Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2121775pxj;
        Sun, 16 May 2021 15:22:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxZRI0hCNIlhjYmsrSHSRhOq9cz8vubjIcY8SiIJl4KNik42XrMYrhm2d1CW+T+lQBwd9FB
X-Received: by 2002:a02:2a8c:: with SMTP id w134mr52727672jaw.138.1621203743527;
        Sun, 16 May 2021 15:22:23 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1621203743; cv=pass;
        d=google.com; s=arc-20160816;
        b=QC0MKjsfa7wsKpnOGz8K8Oog/9BNd7RA905CqCggVztgCZLSl4muduUlaoG1X8O9i7
         IJQAb100pv8fnzQPf+AMNRDUbFGwsbM1LckRmREOX2L+/HcwxpWyovwHEygprShqMV/w
         UV2nB0yS2AcmYfKPAf2gc1SBxttYwP7s78GsIR/UMLS2mNXU5+1HrEosAxZ7ccr+fl6r
         0i9ooGg0UgsPffsHMsTlrsK7WXkof42q5i7pJW1oiB4GRcNx0f90l9J3ek2ebMNgAG8T
         FhjVSC6RMx3IPEzt0HR9LC+7U2h73Ob+uM0gk1y8y4v2PyNyVr899bUJMmJt2gnehutU
         FXCA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=knJeWAuAqA5UlEpt83ngR+767zMb5UM/sYg1v7UcpCw=;
        b=yuEK3LwxVrh/Jq4ZbcQ7THzrwUbp37EpMJSy6wdMWEvFMhUQqh+Tt2BxiC62w1lWJi
         6dZIcznZkkK4Lx1LecA5OGr7gTrrxRlBoJxXOluQas8oG7O4/nrUW4W7OXU+34CvTaFF
         pdA0xXdzZenaHci/1fHIULvwJMFDU5R/72AWuXxUCaq37qx/Og/CH4JW8iNfPWzIVqc/
         j5ezxRFqy2aZMcBjGQ9++GNiULRGLUM9ODMGPyfpNhyUbwgUyrrJ96CIthWhXy93TaO5
         LbqSHTdJ4TpHdPyHrp/VnpXmNRidWooBt9286oQIimstNDwsJTI8PiuRnti40E80waz7
         qlUw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@anirudhrb.com header.s=zoho header.b=M6eXNQwy;
       arc=pass (i=1 spf=pass spfdomain=anirudhrb.com dkim=pass dkdomain=anirudhrb.com dmarc=pass fromdomain=anirudhrb.com>);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j5si6154078ilr.135.2021.05.16.15.22.10;
        Sun, 16 May 2021 15:22:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@anirudhrb.com header.s=zoho header.b=M6eXNQwy;
       arc=pass (i=1 spf=pass spfdomain=anirudhrb.com dkim=pass dkdomain=anirudhrb.com dmarc=pass fromdomain=anirudhrb.com>);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231977AbhEPTFG (ORCPT <rfc822;longbowk@gmail.com> + 99 others);
        Sun, 16 May 2021 15:05:06 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21310 "EHLO
        sender4-of-o53.zoho.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231589AbhEPTFG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 16 May 2021 15:05:06 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1621191817; cv=none; 
        d=zohomail.com; s=zohoarc; 
        b=ia14Lb0T+uAulHG1TPwDesKVhwZdhRTbtZ1b0y/wFBx2A3U72f0n9So09gjvWPRry4CBotf+k7p8fIRTC7a0tWVdkm0/uK7PF8HepVbohc9fhW9e8fk6AWEULZ28bQ6IDqyPWZZiWNk/ngwana0QVKRP2ZArADtqQMtm94t1jU0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; 
        t=1621191817; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; 
        bh=knJeWAuAqA5UlEpt83ngR+767zMb5UM/sYg1v7UcpCw=; 
        b=ZuSmqIlCcQVrp9Q6yJBOVJLK8wKdeCqCG3NouE1jX4+S6G3kD076e9taZD3qJPRQA7Is7+un+G4lI/B/13geEiLuqhAn4ZhwHYjY0R2qoVy1McLUC5js/vS4HFjsA2rqR/wB0N2AuOX4lv+Ir1kbBa3zS3WuX5wuCiXxXiNZ+n8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
        dkim=pass  header.i=anirudhrb.com;
        spf=pass  smtp.mailfrom=mail@anirudhrb.com;
        dmarc=pass header.from=<mail@anirudhrb.com> header.from=<mail@anirudhrb.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1621191817;
        s=zoho; d=anirudhrb.com; i=mail@anirudhrb.com;
        h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:In-Reply-To;
        bh=knJeWAuAqA5UlEpt83ngR+767zMb5UM/sYg1v7UcpCw=;
        b=M6eXNQwysaohb7TkG4TH35wkAaQarDniox+pI1CAHWO5Y4qkxIEN4vpGlIYiOtgX
        pxjhgNXfsfi9vedl4McoQnxei3ZqmFssc8VN8UO/pVlf0GkVyr7JC69TGNO9+b4qm/9
        wks111COXEGC1nBpHkybyphkYG3Iqi5f+OqVD3Y0=
Received: from anirudhrb.com (106.51.110.61 [106.51.110.61]) by mx.zohomail.com
        with SMTPS id 1621191814374210.47511037786865; Sun, 16 May 2021 12:03:34 -0700 (PDT)
Date:   Mon, 17 May 2021 00:33:26 +0530
From:   Anirudh Rayabharam <mail@anirudhrb.com>
To:     kernel test robot <oliver.sang@intel.com>
Cc:     Igor Matheus Andrade Torrente <igormtorrente@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Ferenc Bakonyi <fero@drama.obuda.kando.hu>,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
        stable <stable@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>, lkp@lists.01.org,
        lkp@intel.com
Subject: Re: [video]  dc13cac486: BUG:KASAN:stack-out-of-bounds_in_hgafb_open
Message-ID: <YKFsfoaofqs1MQDw@anirudhrb.com>
References: <20210516150019.GB25903@xsang-OptiPlex-9020>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210516150019.GB25903@xsang-OptiPlex-9020>
X-ZohoMailClient: External
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, May 16, 2021 at 11:00:19PM +0800, kernel test robot wrote:
> 
> 
> Greeting,
> 
> FYI, we noticed the following commit (built with gcc-9):
> 
> commit: dc13cac4862cc68ec74348a80b6942532b7735fa ("video: hgafb: fix potential NULL pointer dereference")
> https://git.kernel.org/cgit/linux/kernel/git/gregkh/char-misc.git char-misc-linus
> 
> 
> in testcase: trinity
> version: trinity-static-x86_64-x86_64-f93256fb_2019-08-28
> with following parameters:
> 
> 	number: 99999
> 	group: group-02
> 
> test-description: Trinity is a linux system call fuzz tester.
> test-url: http://codemonkey.org.uk/projects/trinity/
> 
> 
> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> 
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
> 
> 
> +---------------------------------------------+------------+------------+
> |                                             | 58c0cc2d90 | dc13cac486 |
> +---------------------------------------------+------------+------------+
> | boot_successes                              | 42         | 14         |
> | boot_failures                               | 0          | 34         |
> | BUG:KASAN:stack-out-of-bounds_in_hgafb_open | 0          | 34         |
> +---------------------------------------------+------------+------------+
> 
> 
> If you fix the issue, kindly add following tag
> Reported-by: kernel test robot <oliver.sang@intel.com>
> 
> 
> [  419.568887] BUG: KASAN: stack-out-of-bounds in hgafb_open (kbuild/src/consumer/drivers/video/fbdev/hgafb.c:375) 

Looks like the return value of hga_card_detect() is not properly
handled causing the probe function to succeed even though
hga_card_detect() has failed. Since probe has succeeded, hgafb_open()
can be called which will end up operating on an unmapped hga_vram.

Patch on the way.

Thanks!

	- Anirudh.