bisecting fixing commit since 009c9aa5be652675a06d5211e1640e02bbb1c33d
building syzkaller on 1ba81399e2d03b53a7e631c4ab05f25af1fb1911
testing commit 009c9aa5be652675a06d5211e1640e02bbb1c33d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 10070267241840d7da50b714ded0a8e93082a75a7c7a5f5bccda8403bb9eeebe
all runs: crashed: WARNING in emulate_vsyscall
testing current HEAD d25f27432f80a800a3592db128254c8140bd71bf
testing commit d25f27432f80a800a3592db128254c8140bd71bf
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e9c7cd1e297804e91ba5c20e45df378ddbe5a309abb5234582f5c142a46cb1b4
all runs: OK
# git bisect start d25f27432f80a800a3592db128254c8140bd71bf 009c9aa5be652675a06d5211e1640e02bbb1c33d
Bisecting: 14766 revisions left to test after this (roughly 14 steps)
[4784dc99c73c22cd4a24f3b8793728620b457485] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 4784dc99c73c22cd4a24f3b8793728620b457485
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ab0f0ee8322f822a0207f9a014253ccfaa82e7c20280df7d59c61334a1836dc8
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good 4784dc99c73c22cd4a24f3b8793728620b457485
Bisecting: 7822 revisions left to test after this (roughly 13 steps)
[1b4f3dfb4792f03b139edf10124fcbeb44e608e6] Merge tag 'usb-serial-5.15-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-next

testing commit 1b4f3dfb4792f03b139edf10124fcbeb44e608e6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6d4e78528c702e2d938d8cb4ec69a943c49c4f9f0b2a309be340b495900cbc85
run #0: crashed: WARNING in emulate_vsyscall
run #1: crashed: WARNING in emulate_vsyscall
run #2: crashed: WARNING in emulate_vsyscall
run #3: crashed: WARNING in emulate_vsyscall
run #4: crashed: WARNING in emulate_vsyscall
run #5: crashed: WARNING in emulate_vsyscall
run #6: crashed: WARNING in emulate_vsyscall
run #7: crashed: WARNING in emulate_vsyscall
run #8: OK
run #9: crashed: WARNING in emulate_vsyscall
# git bisect good 1b4f3dfb4792f03b139edf10124fcbeb44e608e6
Bisecting: 3922 revisions left to test after this (roughly 12 steps)
[0961f0c00e69672a8e4a2e591355567dbda44389] Merge tag 'nfs-for-5.15-1' of git://git.linux-nfs.org/projects/anna/linux-nfs

testing commit 0961f0c00e69672a8e4a2e591355567dbda44389
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b4fcd2b5ce87622eb0974a08ad71e1cc9e9c3e4e699cc849c3de1c53e1286b31
run #0: crashed: WARNING in emulate_vsyscall
run #1: crashed: WARNING in emulate_vsyscall
run #2: crashed: WARNING in emulate_vsyscall
run #3: crashed: WARNING in emulate_vsyscall
run #4: crashed: WARNING in emulate_vsyscall
run #5: crashed: WARNING in emulate_vsyscall
run #6: crashed: KASAN: use-after-free Read in __d_alloc
run #7: crashed: WARNING in emulate_vsyscall
run #8: crashed: WARNING in emulate_vsyscall
run #9: crashed: WARNING in emulate_vsyscall
# git bisect good 0961f0c00e69672a8e4a2e591355567dbda44389
Bisecting: 1959 revisions left to test after this (roughly 11 steps)
[6aaa84343895a62add33c992b219f65be0d65c93] Merge tag 'scmi-fixes-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/fixes

testing commit 6aaa84343895a62add33c992b219f65be0d65c93
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ce277ad2be0f82b5108c1da6522fba72bdc74763c4e02b5f9312026ba37c8cfb
run #0: crashed: WARNING in emulate_vsyscall
run #1: crashed: WARNING in emulate_vsyscall
run #2: crashed: WARNING in emulate_vsyscall
run #3: crashed: WARNING in emulate_vsyscall
run #4: crashed: WARNING in emulate_vsyscall
run #5: crashed: WARNING in emulate_vsyscall
run #6: crashed: WARNING in emulate_vsyscall
run #7: crashed: WARNING in emulate_vsyscall
run #8: crashed: WARNING in emulate_vsyscall
run #9: OK
# git bisect good 6aaa84343895a62add33c992b219f65be0d65c93
Bisecting: 979 revisions left to test after this (roughly 10 steps)
[291073a566b2094c7192872cc0f17ce73d83cb76] kvm: fix objtool relocation warning

testing commit 291073a566b2094c7192872cc0f17ce73d83cb76
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1dab89752a4362fe43554312e70f18eadabf6fd5f53445c814e5437f4b4070c9
all runs: OK
# git bisect bad 291073a566b2094c7192872cc0f17ce73d83cb76
Bisecting: 480 revisions left to test after this (roughly 9 steps)
[85736168463db124e1c4f382c7c2fca64c3acb80] Merge tag 'char-misc-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

testing commit 85736168463db124e1c4f382c7c2fca64c3acb80
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fb2b99f4df687ba1faca30447c71e8461beeb4de92b59d5b8ee7ded44e17b13d
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good 85736168463db124e1c4f382c7c2fca64c3acb80
Bisecting: 243 revisions left to test after this (roughly 8 steps)
[6e439bbd436e39f15abc9587cdd23d56257780cb] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 6e439bbd436e39f15abc9587cdd23d56257780cb
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3fc248b58de155493fe8f734bb3d6374d1201f17d579bb53ec0b13ed1580539d
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor356762897" "root@10.128.1.163:./syz-executor356762897"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.163 port 22 timed out
lost connection

run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor291159502" "root@10.128.1.143:./syz-executor291159502"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.143 port 22 timed out
lost connection

run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 6e439bbd436e39f15abc9587cdd23d56257780cb
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[299d6e47e8f8665904b9c8c321edb3876c92f68b] Merge tag 'thermal-v5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux

testing commit 299d6e47e8f8665904b9c8c321edb3876c92f68b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 891c11e18214f5652e6ea51615e5f713660b5db79630baf7a70b8c65837bb90a
run #0: OK
run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor089948577" "root@10.128.10.58:./syz-executor089948577"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.10.58 port 22 timed out
lost connection

run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 299d6e47e8f8665904b9c8c321edb3876c92f68b
Bisecting: 71 revisions left to test after this (roughly 6 steps)
[f6f360aef0e70a45cbf43db1dd9df5a5e96d9836] Merge tag 'io_uring-5.15-2021-09-25' of git://git.kernel.dk/linux-block

testing commit f6f360aef0e70a45cbf43db1dd9df5a5e96d9836
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: be7117a2b47b1746481022b1d296f1ef65a8ff158032b28f0a7d7edf96705cb9
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good f6f360aef0e70a45cbf43db1dd9df5a5e96d9836
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[bb19237bf6eb760802bf28d9274e1af1ef1b84e2] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

testing commit bb19237bf6eb760802bf28d9274e1af1ef1b84e2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 03a41951fb98863898740bcb2014e1b7dc77330080becd07a33c652e141017ac
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good bb19237bf6eb760802bf28d9274e1af1ef1b84e2
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[a3b397b4fffb799d25658defafd962f0fb3e9fe0] Merge branch 'akpm' (patches from Andrew)

testing commit a3b397b4fffb799d25658defafd962f0fb3e9fe0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cb10b10d92fbbc95412aaed1fc39c67ce5bcb957de4fe7d2a7e4be4855114cd8
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good a3b397b4fffb799d25658defafd962f0fb3e9fe0
Bisecting: 10 revisions left to test after this (roughly 3 steps)
[dc0f97c2613d09734719ef89d99d06417d92337d] Merge tag 'irq-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit dc0f97c2613d09734719ef89d99d06417d92337d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 68c983aeb45221e6135d51a9aa2cca9b3e43a9b490b7dee0f846c1db3f13f093
all runs: crashed: WARNING in emulate_vsyscall
# git bisect good dc0f97c2613d09734719ef89d99d06417d92337d
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[5ba1071f7554c4027bdbd712a146111de57918de] x86/insn, tools/x86: Fix undefined behavior due to potential unaligned accesses

testing commit 5ba1071f7554c4027bdbd712a146111de57918de
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f926fdbc7c21385a396845dadceaa33780cea715121851f364d9f2c038b5c1ed
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor499711227" "root@10.128.1.245:./syz-executor499711227"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.245 port 22 timed out
lost connection

run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 5ba1071f7554c4027bdbd712a146111de57918de
Bisecting: 1 revision left to test after this (roughly 1 step)
[8aa83e6395ce047a506f0b16edca45f36c1ae7f8] x86/setup: Call early_reserve_memory() earlier

testing commit 8aa83e6395ce047a506f0b16edca45f36c1ae7f8
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: efe92936b9003dc52daa6e2e40a27d2e84d1a457ee05106c725770b50e5342fb
run #0: OK
run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor859579057" "root@10.128.1.114:./syz-executor859579057"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.114 port 22 timed out
lost connection

run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor851667438" "root@10.128.10.21:./syz-executor851667438"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.10.21 port 22 timed out
lost connection

run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 8aa83e6395ce047a506f0b16edca45f36c1ae7f8
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d4ffd5df9d18031b6a53f934388726775b4452d3] x86/fault: Fix wrong signal when vsyscall fails with pkey

testing commit d4ffd5df9d18031b6a53f934388726775b4452d3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ba4405955444079cd8ca491670dd5fc7dee718d3e447da647deab6024548722a
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor096718457" "root@10.128.1.247:./syz-executor096718457"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.247 port 22 timed out
lost connection

run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad d4ffd5df9d18031b6a53f934388726775b4452d3
d4ffd5df9d18031b6a53f934388726775b4452d3 is the first bad commit
commit d4ffd5df9d18031b6a53f934388726775b4452d3
Author: Jiashuo Liang <liangjs@pku.edu.cn>
Date:   Fri Jul 30 11:01:52 2021 +0800

    x86/fault: Fix wrong signal when vsyscall fails with pkey
    
    The function __bad_area_nosemaphore() calls kernelmode_fixup_or_oops()
    with the parameter @signal being actually @pkey, which will send a
    signal numbered with the argument in @pkey.
    
    This bug can be triggered when the kernel fails to access user-given
    memory pages that are protected by a pkey, so it can go down the
    do_user_addr_fault() path and pass the !user_mode() check in
    __bad_area_nosemaphore().
    
    Most cases will simply run the kernel fixup code to make an -EFAULT. But
    when another condition current->thread.sig_on_uaccess_err is met, which
    is only used to emulate vsyscall, the kernel will generate the wrong
    signal.
    
    Add a new parameter @pkey to kernelmode_fixup_or_oops() to fix this.
    
     [ bp: Massage commit message, fix build error as reported by the 0day
       bot: https://lkml.kernel.org/r/202109202245.APvuT8BX-lkp@intel.com ]
    
    Fixes: 5042d40a264c ("x86/fault: Bypass no_context() for implicit kernel faults from usermode")
    Reported-by: kernel test robot <lkp@intel.com>
    Signed-off-by: Jiashuo Liang <liangjs@pku.edu.cn>
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
    Link: https://lkml.kernel.org/r/20210730030152.249106-1-liangjs@pku.edu.cn

 arch/x86/include/asm/pkeys.h |  2 --
 arch/x86/mm/fault.c          | 26 ++++++++++++++++++--------
 include/linux/pkeys.h        |  2 ++
 3 files changed, 20 insertions(+), 10 deletions(-)

parent commit e4e737bb5c170df6135a127739a9e6148ee3da82 wasn't tested
testing commit e4e737bb5c170df6135a127739a9e6148ee3da82
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 664bd4ba0af5457cd203159495dc05b342b5df1fa4c27f90cdf0073a0b71a25c
culprit signature: ba4405955444079cd8ca491670dd5fc7dee718d3e447da647deab6024548722a
parent  signature: 664bd4ba0af5457cd203159495dc05b342b5df1fa4c27f90cdf0073a0b71a25c
revisions tested: 17, total time: 4h21m15.168134878s (build: 1h57m31.178802331s, test: 2h22m4.276604337s)
first good commit: d4ffd5df9d18031b6a53f934388726775b4452d3 x86/fault: Fix wrong signal when vsyscall fails with pkey
recipients (to): ["bp@suse.de" "dave.hansen@linux.intel.com" "liangjs@pku.edu.cn"]
recipients (cc): []