bisecting fixing commit since f4d51dffc6c01a9e94650d95ce0104964f8ae822 building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit f4d51dffc6c01a9e94650d95ce0104964f8ae822 with gcc (GCC) 8.1.0 kernel signature: 03843cb8e7fb124bff29e63e6c98263e466cf82567f0b8417054828df09e9a8c all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit testing current HEAD 585e5b17b92dead8a3aca4e3c9876fbca5f7e0ba testing commit 585e5b17b92dead8a3aca4e3c9876fbca5f7e0ba with gcc (GCC) 8.1.0 kernel signature: 36cac9c7961b89fe5941615d763436e5fb1179d27a106b454143c660dbcb7602 all runs: OK # git bisect start 585e5b17b92dead8a3aca4e3c9876fbca5f7e0ba f4d51dffc6c01a9e94650d95ce0104964f8ae822 Bisecting: 8440 revisions left to test after this (roughly 13 steps) [c48b75b7271db23c1b2d1204d6e8496d91f27711] Merge tag 'sound-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit c48b75b7271db23c1b2d1204d6e8496d91f27711 with gcc (GCC) 8.1.0 kernel signature: 7f841900a2bd6c76da7c6c202a5230bdcc33952a6535296439dc712c476f058d all runs: OK # git bisect bad c48b75b7271db23c1b2d1204d6e8496d91f27711 Bisecting: 4363 revisions left to test after this (roughly 12 steps) [15cb5469fc5fff06969832028b743cb658d1a5b5] Merge tag 'platform-drivers-x86-v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 15cb5469fc5fff06969832028b743cb658d1a5b5 with gcc (GCC) 8.1.0 kernel signature: 07b4f02990235d5ba7bb6ffd21102334db069202eef4f39e72d13dd6aeb8ab79 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 15cb5469fc5fff06969832028b743cb658d1a5b5 Bisecting: 2075 revisions left to test after this (roughly 11 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: d0fd1f1a8656bb6349e5e4312efe20ec6b3a23d490fb4455135508a7e8bca0f0 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 1053 revisions left to test after this (roughly 10 steps) [d3c8f2784d3266d27956659c78835ee1d1925ad2] drm/ingenic: Fix bad revert testing commit d3c8f2784d3266d27956659c78835ee1d1925ad2 with gcc (GCC) 8.1.0 kernel signature: d12e97e9b18744069b139b541a5a216342ee9b9c5c5194ab991c3c377c4ae255 all runs: OK # git bisect bad d3c8f2784d3266d27956659c78835ee1d1925ad2 Bisecting: 558 revisions left to test after this (roughly 9 steps) [da62cb7230f0871c30dc9789071f63229158d261] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create testing commit da62cb7230f0871c30dc9789071f63229158d261 with gcc (GCC) 8.1.0 kernel signature: bd1a91827d14da5ae8c793d138ed122fda9c26dddb2636459686ab38cb9983c8 all runs: OK # git bisect bad da62cb7230f0871c30dc9789071f63229158d261 Bisecting: 231 revisions left to test after this (roughly 8 steps) [faa962bbae312eaf84838bbdc96ccc216ba248ef] dt-bindings: vendor-prefixes: Add mantix vendor prefix testing commit faa962bbae312eaf84838bbdc96ccc216ba248ef with gcc (GCC) 8.1.0 kernel signature: 062cc87749ad075e9a05f5c0464b39bacf43d5b9f1df1d7357dbbbe52da3d01f all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good faa962bbae312eaf84838bbdc96ccc216ba248ef Bisecting: 115 revisions left to test after this (roughly 7 steps) [283d347d6e3e25829663cc629e80eccea96c25de] drm/vc4: hdmi: Remove vc4_dev hdmi pointer testing commit 283d347d6e3e25829663cc629e80eccea96c25de with gcc (GCC) 8.1.0 kernel signature: b1335d42186bbdad031d0f924c80971c3f2e3a550054fe1bb6958a6961127654 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 283d347d6e3e25829663cc629e80eccea96c25de Bisecting: 57 revisions left to test after this (roughly 6 steps) [3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4] docs: fb: Correcting the location of FRAMEBUFFER_CONSOLE option. testing commit 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 with gcc (GCC) 8.1.0 kernel signature: 27f4f708d40a747ca08261320a73a7d1ca30399eb0d00b36f69600d81ddc948f all runs: OK # git bisect bad 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 Bisecting: 28 revisions left to test after this (roughly 5 steps) [2e3725b05b785e73482a194b99bff3d5a1c85140] dt-bindings: display: vc4: hdmi: Add BCM2711 HDMI controllers bindings testing commit 2e3725b05b785e73482a194b99bff3d5a1c85140 with gcc (GCC) 8.1.0 kernel signature: b1335d42186bbdad031d0f924c80971c3f2e3a550054fe1bb6958a6961127654 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 2e3725b05b785e73482a194b99bff3d5a1c85140 Bisecting: 14 revisions left to test after this (roughly 4 steps) [fe2ab107536d808ad0c8ddce3e35b048dc5acb0f] omapfb: fix spelling mistake "propert" -> "property" testing commit fe2ab107536d808ad0c8ddce3e35b048dc5acb0f with gcc (GCC) 8.1.0 kernel signature: 426ba135e225482a5fd0dd1846d5b99b1940ec0a57d347dd3406bf9cc64d83b9 all runs: OK # git bisect bad fe2ab107536d808ad0c8ddce3e35b048dc5acb0f Bisecting: 6 revisions left to test after this (roughly 3 steps) [25c4bcf9858e3e8752985fa0cda64a212ea328b7] drm/bridge: dw-mipi-dsi: fix dw_mipi_dsi_debugfs_show/write warnings testing commit 25c4bcf9858e3e8752985fa0cda64a212ea328b7 with gcc (GCC) 8.1.0 kernel signature: d4c97eb6834f42c2059ad03ec8d824d19b224b60b60cb2cb90f3e13caa7c418d all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 25c4bcf9858e3e8752985fa0cda64a212ea328b7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a49145acfb975d921464b84fe00279f99827d816] fbmem: add margin check to fb_check_caps() testing commit a49145acfb975d921464b84fe00279f99827d816 with gcc (GCC) 8.1.0 kernel signature: cc19245d8c1baf828fa401243e7b868858163fa51e06ce5cdccf1f603df3ad18 all runs: OK # git bisect bad a49145acfb975d921464b84fe00279f99827d816 Bisecting: 0 revisions left to test after this (roughly 1 step) [54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e] drm/ttm: merge offset and base in ttm_bus_placement testing commit 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e with gcc (GCC) 8.1.0 kernel signature: 660695b3fffd448def7a16c3ec915f1dac983aa9686732a611298daa179edf34 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e a49145acfb975d921464b84fe00279f99827d816 is the first bad commit commit a49145acfb975d921464b84fe00279f99827d816 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: cc19245d8c1baf828fa401243e7b868858163fa51e06ce5cdccf1f603df3ad18 parent signature: 660695b3fffd448def7a16c3ec915f1dac983aa9686732a611298daa179edf34 revisions tested: 15, total time: 2h39m1.686765312s (build: 1h10m17.230503339s, test: 1h27m19.393714073s) first good commit: a49145acfb975d921464b84fe00279f99827d816 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com"] recipients (cc): []