[v5.15] KASAN: null-ptr-deref Read in soft_cursor
0 views
Skip to first unread message
syzbot
May 27, 2023, 8:20:48 PM5/27/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15ef45c1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
dashboard link: https://syzkaller.appspot.com/bug?extid=edbe398b7129eef7116a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17d98d51280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edbe39...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
Read of size 16 at addr 0000000000000200 by task kworker/u4:1/136
CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_power_efficient fb_flashcursor
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:438 [inline]
kasan_report+0x168/0x1e4 mm/kasan/report.c:451
kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189
memcpy+0x90/0xe8 mm/kasan/shadow.c:65
soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377
fb_flashcursor+0x2d4/0x3e0 drivers/video/fbdev/core/fbcon.c:387
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
==================================================================
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15ef45c1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
dashboard link: https://syzkaller.appspot.com/bug?extid=edbe398b7129eef7116a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17d98d51280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edbe39...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
Read of size 16 at addr 0000000000000200 by task kworker/u4:1/136
CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_power_efficient fb_flashcursor
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:438 [inline]
kasan_report+0x168/0x1e4 mm/kasan/report.c:451
kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189
memcpy+0x90/0xe8 mm/kasan/shadow.c:65
soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377
fb_flashcursor+0x2d4/0x3e0 drivers/video/fbdev/core/fbcon.c:387
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
==================================================================
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages