bisecting cause commit starting from 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c building syzkaller on 0ce7569ee76fda7e5a68b0fe14c93a3e8eb7d108 testing commit 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c with gcc (GCC) 8.1.0 kernel signature: c750b42ea5055df4c575e824c7a586ae32bb15ea76b8e5baf41bd5492b3cdbc5 all runs: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 95c68619eef55892287c6ef6aef38e50b6bed6b251040171d573695fecc9ed16 all runs: OK # git bisect start 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 6233 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: b6eef3722a0dcbd7ed985d3607216e8a0cd27cf88dc5afb7744d0bbfc117b473 all runs: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3039 revisions left to test after this (roughly 12 steps) [854e80bcfdafb8d99d308e21798cd0116338783d] Merge tag 'arm-dt-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 854e80bcfdafb8d99d308e21798cd0116338783d with gcc (GCC) 8.1.0 kernel signature: c3ebcfc3bc279cfa3d51887a0997add3424049ffca4484af68afd6e061d6fe47 all runs: OK # git bisect good 854e80bcfdafb8d99d308e21798cd0116338783d Bisecting: 1502 revisions left to test after this (roughly 11 steps) [0906d8b975ff713cfb55328e4f3bf6de5967415e] Merge tag 'iommu-updates-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu testing commit 0906d8b975ff713cfb55328e4f3bf6de5967415e with gcc (GCC) 8.1.0 kernel signature: 3b1f057c054da3fdd4587ef9077751a48426e1b86b8ec2f7dadd9be4ce2d1ac6 all runs: OK # git bisect good 0906d8b975ff713cfb55328e4f3bf6de5967415e Bisecting: 714 revisions left to test after this (roughly 10 steps) [c8372665b4b96d6a818b2693dd49236d5f9c8bc2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c8372665b4b96d6a818b2693dd49236d5f9c8bc2 with gcc (GCC) 8.1.0 kernel signature: 59f310bf56aa80a521581515c3e38f7c5a1aeb8e528f136055ad5adbcc14cd60 all runs: OK # git bisect good c8372665b4b96d6a818b2693dd49236d5f9c8bc2 Bisecting: 365 revisions left to test after this (roughly 9 steps) [b4f633221f0aeac102e463a4be46a643b2e3b819] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace testing commit b4f633221f0aeac102e463a4be46a643b2e3b819 with gcc (GCC) 8.1.0 kernel signature: d7b63c8abf8c4c1652219ffdaf7e0894251d0e1e3e8d48593c3093c6708dd320 all runs: OK # git bisect good b4f633221f0aeac102e463a4be46a643b2e3b819 Bisecting: 128 revisions left to test after this (roughly 8 steps) [ab51cac00ef2859f20a73d33a53f3a8987b65e11] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit ab51cac00ef2859f20a73d33a53f3a8987b65e11 with gcc (GCC) 8.1.0 kernel signature: 5e82850c4dfd3a372d5cf8cb07fd3f531e7c8070622cd7dd53e3d261ff01c9ab all runs: OK # git bisect good ab51cac00ef2859f20a73d33a53f3a8987b65e11 Bisecting: 64 revisions left to test after this (roughly 6 steps) [edf17b283844a21b338b9618107c8817105d0ffa] Merge tag 'staging-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit edf17b283844a21b338b9618107c8817105d0ffa with gcc (GCC) 8.1.0 kernel signature: 3ae0c90abca96f9e699416bb320810d19dce3b5a06f56192229013fda71ba16f all runs: OK # git bisect good edf17b283844a21b338b9618107c8817105d0ffa Bisecting: 32 revisions left to test after this (roughly 5 steps) [3155f4f40811c5d7e3c686215051acf504e05565] USB: hub: Revert commit bd0e6c9614b9 ("usb: hub: try old enumeration scheme first for high speed devices") testing commit 3155f4f40811c5d7e3c686215051acf504e05565 with gcc (GCC) 8.1.0 kernel signature: 44777fc22e3a972e639712a1cfa1b34e91d06dec81071d1167d4121219add74b all runs: OK # git bisect good 3155f4f40811c5d7e3c686215051acf504e05565 Bisecting: 16 revisions left to test after this (roughly 4 steps) [9a9fc42b86c06120744555fea43fdcabe297c656] tty: hvc: fix buffer overflow during hvc_alloc(). testing commit 9a9fc42b86c06120744555fea43fdcabe297c656 with gcc (GCC) 8.1.0 kernel signature: 9f56d89a6b7d3dfabcf8a8dc847d870cd35a7cfd964265745d9471a304abb41c all runs: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! # git bisect bad 9a9fc42b86c06120744555fea43fdcabe297c656 Bisecting: 7 revisions left to test after this (roughly 3 steps) [0f87aa66e8c314f95c00eeff978c8a0b41e05d50] serial: sunhv: Initialize lock for non-registered console testing commit 0f87aa66e8c314f95c00eeff978c8a0b41e05d50 with gcc (GCC) 8.1.0 kernel signature: 7b13bc4c1aeff41a8863a391660bb3329a76591955ed567e74d66e676f41fe10 all runs: OK # git bisect good 0f87aa66e8c314f95c00eeff978c8a0b41e05d50 Bisecting: 3 revisions left to test after this (roughly 2 steps) [abf42d2f333b21bf8d33b2fbb8a85fa62037ac01] tty: serial: owl: add "much needed" clk_prepare_enable() testing commit abf42d2f333b21bf8d33b2fbb8a85fa62037ac01 with gcc (GCC) 8.1.0 kernel signature: d38d9b8000249848fdd424ef03517e1d9cd1d20d5cb18a42c41b3679fa8ea270 all runs: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! # git bisect bad abf42d2f333b21bf8d33b2fbb8a85fa62037ac01 Bisecting: 1 revision left to test after this (roughly 1 step) [66bb1c9518e623235cbaa7832c919eb4fe586cae] tty/sysrq: Export sysrq_mask(), sysrq_toggle_support() testing commit 66bb1c9518e623235cbaa7832c919eb4fe586cae with gcc (GCC) 8.1.0 kernel signature: 8dc9d259873d4b3081c4acc4b2bbb6a0adf9527f1c69a718d2cae657c1ac74fd all runs: OK # git bisect good 66bb1c9518e623235cbaa7832c919eb4fe586cae Bisecting: 0 revisions left to test after this (roughly 0 steps) [9a98e7a80f95378c9ee0c644705e3b5aa54745f1] vt: don't use kmalloc() for the unicode screen buffer testing commit 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 with gcc (GCC) 8.1.0 kernel signature: aa258edd9bec3b12099d05dcf19daf808fa9bdc711cd782ae381a80d771aa556 all runs: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! # git bisect bad 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 is the first bad commit commit 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 Author: Nicolas Pitre Date: Sat Mar 28 22:25:11 2020 -0400 vt: don't use kmalloc() for the unicode screen buffer Even if the actual screen size is bounded in vc_do_resize(), the unicode buffer is still a little more than twice the size of the glyph buffer and may exceed MAX_ORDER down the kmalloc() path. This can be triggered from user space. Since there is no point having a physically contiguous buffer here, let's avoid the above issue as well as reducing pressure on high order allocations by using vmalloc() instead. Signed-off-by: Nicolas Pitre Cc: Acked-by: Sam Ravnborg Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2003282214210.2671@knanqh.ubzr Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) culprit signature: aa258edd9bec3b12099d05dcf19daf808fa9bdc711cd782ae381a80d771aa556 parent signature: 8dc9d259873d4b3081c4acc4b2bbb6a0adf9527f1c69a718d2cae657c1ac74fd revisions tested: 15, total time: 3h32m49.285647892s (build: 1h26m25.093202638s, test: 2h5m15.180004055s) first bad commit: 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 vt: don't use kmalloc() for the unicode screen buffer cc: ["gregkh@linuxfoundation.org" "nico@fluxnic.net" "sam@ravnborg.org"] crash: kernel BUG at arch/x86/mm/physaddr.c:LINE! ------------[ cut here ]------------ kernel BUG at arch/x86/mm/physaddr.c:28! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8432 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__phys_addr+0x66/0xb0 arch/x86/mm/physaddr.c:28 Code: 0f b6 14 11 48 89 f9 83 e1 07 38 ca 7f 04 84 d2 75 1a 0f b6 0d b0 14 90 08 48 89 c2 48 d3 ea 48 85 d2 75 06 48 83 c4 08 5b c3 <0f> 0b 48 89 04 24 e8 1f 29 6f 00 48 8b 04 24 eb d7 48 c7 c7 10 10 RSP: 0018:ffffc900049e7900 EFLAGS: 00010002 RAX: 0000408004a39000 RBX: ffffc90084a39000 RCX: 000000000000002e RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffff89bd89b5 RBP: ffffc90004a39000 R08: ffffed1015d07104 R09: ffffed1015d07104 R10: ffff8880ae83881b R11: ffffed1015d07103 R12: ffffffff83989157 R13: 000000000000001e R14: 0000000000001f57 R15: ffff88809e9fc000 FS: 00007fd7ba317700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004fa1d0 CR3: 00000000951e3000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:833 [inline] virt_to_cache mm/slab.h:474 [inline] kfree+0x77/0x2b0 mm/slab.c:3749 vc_do_resize+0xe57/0x1120 drivers/tty/vt/vt.c:1233 vt_ioctl+0xfe8/0x2330 drivers/tty/vt/vt_ioctl.c:901 tty_ioctl+0x461/0x1220 drivers/tty/tty_io.c:2656 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0xb8/0x110 fs/ioctl.c:763 __do_sys_ioctl fs/ioctl.c:772 [inline] __se_sys_ioctl fs/ioctl.c:770 [inline] __x64_sys_ioctl+0x6a/0xb0 fs/ioctl.c:770 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd7ba316c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000004f2580 RCX: 000000000045c829 RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000066b R14: 00000000004c93f1 R15: 00007fd7ba3176d4 Modules linked in: ---[ end trace d7a3bec6bd6a206b ]--- RIP: 0010:__phys_addr+0x66/0xb0 arch/x86/mm/physaddr.c:28 Code: 0f b6 14 11 48 89 f9 83 e1 07 38 ca 7f 04 84 d2 75 1a 0f b6 0d b0 14 90 08 48 89 c2 48 d3 ea 48 85 d2 75 06 48 83 c4 08 5b c3 <0f> 0b 48 89 04 24 e8 1f 29 6f 00 48 8b 04 24 eb d7 48 c7 c7 10 10 RSP: 0018:ffffc900049e7900 EFLAGS: 00010002 RAX: 0000408004a39000 RBX: ffffc90084a39000 RCX: 000000000000002e RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffff89bd89b5 RBP: ffffc90004a39000 R08: ffffed1015d07104 R09: ffffed1015d07104 R10: ffff8880ae83881b R11: ffffed1015d07103 R12: ffffffff83989157 R13: 000000000000001e R14: 0000000000001f57 R15: ffff88809e9fc000 FS: 00007fd7ba317700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004fa1d0 CR3: 00000000951e3000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400