syzbot


KASAN: out-of-bounds Read in trace_event_raw_event_sys_enter

Status: auto-closed as invalid on 2020/04/28 20:07
Subsystems: fbdev
[Documentation on labels]
Reported-by: syzbot+6b7461d615c77b3e2383@syzkaller.appspotmail.com
First crash: 1519d, last: 1519d

Sample crash report:
==================================================================
BUG: KASAN: out-of-bounds in syscall_get_arguments arch/x86/include/asm/syscall.h:131 [inline]
BUG: KASAN: out-of-bounds in trace_event_raw_event_sys_enter+0x12d/0x4d0 include/trace/events/syscalls.h:18
Read of size 8 at addr ffffc900086f7668 by task syz-executor.5/26701

CPU: 1 PID: 26701 Comm: syz-executor.5 Not tainted 5.5.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fb/0x318 lib/dump_stack.c:118
 print_address_description+0x74/0x5c0 mm/kasan/report.c:374
 __kasan_report+0x149/0x1c0 mm/kasan/report.c:506
 kasan_report+0x26/0x50 mm/kasan/common.c:639
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135
 syscall_get_arguments arch/x86/include/asm/syscall.h:131 [inline]
 trace_event_raw_event_sys_enter+0x12d/0x4d0 include/trace/events/syscalls.h:18
 </IRQ>
RIP: 0010:__writeq arch/x86/include/asm/io.h:98 [inline]
RIP: 0010:bitfill_aligned+0x15d/0x200 drivers/video/fbdev/core/cfbfillrect.c:70
Code: 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 4d 89 34 24 4d 89 74 24 08 4d 89 74 24 10 4d 89 74 24 18 4d 89 74 24 20 4d 89 74 24 28 <4d> 89 74 24 30 4d 89 74 24 38 83 c3 f8 83 fb 07 76 16 49 83 c4 38
RSP: 0018:ffffc900086f7710 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: ffffffff83cbf478 RBX: 0000000003e13405 RCX: 0000000000040000
RDX: ffffc9001522b000 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffc900086f7760 R08: ffffffff83cbf42d R09: 0000000000000040
R10: ffff888049f80300 R11: 0000000000000002 R12: ffff888001005fd8
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffff
 cfb_fillrect+0x57b/0x7a0 drivers/video/fbdev/core/cfbfillrect.c:327
 vga16fb_fillrect+0x642/0x1470 drivers/video/fbdev/vga16fb.c:951
 bit_clear_margins+0x25a/0x620 drivers/video/fbdev/core/bitblit.c:224
 fbcon_clear_margins drivers/video/fbdev/core/fbcon.c:1372 [inline]
 fbcon_switch+0x1504/0x1f10 drivers/video/fbdev/core/fbcon.c:2354
 redraw_screen+0x56e/0x1830 drivers/tty/vt/vt.c:997
 fbcon_modechanged+0x810/0xdf0 drivers/video/fbdev/core/fbcon.c:2991
 fbcon_update_vcs+0x31/0x40 drivers/video/fbdev/core/fbcon.c:3038
 fb_set_var+0x8f5/0xdc0 drivers/video/fbdev/core/fbmem.c:1051
 do_fb_ioctl+0x55e/0x780 drivers/video/fbdev/core/fbmem.c:1104
 fb_ioctl+0xb9/0xf0 drivers/video/fbdev/core/fbmem.c:1180
 do_vfs_ioctl+0x6e2/0x19b0 fs/ioctl.c:47
 ksys_ioctl fs/ioctl.c:749 [inline]
 __do_sys_ioctl fs/ioctl.c:756 [inline]
 __se_sys_ioctl fs/ioctl.c:754 [inline]
 __x64_sys_ioctl+0xe3/0x120 fs/ioctl.c:754
 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fefb1c25c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fefb1c266d4 RCX: 000000000045b349
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000002ea R14: 00000000004c3f3a R15: 000000000075bf2c


Memory state around the buggy address:
 ffffc900086f7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc900086f7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc900086f7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                             ^
 ffffc900086f7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc900086f7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/29 20:06 upstream b3a608222336 5ed23f9a .config console log report ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.