bisecting fixing commit since 60e720931556fc1034d0981460164dcf02697679 building syzkaller on a9767fb2a6393444e871a02e79a14ccfa2aef52b testing commit 60e720931556fc1034d0981460164dcf02697679 with gcc (GCC) 8.1.0 kernel signature: 67d0a09640c82a60c91f453d03db8c889a66c23f2aa49562d087b7effd4d3f2b all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit testing current HEAD c2dc4c073fb71b50904493657a7622b481b346e3 testing commit c2dc4c073fb71b50904493657a7622b481b346e3 with gcc (GCC) 8.1.0 kernel signature: 01f4b07cee3d1cd50c676387187100ce8c3061747a370632a92d5a2854b01310 all runs: OK # git bisect start c2dc4c073fb71b50904493657a7622b481b346e3 60e720931556fc1034d0981460164dcf02697679 Bisecting: 7625 revisions left to test after this (roughly 13 steps) [c48b75b7271db23c1b2d1204d6e8496d91f27711] Merge tag 'sound-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit c48b75b7271db23c1b2d1204d6e8496d91f27711 with gcc (GCC) 8.1.0 kernel signature: 1d19833f6c7836c1985b9843ea4dc2bca159c5a372fb5fdc1b9c4e4a90fe2c7b all runs: OK # git bisect bad c48b75b7271db23c1b2d1204d6e8496d91f27711 Bisecting: 3799 revisions left to test after this (roughly 12 steps) [55e0500eb5c0440a3d43074edbd8db3e95851b66] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 55e0500eb5c0440a3d43074edbd8db3e95851b66 with gcc (GCC) 8.1.0 kernel signature: 09cdac972290ec5a22a6ede3861f873d00fbd75f8404039e491df857ae1db73c all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 55e0500eb5c0440a3d43074edbd8db3e95851b66 Bisecting: 2075 revisions left to test after this (roughly 11 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: 93fb9ca0e064061e5588abb8103e620b327a206b709b0f94fdbd6d816c07d1b2 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 1053 revisions left to test after this (roughly 10 steps) [d3c8f2784d3266d27956659c78835ee1d1925ad2] drm/ingenic: Fix bad revert testing commit d3c8f2784d3266d27956659c78835ee1d1925ad2 with gcc (GCC) 8.1.0 kernel signature: ba0aab4804e7f4cc9066668e18125365ed39ebda868220d47f9511ef313df74f all runs: OK # git bisect bad d3c8f2784d3266d27956659c78835ee1d1925ad2 Bisecting: 558 revisions left to test after this (roughly 9 steps) [da62cb7230f0871c30dc9789071f63229158d261] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create testing commit da62cb7230f0871c30dc9789071f63229158d261 with gcc (GCC) 8.1.0 kernel signature: 2739d986f73f52ddbbf616ceef35e29039308c52e31522e35542889cba08b1ae all runs: OK # git bisect bad da62cb7230f0871c30dc9789071f63229158d261 Bisecting: 231 revisions left to test after this (roughly 8 steps) [faa962bbae312eaf84838bbdc96ccc216ba248ef] dt-bindings: vendor-prefixes: Add mantix vendor prefix testing commit faa962bbae312eaf84838bbdc96ccc216ba248ef with gcc (GCC) 8.1.0 kernel signature: 65941350e34e626e8199728601e25b68bac2a5706970d760e18cb8b7c5079a52 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good faa962bbae312eaf84838bbdc96ccc216ba248ef Bisecting: 115 revisions left to test after this (roughly 7 steps) [283d347d6e3e25829663cc629e80eccea96c25de] drm/vc4: hdmi: Remove vc4_dev hdmi pointer testing commit 283d347d6e3e25829663cc629e80eccea96c25de with gcc (GCC) 8.1.0 kernel signature: dd79e5540153e69e4adcbb587edbe279f4bf682ac60b6a9b0542ac35a94a5de6 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 283d347d6e3e25829663cc629e80eccea96c25de Bisecting: 57 revisions left to test after this (roughly 6 steps) [3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4] docs: fb: Correcting the location of FRAMEBUFFER_CONSOLE option. testing commit 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 with gcc (GCC) 8.1.0 kernel signature: 3a7029553230aa3cc7c13563e52aa46368c871d3a6dcdb1944db0937e346544b all runs: OK # git bisect bad 3f9dfc2a0ea9f8f34229d43e3a171c8aaf1dcaf4 Bisecting: 28 revisions left to test after this (roughly 5 steps) [2e3725b05b785e73482a194b99bff3d5a1c85140] dt-bindings: display: vc4: hdmi: Add BCM2711 HDMI controllers bindings testing commit 2e3725b05b785e73482a194b99bff3d5a1c85140 with gcc (GCC) 8.1.0 kernel signature: dd79e5540153e69e4adcbb587edbe279f4bf682ac60b6a9b0542ac35a94a5de6 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 2e3725b05b785e73482a194b99bff3d5a1c85140 Bisecting: 14 revisions left to test after this (roughly 4 steps) [fe2ab107536d808ad0c8ddce3e35b048dc5acb0f] omapfb: fix spelling mistake "propert" -> "property" testing commit fe2ab107536d808ad0c8ddce3e35b048dc5acb0f with gcc (GCC) 8.1.0 kernel signature: f3c82bf1622e9ccc2c1a071700d7ea09be809152cc6069a57d272f02b11d17e5 all runs: OK # git bisect bad fe2ab107536d808ad0c8ddce3e35b048dc5acb0f Bisecting: 6 revisions left to test after this (roughly 3 steps) [25c4bcf9858e3e8752985fa0cda64a212ea328b7] drm/bridge: dw-mipi-dsi: fix dw_mipi_dsi_debugfs_show/write warnings testing commit 25c4bcf9858e3e8752985fa0cda64a212ea328b7 with gcc (GCC) 8.1.0 kernel signature: 1327c8f3ac1daa3695765a369c3bbcbc067325b59fe29d3f1fede56424539230 all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 25c4bcf9858e3e8752985fa0cda64a212ea328b7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a49145acfb975d921464b84fe00279f99827d816] fbmem: add margin check to fb_check_caps() testing commit a49145acfb975d921464b84fe00279f99827d816 with gcc (GCC) 8.1.0 kernel signature: ec243834b44a7c1abeacb9f425ce2c65e08d8b76651dd6cd97835f11aa07661a all runs: OK # git bisect bad a49145acfb975d921464b84fe00279f99827d816 Bisecting: 0 revisions left to test after this (roughly 1 step) [54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e] drm/ttm: merge offset and base in ttm_bus_placement testing commit 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e with gcc (GCC) 8.1.0 kernel signature: e4e54528eedae338000748924373887257eb35045404ed71daf16a0cd33f600e all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit # git bisect good 54d04ea8cdbd143496e4f5cc9c0a9f86c0e55a2e a49145acfb975d921464b84fe00279f99827d816 is the first bad commit commit a49145acfb975d921464b84fe00279f99827d816 Author: George Kennedy Date: Tue Jul 7 15:26:03 2020 -0400 fbmem: add margin check to fb_check_caps() A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur. Add a margin check to validate xres and yres settings. Signed-off-by: George Kennedy Reported-by: syzbot+e5fd3e65515b48c02a30@syzkaller.appspotmail.com Reviewed-by: Dan Carpenter Cc: Dhaval Giani Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13801-1-git-send-email-george.kennedy@oracle.com drivers/video/fbdev/core/fbmem.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: ec243834b44a7c1abeacb9f425ce2c65e08d8b76651dd6cd97835f11aa07661a parent signature: e4e54528eedae338000748924373887257eb35045404ed71daf16a0cd33f600e revisions tested: 15, total time: 2h58m46.558402252s (build: 1h18m56.31339831s, test: 1h38m19.325016291s) first good commit: a49145acfb975d921464b84fe00279f99827d816 fbmem: add margin check to fb_check_caps() recipients (to): ["b.zolnierkie@samsung.com" "dan.carpenter@oracle.com" "george.kennedy@oracle.com"] recipients (cc): []