KASAN: vmalloc-out-of-bounds Write in bitfill

KASAN: vmalloc-out-of-bounds Write in bitfill_aligned
Status: upstream: reported C repro on 2019/12/05 06:32
Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com
First crash: 178d, last: 12h03m

Sample crash report:

==================================================================
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34b/0x410 drivers/video/fbdev/core/sysfillrect.c:25
Write of size 8 at addr ffffc90009621000 by task syz-executor767/9337

CPU: 3 PID: 9337 Comm: syz-executor767 Not tainted 5.6.0-rc6-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x315 mm/kasan/report.c:374
 __kasan_report.cold+0x1a/0x32 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:641
 bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
 bitfill_aligned+0x34b/0x410 drivers/video/fbdev/core/sysfillrect.c:25
 sys_fillrect+0x415/0x7a0 drivers/video/fbdev/core/sysfillrect.c:291
 drm_fb_helper_sys_fillrect+0x1c/0x190 drivers/gpu/drm/drm_fb_helper.c:719
 bit_clear_margins+0x2d5/0x4a0 drivers/video/fbdev/core/bitblit.c:232
 fbcon_clear_margins+0x1de/0x240 drivers/video/fbdev/core/fbcon.c:1379
 fbcon_switch+0xd1b/0x1740 drivers/video/fbdev/core/fbcon.c:2361
 redraw_screen+0x2a8/0x770 drivers/tty/vt/vt.c:1008
 fbcon_modechanged+0x5bd/0x780 drivers/video/fbdev/core/fbcon.c:2998
 fbcon_update_vcs+0x3a/0x50 drivers/video/fbdev/core/fbcon.c:3045
 fb_set_var+0xad0/0xd40 drivers/video/fbdev/core/fbmem.c:1056
 do_fb_ioctl+0x390/0x7d0 drivers/video/fbdev/core/fbmem.c:1109
 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1185
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x433d29
Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff33d61508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d29
RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003
RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bc0
R13: 0000000000401c50 R14: 0000000000000000 R15: 0000000000000000


Memory state around the buggy address:
 ffffc90009620f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90009620f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90009621000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                   ^
 ffffc90009621080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc90009621100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Crashes (223):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-qemu-upstream	2020/03/17 09:33	upstream	fb33c651	749688d2	.config	log	report	syz	C	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/30 07:22	upstream	e2fce151	954bd312	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/30 06:45	upstream	e2fce151	954bd312	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/28 17:29	upstream	b0c3ba31	c7192a2f	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/28 11:36	upstream	b0c3ba31	142a0957	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/28 06:33	upstream	b0c3ba31	142a0957	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/26 18:27	upstream	9cb1fd0e	9072c126	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/26 16:01	upstream	9cb1fd0e	8ca3b7d2	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/24 23:19	upstream	caffb99b	ce7ca010	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/24 21:41	upstream	caffb99b	ce7ca010	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/24 17:18	upstream	caffb99b	ce7ca010	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/23 17:43	upstream	e644645a	9682898d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/21 03:25	upstream	b85051e7	dd849aa3	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/20 20:40	upstream	115a5416	1255f02a	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/20 17:08	upstream	115a5416	1255f02a	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/20 14:13	upstream	115a5416	1255f02a	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/19 06:13	upstream	642b151f	684d3606	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/17 18:45	upstream	5a9ffb95	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/17 07:01	upstream	3d1c1e59	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/17 04:57	upstream	3d1c1e59	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/17 00:37	upstream	3d1c1e59	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/14 16:53	upstream	24085f70	2d572622	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/14 00:49	upstream	24085f70	a885920d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/13 02:33	upstream	24085f70	a44eb8f7	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/13 01:25	upstream	24085f70	a44eb8f7	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/05/12 18:16	upstream	152036d1	44aa8310	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2019/12/04 18:08	upstream	63de3747	b2088328	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/27 04:22	upstream	444fc5cd	9072c126	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/25 23:13	upstream	9cb1fd0e	73964a9b	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/25 19:17	upstream	9cb1fd0e	73964a9b	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/24 21:51	upstream	caffb99b	ce7ca010	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/24 12:36	upstream	caffb99b	ce7ca010	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/23 05:29	upstream	44456565	9682898d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/23 03:53	upstream	44456565	9682898d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/23 00:25	upstream	44456565	9682898d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/21 23:18	upstream	d2f8825a	5afa2ddd	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/20 14:53	upstream	115a5416	1255f02a	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/18 23:29	upstream	642b151f	684d3606	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/18 03:19	upstream	9b1f2cbd	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/17 03:37	upstream	3d1c1e59	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/16 15:21	upstream	12bf0b63	37bccd4e	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/15 02:50	upstream	8c1684bb	2d572622	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/14 00:49	upstream	24085f70	a885920d	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/05/13 20:32	upstream	24085f70	9a6d42fb	.config	log	report			b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org