Re: KASAN: slab-out-of-bounds Read in fbcon_get_font
From: Dmitry Vyukov <dvyukov@google.com>
Date: 2019-12-05 10:31:43
Also in:
dri-devel, kvm, linux-fbdev, lkml
Possibly related (same subject, not in this thread)
- 2019-12-04 · Re: KASAN: slab-out-of-bounds Read in fbcon_get_font · Andrey Ryabinin <hidden>
- 2019-12-04 · Re: KASAN: slab-out-of-bounds Read in fbcon_get_font · Daniel Vetter <hidden>
- 2019-12-04 · Re: KASAN: slab-out-of-bounds Read in fbcon_get_font · Dmitry Vyukov <dvyukov@google.com>
- 2019-12-03 · Re: KASAN: slab-out-of-bounds Read in fbcon_get_font · Daniel Vetter <hidden>
On Thu, Dec 5, 2019 at 11:22 AM Paolo Bonzini [off-list ref] wrote:
On 05/12/19 11:16, Dmitry Vyukov wrote:quoted
On Thu, Dec 5, 2019 at 11:13 AM Paolo Bonzini [off-list ref] wrote:quoted
On 04/12/19 22:41, syzbot wrote:quoted
syzbot has bisected this bug to: commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31 Author: Russell Currey [off-list ref] Date: Mon Feb 8 04:08:20 2016 +0000 powerpc/powernv: Remove support for p5ioc2 bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127a042ae00000 start commit: 76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/p.. git tree: upstream final crash: https://syzkaller.appspot.com/x/report.txt?x=117a042ae00000 console output: https://syzkaller.appspot.com/x/log.txt?x=167a042ae00000 kernel config: https://syzkaller.appspot.com/x/.config?x=dd226651cb0f364b dashboard link: https://syzkaller.appspot.com/bug?extid=4455ca3b3291de891abc syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11181edae00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105cbb7ae00000 Reported-by: syzbot+4455ca3b3291de891abc@syzkaller.appspotmail.com Fixes: 2de50e9674fc ("powerpc/powernv: Remove support for p5ioc2") For information about bisection process see: https://goo.gl/tpsmEJ#bisectionWhy is everybody being CC'd, even if the bug has nothing to do with the person's subsystem?The To list should be intersection of 2 groups of emails: result of get_maintainers.pl on the file identified as culprit in the crash message + emails extracted from the bisected to commit.Ah, and because the machine is a KVM guest, kvm_wait appears in a lot of backtrace and I get to share syzkaller's joy every time. :)
I don't see any mention of "kvm" in the crash report. And it's only 1 file, not all of them, in this case I would expect it to be drivers/video/fbdev/core/fbcon.c. So it should be something different.
This bisect result is bogus, though Tetsuo found the bug anyway. Perhaps you can exclude commits that only touch architectures other than x86?
We do this. It work sometimes. But sometimes it hits non-deterministic kernel build bugs: https://github.com/google/syzkaller/issues/1271#issuecomment-559093018 And in this case it hit some git bisect weirdness which I can't explain yet: https://github.com/google/syzkaller/issues/1527