bisecting cause commit starting from b07f636fca1c8fbba124b0082487c0b3890a0e0c
building syzkaller on ddc3e85997efdad885e208db6a98bca86e5dd52f
testing commit b07f636fca1c8fbba124b0082487c0b3890a0e0c with gcc (GCC) 8.1.0
kernel signature: cb3ea87659f897509f88579e00260b83075c3a83
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 82dd759c7932eac2865d91e7312fcf8db4500a2c
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 2051ba18a8a75ea353fdd07105c426c08b3dbf7b
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 5249c0a502aa973970e051bceeeebdc8bf4ad5bc
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 0c9462c8e4a8b7f2bc23ae4fd00425f5d231a815
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 2c0abd2ecabe9432f917759228c2d076e4abc220
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: d5bac92dab8d4ca7281f1e8fc65e6f511768ccb5
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 86be787d84ea223cf8208cd1ae7b1353b9140553
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: a18e3211fa5aafb83081ad1ae5e4e58a4be850eb
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 77de0a9986ec35a5938482ca94fd1326bf0458b1
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 9736c45ae7a429642843a4e9378d82467e2f4a3d
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 9910c0f5aa88cf26b72b22ed6892487b81b7ba5e
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: 5908517115a10809cb6406338d006e440ff7dba7
all runs: crashed: KASAN: null-ptr-deref Read in insert_char
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: 5e8dc74759fdaf0aa0e699085a911a8fc711c38b
all runs: crashed: general protection fault in insert_char
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: e92bd41d19e1230042983b92e6368d5beed380fb
all runs: crashed: general protection fault in insert_char
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: eb613242d1095798da3930437e2800d7dd40e1b0
all runs: crashed: general protection fault in insert_char
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: 019b9fb4578a6eae5d039b27d9ddb33d50d6a3e3
all runs: crashed: general protection fault in insert_char
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
kernel signature: 206e05bafd321f517cff7955bba9e61cf96f6a4e
all runs: crashed: general protection fault in insert_char
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
kernel signature: 32067a608c20cd3ddca086221b9ef4ec2b532c44
all runs: crashed: general protection fault in insert_char
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
kernel signature: c3cc29a105411ac0e4c9fff935c3e2e8171a6e5b
all runs: crashed: general protection fault in insert_char
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
kernel signature: cb7f2eabfd880f161e2156fede3e790b62d4ab54
all runs: crashed: general protection fault in insert_char
revisions tested: 21, total time: 3h7m54.166657039s (build: 1h49m28.270918917s, test: 1h16m23.397292303s)
the crash already happened on the oldest tested release
commit msg: Linux 4.6
crash: general protection fault in insert_char
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth1_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 8238 Comm: syz-executor.1 Not tainted 4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8800abb861c0 ti: ffff880129538000 task.ti: ffff880129538000
RIP: 0010:[<ffffffff8300076a>]  [<ffffffff8300076a>] scr_memmovew include/linux/vt_buffer.h:54 [inline]
RIP: 0010:[<ffffffff8300076a>]  [<ffffffff8300076a>] insert_char+0x28a/0x420 drivers/tty/vt/vt.c:550
RSP: 0018:ffff88012953f768  EFLAGS: 00010203
RAX: 0000000020000001 RBX: 000000010000000e RCX: dffffc0000000000
RDX: 00000000fffffffc RSI: 0000000000000001 RDI: ffff8800abb80934
RBP: ffff88012953f7b8 R08: 0000000000000012 R09: dffffc0000000000
R10: 0000000000000011 R11: 0000000000000001 R12: 0000000000000010
R13: 000000010000000c R14: ffff8800abb805c0 R15: 0000000000000010
FS:  00007f1b3a463700(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000758090 CR3: 00000000a8392000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8800abb869c0 ffff8800abb869c8 ffff8800abb86a90 1ffff100252a7ef2
 ffff880000000000 0000000000000000 ffff8800abb805c0 0000000000000000
 ffffed001577012f 1ffff100252a7f00 ffff88012953f928 ffffffff8300a90e
Call Trace:
 [<ffffffff8300a90e>] csi_at drivers/tty/vt/vt.c:1616 [inline]
 [<ffffffff8300a90e>] do_con_trol+0x504e/0x5a40 drivers/tty/vt/vt.c:2063
 [<ffffffff8300b787>] do_con_write.part.22+0x487/0x1950 drivers/tty/vt/vt.c:2421
 [<ffffffff8300ccf6>] do_con_write drivers/tty/vt/vt.c:2779 [inline]
 [<ffffffff8300ccf6>] con_write+0x76/0x90 drivers/tty/vt/vt.c:2775
 [<ffffffff82fbb200>] process_output_block drivers/tty/n_tty.c:581 [inline]
 [<ffffffff82fbb200>] n_tty_write+0x4f0/0x10b0 drivers/tty/n_tty.c:2313
 [<ffffffff82fac64d>] do_tty_write drivers/tty/tty_io.c:1175 [inline]
 [<ffffffff82fac64d>] tty_write+0x44d/0x7f0 drivers/tty/tty_io.c:1260
 [<ffffffff81797a8b>] __vfs_write+0xdb/0x4f0 fs/read_write.c:529
 [<ffffffff8179958a>] vfs_write+0x13a/0x4a0 fs/read_write.c:578
 [<ffffffff8179cdbb>] SYSC_write fs/read_write.c:625 [inline]
 [<ffffffff8179cdbb>] SyS_write+0xcb/0x1a0 fs/read_write.c:617
 [<ffffffff85bb50c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Code: 84 dd fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 01 d2 48 89 d8 48 29 d0 4c 8d 40 fe 49 83 ed 02 48 83 eb 02 4c 89 e8 48 c1 e8 03 <0f> b6 14 08 4c 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 
RIP  [<ffffffff8300076a>] scr_memmovew include/linux/vt_buffer.h:54 [inline]
RIP  [<ffffffff8300076a>] insert_char+0x28a/0x420 drivers/tty/vt/vt.c:550
 RSP <ffff88012953f768>
---[ end trace e481f63f9140c85d ]---