From: Jiri Slaby <jirislaby@kernel.org>
To: syzbot <syzbot+e3563f0c94e188366dbb@syzkaller.appspotmail.com>,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Cc: "D. Starke" <daniel.starke@siemens.com>
Subject: Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in gsmld_receive_buf
Date: Tue, 9 Aug 2022 14:47:35 +0200 [thread overview]
Message-ID: <b838966f-47f9-9a58-ca81-02571f270a22@kernel.org> (raw)
In-Reply-To: <000000000000ade42905e5ba78e0@google.com>
CC Daniel again.
On 08. 08. 22, 15:05, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: ca688bff68bc Add linux-next specific files for 20220808
> git tree: linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=14a27066080000
> kernel config: https://syzkaller.appspot.com/x/.config?x=4c20e006003cdecb
> dashboard link: https://syzkaller.appspot.com/bug?extid=e3563f0c94e188366dbb
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164eb3ca080000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17327ce1080000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e3563f0c94e188366dbb@syzkaller.appspotmail.com
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor instruction fetch in kernel mode
> #PF: error_code(0x0010) - not-present page
> PGD 74c90067 P4D 74c90067 PUD 74c53067 PMD 0
> Oops: 0010 [#1] PREEMPT SMP KASAN
> CPU: 1 PID: 3606 Comm: syz-executor237 Not tainted 5.19.0-next-20220808-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
> RSP: 0018:ffffc9000387fcf0 EFLAGS: 00010202
> RAX: 0000000000000001 RBX: ffff88801bbdf000 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801bbdf000
> RBP: ffffc9000387fda1 R08: 0000000000000001 R09: 0000000000000004
> R10: 0000000000000000 R11: 1ffffffff1ffa9ce R12: 0000000000000001
> R13: 0000000000000000 R14: ffffc9000387fd90 R15: dffffc0000000000
> FS: 0000555556e8d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 000000001c7e0000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861
> tiocsti drivers/tty/tty_io.c:2293 [inline]
> tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:870 [inline]
> __se_sys_ioctl fs/ioctl.c:856 [inline]
> __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7f76c0e5eb59
> Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffe9a4f7c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f76c0e5eb59
> RDX: 0000000020000040 RSI: 0000000000005412 RDI: 0000000000000004
> RBP: 00007f76c0e22d00 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76c0e22d90
> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> </TASK>
> Modules linked in:
> CR2: 0000000000000000
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
> RSP: 0018:ffffc9000387fcf0 EFLAGS: 00010202
> RAX: 0000000000000001 RBX: ffff88801bbdf000 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801bbdf000
> RBP: ffffc9000387fda1 R08: 0000000000000001 R09: 0000000000000004
> R10: 0000000000000000 R11: 1ffffffff1ffa9ce R12: 0000000000000001
> R13: 0000000000000000 R14: ffffc9000387fd90 R15: dffffc0000000000
> FS: 0000555556e8d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 000000001c7e0000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
--
js
suse labs
prev parent reply other threads:[~2022-08-09 12:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-08 7:54 [syzbot] BUG: unable to handle kernel NULL pointer dereference in gsmld_receive_buf syzbot
2022-08-08 13:05 ` syzbot
2022-08-09 12:47 ` Jiri Slaby [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b838966f-47f9-9a58-ca81-02571f270a22@kernel.org \
--to=jirislaby@kernel.org \
--cc=daniel.starke@siemens.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+e3563f0c94e188366dbb@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.