lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000e51e3e05e6ff44db@google.com>
Date:   Wed, 24 Aug 2022 09:35:30 -0700
From:   syzbot <syzbot+be4b95faeb7a9073bb88@...kaller.appspotmail.com>
To:     gregkh@...uxfoundation.org, jirislaby@...nel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: [syzbot] BUG: unable to handle kernel NULL pointer dereference in tty_ldisc_receive_buf

Hello,

syzbot found the following issue on:

HEAD commit:    1c23f9e627a7 Linux 6.0-rc2
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=177ac367080000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3045c937aad027f7
dashboard link: https://syzkaller.appspot.com/bug?extid=be4b95faeb7a9073bb88
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1701758d080000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17473aad080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+be4b95faeb7a9073bb88@...kaller.appspotmail.com

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010b44f000
[0000000000000000] pgd=080000010b5f3003, p4d=080000010b5f3003, pud=080000010b1ce003, pmd=0000000000000000
Internal error: Oops: 86000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 28 Comm: kworker/u4:1 Not tainted 6.0.0-rc2-syzkaller-16440-g1c23f9e627a7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/20/2022
Workqueue: events_unbound flush_to_ldisc
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0x0
lr : gsmld_receive_buf+0x140/0x214 drivers/tty/n_gsm.c:2861
sp : ffff80000f603c30
x29: ffff80000f603c40 x28: 0000000000000000 x27: 00000000000003d9
x26: 0000000000000000 x25: 0000000000000000 x24: ffff80000d937000
x23: ffff80000d681e40 x22: ffff0000c929b800 x21: 0000000000000000
x20: ffff80000c205988 x19: ffff0000c91cf446 x18: ffff80000d2dec40
x17: 0000000000000008 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000004 x12: ffff80000d681e78
x11: ff808000098e7e04 x10: 0000000000000000 x9 : ffff8000098e7e04
x8 : 0000000000000000 x7 : ffff8000098dac3c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 00000000000003da
x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c929b800
Call trace:
 0x0
 tty_ldisc_receive_buf+0xb8/0xcc drivers/tty/tty_buffer.c:461
 tty_port_default_receive_buf+0x54/0x8c drivers/tty/tty_port.c:39
 receive_buf drivers/tty/tty_buffer.c:511 [inline]
 flush_to_ldisc+0x150/0x358 drivers/tty/tty_buffer.c:561
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20
Code: bad PC value
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ