bisecting fixing commit since d7e78d08fa77acdea351c8f628f49ca9a0e1029a building syzkaller on d5a3ae1f760e7cb2cd5a721d9645ae22eae114fe testing commit d7e78d08fa77acdea351c8f628f49ca9a0e1029a with gcc (GCC) 8.1.0 kernel signature: 3e0674b1e21cd0586837c7e2a9300e9cdfa3101e5023086ea157528620713e17 all runs: crashed: INFO: trying to register non-static key in uhid_dev_destroy testing current HEAD ca87c82811906f4fc5e936705564ba8176ba497f testing commit ca87c82811906f4fc5e936705564ba8176ba497f with gcc (GCC) 8.1.0 kernel signature: 2ac30768d7bd25380ebcc4f5b5badb54a5c062c30477a9aff0748778eb268eab all runs: OK # git bisect start ca87c82811906f4fc5e936705564ba8176ba497f d7e78d08fa77acdea351c8f628f49ca9a0e1029a Bisecting: 132 revisions left to test after this (roughly 7 steps) [a6d4a84d569f49affa53959889d2b9acf885a97c] btrfs: set the lockdep class for log tree extent buffers testing commit a6d4a84d569f49affa53959889d2b9acf885a97c with gcc (GCC) 8.1.0 kernel signature: 2e34d10e94d6069adaf1fc1f8a197fe8788633e61b18158d91aab561ba3fff13 all runs: OK # git bisect bad a6d4a84d569f49affa53959889d2b9acf885a97c Bisecting: 65 revisions left to test after this (roughly 6 steps) [fe5d0805aac97d0937cb015f859c93e869909d2f] serial: pl011: Don't leak amba_ports entry on driver register error testing commit fe5d0805aac97d0937cb015f859c93e869909d2f with gcc (GCC) 8.1.0 kernel signature: 2c3f8b99d51cc6af8052ba608a0c23377bc3f7cb9648c6a8386badf916e0a548 run #0: crashed: INFO: trying to register non-static key in corrupted run #1: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #2: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #3: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #4: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #5: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #6: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #7: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #8: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #9: crashed: INFO: trying to register non-static key in corrupted # git bisect good fe5d0805aac97d0937cb015f859c93e869909d2f Bisecting: 32 revisions left to test after this (roughly 5 steps) [1dd11998941e98885449e9745043e918f11baf20] ceph: don't allow setlease on cephfs testing commit 1dd11998941e98885449e9745043e918f11baf20 with gcc (GCC) 8.1.0 kernel signature: 6ae491612b9bbafb791e51337641cc22a7bbd831a9e5c2a7e39ce0ab895cbe14 all runs: OK # git bisect bad 1dd11998941e98885449e9745043e918f11baf20 Bisecting: 16 revisions left to test after this (roughly 4 steps) [80459b71e2ce64b39eafc2422212e4c99066d118] overflow.h: Add allocation size calculation helpers testing commit 80459b71e2ce64b39eafc2422212e4c99066d118 with gcc (GCC) 8.1.0 kernel signature: a3c109ec62daa6c0ff91d02468400f8897c2bdd996de7265f7e19ec38454c8c9 run #0: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #1: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #2: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #3: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #4: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #5: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #6: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #7: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #8: crashed: INFO: trying to register non-static key in corrupted run #9: crashed: INFO: trying to register non-static key in uhid_dev_destroy # git bisect good 80459b71e2ce64b39eafc2422212e4c99066d118 Bisecting: 8 revisions left to test after this (roughly 3 steps) [ff51a1a2dca3657a61d8df094587d7dee7c694d6] HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() testing commit ff51a1a2dca3657a61d8df094587d7dee7c694d6 with gcc (GCC) 8.1.0 kernel signature: fb3425acb9670ec474ccc31918036e09a589cc3ab6172abbc5088dbe1d95091c run #0: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #1: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #2: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #3: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #4: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #5: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #6: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #7: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #8: crashed: INFO: trying to register non-static key in uhid_dev_destroy run #9: crashed: INFO: trying to register non-static key in corrupted # git bisect good ff51a1a2dca3657a61d8df094587d7dee7c694d6 Bisecting: 4 revisions left to test after this (roughly 2 steps) [a083dcdcfa2568747112edf865b3e848d70835e5] HID: core: Sanitize event code and type when mapping input testing commit a083dcdcfa2568747112edf865b3e848d70835e5 with gcc (GCC) 8.1.0 kernel signature: f2ec8bc34cf66a538a94677825c1e01ed0a9498c68cc9e33145c9f3b387ae706 all runs: OK # git bisect bad a083dcdcfa2568747112edf865b3e848d70835e5 Bisecting: 1 revision left to test after this (roughly 1 step) [2f166cdcf8a92fcf85524f2b5526cb28e16f0a60] Linux 4.14.196 testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0 kernel signature: b2870ba1b128f9169b6fb09b97affbc91db48fbed9539a82b8b8f609b0563376 all runs: crashed: INFO: trying to register non-static key in uhid_dev_destroy # git bisect good 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9e5894b7e2229e6d89319864fb08304571fd44f7] HID: core: Correctly handle ReportSize being zero testing commit 9e5894b7e2229e6d89319864fb08304571fd44f7 with gcc (GCC) 8.1.0 kernel signature: 3456e86cda8610560806e7601348814dcbfcb71a3a0f8b006d7e98cf7f11d16e all runs: OK # git bisect bad 9e5894b7e2229e6d89319864fb08304571fd44f7 9e5894b7e2229e6d89319864fb08304571fd44f7 is the first bad commit commit 9e5894b7e2229e6d89319864fb08304571fd44f7 Author: Marc Zyngier Date: Sat Aug 29 12:26:01 2020 +0100 HID: core: Correctly handle ReportSize being zero commit bce1305c0ece3dc549663605e567655dd701752c upstream. It appears that a ReportSize value of zero is legal, even if a bit non-sensical. Most of the HID code seems to handle that gracefully, except when computing the total size in bytes. When fed as input to memset, this leads to some funky outcomes. Detect the corner case and correctly compute the size. Cc: stable@vger.kernel.org Signed-off-by: Marc Zyngier Signed-off-by: Benjamin Tissoires Signed-off-by: Greg Kroah-Hartman drivers/hid/hid-core.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) culprit signature: 3456e86cda8610560806e7601348814dcbfcb71a3a0f8b006d7e98cf7f11d16e parent signature: b2870ba1b128f9169b6fb09b97affbc91db48fbed9539a82b8b8f609b0563376 revisions tested: 10, total time: 2h36m34.497487593s (build: 1h26m40.177872919s, test: 1h8m43.197104595s) first good commit: 9e5894b7e2229e6d89319864fb08304571fd44f7 HID: core: Correctly handle ReportSize being zero recipients (to): ["benjamin.tissoires@gmail.com" "gregkh@linuxfoundation.org" "maz@kernel.org"] recipients (cc): []