ad7 .config console log report ci2-upstream-usb
2019/06/09 10:36 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 0159583c .config console log report ci2-upstream-usb
2019/06/08 05:07 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f cf9c3a50 .config console log report ci2-upstream-usb
2019/06/07 23:01 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f cf9c3a50 .config console log report ci2-upstream-usb
2019/06/05 08:48 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f bfb4a51e .config console log report ci2-upstream-usb
2019/06/03 01:10 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 53c81ea5 .config console log report ci2-upstream-usb
2019/05/23 01:03 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 84b9d384 .config console log report ci2-upstream-usb
2019/05/20 16:24 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce b5641f32 .config console log report ci2-upstream-usb
2019/05/17 03:38 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 7fb690f3 .config console log report ci2-upstream-usb
2019/05/16 21:01 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 7fb690f3 .config console log report ci2-upstream-usb
2019/05/16 15:15 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 051c49fe .config console log report ci2-upstream-usb
2019/05/11 05:37 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 46caad94 .config console log report ci2-upstream-usb
2019/05/09 13:04 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 1ab4c999 .config console log report ci2-upstream-usb
2019/05/03 21:59 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce d28f4ce5 .config console log report ci2-upstream-usb
2019/05/02 09:19 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 1852eb18 .config console log report ci2-upstream-usb
2019/04/30 22:45 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 618456b4 .config console log report ci2-upstream-usb
2019/04/27 20:00 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce b617407b .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.