bisecting fixing commit since fb0155a09b0224a7147cb07a4ce6034c8d29667f building syzkaller on 1b88c6d5c8477f1d4fb3b389443b200acc32e9a8 testing commit fb0155a09b0224a7147cb07a4ce6034c8d29667f with gcc (GCC) 8.1.0 kernel signature: 11c2edb6d0b21ae177e544419404d48ed572eea722b27fb78dddce8c493939d6 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit testing current HEAD 23859ae44402f4d935b9ee548135dd1e65e2cbf4 testing commit 23859ae44402f4d935b9ee548135dd1e65e2cbf4 with gcc (GCC) 8.1.0 kernel signature: 5bba86629ab24fa82a189b0bc240a2bcf78783977f178115627dd09650c434d9 all runs: OK # git bisect start 23859ae44402f4d935b9ee548135dd1e65e2cbf4 fb0155a09b0224a7147cb07a4ce6034c8d29667f Bisecting: 7342 revisions left to test after this (roughly 13 steps) [c48b75b7271db23c1b2d1204d6e8496d91f27711] Merge tag 'sound-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit c48b75b7271db23c1b2d1204d6e8496d91f27711 with gcc (GCC) 8.1.0 kernel signature: b974ef13095fd786e6ba64c7c9ddbae41bdc5fec1edd9325a771da3e108845f2 all runs: OK # git bisect bad c48b75b7271db23c1b2d1204d6e8496d91f27711 Bisecting: 4027 revisions left to test after this (roughly 12 steps) [4815519ed0af833884ce9c288183bf1ae3cb9caa] Merge tag 'for-5.10/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit 4815519ed0af833884ce9c288183bf1ae3cb9caa with gcc (GCC) 8.1.0 kernel signature: b1830586ea5bf3d6a761a580861fc6b950b2658538d1b1fe57219720b6165fa1 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 4815519ed0af833884ce9c288183bf1ae3cb9caa Bisecting: 2075 revisions left to test after this (roughly 11 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: 3e25aa314b9d21fdcd5a910ec24f8402273fb1d29e587e36e5ccea2e5b9ccf0e all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 1053 revisions left to test after this (roughly 10 steps) [d3c8f2784d3266d27956659c78835ee1d1925ad2] drm/ingenic: Fix bad revert testing commit d3c8f2784d3266d27956659c78835ee1d1925ad2 with gcc (GCC) 8.1.0 kernel signature: 232edada7b183bed6940f3da4784c50f3dc9c2d69ab162d3a74bd6491026bdf9 all runs: OK # git bisect bad d3c8f2784d3266d27956659c78835ee1d1925ad2 Bisecting: 558 revisions left to test after this (roughly 9 steps) [da62cb7230f0871c30dc9789071f63229158d261] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create testing commit da62cb7230f0871c30dc9789071f63229158d261 with gcc (GCC) 8.1.0 kernel signature: 567363aa4088d04d78d63316eba34b935899ca659228e60401015ae9828025b5 all runs: OK # git bisect bad da62cb7230f0871c30dc9789071f63229158d261 Bisecting: 231 revisions left to test after this (roughly 8 steps) [faa962bbae312eaf84838bbdc96ccc216ba248ef] dt-bindings: vendor-prefixes: Add mantix vendor prefix testing commit faa962bbae312eaf84838bbdc96ccc216ba248ef with gcc (GCC) 8.1.0 kernel signature: c7f9a4f6ff3c525d2f0b43ee7b3c5c0fe6072aa04612fcb9401101965cdc2c33 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good faa962bbae312eaf84838bbdc96ccc216ba248ef Bisecting: 115 revisions left to test after this (roughly 7 steps) [283d347d6e3e25829663cc629e80eccea96c25de] drm/vc4: hdmi: Remove vc4_dev hdmi pointer testing commit 283d347d6e3e25829663cc629e80eccea96c25de with gcc (GCC) 8.1.0 kernel signature: 58c5d23d663c490293cf5d48dfc27e3af90e8263c0fe9dc0f9e9aa105158e5e8 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 283d347d6e3e25829663cc629e80eccea96c25de Bisecting: 57 revisions left to test after this (roughly 6 steps) [3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4] docs: fb: Correcting the location of FRAMEBUFFER_CONSOLE option. testing commit 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 with gcc (GCC) 8.1.0 kernel signature: 46ea13908b204feca6c65ead31bb718574f7186a70f03aba8c9db7f38df274a8 all runs: OK # git bisect bad 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 Bisecting: 28 revisions left to test after this (roughly 5 steps) [2e3725b05b785e73482a194b99bff3d5a1c85140] dt-bindings: display: vc4: hdmi: Add BCM2711 HDMI controllers bindings testing commit 2e3725b05b785e73482a194b99bff3d5a1c85140 with gcc (GCC) 8.1.0 kernel signature: 58c5d23d663c490293cf5d48dfc27e3af90e8263c0fe9dc0f9e9aa105158e5e8 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 2e3725b05b785e73482a194b99bff3d5a1c85140 Bisecting: 14 revisions left to test after this (roughly 4 steps) [fe2ab107536d808ad0c8ddce3e35b048dc5acb0f] omapfb: fix spelling mistake "propert" -> "property" testing commit fe2ab107536d808ad0c8ddce3e35b048dc5acb0f with gcc (GCC) 8.1.0 kernel signature: 780fd220cad7b4dab46845d46b2f84cc9d3f39a88b7aa113e8cec58322b84015 all runs: OK # git bisect bad fe2ab107536d808ad0c8ddce3e35b048dc5acb0f Bisecting: 6 revisions left to test after this (roughly 3 steps) [25c4bcf9858e3e8752985fa0cda64a212ea328b7] drm/bridge: dw-mipi-dsi: fix dw_mipi_dsi_debugfs_show/write warnings testing commit 25c4bcf9858e3e8752985fa0cda64a212ea328b7 with gcc (GCC) 8.1.0 kernel signature: c2f8da8d56ebf197e19866690282f26891aa6995b350853ea7aacc188fc6854f all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 25c4bcf9858e3e8752985fa0cda64a212ea328b7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a49145acfb975d921464b84fe00279f99827d816] fbmem: add margin check to fb_check_caps() testing commit a49145acfb975d921464b84fe00279f99827d816 with gcc (GCC) 8.1.0 kernel signature: 4aacb415dd67e564d6d6ee84f720660fab6fcf8f74f0a512346d7f49bec21c6c all runs: OK # git bisect bad a49145acfb975d921464b84fe00279f99827d816 Bisecting: 0 revisions left to test after this (roughly 1 step) [54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e] drm/ttm: merge offset and base in ttm_bus_placement testing commit 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e with gcc (GCC) 8.1.0 kernel signature: d111fc396f1fe22363358435b0a7217a436bca49fe3bb3ea46aabc344bfb0c00 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e a49145acfb975d921464b84fe00279f99827d816 is the first bad commit commit a49145acfb975d921464b84fe00279f99827d816 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 4aacb415dd67e564d6d6ee84f720660fab6fcf8f74f0a512346d7f49bec21c6c parent signature: d111fc396f1fe22363358435b0a7217a436bca49fe3bb3ea46aabc344bfb0c00 revisions tested: 15, total time: 3h4m33.731957554s (build: 1h27m14.550894408s, test: 1h35m4.080050196s) first good commit: a49145acfb975d921464b84fe00279f99827d816 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com"] recipients (cc): []