bisecting fixing commit since fdc072324f3c66190a20f57490b4842a391d8233 building syzkaller on 58ae5e18624eaaac79cab00e63d6f32c9bd64ee0 testing commit fdc072324f3c66190a20f57490b4842a391d8233 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: b97de039c0ba680556e45ec267c3ab5b8d3c79716ed14cf34cb7b913056d69fe all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit testing current HEAD 2950c9c5e0df6bd34af45a5168bbee345e95eae2 testing commit 2950c9c5e0df6bd34af45a5168bbee345e95eae2 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 5cca4896db824c341d45f20d12e8b8c26e9a22618246cc7e3735ca1441d2b0ea all runs: OK # git bisect start 2950c9c5e0df6bd34af45a5168bbee345e95eae2 fdc072324f3c66190a20f57490b4842a391d8233 Bisecting: 3507 revisions left to test after this (roughly 12 steps) [816e0b204e569962e84ee1ee9005df476041367e] scsi: megaraid_sas: Check user-provided offsets testing commit 816e0b204e569962e84ee1ee9005df476041367e compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0b778adde8d70819e10ad6888006900870d0fc82b792ef2ed3861fdd3d0777ca all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 816e0b204e569962e84ee1ee9005df476041367e Bisecting: 1753 revisions left to test after this (roughly 11 steps) [d551190aa9c71236d83ee29cd5f2146bc9898fc2] crypto: qat - fix error path in adf_isr_resource_alloc() testing commit d551190aa9c71236d83ee29cd5f2146bc9898fc2 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e064fbd8fbace73ea65576e406f574d1545cd35075c082a504cbf97e252d2259 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good d551190aa9c71236d83ee29cd5f2146bc9898fc2 Bisecting: 876 revisions left to test after this (roughly 10 steps) [7a4498d0a460b80f797841ad39ec1506aeaedfae] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() testing commit 7a4498d0a460b80f797841ad39ec1506aeaedfae compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: bde923c1ee184bbb4e35f92983c183d76ba43d1910de5bc1330b9970fa536726 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 7a4498d0a460b80f797841ad39ec1506aeaedfae Bisecting: 438 revisions left to test after this (roughly 9 steps) [2c39c32f92084736bc871c1ef096602eb1cc7b5b] serial: 8250: Mask out floating 16/32-bit bus bits testing commit 2c39c32f92084736bc871c1ef096602eb1cc7b5b compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 3ec67a9959829bb2aecbc392a3ca5c956ec70d56f77269b9399764188c3df8de all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 2c39c32f92084736bc871c1ef096602eb1cc7b5b Bisecting: 219 revisions left to test after this (roughly 8 steps) [23beb85d910f96ee5c7c8011fa8fb27a78ab80b7] soc: qcom: smsm: Fix missed interrupts if state changes while masked testing commit 23beb85d910f96ee5c7c8011fa8fb27a78ab80b7 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e627f5b2dfe5b8a8f306a19e9eba71b1af55be9ecb677fcc5029acdd6dc5c5d2 all runs: OK # git bisect bad 23beb85d910f96ee5c7c8011fa8fb27a78ab80b7 Bisecting: 109 revisions left to test after this (roughly 7 steps) [991158d680774ca5010fe6e15aa3a61aebfdf688] netfilter: nft_exthdr: fix endianness of tcp option cast testing commit 991158d680774ca5010fe6e15aa3a61aebfdf688 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 1c8541b079f5ac2e43a8e93e7aa734f9fe95c489efbe120cb89cab99952c7b60 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 991158d680774ca5010fe6e15aa3a61aebfdf688 Bisecting: 54 revisions left to test after this (roughly 6 steps) [145cbec513bfca1c406cde474e792f655b3e9bd5] crypto: talitos - reduce max key size for SEC1 testing commit 145cbec513bfca1c406cde474e792f655b3e9bd5 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: b14efde5918025111f9f2486bdf30dd76d8f5698cd540f430bd4b084b9ea3369 all runs: OK # git bisect bad 145cbec513bfca1c406cde474e792f655b3e9bd5 Bisecting: 27 revisions left to test after this (roughly 5 steps) [a78f93b9bba115e9c2a33529e28d4e12251e01e8] drm: Copy drm_wait_vblank to user before returning testing commit a78f93b9bba115e9c2a33529e28d4e12251e01e8 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: c37566e80589f4ee51878304cd7bb281cba8a5ccff846f80482071ca54667c84 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good a78f93b9bba115e9c2a33529e28d4e12251e01e8 Bisecting: 13 revisions left to test after this (roughly 4 steps) [cda01d1da3b0ba663ac77acd9dc254762746ebfd] qede: Fix memset corruption testing commit cda01d1da3b0ba663ac77acd9dc254762746ebfd compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ba1e30f975dded16856307c36dd24475a0f673e9af411ab6c20749207406b0b4 all runs: OK # git bisect bad cda01d1da3b0ba663ac77acd9dc254762746ebfd Bisecting: 6 revisions left to test after this (roughly 3 steps) [e9544276b3e60800a150f27fe5d031d133c77eea] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls testing commit e9544276b3e60800a150f27fe5d031d133c77eea compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: b56868319c26600e8b36da1992980b92cce87490d95f0c2c4f5c6d06d66c6f68 all runs: OK # git bisect bad e9544276b3e60800a150f27fe5d031d133c77eea Bisecting: 3 revisions left to test after this (roughly 2 steps) [0776c1a20babb4ad0b7ce7f2f4e0806a97663187] vt_kdsetmode: extend console locking testing commit 0776c1a20babb4ad0b7ce7f2f4e0806a97663187 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 1730e29d7d9fa276a214b7a7c6799e1d4c7b915c2f1ade56dfcdc20246c4e1dc all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 0776c1a20babb4ad0b7ce7f2f4e0806a97663187 Bisecting: 1 revision left to test after this (roughly 1 step) [3db3ec8f3b414fa76d3a9ae864781ebbb1709a36] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs testing commit 3db3ec8f3b414fa76d3a9ae864781ebbb1709a36 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f918ec52c05ad9a5bfd556ac3e0f123e1e9e20c6c415e655df211d5fec4d2c3d all runs: OK # git bisect bad 3db3ec8f3b414fa76d3a9ae864781ebbb1709a36 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6be10fb6c143608a7c7ab3901a096e272233bf64] fbmem: add margin check to fb_check_caps() testing commit 6be10fb6c143608a7c7ab3901a096e272233bf64 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 8cd65baedfc3766dc455a512d33d1d1be7fbbd1344f8d571fdf5ddc5c5fc41b1 all runs: OK # git bisect bad 6be10fb6c143608a7c7ab3901a096e272233bf64 6be10fb6c143608a7c7ab3901a096e272233bf64 is the first bad commit commit 6be10fb6c143608a7c7ab3901a096e272233bf64 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() commit a49145acfb975d921464b84fe00279f99827d816 upstream. A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com Signed-off-by: Greg Kroah-Hartman drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 8cd65baedfc3766dc455a512d33d1d1be7fbbd1344f8d571fdf5ddc5c5fc41b1 parent signature: 1730e29d7d9fa276a214b7a7c6799e1d4c7b915c2f1ade56dfcdc20246c4e1dc revisions tested: 15, total time: 4h24m34.828103686s (build: 2h38m52.999864539s, test: 1h43m52.184362141s) first good commit: 6be10fb6c143608a7c7ab3901a096e272233bf64 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com" "gregkh@linuxfoundation.org"] recipients (cc): []