syzbot


KASAN: null-ptr-deref Read in soft_cursor

Status: upstream: reported syz repro on 2023/05/28 00:20
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+edbe398b7129eef7116a@syzkaller.appspotmail.com
First crash: 536d, last: 535d
Bug presence (2)
Date Name Commit Repro Result
2023/05/28 linux-5.15.y (ToT) 1fe619a7d252 C [report] KASAN: null-ptr-deref Read in soft_cursor
2023/05/28 upstream (ToT) 416839029e38 C Didn't crash
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in soft_cursor fbdev C 3 537d 537d 22/28 fixed on 2023/07/01 16:05
linux-4.14 KASAN: use-after-free Read in soft_cursor C inconclusive 7 1295d 1806d 0/1 upstream: reported C repro on 2019/12/04 13:11
linux-4.19 KASAN: slab-out-of-bounds Read in soft_cursor (2) C done 8 1271d 1393d 1/1 fixed on 2021/06/23 17:43
linux-4.14 KASAN: slab-out-of-bounds Read in soft_cursor C unreliable 57 1276d 1807d 0/1 upstream: reported C repro on 2019/12/03 14:54
linux-4.19 KASAN: global-out-of-bounds Read in soft_cursor C done 22 1269d 1736d 1/1 fixed on 2021/06/24 08:01
linux-4.14 KASAN: global-out-of-bounds Read in soft_cursor C error 19 795d 1795d 0/1 upstream: reported C repro on 2019/12/16 00:09
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/10/15 01:13 0m retest repro linux-5.15.y error
Fix bisection attempts (9)
Created Duration User Patch Repo Result
2024/10/15 05:12 0m fix candidate upstream error job log
2024/08/27 19:05 0m fix candidate upstream error job log
2024/05/30 17:43 0m fix candidate upstream error job log
2024/04/01 16:48 1m fix candidate upstream error job log
2024/02/08 17:15 25m fix candidate upstream error job log
2024/01/04 06:34 0m fix candidate upstream error job log
2023/12/04 18:00 1m fix candidate upstream error job log
2023/10/25 06:40 31m fix candidate upstream error job log
2023/09/04 06:11 0m fix candidate upstream error job log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
Read of size 16 at addr 0000000000000200 by task kworker/u4:1/136

CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_power_efficient fb_flashcursor
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:438 [inline]
 kasan_report+0x168/0x1e4 mm/kasan/report.c:451
 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189
 memcpy+0x90/0xe8 mm/kasan/shadow.c:65
 soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
 bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377
 fb_flashcursor+0x2d4/0x3e0 drivers/video/fbdev/core/fbcon.c:387
 process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
 worker_thread+0x910/0x1034 kernel/workqueue.c:2454
 kthread+0x37c/0x45c kernel/kthread.c:319
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
==================================================================
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/28 00:20 linux-5.15.y 1fe619a7d252 cf184559 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: null-ptr-deref Read in soft_cursor
* Struck through repros no longer work on HEAD.