KASAN: vmalloc-out-of-bounds Write in bitfill

KASAN: vmalloc-out-of-bounds Write in bitfill_aligned
Status: upstream: reported on 2019/12/05 06:32
Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com
First crash: 79d, last: 2d21h

Sample crash report:

==================================================================
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x356/0x410 drivers/video/fbdev/core/sysfillrect.c:25
Write of size 8 at addr ffffc90009441000 by task syz-executor.0/9588

CPU: 1 PID: 9588 Comm: syz-executor.0 Not tainted 5.5.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x30b mm/kasan/report.c:374
 __kasan_report.cold+0x1b/0x32 mm/kasan/report.c:506
 kasan_report+0x12/0x20 mm/kasan/common.c:639
 __asan_report_store8_noabort+0x17/0x20 mm/kasan/generic_report.c:140
 bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
 bitfill_aligned+0x356/0x410 drivers/video/fbdev/core/sysfillrect.c:25
 sys_fillrect+0x421/0x7c0 drivers/video/fbdev/core/sysfillrect.c:291
 drm_fb_helper_sys_fillrect+0x21/0x190 drivers/gpu/drm/drm_fb_helper.c:736
 bit_clear_margins+0x30b/0x530 drivers/video/fbdev/core/bitblit.c:232
 fbcon_clear_margins+0x1e9/0x250 drivers/video/fbdev/core/fbcon.c:1372
 fbcon_switch+0xd7f/0x17f0 drivers/video/fbdev/core/fbcon.c:2354
 redraw_screen+0x2b6/0x7d0 drivers/tty/vt/vt.c:997
 fbcon_modechanged+0x5c3/0x790 drivers/video/fbdev/core/fbcon.c:2991
 fbcon_update_vcs+0x42/0x50 drivers/video/fbdev/core/fbcon.c:3038
 fb_set_var+0xb32/0xdd0 drivers/video/fbdev/core/fbmem.c:1051
 do_fb_ioctl+0x390/0x7d0 drivers/video/fbdev/core/fbmem.c:1104
 fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1180
 vfs_ioctl fs/ioctl.c:47 [inline]
 file_ioctl fs/ioctl.c:545 [inline]
 do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
 __do_sys_ioctl fs/ioctl.c:756 [inline]
 __se_sys_ioctl fs/ioctl.c:754 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b3f9
Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fcd8d5acc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045b3f9
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
RBP: 00007fcd8d5ad6d4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000002ea R14: 00000000004aaefb R15: 00000000006ea9c0


Memory state around the buggy address:
 ffffc90009440f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90009440f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90009441000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                   ^
 ffffc90009441080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc90009441100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Crashes (97):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-qemu-upstream	2020/01/30 23:09	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/30 21:00	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/30 01:06	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/29 11:40	upstream	b3a60822	c8e81ce4	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/29 00:20	upstream	c677124e	c8e81ce4	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/28 15:42	upstream	b0be0eff	56cd6c9b	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/27 04:55	upstream	a45ea48e	dd56146d	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/24 02:44	upstream	131701c6	2e95ab33	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/23 21:09	upstream	131701c6	2e95ab33	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/18 19:06	upstream	25e73aad	3de7aabb	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/16 10:03	upstream	f5ae2ea6	f9b69507	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/15 13:46	upstream	95e20af9	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/14 22:17	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/14 21:05	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/13 05:03	upstream	040a3c33	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/12 16:43	upstream	6327edce	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/12 04:40	upstream	6327edce	4c04afaa	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2020/01/12 00:59	upstream	6327edce	4c04afaa	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream	2019/12/04 18:08	upstream	63de3747	b2088328	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/02/19 04:23	upstream	2b72104b	135c18aa	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/02/18 21:24	upstream	b1da3acc	012fbc32	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/31 13:46	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/31 09:30	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/31 06:46	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/30 16:20	upstream	6ba3d706	5ed23f9a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/28 08:22	upstream	b0be0eff	56cd6c9b	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/27 14:18	upstream	d5226fa6	dd56146d	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/23 19:44	upstream	131701c6	2e95ab33	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/18 05:22	upstream	25e73aad	3de7aabb	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/17 04:15	upstream	f4353c3e	3de7aabb	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/16 08:23	upstream	51d69817	f9b69507	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/16 00:40	upstream	51d69817	f9b69507	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/15 23:23	upstream	51d69817	f9b69507	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/15 10:48	upstream	95e20af9	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/15 04:09	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/15 00:59	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/14 23:23	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/14 21:33	upstream	452424cd	fa12bd3c	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/13 08:34	upstream	b3a987b0	99565c1a	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/13 00:16	upstream	040a3c33	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 22:32	upstream	040a3c33	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 21:49	upstream	040a3c33	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 20:12	upstream	040a3c33	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 17:04	upstream	6327edce	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 14:30	upstream	6327edce	53faa9fe	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 04:41	upstream	6327edce	4c04afaa	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-qemu-upstream-386	2020/01/12 01:04	upstream	6327edce	4c04afaa	.config	log	report	b.zolnierkie@samsung.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org