bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0
kernel signature: 45e6a7df32eef3dfcc65127dc18c06a366ce07d7010037a252ba8b875a68dc91
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
testing current HEAD 8961076ed318dfd22aa357b41589f07bf67e73b6
testing commit 8961076ed318dfd22aa357b41589f07bf67e73b6 with gcc (GCC) 8.1.0
kernel signature: 6d2111603d09fdc274816934ff25b42c5c4465d5c2c359ee1483daa62556ad11
all runs: OK
# git bisect start 8961076ed318dfd22aa357b41589f07bf67e73b6 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60
Bisecting: 441 revisions left to test after this (roughly 9 steps)
[712777b2bc9b2b5c66ef33774ac6d05ef8bb0321] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
testing commit 712777b2bc9b2b5c66ef33774ac6d05ef8bb0321 with gcc (GCC) 8.1.0
kernel signature: 3b6e9725b7cf4431137027b1a3ad9d9566974eff1c6cdf72d240c3dca527fa84
all runs: OK
# git bisect bad 712777b2bc9b2b5c66ef33774ac6d05ef8bb0321
Bisecting: 220 revisions left to test after this (roughly 8 steps)
[0ccf7b9c6852279ef1fccf5315e605775e90c257] dmaengine: zynqmp_dma: fix burst length configuration
testing commit 0ccf7b9c6852279ef1fccf5315e605775e90c257 with gcc (GCC) 8.1.0
kernel signature: 5ce1cf139e26eaebd0d9ca1a4c463880b83282a5549f3899098f98589f9478c7
all runs: OK
# git bisect bad 0ccf7b9c6852279ef1fccf5315e605775e90c257
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[caa75847c333ad18d6b9d68f94a255418f3c006a] iio:magnetometer:ak8975 Fix alignment and data leak issues.
testing commit caa75847c333ad18d6b9d68f94a255418f3c006a with gcc (GCC) 8.1.0
kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good caa75847c333ad18d6b9d68f94a255418f3c006a
Bisecting: 55 revisions left to test after this (roughly 6 steps)
[7e065e0242fc285cc29c5ea4a80d108262af5148] i2c: i801: Fix resume bug
testing commit 7e065e0242fc285cc29c5ea4a80d108262af5148 with gcc (GCC) 8.1.0
kernel signature: 82077d22a1cd52dad5e8c8e341aa4a3695f130a6eb18ed884fd2106b0231bf98
all runs: OK
# git bisect bad 7e065e0242fc285cc29c5ea4a80d108262af5148
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[89c61374785f5590f61161334a6192ab3c165ec9] usb: typec: ucsi: acpi: Check the _DEP dependencies
testing commit 89c61374785f5590f61161334a6192ab3c165ec9 with gcc (GCC) 8.1.0
kernel signature: 956d7cc4727d8cc3e41ff0d40cbdedfd215d15c4606dd31922580a235548efa8
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 89c61374785f5590f61161334a6192ab3c165ec9
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[30ce9a30a3881ae384e98aabd68310d053474e7e] i2c: algo: pca: Reapply i2c bus settings after reset
testing commit 30ce9a30a3881ae384e98aabd68310d053474e7e with gcc (GCC) 8.1.0
kernel signature: f46766d2b8ca9eb38e98a4ca46bce16c944c8128c22c3a91ee3c4c59033811d3
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 30ce9a30a3881ae384e98aabd68310d053474e7e
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[d31eccab7abd41e9d198c0f4f226d937cc7bbd58] fbcon: Fix user font detection test at fbcon_resize().
testing commit d31eccab7abd41e9d198c0f4f226d937cc7bbd58 with gcc (GCC) 8.1.0
kernel signature: 7be522504f00c6305edd2d12ed30fdd738068070762b49db4e97cb233e53529f
all runs: OK
# git bisect bad d31eccab7abd41e9d198c0f4f226d937cc7bbd58
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[292a391e668b159b05eedcc2f23b09ee1b94a95c] clk: rockchip: Fix initialization of mux_pll_src_4plls_p
testing commit 292a391e668b159b05eedcc2f23b09ee1b94a95c with gcc (GCC) 8.1.0
kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 292a391e668b159b05eedcc2f23b09ee1b94a95c
Bisecting: 1 revision left to test after this (roughly 1 step)
[38eefb1964388f93644b35ec77000c5fbecca9cc] MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
testing commit 38eefb1964388f93644b35ec77000c5fbecca9cc with gcc (GCC) 8.1.0
kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 38eefb1964388f93644b35ec77000c5fbecca9cc
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[1cf043baa068a5deecaf800e9122b462ac418159] perf test: Free formats for perf pmu parse test
testing commit 1cf043baa068a5deecaf800e9122b462ac418159 with gcc (GCC) 8.1.0
kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 1cf043baa068a5deecaf800e9122b462ac418159
d31eccab7abd41e9d198c0f4f226d937cc7bbd58 is the first bad commit
commit d31eccab7abd41e9d198c0f4f226d937cc7bbd58
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date:   Fri Sep 11 07:57:06 2020 +0900

    fbcon: Fix user font detection test at fbcon_resize().
    
    [ Upstream commit ec0972adecb391a8d8650832263a4790f3bfb4df ]
    
    syzbot is reporting OOB read at fbcon_resize() [1], for
    commit 39b3cffb8cf31117 ("fbcon: prevent user font height or width change
     from causing potential out-of-bounds access") is by error using
    registered_fb[con2fb_map[vc->vc_num]]->fbcon_par->p->userfont (which was
    set to non-zero) instead of fb_display[vc->vc_num].userfont (which remains
    zero for that display).
    
    We could remove tricky userfont flag [2], for we can determine it by
    comparing address of the font data and addresses of built-in font data.
    But since that commit is failing to fix the original OOB read [3], this
    patch keeps the change minimal in case we decide to revert altogether.
    
    [1] https://syzkaller.appspot.com/bug?id=ebcbbb6576958a496500fee9cf7aa83ea00b5920
    [2] https://syzkaller.appspot.com/text?tag=Patch&x=14030853900000
    [3] https://syzkaller.appspot.com/bug?id=6fba8c186d97cf1011ab17660e633b1cc4e080c9
    
    Reported-by: syzbot <syzbot+b38b1ef6edf0c74a8d97@syzkaller.appspotmail.com>
    Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Fixes: 39b3cffb8cf31117 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access")
    Cc: George Kennedy <george.kennedy@oracle.com>
    Link: https://lore.kernel.org/r/f6e3e611-8704-1263-d163-f52c906a4f06@I-love.SAKURA.ne.jp
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 drivers/video/fbdev/core/fbcon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
culprit signature: 7be522504f00c6305edd2d12ed30fdd738068070762b49db4e97cb233e53529f
parent  signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625
revisions tested: 12, total time: 2h50m38.79693566s (build: 1h42m33.614073645s, test: 1h6m43.436351095s)
first good commit: d31eccab7abd41e9d198c0f4f226d937cc7bbd58 fbcon: Fix user font detection test at fbcon_resize().
recipients (to): ["gregkh@linuxfoundation.org" "penguin-kernel@i-love.sakura.ne.jp" "sashal@kernel.org"]
recipients (cc): []