syzbot


general protection fault in soft_cursor

Status: fixed on 2023/07/01 16:05
Subsystems: fbdev
[Documentation on labels]
Reported-by: syzbot+d910bd780e6efac35869@syzkaller.appspotmail.com
Fix commit: d78bd6cc6827 fbcon: Fix null-ptr-deref in soft_cursor
First crash: 533d, last: 502d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [fbdev?] general protection fault in soft_cursor 0 (1) 2023/05/27 04:07
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: null-ptr-deref Read in soft_cursor origin:lts-only syz error 1 501d 501d 0/3 upstream: reported syz repro on 2023/05/28 00:20
linux-4.14 KASAN: use-after-free Read in soft_cursor C inconclusive 7 1261d 1771d 0/1 upstream: reported C repro on 2019/12/04 13:11
linux-4.19 KASAN: slab-out-of-bounds Read in soft_cursor (2) C done 8 1236d 1359d 1/1 fixed on 2021/06/23 17:43
linux-4.14 KASAN: slab-out-of-bounds Read in soft_cursor C unreliable 57 1241d 1772d 0/1 upstream: reported C repro on 2019/12/03 14:54
linux-4.19 KASAN: global-out-of-bounds Read in soft_cursor C done 22 1234d 1701d 1/1 fixed on 2021/06/24 08:01
linux-4.14 KASAN: global-out-of-bounds Read in soft_cursor C error 19 761d 1760d 0/1 upstream: reported C repro on 2019/12/16 00:09
Last patch testing requests (1)
Created Duration User Patch Repo Result
2023/05/27 06:49 21m deller@gmx.de https://github.com/hdeller/linux.git 9ee79acc491c58252a91df942cb704aa06853734 OK log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
Read of size 16 at addr 0000000000000200 by task kworker/u4:1/12

CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_power_efficient fb_flashcursor
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_report+0xe4/0x514 mm/kasan/report.c:465
 kasan_report+0xd4/0x130 mm/kasan/report.c:572
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187
 __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105
 soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
 bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377
 fb_flashcursor+0x35c/0x54c drivers/video/fbdev/core/fbcon.c:380
 process_one_work+0x788/0x12d4 kernel/workqueue.c:2405
 worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2552
 kthread+0x288/0x310 kernel/kthread.c:379
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/27 04:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: null-ptr-deref Read in soft_cursor
2023/04/25 13:36 upstream 173ea743bf7a 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in soft_cursor
2023/05/27 02:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: null-ptr-deref Read in soft_cursor
* Struck through repros no longer work on HEAD.