KASAN: global-out-of-bounds Read in bit

Title	Replies (including bot)	Last reply
[syzbot] [fbdev?] KASAN: global-out-of-bounds Read in bit_putcs (3)	0 (1)	2024/07/31 11:38

Title

Replies (including bot)

Last reply

[syzbot] [fbdev?] KASAN: global-out-of-bounds Read in bit_putcs (3)

0 (1)

2024/07/31 11:38

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: global-out-of-bounds Read in bit_putcs (2) fbdev				13	1500d	1516d	0/28	auto-closed as invalid on 2021/02/09 16:38
linux-4.14	KASAN: global-out-of-bounds Read in bit_putcs	C		error	241	800d	1810d	0/1	upstream: reported C repro on 2019/12/07 16:26
linux-6.1	KASAN: global-out-of-bounds Read in bit_putcs				1	10d	10d	0/3	upstream: reported on 2024/11/11 05:01
upstream	KASAN: global-out-of-bounds Read in bit_putcs fbdev	C	done		262	1519d	1812d	15/28	fixed on 2020/09/25 01:17
linux-4.19	KASAN: global-out-of-bounds Read in bit_putcs	C		done	214	1276d	1813d	1/1	fixed on 2021/06/24 08:01
linux-6.1	BUG: unable to handle kernel paging request in bit_putcs	C		done	4	262d	458d	3/3	fixed on 2024/04/03 01:55
linux-4.14	KASAN: slab-out-of-bounds Read in bit_putcs	C		error	95	802d	1814d	0/1	upstream: reported C repro on 2019/12/03 16:38
upstream	general protection fault in bit_putcs fbdev	C			5	259d	413d	0/28	auto-obsoleted due to no activity on 2024/06/14 11:38
linux-4.19	KASAN: slab-out-of-bounds Read in bit_putcs	C		inconclusive	138	1279d	1814d	0/1	upstream: reported C repro on 2019/12/03 12:47

================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:636 [inline] BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline] BUG: KASAN: global-out-of-bounds in bit_putcs+0x147b/0x1db0 drivers/video/fbdev/core/bitblit.c:185 Read of size 1 at addr ffffffff8c630cd0 by task syz.7.3706/19043 CPU: 1 UID: 0 PID: 19043 Comm: syz.7.3706 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __fb_pad_aligned_buffer include/linux/fb.h:636 [inline] bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline] bit_putcs+0x147b/0x1db0 drivers/video/fbdev/core/bitblit.c:185 fbcon_putcs+0x2e0/0x450 drivers/video/fbdev/core/fbcon.c:1308 do_update_region+0x205/0x450 drivers/tty/vt/vt.c:609 update_region+0x1c2/0x490 drivers/tty/vt/vt.c:633 vcs_write+0xdd6/0x12d0 drivers/tty/vt/vc_screen.c:698 do_loop_readv_writev fs/read_write.c:857 [inline] vfs_writev+0x5a9/0xba0 fs/read_write.c:1066 do_writev+0x1b1/0x350 fs/read_write.c:1111 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdb0b77e719 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdb0c573038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fdb0b935f80 RCX: 00007fdb0b77e719 RDX: 0000000000000004 RSI: 0000000020000c40 RDI: 000000000000000d RBP: 00007fdb0b7f132e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fdb0b935f80 R15: 00007ffcb3c9fe98 </TASK> The buggy address belongs to the variable: fontdata_8x16+0x1010/0x1480 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc630 flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000002000 ffffea0000318c08 ffffea0000318c08 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8c630b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8c630c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff8c630c80: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff8c630d00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffffff8c630d80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ==================================================================

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/10/30 11:48	upstream	c1e939a21eb1	66aeb999	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: global-out-of-bounds Read in bit_putcs
2024/09/01 12:00	upstream	431c1646e1f8	1eda0d14	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: global-out-of-bounds Read in bit_putcs
2024/10/23 09:18	upstream	c2ee9f594da8	15fa2979	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: global-out-of-bounds Read in bit_putcs
2024/08/04 04:45	upstream	d3426a6ed9d8	1786a2a8	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: global-out-of-bounds Read in bit_putcs
2024/09/18 05:10	upstream	a430d95c5efa	c673ca06	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	KASAN: global-out-of-bounds Read in bit_putcs
2024/07/27 05:26	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	c912bf709078	46eb10b7	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	KASAN: global-out-of-bounds Read in bit_putcs

Crashes (6):

Assets (help?)