bisecting fixing commit since 13d2ce42de8cb98ff952f8de6307f896203854c2 building syzkaller on f213e07ead587b07a84e60c356520bce7277166c testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: a36512aca5ac469b3c504a8067678a0f8585b5874e64433983e5d98078692c86 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in n_tty_read run #10: crashed: INFO: task hung in n_tty_read run #11: crashed: INFO: task hung in n_tty_read run #12: crashed: INFO: task hung in n_tty_read run #13: crashed: INFO: task hung in n_tty_read run #14: crashed: INFO: task hung in n_tty_read run #15: crashed: INFO: task hung in n_tty_read run #16: crashed: INFO: task hung in n_tty_read run #17: crashed: INFO: task hung in n_tty_read run #18: crashed: INFO: task hung in console_callback run #19: crashed: INFO: task hung in console_callback testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 58f16e3ce7167b718aef6ee2cd3a7de3518c6a1d7ad43a1a92089b0b577448a9 all runs: OK # git bisect start b172b44fcb1771e083aad806fa96f3f60e2ddfac 13d2ce42de8cb98ff952f8de6307f896203854c2 Bisecting: 1650 revisions left to test after this (roughly 11 steps) [2afdf47ef58d7d7046241bf77c664e58f615b779] s390/disassembler: increase ebpf disasm buffer size testing commit 2afdf47ef58d7d7046241bf77c664e58f615b779 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 6f77cf0758b9edf8b3451a59da8c3158f068bb918250ab4ef5b0060f7638dd57 all runs: crashed: INFO: task hung in n_tty_read # git bisect good 2afdf47ef58d7d7046241bf77c664e58f615b779 Bisecting: 825 revisions left to test after this (roughly 10 steps) [9f84340f012ee60c12aacc03662bcdd67419a31a] Linux 4.19.196 testing commit 9f84340f012ee60c12aacc03662bcdd67419a31a compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e5b1ed30fada4f1d7929cd24139e824c33bee92244fbfef0fa076c9fc6f6874c all runs: crashed: INFO: task hung in n_tty_read # git bisect good 9f84340f012ee60c12aacc03662bcdd67419a31a Bisecting: 412 revisions left to test after this (roughly 9 steps) [600942d2fd49b90e44857d20c774b20d16f3130f] virtio-blk: Fix memory leak among suspend/resume procedure testing commit 600942d2fd49b90e44857d20c774b20d16f3130f compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f6d3dc7891ec01bbace5c43dc04fbf1d6479de0aef8783880676c91577764320 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in console_callback run #9: crashed: INFO: task hung in console_callback # git bisect good 600942d2fd49b90e44857d20c774b20d16f3130f Bisecting: 206 revisions left to test after this (roughly 8 steps) [fdb90238e5f54868e9c4a176d2b11e6f2105d23c] tulip: windbond-840: Fix missing pci_disable_device() in probe and remove testing commit fdb90238e5f54868e9c4a176d2b11e6f2105d23c compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e6940f8cb1c46c714221afce777e68a511dee9d238001c3a1a1f691bf41b2f41 all runs: crashed: INFO: task hung in n_tty_read # git bisect good fdb90238e5f54868e9c4a176d2b11e6f2105d23c Bisecting: 103 revisions left to test after this (roughly 7 steps) [0bc8d39791e65d2812746b6a07df4e1d482b7e08] ppp: Fix generating ifname when empty IFLA_IFNAME is specified testing commit 0bc8d39791e65d2812746b6a07df4e1d482b7e08 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 1385a9ce4d6e6188ef1a0dacab09197a77d6fdfcc05ac77f5df0293d88a5e4ec all runs: crashed: INFO: task hung in n_tty_read # git bisect good 0bc8d39791e65d2812746b6a07df4e1d482b7e08 Bisecting: 51 revisions left to test after this (roughly 6 steps) [1458ae977ae03d3fdf8573fe4dad034c5afb6d53] ptp_pch: Restore dependency on PCI testing commit 1458ae977ae03d3fdf8573fe4dad034c5afb6d53 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 844112003f5968f0e3ce161c27b48a51f3096fd55632500618ea4c23a7595434 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in console_callback # git bisect good 1458ae977ae03d3fdf8573fe4dad034c5afb6d53 Bisecting: 25 revisions left to test after this (roughly 5 steps) [e5cc2285c6e7969d62e2bf1173ee8e1d4854a41b] can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters testing commit e5cc2285c6e7969d62e2bf1173ee8e1d4854a41b compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 1f6918b63cb14085d61c315db7e4bb5d00f1feabd6eddd32fa9589abd3f05968 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in console_callback # git bisect good e5cc2285c6e7969d62e2bf1173ee8e1d4854a41b Bisecting: 12 revisions left to test after this (roughly 4 steps) [ae5e7146b541116efe5a2afd079f9df529a95cd2] virtio: Improve vq->broken access to avoid any compiler optimization testing commit ae5e7146b541116efe5a2afd079f9df529a95cd2 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f8a2df8d80c6b5dbfe86a56d9326eb133e1132549c63db98b407b0e3290adbdd run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in console_callback # git bisect good ae5e7146b541116efe5a2afd079f9df529a95cd2 Bisecting: 6 revisions left to test after this (roughly 3 steps) [d386a4b54607cf6f76e23815c2c9a3abc1d66882] drm/nouveau/disp: power down unused DP links during init testing commit d386a4b54607cf6f76e23815c2c9a3abc1d66882 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: a7d7981ecf867a45b51e37ba8be6a1b9a395665b7eccfab9405a975917e6c313 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in console_callback # git bisect good d386a4b54607cf6f76e23815c2c9a3abc1d66882 Bisecting: 3 revisions left to test after this (roughly 2 steps) [6be10fb6c143608a7c7ab3901a096e272233bf64] fbmem: add margin check to fb_check_caps() testing commit 6be10fb6c143608a7c7ab3901a096e272233bf64 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: af1ba942025e76fc750990e0c2ab9cecfcebe1bd55014afd1551b88d5b1fa9d6 all runs: OK # git bisect bad 6be10fb6c143608a7c7ab3901a096e272233bf64 Bisecting: 0 revisions left to test after this (roughly 1 step) [0776c1a20babb4ad0b7ce7f2f4e0806a97663187] vt_kdsetmode: extend console locking testing commit 0776c1a20babb4ad0b7ce7f2f4e0806a97663187 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ab52bb37c1286da89fcb0fcc60c13f4f9e4da43536f8ef075eb90b0cbbcd32a9 run #0: crashed: INFO: task hung in n_tty_read run #1: crashed: INFO: task hung in n_tty_read run #2: crashed: INFO: task hung in n_tty_read run #3: crashed: INFO: task hung in n_tty_read run #4: crashed: INFO: task hung in n_tty_read run #5: crashed: INFO: task hung in n_tty_read run #6: crashed: INFO: task hung in n_tty_read run #7: crashed: INFO: task hung in n_tty_read run #8: crashed: INFO: task hung in n_tty_read run #9: crashed: INFO: task hung in console_callback # git bisect good 0776c1a20babb4ad0b7ce7f2f4e0806a97663187 6be10fb6c143608a7c7ab3901a096e272233bf64 is the first bad commit commit 6be10fb6c143608a7c7ab3901a096e272233bf64 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() commit a49145acfb975d921464b84fe00279f99827d816 upstream. A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com Signed-off-by: Greg Kroah-Hartman drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: af1ba942025e76fc750990e0c2ab9cecfcebe1bd55014afd1551b88d5b1fa9d6 parent signature: ab52bb37c1286da89fcb0fcc60c13f4f9e4da43536f8ef075eb90b0cbbcd32a9 revisions tested: 13, total time: 3h34m0.127917259s (build: 2h1m21.87715978s, test: 1h31m9.737375523s) first good commit: 6be10fb6c143608a7c7ab3901a096e272233bf64 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com" "gregkh@linuxfoundation.org"] recipients (cc): []