[] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 ================================================================== BUG: KASAN: null-ptr-deref in copy_to_user arch/x86/include/asm/uaccess.h:731 [inline] BUG: KASAN: null-ptr-deref in snd_timer_user_read+0x594/0x710 sound/core/timer.c:2006 Read of size 32 at addr (null) by task syz-executor0/8302 CPU: 1 PID: 8302 Comm: syz-executor0 Not tainted 4.9.141+ #23 ffff8801d9f77958 ffffffff81b42e79 0000000000000000 0000000000000020 0000000000000000 ffff8801d9f77b28 ffff8801d294cc80 ffff8801d9f779a0 ffffffff81500bed ffffffff8224e014 0000000000000282 5929f32a0560a9f2 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:353 [inline] [] kasan_report.cold.6+0x6d/0x2fe mm/kasan/report.c:412 [] check_memory_region_inline mm/kasan/kasan.c:318 [inline] [] check_memory_region+0x14d/0x1b0 mm/kasan/kasan.c:325 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:330 [] copy_to_user arch/x86/include/asm/uaccess.h:731 [inline] [] snd_timer_user_read+0x594/0x710 sound/core/timer.c:2006 [] do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718 [] do_loop_readv_writev fs/read_write.c:707 [inline] [] compat_do_readv_writev+0x570/0x7b0 fs/read_write.c:1091 Mem-Info: active_anon:116091 inactive_anon:29485 isolated_anon:0 active_file:4366 inactive_file:32376 isolated_file:0 unevictable:0 dirty:4261 writeback:999 unstable:0 slab_reclaimable:7388 slab_unreclaimable:59131 mapped:61445 shmem:34978 pagetables:2772 bounce:0 free:1338695 free_pcp:375 free_cma:0 Node 0 active_anon:464364kB inactive_anon:117940kB active_file:17464kB inactive_file:129504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:245780kB dirty:17044kB writeback:3996kB shmem:139912kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA32 free:3019464kB min:4696kB low:7712kB high:10728kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020132kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:668kB local_pcp:32kB free_cma:0kB Normal free:2335316kB min:5580kB low:9168kB high:12756kB active_anon:464364kB inactive_anon:117940kB active_file:17464kB inactive_file:129504kB unevictable:0kB writepending:21040kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:29552kB slab_unreclaimable:236524kB kernel_stack:7232kB pagetables:11088kB bounce:0kB free_pcp:832kB local_pcp:200kB free_cma:0kB DMA32: 2*4kB (UM) 2*8kB (M) 1*16kB (M) 3*32kB (UM) 5*64kB (UM) 4*128kB (UM) 3*256kB (UM) 2*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 735*4096kB (M) = 3019464kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313617 pages reserved [] compat_readv+0xe2/0x150 fs/read_write.c:1120 [] do_compat_readv+0xf2/0x1d0 fs/read_write.c:1140 [] C_SYSC_readv fs/read_write.c:1152 [inline] [] compat_SyS_readv+0x26/0x30 fs/read_write.c:1148 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 ==================================================================