bisecting fixing commit since 0c88e405c97ed1828443b67891e6d4bb6e56cd4e building syzkaller on e34b696c0d7c04dbc824dee8b5123969bbca19b7 testing commit 0c88e405c97ed1828443b67891e6d4bb6e56cd4e compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 6b4dd2a69218e1969d72b9104b2248fb4c20906b4c2e4c224991f82a75a249d7 run #0: crashed: KASAN: use-after-free Read in vgem_gem_dumb_create run #1: crashed: WARNING in mutex_destroy run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: general protection fault in vgem_fence_attach_ioctl run #4: crashed: general protection fault in vgem_fence_attach_ioctl run #5: crashed: WARNING in mutex_destroy run #6: crashed: general protection fault in vgem_fence_attach_ioctl run #7: crashed: KASAN: use-after-free Read in reservation_object_test_signaled_rcu run #8: crashed: WARNING in mutex_destroy run #9: crashed: general protection fault in vgem_fence_attach_ioctl run #10: crashed: WARNING in mutex_destroy run #11: crashed: WARNING in mutex_destroy run #12: crashed: WARNING in mutex_destroy run #13: crashed: general protection fault in vgem_fence_attach_ioctl run #14: crashed: general protection fault in vgem_fence_attach_ioctl run #15: crashed: general protection fault in vgem_fence_attach_ioctl run #16: crashed: general protection fault in vgem_fence_attach_ioctl run #17: crashed: KASAN: use-after-free Read in reservation_object_test_signaled_rcu run #18: crashed: general protection fault in vgem_fence_attach_ioctl run #19: crashed: general protection fault in vgem_fence_attach_ioctl testing current HEAD 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 testing commit 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f53eaa3a9b1554978d5aa699f8917fcc06f2ce04b1a89edbb913e7e1559cd1d0 all runs: OK # git bisect start 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 0c88e405c97ed1828443b67891e6d4bb6e56cd4e Bisecting: 1656 revisions left to test after this (roughly 11 steps) [682011fcc93c5a9c6ad60db4550c7d4d25e36df6] ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips testing commit 682011fcc93c5a9c6ad60db4550c7d4d25e36df6 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 12a302a92cbd838e2156498798a329a459f7b1e71f7492d9ab5908b9bf7b5529 run #0: crashed: WARNING in mutex_destroy run #1: crashed: WARNING in mutex_destroy run #2: crashed: WARNING in mutex_destroy run #3: crashed: WARNING in mutex_destroy run #4: crashed: WARNING in mutex_destroy run #5: crashed: WARNING in mutex_destroy run #6: crashed: WARNING in mutex_destroy run #7: crashed: general protection fault in vgem_fence_attach_ioctl run #8: crashed: general protection fault in vgem_fence_attach_ioctl run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good 682011fcc93c5a9c6ad60db4550c7d4d25e36df6 Bisecting: 828 revisions left to test after this (roughly 10 steps) [f7d2172db8c91336937ada950c697f1e7ba48e7e] NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() testing commit f7d2172db8c91336937ada950c697f1e7ba48e7e compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: a27e02124310ce3f03d68d317761da66fd013d1b3a771dae7bcc3cd486bc3b32 run #0: crashed: WARNING in mutex_destroy run #1: crashed: WARNING in mutex_destroy run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: WARNING in mutex_destroy run #4: crashed: WARNING in mutex_destroy run #5: crashed: WARNING in mutex_destroy run #6: crashed: general protection fault in vgem_fence_attach_ioctl run #7: crashed: WARNING in mutex_destroy run #8: crashed: WARNING in mutex_destroy run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good f7d2172db8c91336937ada950c697f1e7ba48e7e Bisecting: 414 revisions left to test after this (roughly 9 steps) [cba5008c8581a5cdebf62b1d4699148c606ab423] net: fix mistake path for netdev_features_strings testing commit cba5008c8581a5cdebf62b1d4699148c606ab423 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 48fdc5f3efbe46b14fe6c587f91a5bc7d94f3499ad85a79467a50f7b652e3c41 run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: crashed: WARNING in mutex_destroy run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: WARNING in mutex_destroy run #4: crashed: general protection fault in vgem_fence_attach_ioctl run #5: crashed: general protection fault in vgem_fence_attach_ioctl run #6: crashed: WARNING in mutex_destroy run #7: crashed: WARNING in mutex_destroy run #8: crashed: general protection fault in vgem_fence_attach_ioctl run #9: crashed: WARNING in mutex_destroy # git bisect good cba5008c8581a5cdebf62b1d4699148c606ab423 Bisecting: 207 revisions left to test after this (roughly 8 steps) [a0a817b2d308fac090a05cbbe80988e073ac5193] net: ti: fix UAF in tlan_remove_one testing commit a0a817b2d308fac090a05cbbe80988e073ac5193 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0fc9e942e4ad8baac350459c4726ceaae7cdc5caa81dfcd809e5f2b814d10e15 run #0: crashed: WARNING in mutex_destroy run #1: crashed: WARNING in mutex_destroy run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: general protection fault in vgem_fence_attach_ioctl run #4: crashed: WARNING in mutex_destroy run #5: crashed: general protection fault in vgem_fence_attach_ioctl run #6: crashed: WARNING in mutex_destroy run #7: crashed: WARNING in mutex_destroy run #8: crashed: general protection fault in vgem_fence_attach_ioctl run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good a0a817b2d308fac090a05cbbe80988e073ac5193 Bisecting: 103 revisions left to test after this (roughly 7 steps) [6c9d61989af94ac67fb0120a7e61a622f6da8068] can: usb_8dev: fix memory leak testing commit 6c9d61989af94ac67fb0120a7e61a622f6da8068 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 056f533457cf526e16844f6acdf2f9652a1390ef1f852f074406c392173e3b88 all runs: OK # git bisect bad 6c9d61989af94ac67fb0120a7e61a622f6da8068 Bisecting: 51 revisions left to test after this (roughly 6 steps) [0b515af95790b625d121f5799897d50f939e7b13] USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS testing commit 0b515af95790b625d121f5799897d50f939e7b13 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 20761ad02ddb3f53e87379979c1104010ff4a9f6a1afee0bc50708939f948456 run #0: crashed: general protection fault in vgem_fence_attach_ioctl run #1: crashed: KASAN: use-after-free Read in reservation_object_test_signaled_rcu run #2: crashed: WARNING in mutex_destroy run #3: crashed: general protection fault in vgem_fence_attach_ioctl run #4: crashed: WARNING in mutex_destroy run #5: crashed: WARNING in mutex_destroy run #6: crashed: general protection fault in vgem_fence_attach_ioctl run #7: crashed: WARNING in mutex_destroy run #8: crashed: WARNING in mutex_destroy run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good 0b515af95790b625d121f5799897d50f939e7b13 Bisecting: 25 revisions left to test after this (roughly 5 steps) [0365fcac3aa14b54d535a9dbf073eebaaa8e0287] iio: dac: ds4422/ds4424 drop of_node check testing commit 0365fcac3aa14b54d535a9dbf073eebaaa8e0287 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 81696bd2f3e8a8a73445312a753044a7c11db0f63a3948a8c297310857aca85e all runs: OK # git bisect bad 0365fcac3aa14b54d535a9dbf073eebaaa8e0287 Bisecting: 12 revisions left to test after this (roughly 4 steps) [918e0039ec570aec22338a405bfd6dab1264de30] KVM: do not assume PTE is writable after follow_pfn testing commit 918e0039ec570aec22338a405bfd6dab1264de30 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: c4c3d42d3d388af394350576ee934439a10c8c4050ec529bb7e6bd897f7074aa all runs: OK # git bisect bad 918e0039ec570aec22338a405bfd6dab1264de30 Bisecting: 6 revisions left to test after this (roughly 3 steps) [ba176c1bd7ca3e9f3bec70f2637c17d2b86469d1] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. testing commit ba176c1bd7ca3e9f3bec70f2637c17d2b86469d1 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: bd69d077c6f37fab047aa6a5431b97627dc6e28a80afeecedd76278f803dc712 run #0: crashed: WARNING in mutex_destroy run #1: crashed: KASAN: use-after-free Read in vgem_gem_dumb_create run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: general protection fault in vgem_fence_attach_ioctl run #4: crashed: WARNING in mutex_destroy run #5: crashed: general protection fault in vgem_fence_attach_ioctl run #6: crashed: general protection fault in vgem_fence_attach_ioctl run #7: crashed: general protection fault in vgem_fence_attach_ioctl run #8: crashed: KASAN: use-after-free Read in reservation_object_test_signaled_rcu run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good ba176c1bd7ca3e9f3bec70f2637c17d2b86469d1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [08c2d7c8aa871027c7e56bf61335e70dd51bf017] ixgbe: Fix packet corruption due to missing DMA sync testing commit 08c2d7c8aa871027c7e56bf61335e70dd51bf017 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f264be227995ce2639a71ecc41aa30d4fdbb78b29623a834e0a1c619f74a4a2b run #0: crashed: WARNING in mutex_destroy run #1: crashed: general protection fault in vgem_fence_attach_ioctl run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: WARNING in mutex_destroy run #4: crashed: general protection fault in vgem_fence_attach_ioctl run #5: crashed: general protection fault in vgem_fence_attach_ioctl run #6: crashed: WARNING in mutex_destroy run #7: crashed: general protection fault in vgem_fence_attach_ioctl run #8: crashed: WARNING in mutex_destroy run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good 08c2d7c8aa871027c7e56bf61335e70dd51bf017 Bisecting: 1 revision left to test after this (roughly 1 step) [acb8e83073074bd885466c7da12919f80e9ccf5d] nds32: fix up stack guard gap testing commit acb8e83073074bd885466c7da12919f80e9ccf5d compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f264be227995ce2639a71ecc41aa30d4fdbb78b29623a834e0a1c619f74a4a2b run #0: crashed: general protection fault in vgem_fence_attach_ioctl run #1: crashed: general protection fault in vgem_fence_attach_ioctl run #2: crashed: general protection fault in vgem_fence_attach_ioctl run #3: crashed: general protection fault in vgem_fence_attach_ioctl run #4: crashed: general protection fault in vgem_fence_attach_ioctl run #5: crashed: KASAN: use-after-free Read in vgem_fence_attach_ioctl run #6: crashed: WARNING in mutex_destroy run #7: crashed: general protection fault in vgem_fence_attach_ioctl run #8: crashed: WARNING in mutex_destroy run #9: crashed: general protection fault in vgem_fence_attach_ioctl # git bisect good acb8e83073074bd885466c7da12919f80e9ccf5d Bisecting: 0 revisions left to test after this (roughly 0 steps) [020a44cc54d65e673a13195e96fc0addbfd3a601] drm: Return -ENOTTY for non-drm ioctls testing commit 020a44cc54d65e673a13195e96fc0addbfd3a601 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: bdac6c014cf991c1ac3e1f37ba3a83213da50a181ff29c288287c6b58169437c all runs: OK # git bisect bad 020a44cc54d65e673a13195e96fc0addbfd3a601 020a44cc54d65e673a13195e96fc0addbfd3a601 is the first bad commit commit 020a44cc54d65e673a13195e96fc0addbfd3a601 Author: Charles Baylis Date: Fri Jul 16 17:43:12 2021 +0100 drm: Return -ENOTTY for non-drm ioctls commit 3abab27c322e0f2acf981595aa8040c9164dc9fb upstream. drm: Return -ENOTTY for non-drm ioctls Return -ENOTTY from drm_ioctl() when userspace passes in a cmd number which doesn't relate to the drm subsystem. Glibc uses the TCGETS ioctl to implement isatty(), and without this change isatty() returns it incorrectly returns true for drm devices. To test run this command: $ if [ -t 0 ]; then echo is a tty; fi < /dev/dri/card0 which shows "is a tty" without this patch. This may also modify memory which the userspace application is not expecting. Signed-off-by: Charles Baylis Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/YPG3IBlzaMhfPqCr@stando.fishzet.co.uk Signed-off-by: Greg Kroah-Hartman drivers/gpu/drm/drm_ioctl.c | 3 +++ include/drm/drm_ioctl.h | 1 + 2 files changed, 4 insertions(+) culprit signature: bdac6c014cf991c1ac3e1f37ba3a83213da50a181ff29c288287c6b58169437c parent signature: f264be227995ce2639a71ecc41aa30d4fdbb78b29623a834e0a1c619f74a4a2b revisions tested: 14, total time: 4h31m55.013925834s (build: 2h13m14.963289709s, test: 2h17m7.955082451s) first good commit: 020a44cc54d65e673a13195e96fc0addbfd3a601 drm: Return -ENOTTY for non-drm ioctls recipients (to): ["cb-kernel@fishzet.co.uk" "daniel.vetter@ffwll.ch" "gregkh@linuxfoundation.org"] recipients (cc): []