KASAN: global-out-of-bounds Read in fbcon_get

Title	Replies (including bot)	Last reply
[PATCH 5.8 000/124] 5.8.15-rc1 review	136 (136)	2020/10/14 18:31
[PATCH 4.4 00/39] 4.4.239-rc1 review	46 (46)	2020/10/14 10:18
[PATCH 4.19 00/49] 4.19.151-rc1 review	56 (56)	2020/10/14 08:34
[PATCH 4.9 00/54] 4.9.239-rc1 review	58 (58)	2020/10/14 01:39
[PATCH 4.14 00/70] 4.14.201-rc1 review	74 (74)	2020/10/14 01:28
[PATCH 5.4 00/85] 5.4.71-rc1 review	89 (89)	2020/10/14 01:24
[PATCH 0/3] Prevent out-of-bounds access for built-in font data buffers	27 (27)	2020/09/30 12:58
KASAN: global-out-of-bounds Read in fbcon_get_font	0 (2)	2020/01/01 17:40

Title

Replies (including bot)

Last reply

[PATCH 5.8 000/124] 5.8.15-rc1 review

136 (136)

2020/10/14 18:31

[PATCH 4.4 00/39] 4.4.239-rc1 review

46 (46)

2020/10/14 10:18

[PATCH 4.19 00/49] 4.19.151-rc1 review

56 (56)

2020/10/14 08:34

[PATCH 4.9 00/54] 4.9.239-rc1 review

58 (58)

2020/10/14 01:39

[PATCH 4.14 00/70] 4.14.201-rc1 review

74 (74)

2020/10/14 01:28

[PATCH 5.4 00/85] 5.4.71-rc1 review

89 (89)

2020/10/14 01:24

[PATCH 0/3] Prevent out-of-bounds access for built-in font data buffers

27 (27)

2020/09/30 12:58

KASAN: global-out-of-bounds Read in fbcon_get_font

0 (2)

2020/01/01 17:40

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	KASAN: global-out-of-bounds Read in fbcon_get_font	C		done	47	973d	1284d	1/1	fixed on 2020/11/10 07:26
linux-4.14	KASAN: global-out-of-bounds Read in fbcon_get_font	C		done	42	968d	1284d	1/1	fixed on 2020/11/13 22:55

linux-4.19

KASAN: global-out-of-bounds Read in fbcon_get_font

done

973d

1284d

1/1

fixed on 2020/11/10 07:26

linux-4.14

KASAN: global-out-of-bounds Read in fbcon_get_font

done

968d

1284d

1/1

fixed on 2020/11/13 22:55


Created	Duration	User	Patch	Repo	Result
2020/09/23 14:42	18m	yepeilin.cs@gmail.com	patch	upstream	OK
2020/09/23 12:12	9m	yepeilin.cs@gmail.com		upstream	report log
2020/09/23 10:11	3m	yepeilin.cs@gmail.com	patch	upstream	error
2020/09/17 03:52	17m	yepeilin.cs@gmail.com	patch	upstream	OK
2020/09/16 16:47	17m	yepeilin.cs@gmail.com	patch	upstream	report log
2020/08/07 06:27	17m	yepeilin.cs@gmail.com	patch	upstream	OK

================================================================== BUG: KASAN: global-out-of-bounds in memcpy include/linux/string.h:381 [inline] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x28d/0x5b0 drivers/video/fbdev/core/fbcon.c:2474 Read of size 31 at addr ffffffff88752f7c by task syz-executor214/7018 CPU: 1 PID: 7018 Comm: syz-executor214 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x315 mm/kasan/report.c:382 __kasan_report.cold+0x35/0x4d mm/kasan/report.c:511 kasan_report+0x33/0x50 mm/kasan/common.c:625 check_memory_region_inline mm/kasan/generic.c:187 [inline] check_memory_region+0x141/0x190 mm/kasan/generic.c:193 memcpy+0x20/0x60 mm/kasan/common.c:106 memcpy include/linux/string.h:381 [inline] fbcon_get_font+0x28d/0x5b0 drivers/video/fbdev/core/fbcon.c:2474 con_font_get drivers/tty/vt/vt.c:4479 [inline] con_font_op+0x1f7/0x1160 drivers/tty/vt/vt.c:4638 do_fontx_ioctl drivers/tty/vt/vt_ioctl.c:273 [inline] vt_ioctl+0x1d31/0x26b0 drivers/tty/vt/vt_ioctl.c:945 tty_ioctl+0xedc/0x1440 drivers/tty/tty_io.c:2656 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0x11a/0x180 fs/ioctl.c:771 __do_sys_ioctl fs/ioctl.c:780 [inline] __se_sys_ioctl fs/ioctl.c:778 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:778 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x441289 Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffe191069a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441289 RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 RBP: 000000000000e23a R08: 000000000000000d R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020b0 R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the variable: fontdata_8x16+0xffc/0x1120 Memory state around the buggy address: ffffffff88752e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff88752f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff88752f80: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa ^ ffffffff88753000: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa ffffffff88753080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (41):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Manager
2020/05/11 17:30	upstream	2ef96a5bb12b	f8f57555	.config	console log	report	syz	C		ci-upstream-kasan-gce-root
2020/04/24 19:46	upstream	b4f633221f0a	03d97a1b	.config	console log	report	syz	C		ci-upstream-kasan-gce-selinux-root
2020/01/01 17:50	upstream	738d2902773e	25a0186e	.config	console log	report	syz	C		ci-upstream-kasan-gce-root
2020/01/01 17:39	upstream	738d2902773e	25a0186e	.config	console log	report	syz	C		ci-upstream-kasan-gce-selinux-root
2020/05/11 15:53	linux-next	ac935d227366	f8f57555	.config	console log	report	syz	C		ci-upstream-linux-next-kasan-gce-root
2020/01/08 03:51	linux-next	264673852033	6738e0b3	.config	console log	report	syz	C		ci-upstream-linux-next-kasan-gce-root
2019/12/10 16:44	upstream	6794862a16ef	5a5826a1	.config	console log	report	syz			ci-upstream-kasan-gce-selinux-root
2019/12/10 10:29	upstream	6794862a16ef	4b83c8fb	.config	console log	report	syz			ci-upstream-kasan-gce-root
2019/12/22 16:40	linux-next	7ddd09fc4b74	8b967267	.config	console log	report	syz			ci-upstream-linux-next-kasan-gce-root
2019/12/09 23:33	linux-next	6cf8298daad0	b31eda3d	.config	console log	report	syz			ci-upstream-linux-next-kasan-gce-root
2020/10/02 04:20	upstream	fcadab740480	9602ddf4	.config	console log	report			info	ci-upstream-kasan-gce-root
2020/08/12 23:20	upstream	fb893de323e2	bc15f7db	.config	console log	report				ci-upstream-kasan-gce-root
2020/08/12 12:16	upstream	c636eef2ee36	bb3e5fe6	.config	console log	report				ci-upstream-kasan-gce-root
2020/08/10 08:36	upstream	9420f1ce0186	70301872	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/08/06 04:18	upstream	fffe3ae0ee84	0487ea6f	.config	console log	report				ci-upstream-kasan-gce-root
2020/08/02 11:52	upstream	ac3a0c847296	63a73341	.config	console log	report				ci-upstream-kasan-gce-root
2020/07/25 10:28	upstream	68845a55c31b	1f7cc1ca	.config	console log	report				ci-upstream-kasan-gce-root
2020/07/21 11:30	upstream	4fa640dc5230	d88894e6	.config	console log	report				ci-upstream-kasan-gce-root
2020/07/20 19:24	upstream	5714ee50bb43	4285ffa3	.config	console log	report				ci-upstream-kasan-gce-root
2020/07/17 05:58	upstream	f8456690ba8e	54b3c45e	.config	console log	report				ci-upstream-kasan-gce-root
2020/06/21 07:56	upstream	7ae77150d94d	c655ec77	.config	console log	report				ci-upstream-kasan-gce-root
2020/05/23 19:53	upstream	444565650a5f	9682898d	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/04/29 13:53	upstream	96c9a7802af7	496a08ae	.config	console log	report				ci-upstream-kasan-gce-root
2020/04/27 22:52	upstream	51184ae37e05	0ce7569e	.config	console log	report				ci-upstream-kasan-gce-root
2020/02/04 15:59	upstream	322bf2d3446a	93e5e335	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/01/31 22:23	upstream	ccaaaf6fe5a5	c30117b2	.config	console log	report				ci-upstream-kasan-gce-root
2020/01/30 03:50	upstream	b3a608222336	5ed23f9a	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/01/15 13:56	upstream	95e20af9fb9c	fa12bd3c	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/01/13 06:23	upstream	040a3c33623b	53faa9fe	.config	console log	report				ci-upstream-kasan-gce-selinux-root
2020/01/13 03:43	upstream	040a3c33623b	53faa9fe	.config	console log	report				ci-qemu-upstream
2020/01/12 22:00	upstream	6327edceb62b	31290a45	.config	console log	report				ci-upstream-kasan-gce-root
2020/01/12 13:32	upstream	6327edceb62b	31290a45	.config	console log	report				ci-upstream-kasan-gce-root
2020/01/10 00:34	upstream	b07f636fca1c	4de4e9f0	.config	console log	report				ci-upstream-kasan-gce-root
2019/12/13 13:27	upstream	ae4b064e2a61	08003f64	.config	console log	report				ci-upstream-kasan-gce-root
2020/07/12 06:52	linux-next	d31958b30ea3	115e1930	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/06/11 00:59	linux-next	e7b08814b16b	a6f7998d	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/04/27 19:22	linux-next	ac935d227366	0ce7569e	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/04/17 00:47	linux-next	ac935d227366	c743fcb3	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/03/18 10:46	linux-next	770fbb32d34e	97bc55ce	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/03/02 01:44	linux-next	c99b17ac0399	c88c7b75	.config	console log	report				ci-upstream-linux-next-kasan-gce-root
2020/02/18 13:00	linux-next	c25a951c50dc	1ce142dc	.config	console log	report				ci-upstream-linux-next-kasan-gce-root

Crashes (41):

2020/05/11 17:30

upstream