bisecting fixing commit since 22fbc037cd32e4e6771d2271b565806cfb8c134c building syzkaller on 1a3f94087169f62f9a5832828f62b4900e98b781 testing commit 22fbc037cd32e4e6771d2271b565806cfb8c134c with gcc (GCC) 8.1.0 kernel signature: 0a764d200964031fce40ac9962944d92b6067f62f20e1d80740fe466bd56dabd run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: OK run #4: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #5: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #6: OK run #7: OK run #8: OK run #9: OK testing current HEAD a409ed156a90093a03fe6a93721ddf4c591eac87 testing commit a409ed156a90093a03fe6a93721ddf4c591eac87 with gcc (GCC) 8.1.0 kernel signature: 0c2ca48122de2a2fb4e8b14a0386f235ff7cd23b682e7a3b888df02f9eb08a36 all runs: OK # git bisect start a409ed156a90093a03fe6a93721ddf4c591eac87 22fbc037cd32e4e6771d2271b565806cfb8c134c Bisecting: 14681 revisions left to test after this (roughly 14 steps) [e533cda12d8f0e7936354bafdc85c81741f805d2] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit e533cda12d8f0e7936354bafdc85c81741f805d2 with gcc (GCC) 8.1.0 kernel signature: 16b6b43b83dfaef31f100685d69c93940bf8a390778fbbfafa08264ffd255b82 all runs: OK # git bisect bad e533cda12d8f0e7936354bafdc85c81741f805d2 Bisecting: 7682 revisions left to test after this (roughly 13 steps) [93b694d096cc10994c817730d4d50288f9ae3d66] Merge tag 'drm-next-2020-10-15' of git://anongit.freedesktop.org/drm/drm testing commit 93b694d096cc10994c817730d4d50288f9ae3d66 with gcc (GCC) 8.1.0 kernel signature: d6738677dacee109900c714cff047003a7bf4b89e3f5838fe86be041b125e867 all runs: OK # git bisect bad 93b694d096cc10994c817730d4d50288f9ae3d66 Bisecting: 3575 revisions left to test after this (roughly 12 steps) [37187df45af7d28d27b5c130c23f407ca9dbefa2] Merge tag 'iomap-5.10-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 37187df45af7d28d27b5c130c23f407ca9dbefa2 with gcc (GCC) 8.1.0 kernel signature: f7a5f96347b559447f24eb211b7c1a664b64feac0047fca4735ad66583aaef7c run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #4: OK run #5: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #6: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #7: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #8: OK run #9: OK # git bisect good 37187df45af7d28d27b5c130c23f407ca9dbefa2 Bisecting: 1930 revisions left to test after this (roughly 11 steps) [c6dbef7307629cce855aa6b482b60cbf7777ed88] Merge tag 'usb-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit c6dbef7307629cce855aa6b482b60cbf7777ed88 with gcc (GCC) 8.1.0 kernel signature: 164bd0a5204cc14f9ffeb0317016ce43db22e46cd4602c13166b999285b6d227 run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #4: OK run #5: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #6: OK run #7: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #8: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #9: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good c6dbef7307629cce855aa6b482b60cbf7777ed88 Bisecting: 965 revisions left to test after this (roughly 10 steps) [37054fc81443cc6a8c3a38395f384412b8373d82] gpu/drm: ingenic: Add option to mmap GEM buffers cached testing commit 37054fc81443cc6a8c3a38395f384412b8373d82 with gcc (GCC) 8.1.0 kernel signature: 39f05588fab17d577d7e0756b5e8cc8d2c77b502e8e916cf1e9da9628bb21821 all runs: OK # git bisect bad 37054fc81443cc6a8c3a38395f384412b8373d82 Bisecting: 501 revisions left to test after this (roughly 9 steps) [da62cb7230f0871c30dc9789071f63229158d261] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create testing commit da62cb7230f0871c30dc9789071f63229158d261 with gcc (GCC) 8.1.0 kernel signature: 53b6804cc938960d49aed919e7f9d183e5e4d259bda1e498070a6e87b42012b8 all runs: OK # git bisect bad da62cb7230f0871c30dc9789071f63229158d261 Bisecting: 231 revisions left to test after this (roughly 8 steps) [faa962bbae312eaf84838bbdc96ccc216ba248ef] dt-bindings: vendor-prefixes: Add mantix vendor prefix testing commit faa962bbae312eaf84838bbdc96ccc216ba248ef with gcc (GCC) 8.1.0 kernel signature: 53d5a92409f8cd01bf6767d941960f31e6d1f61f99204a5b45b483476c4ed66f run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #4: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #5: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #6: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #7: OK run #8: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #9: OK # git bisect good faa962bbae312eaf84838bbdc96ccc216ba248ef Bisecting: 115 revisions left to test after this (roughly 7 steps) [283d347d6e3e25829663cc629e80eccea96c25de] drm/vc4: hdmi: Remove vc4_dev hdmi pointer testing commit 283d347d6e3e25829663cc629e80eccea96c25de with gcc (GCC) 8.1.0 kernel signature: 5153788dd6db8e04aa1a9cc35a80ba6e0a725e37a32f0bdd7316710f46757ae9 run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #4: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #5: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #6: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #7: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #8: OK run #9: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 283d347d6e3e25829663cc629e80eccea96c25de Bisecting: 57 revisions left to test after this (roughly 6 steps) [3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4] docs: fb: Correcting the location of FRAMEBUFFER_CONSOLE option. testing commit 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 with gcc (GCC) 8.1.0 kernel signature: bfd002b8bd64b37f1bfea785da6567ab8553aa29841bd8f88a73b56ffe0dc307 all runs: OK # git bisect bad 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 Bisecting: 28 revisions left to test after this (roughly 5 steps) [2e3725b05b785e73482a194b99bff3d5a1c85140] dt-bindings: display: vc4: hdmi: Add BCM2711 HDMI controllers bindings testing commit 2e3725b05b785e73482a194b99bff3d5a1c85140 with gcc (GCC) 8.1.0 kernel signature: 5153788dd6db8e04aa1a9cc35a80ba6e0a725e37a32f0bdd7316710f46757ae9 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 2e3725b05b785e73482a194b99bff3d5a1c85140 Bisecting: 14 revisions left to test after this (roughly 4 steps) [fe2ab107536d808ad0c8ddce3e35b048dc5acb0f] omapfb: fix spelling mistake "propert" -> "property" testing commit fe2ab107536d808ad0c8ddce3e35b048dc5acb0f with gcc (GCC) 8.1.0 kernel signature: 8f87343f5052d5b58c315166fe888c86cbb966659de967fd6273cb88d62f76b4 all runs: OK # git bisect bad fe2ab107536d808ad0c8ddce3e35b048dc5acb0f Bisecting: 6 revisions left to test after this (roughly 3 steps) [25c4bcf9858e3e8752985fa0cda64a212ea328b7] drm/bridge: dw-mipi-dsi: fix dw_mipi_dsi_debugfs_show/write warnings testing commit 25c4bcf9858e3e8752985fa0cda64a212ea328b7 with gcc (GCC) 8.1.0 kernel signature: cb7bf9a415b14fe6514ddefa3072ee5f4ad8771ccd2a010f2384c8af4e4e95f2 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 25c4bcf9858e3e8752985fa0cda64a212ea328b7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a49145acfb975d921464b84fe00279f99827d816] fbmem: add margin check to fb_check_caps() testing commit a49145acfb975d921464b84fe00279f99827d816 with gcc (GCC) 8.1.0 kernel signature: f4e8ade5af355b5c0579a9cb581c441d02eca33055c3117b2bb38b24d7c20514 all runs: OK # git bisect bad a49145acfb975d921464b84fe00279f99827d816 Bisecting: 0 revisions left to test after this (roughly 1 step) [54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e] drm/ttm: merge offset and base in ttm_bus_placement testing commit 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e with gcc (GCC) 8.1.0 kernel signature: 9e12ede878562281900dca082ccbfcad6db3e140e4f9602f36506568cadc598c run #0: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #1: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #2: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #3: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #4: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #5: OK run #6: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #7: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #8: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #9: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e a49145acfb975d921464b84fe00279f99827d816 is the first bad commit commit a49145acfb975d921464b84fe00279f99827d816 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: f4e8ade5af355b5c0579a9cb581c441d02eca33055c3117b2bb38b24d7c20514 parent signature: 9e12ede878562281900dca082ccbfcad6db3e140e4f9602f36506568cadc598c revisions tested: 16, total time: 4h7m9.481083228s (build: 1h17m58.624770405s, test: 2h47m14.995161034s) first good commit: a49145acfb975d921464b84fe00279f99827d816 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com"] recipients (cc): []