bisecting cause commit starting from 0f4498cef9f5cd18d7c6639a2a902ec1edc5be4e building syzkaller on a8529b82fb3bb45832b08a099e7eb51707da9b37 testing commit 0f4498cef9f5cd18d7c6639a2a902ec1edc5be4e with gcc (GCC) 10.2.1 20210217 kernel signature: bd65ffd82f49534f30c663e34fd144c0cdcdb4e2cf2caf2f4b2dcb5cfe1e6c55 all runs: crashed: WARNING in emulate_vsyscall testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: e99cd9f143ce9d9fcac692e506c1f42fd7bad007e669bcc2d658384620d3ab58 all runs: OK # git bisect start 0f4498cef9f5cd18d7c6639a2a902ec1edc5be4e f40ddce88593482919761f74910f42f4b84c004b Bisecting: 5893 revisions left to test after this (roughly 13 steps) [d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm testing commit d99676af540c2dc829999928fb81c58c80a1dce4 with gcc (GCC) 10.2.1 20210217 kernel signature: 5ad479128f117a1d38bc7ee59edcdb592a5fda3fb52cbc77b71fa4437ceb8a6d run #0: crashed: WARNING in emulate_vsyscall run #1: crashed: WARNING in emulate_vsyscall run #2: crashed: WARNING in emulate_vsyscall run #3: crashed: WARNING in emulate_vsyscall run #4: crashed: WARNING in emulate_vsyscall run #5: crashed: WARNING in emulate_vsyscall run #6: crashed: WARNING in emulate_vsyscall run #7: crashed: WARNING in emulate_vsyscall run #8: crashed: WARNING in emulate_vsyscall run #9: boot failed: WARNING in kvm_wait # git bisect bad d99676af540c2dc829999928fb81c58c80a1dce4 Bisecting: 3717 revisions left to test after this (roughly 12 steps) [f9d58de23152f2c16f326d7e014cfa2933b00304] Merge tag 'affs-for-5.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f9d58de23152f2c16f326d7e014cfa2933b00304 with gcc (GCC) 10.2.1 20210217 kernel signature: 0e15079a3ab74417003eea81f14abff1aea815e5e366ab0cff272ccab2f025d2 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad f9d58de23152f2c16f326d7e014cfa2933b00304 Bisecting: 1819 revisions left to test after this (roughly 11 steps) [b8af417e4d93caeefb89bbfbd56ec95dedd8dab5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit b8af417e4d93caeefb89bbfbd56ec95dedd8dab5 with gcc (GCC) 10.2.1 20210217 kernel signature: f799a418c32b067e79a4f78f7c2cce52b228161cd214c31479fe47f155555d60 all runs: OK # git bisect good b8af417e4d93caeefb89bbfbd56ec95dedd8dab5 Bisecting: 948 revisions left to test after this (roughly 10 steps) [82851fce6107d5a3e66d95aee2ae68860a732703] Merge tag 'arm-dt-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 82851fce6107d5a3e66d95aee2ae68860a732703 with gcc (GCC) 10.2.1 20210217 kernel signature: 93f1cd081d57748b27705b3ea3d03eaff4d6a3eb03c35f95b4f4ec274b2df3f4 all runs: OK # git bisect good 82851fce6107d5a3e66d95aee2ae68860a732703 Bisecting: 382 revisions left to test after this (roughly 9 steps) [780607b9731feef575514108fc7956c54180f16e] Merge tag 'usb-5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 780607b9731feef575514108fc7956c54180f16e with gcc (GCC) 10.2.1 20210217 kernel signature: fd212aaa0912aa4309467c974099473fc779f2ea23b1928355723ec1774fffa4 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 780607b9731feef575514108fc7956c54180f16e Bisecting: 266 revisions left to test after this (roughly 8 steps) [c85bfed171aaa91a32dcecd7962a4c880bf9d0ab] Merge tag 'usb-serial-5.12-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-next testing commit c85bfed171aaa91a32dcecd7962a4c880bf9d0ab with gcc (GCC) 10.2.1 20210217 kernel signature: 6df793d273cf2d6d9739212cd8fe54fb6ef7c2e07d22029f399040e148a83cc1 all runs: OK # git bisect good c85bfed171aaa91a32dcecd7962a4c880bf9d0ab Bisecting: 131 revisions left to test after this (roughly 7 steps) [4bf0b820d146682d997248ff1d49665475f9df16] Merge tag 'x86_sgx_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 4bf0b820d146682d997248ff1d49665475f9df16 with gcc (GCC) 10.2.1 20210217 kernel signature: 5e7f0fe38a4209018c2701320ecb12ca3bf2778d57768644d8b882d0b8133b16 all runs: OK # git bisect good 4bf0b820d146682d997248ff1d49665475f9df16 Bisecting: 67 revisions left to test after this (roughly 6 steps) [3342ff2698e9720f4040cc458a2744b2b32f5c3a] tty: protect tty_write from odd low-level tty disciplines testing commit 3342ff2698e9720f4040cc458a2744b2b32f5c3a with gcc (GCC) 10.2.1 20210217 kernel signature: ce34632fed1dcd9ace2aa8823d47f7b5442667bedd3ed1dc5aa755d5ff899bd4 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 3342ff2698e9720f4040cc458a2744b2b32f5c3a Bisecting: 24 revisions left to test after this (roughly 5 steps) [ae821d2107e378bb086a02afcce82d0f43c29a6f] Merge tag 'x86_mm_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ae821d2107e378bb086a02afcce82d0f43c29a6f with gcc (GCC) 10.2.1 20210217 kernel signature: c1f7111d490b39346c20b826572905f2cab15ee5327ccc4a662610fabf779843 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad ae821d2107e378bb086a02afcce82d0f43c29a6f Bisecting: 14 revisions left to test after this (roughly 4 steps) [40c1fa52cdb7c13ef88232e374b4b8ac8d820c4f] Merge branch 'x86/cleanups' into x86/mm testing commit 40c1fa52cdb7c13ef88232e374b4b8ac8d820c4f with gcc (GCC) 10.2.1 20210217 kernel signature: f2e9f817b75349e7c4ac76b905d2794f848ff1860eb3747c42f04a766818a847 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 40c1fa52cdb7c13ef88232e374b4b8ac8d820c4f Bisecting: 11 revisions left to test after this (roughly 4 steps) [66fcd98883816dba3b66da20b5fc86fa410638b5] x86/fault: Don't look for extable entries for SMEP violations testing commit 66fcd98883816dba3b66da20b5fc86fa410638b5 with gcc (GCC) 10.2.1 20210217 kernel signature: 6775bed15d74eae537488e81438100b6a63cb0bfd6504b0270998fb41367c4a2 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 66fcd98883816dba3b66da20b5fc86fa410638b5 Bisecting: 5 revisions left to test after this (roughly 3 steps) [ef2544fb3f6457b79fc73cea39dafd67ee0f2824] x86/fault: Document the locking in the fault_signal_pending() path testing commit ef2544fb3f6457b79fc73cea39dafd67ee0f2824 with gcc (GCC) 10.2.1 20210217 kernel signature: 28c0f2e8066026f18279e0992076d21af905321467a723f225cc289ddac36648 all runs: OK # git bisect good ef2544fb3f6457b79fc73cea39dafd67ee0f2824 Bisecting: 2 revisions left to test after this (roughly 2 steps) [2cc624b0a7e68ba8957b18600181f7d5b0f3e1b6] x86/fault: Split the OOPS code out from no_context() testing commit 2cc624b0a7e68ba8957b18600181f7d5b0f3e1b6 with gcc (GCC) 10.2.1 20210217 kernel signature: 8632666fa99ab5741c9addbea263bf170ff13ef4b84418007a980c96352817a0 all runs: OK # git bisect good 2cc624b0a7e68ba8957b18600181f7d5b0f3e1b6 Bisecting: 0 revisions left to test after this (roughly 1 step) [6456a2a69ee16ad402f26d272d0b67ce1d25061f] x86/fault: Rename no_context() to kernelmode_fixup_or_oops() testing commit 6456a2a69ee16ad402f26d272d0b67ce1d25061f with gcc (GCC) 10.2.1 20210217 kernel signature: 1f8f5ecfb553e7e957f5707a4207dd4b4f233554492dcb77fdbafb990486c618 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 6456a2a69ee16ad402f26d272d0b67ce1d25061f Bisecting: 0 revisions left to test after this (roughly 0 steps) [5042d40a264c8a508d58ed71e4c07b05175b3635] x86/fault: Bypass no_context() for implicit kernel faults from usermode testing commit 5042d40a264c8a508d58ed71e4c07b05175b3635 with gcc (GCC) 10.2.1 20210217 kernel signature: 85c43d9d21c90c81236661bf549c825ca85f54d8c810c6d52f9ac73df1021d04 all runs: crashed: WARNING in emulate_vsyscall # git bisect bad 5042d40a264c8a508d58ed71e4c07b05175b3635 5042d40a264c8a508d58ed71e4c07b05175b3635 is the first bad commit commit 5042d40a264c8a508d58ed71e4c07b05175b3635 Author: Andy Lutomirski Date: Tue Feb 9 18:33:42 2021 -0800 x86/fault: Bypass no_context() for implicit kernel faults from usermode Drop an indentation level and remove the last user_mode(regs) == true caller of no_context() by directly OOPSing for implicit kernel faults from usermode. Signed-off-by: Andy Lutomirski Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/6e3d1129494a8de1e59d28012286e3a292a2296e.1612924255.git.luto@kernel.org arch/x86/mm/fault.c | 59 +++++++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 27 deletions(-) culprit signature: 85c43d9d21c90c81236661bf549c825ca85f54d8c810c6d52f9ac73df1021d04 parent signature: 8632666fa99ab5741c9addbea263bf170ff13ef4b84418007a980c96352817a0 revisions tested: 17, total time: 4h1m9.690458496s (build: 1h57m44.938494152s, test: 2h1m24.542706714s) first bad commit: 5042d40a264c8a508d58ed71e4c07b05175b3635 x86/fault: Bypass no_context() for implicit kernel faults from usermode recipients (to): ["bp@suse.de" "dave.hansen@linux.intel.com" "linux-kernel@vger.kernel.org" "luto@kernel.org" "luto@kernel.org" "peterz@infradead.org"] recipients (cc): ["bp@alien8.de" "hpa@zytor.com" "mingo@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: WARNING in emulate_vsyscall ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11460 at arch/x86/entry/vsyscall/vsyscall_64.c:276 emulate_vsyscall+0x1c5/0x910 arch/x86/entry/vsyscall/vsyscall_64.c:276 Modules linked in: CPU: 0 PID: 11460 Comm: syz-executor.1 Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:emulate_vsyscall+0x1c5/0x910 arch/x86/entry/vsyscall/vsyscall_64.c:276 Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 49 8b 95 48 08 00 00 b8 01 00 00 00 f6 c2 40 75 19 80 e6 04 75 14 <0f> 0b e9 40 01 00 00 31 c0 c3 31 c0 85 ed 0f 85 9f 00 00 00 48 83 RSP: 0000:ffffc9000256fe60 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff110023d4d6a RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888011ea5c48 RBP: ffff888011ea5400 R08: fffffffffffffff2 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000256ffd8 R13: ffff888011ea5400 R14: ffffc9000256fff0 R15: ffffc9000256ff58 FS: 00007f6c6f45d700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000540198 CR3: 000000003b176000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_user_addr_fault+0x57c/0xd10 arch/x86/mm/fault.c:1340 handle_page_fault arch/x86/mm/fault.c:1503 [inline] exc_page_fault+0x60/0xc0 arch/x86/mm/fault.c:1559 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:580 RIP: 0033:_end+0x703da000/0x0 Code: Unable to access opcode bytes at RIP 0xffffffffff5fffd6. RSP: 002b:00007f6c6f45d188 EFLAGS: 00010246 RAX: ffffffffffffffda RBX: 0000000000001000 RCX: 000000000004c62a RDX: 0000000000001000 RSI: 0000000600000001 RDI: 00000000000fb650 RBP: 00000000000ad4a1 R08: 00000000004af000 R09: 00000000004af000 R10: 00000000000af000 R11: 0000000400000001 R12: 00000000000ad4a1 R13: 0000000000401000 R14: 0000000000401000 R15: 0000000000001000