bisecting cause commit starting from 494d311a82bb06a81fa7ef4277367701a792e6ef building syzkaller on 6436ce4bcd8e2c7dcca0b171ac91f51e96d973f8 testing commit 494d311a82bb06a81fa7ef4277367701a792e6ef with gcc (GCC) 8.1.0 kernel signature: 8eb2aa5243a8e2077f8318eef13503521db8d99e2da55d8080e6d53191202d31 run #0: crashed: BUG: Bad page map run #1: crashed: kernel panic: corrupted stack end in sys_futex run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: general protection fault in __do_replace run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: unable to handle kernel paging request in neigh_flush_dev testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 2ef7e8001cbe553ded3622639026100ccd4c114d21cc9e6164db430cb5062a24 all runs: OK # git bisect start 494d311a82bb06a81fa7ef4277367701a792e6ef bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 8224 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: 1abeb56d4daacf6e30cf1eaeed21c3c1ae03b035155d7059ca88ea9385ef1144 all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 4111 revisions left to test after this (roughly 12 steps) [de11ec5fedd90a58917059a5f3c1d86154fe5744] Merge branch 'for-5.9/upstream-fixes' into for-next testing commit de11ec5fedd90a58917059a5f3c1d86154fe5744 with gcc (GCC) 8.1.0 kernel signature: 53a2e8c63cb91a0fb772f4a5c67afbfd8349c7847749ebc22a344a5b77489e8c all runs: OK # git bisect good de11ec5fedd90a58917059a5f3c1d86154fe5744 Bisecting: 2056 revisions left to test after this (roughly 11 steps) [64a16c1a191cc68f2a75f8f28408aa66641639c0] Merge remote-tracking branch 'drm-fixes/drm-fixes' into master testing commit 64a16c1a191cc68f2a75f8f28408aa66641639c0 with gcc (GCC) 8.1.0 kernel signature: 419984557f69046b7d9df798864ad3ccb5436e110ccdbbb24167baad7ee984ed all runs: OK # git bisect good 64a16c1a191cc68f2a75f8f28408aa66641639c0 Bisecting: 1020 revisions left to test after this (roughly 10 steps) [a231001ebddf89097f484c13023e2e2709abc4c9] Merge remote-tracking branch 'amdgpu/drm-next' into master testing commit a231001ebddf89097f484c13023e2e2709abc4c9 with gcc (GCC) 8.1.0 kernel signature: 9aecb9e0944c07c1ec10eb007326f803107f723aa1ee11c1a676569405be0503 all runs: OK # git bisect good a231001ebddf89097f484c13023e2e2709abc4c9 Bisecting: 500 revisions left to test after this (roughly 9 steps) [12349e62f0580deb89999c969cd78d448bb115e3] Merge remote-tracking branch 'rcu/rcu/next' into master testing commit 12349e62f0580deb89999c969cd78d448bb115e3 with gcc (GCC) 8.1.0 kernel signature: eedaaf6f9a12fa86dcf1404b7a48fdc7f81579d44aa9b57bcd7fd6d0bd7b3345 all runs: OK # git bisect good 12349e62f0580deb89999c969cd78d448bb115e3 Bisecting: 232 revisions left to test after this (roughly 8 steps) [57b8d571dd3d836dd6e9abf89646412c29a75a71] Merge remote-tracking branch 'livepatching/for-next' into master testing commit 57b8d571dd3d836dd6e9abf89646412c29a75a71 with gcc (GCC) 8.1.0 kernel signature: 0e4425297eca31fc174f53776a469f1be1ae954cf231d97b3ddeded225f9738b run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: unable to handle kernel paging request in neigh_flush_dev run #5: crashed: BUG: Bad page map run #6: crashed: BUG: Bad page map run #7: crashed: INFO: trying to register non-static key in __ip6_ins_rt run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in tomoyo_check_acl run #9: crashed: kernel panic: corrupted stack end in do_symlinkat # git bisect bad 57b8d571dd3d836dd6e9abf89646412c29a75a71 Bisecting: 165 revisions left to test after this (roughly 7 steps) [2aefe711db013bbb4689c39003e46034f5da70bf] Merge remote-tracking branch 'soundwire/next' into master testing commit 2aefe711db013bbb4689c39003e46034f5da70bf with gcc (GCC) 8.1.0 kernel signature: b98594033aaff4821b20a64159e9b5840b37950f12aeeb7d0becbebf77854d7c run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: unable to handle kernel paging request in __do_replace run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: Bad page map # git bisect bad 2aefe711db013bbb4689c39003e46034f5da70bf Bisecting: 60 revisions left to test after this (roughly 6 steps) [20719c7ffbd23b4b7adb0cfff3c4eb83ea1e4c75] Merge remote-tracking branch 'usb/usb-next' into master testing commit 20719c7ffbd23b4b7adb0cfff3c4eb83ea1e4c75 with gcc (GCC) 8.1.0 kernel signature: ca06510c2261bb3a99a74363404cf3b702839e63ffe25db00ea08db5eec8ad70 all runs: OK # git bisect good 20719c7ffbd23b4b7adb0cfff3c4eb83ea1e4c75 Bisecting: 30 revisions left to test after this (roughly 5 steps) [a7de3bcb330bfef8db1d4027da8eb3616ae20fe4] dt-bindings: serial: Add compatible for Mediatek MT8192 testing commit a7de3bcb330bfef8db1d4027da8eb3616ae20fe4 with gcc (GCC) 8.1.0 kernel signature: be68947c15c1448b7266f944e89221fb115491db265af34933abe01611bec518 run #0: crashed: BUG: Bad page map run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in xt_find_table_lock run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in __hw_addr_add_ex run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: kernel panic: corrupted stack end in do_sys_open # git bisect bad a7de3bcb330bfef8db1d4027da8eb3616ae20fe4 Bisecting: 14 revisions left to test after this (roughly 4 steps) [6d507c75e0cd359e4cede48230fb7e7a45c9bb74] vs_screen: kill tmp_count from vcs_read testing commit 6d507c75e0cd359e4cede48230fb7e7a45c9bb74 with gcc (GCC) 8.1.0 kernel signature: 33f73ce77868bcc20d6cea08d9aeb5c4ab0fed28f2ec92726e29103b1e332d62 all runs: OK # git bisect good 6d507c75e0cd359e4cede48230fb7e7a45c9bb74 Bisecting: 7 revisions left to test after this (roughly 3 steps) [e18d918bd2ccd725ac574f7d126ed0856fe794e3] newport_con: fix no return statement in newport_show_logo testing commit e18d918bd2ccd725ac574f7d126ed0856fe794e3 with gcc (GCC) 8.1.0 kernel signature: b6457af99f629d4d66ea413d36bc00703a6c8aabac74a350a4611e5588e8d69b run #0: crashed: BUG: Bad page map run #1: crashed: kernel panic: corrupted stack end in __pte_alloc run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: Bad page map run #7: crashed: kernel panic: corrupted stack end in eventpoll_release_file run #8: crashed: BUG: Bad page map run #9: crashed: BUG: Bad page map # git bisect bad e18d918bd2ccd725ac574f7d126ed0856fe794e3 Bisecting: 3 revisions left to test after this (roughly 2 steps) [6a6b76cc44c98a39d3e718aa2056e2e12b609615] vc_screen: extract vcs_read_buf testing commit 6a6b76cc44c98a39d3e718aa2056e2e12b609615 with gcc (GCC) 8.1.0 kernel signature: d7b2b3662bf694fb107ea6659a9701b1cc9fe97f58c7fe7051208eef9fb3029e all runs: OK # git bisect good 6a6b76cc44c98a39d3e718aa2056e2e12b609615 Bisecting: 1 revision left to test after this (roughly 1 step) [a89313825b0657273e1938aea7f13afe9abb44e8] vc_screen: prune macros testing commit a89313825b0657273e1938aea7f13afe9abb44e8 with gcc (GCC) 8.1.0 kernel signature: 16933fbb6743bc27ce707d1d101812f6919f5e5c8c9b8834e6a093b42ae9b15f run #0: crashed: BUG: Bad page map run #1: crashed: BUG: unable to handle kernel paging request in neigh_flush_dev run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: kernel panic: corrupted stack end in sys_exit_group run #6: crashed: BUG: Bad page map run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: kernel panic: corrupted stack end in handle_mm_fault # git bisect bad a89313825b0657273e1938aea7f13afe9abb44e8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b1c32fcfadf5593ab7a63261cc8a5747c36e627e] vc_screen: extract vcs_read_buf_header testing commit b1c32fcfadf5593ab7a63261cc8a5747c36e627e with gcc (GCC) 8.1.0 kernel signature: 793f38715570a9fdf7a67dfd6d6e58a024cb602958bbc299308db3d6bacd24c3 run #0: crashed: BUG: Bad page map run #1: crashed: kernel panic: corrupted stack end in sys_futex run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: Bad page map run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: Bad page map # git bisect bad b1c32fcfadf5593ab7a63261cc8a5747c36e627e b1c32fcfadf5593ab7a63261cc8a5747c36e627e is the first bad commit commit b1c32fcfadf5593ab7a63261cc8a5747c36e627e Author: Jiri Slaby Date: Tue Aug 18 10:57:05 2020 +0200 vc_screen: extract vcs_read_buf_header The attribute header handling is terrible in vcs_read_buf. Separate it to a new function and simply do memmove (of up to 4 bytes) to the start of the con_buf -- if user seeked. Signed-off-by: Jiri Slaby Link: https://lore.kernel.org/r/20200818085706.12163-15-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vc_screen.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) culprit signature: 793f38715570a9fdf7a67dfd6d6e58a024cb602958bbc299308db3d6bacd24c3 parent signature: d7b2b3662bf694fb107ea6659a9701b1cc9fe97f58c7fe7051208eef9fb3029e revisions tested: 16, total time: 3h14m21.184569701s (build: 1h14m40.487614205s, test: 1h58m3.966374778s) first bad commit: b1c32fcfadf5593ab7a63261cc8a5747c36e627e vc_screen: extract vcs_read_buf_header recipients (to): ["gregkh@linuxfoundation.org" "gregkh@linuxfoundation.org" "jslaby@suse.com" "jslaby@suse.cz" "linux-kernel@vger.kernel.org"] recipients (cc): ["nico@fluxnic.net"] crash: BUG: Bad page map BUG: Bad page map in process syz-executor.1 pte:07200720 pmd:10f17b067 addr:0000000001400000 vm_flags:08000071 anon_vma:0000000000000000 mapping:ffff88811d6b6b60 index:270 file:syzkaller-shm153258817 fault:ext4_filemap_fault mmap:ext4_file_mmap readpage:ext4_readpage CPU: 1 PID: 8316 Comm: syz-executor.1 Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 zap_pte_range mm/memory.c:1064 [inline] zap_pmd_range mm/memory.c:1195 [inline] zap_pud_range mm/memory.c:1224 [inline] zap_p4d_range mm/memory.c:1245 [inline] unmap_page_range+0x3ff/0xbd0 mm/memory.c:1266 unmap_vmas+0xcd/0x130 mm/memory.c:1343 exit_mmap+0xbc/0x1a0 mm/mmap.c:3183 __mmput kernel/fork.c:1076 [inline] mmput+0x68/0x140 kernel/fork.c:1097 exit_mm kernel/exit.c:483 [inline] do_exit+0x37a/0xcc0 kernel/exit.c:793 do_group_exit+0x42/0xb0 kernel/exit.c:903 get_signal+0x176/0xcc0 kernel/signal.c:2757 arch_do_signal+0x2b/0x920 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x181/0x1f0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x59/0x2b0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007f4f2c85fcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000118cf48 RCX: 000000000045d4d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000118cf48 RBP: 000000000118cf40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffc86076cff R14: 00007f4f2c8609c0 R15: 000000000118cf4c