bisecting fixing commit since ad326970d25cc85128cd22d62398751ad072efff building syzkaller on f24824d3d54060a7d878eeb35c47f85dab84966a testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.1.0 kernel signature: dcb2b66849974eb667954c52364d2443a116f7fb687e0377ddc9159bc58cc883 all runs: crashed: divide error in do_journal_end testing current HEAD 2263955bf7e71ca8419b64d7a60510aad29002f6 testing commit 2263955bf7e71ca8419b64d7a60510aad29002f6 with gcc (GCC) 8.1.0 kernel signature: 34c7ed5b739a459f1b68ea687b764739b47d3e9ad5c16d948581c51571977c2a all runs: OK # git bisect start 2263955bf7e71ca8419b64d7a60510aad29002f6 ad326970d25cc85128cd22d62398751ad072efff Bisecting: 720 revisions left to test after this (roughly 10 steps) [e9bfab3073834efa616ec86184d63eba1a64cfef] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids testing commit e9bfab3073834efa616ec86184d63eba1a64cfef with gcc (GCC) 8.1.0 kernel signature: f19576960972fee7d6fab53e9b2eca073b4d3b7d346e3d12b36fdf34b721d6a2 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: divide error in do_journal_end run #4: crashed: divide error in do_journal_end run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #7: crashed: divide error in do_journal_end run #8: crashed: divide error in do_journal_end run #9: crashed: divide error in do_journal_end # git bisect good e9bfab3073834efa616ec86184d63eba1a64cfef Bisecting: 360 revisions left to test after this (roughly 9 steps) [6495fddfcaa8b220358b24609cd9b12bd76a6ff5] powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops testing commit 6495fddfcaa8b220358b24609cd9b12bd76a6ff5 with gcc (GCC) 8.1.0 kernel signature: 1ef7ed301ff2041916f71deda16d1e6d819282edae298c4cf3b7fc95af18d273 all runs: crashed: divide error in do_journal_end # git bisect good 6495fddfcaa8b220358b24609cd9b12bd76a6ff5 Bisecting: 180 revisions left to test after this (roughly 8 steps) [d8f0a87f20ca85bfd927c6e753574d682d2f6c50] lib/genalloc: fix the overflow when size is too big testing commit d8f0a87f20ca85bfd927c6e753574d682d2f6c50 with gcc (GCC) 8.1.0 kernel signature: e6065ae84093189728390e8456917e0f12902abffd1f6869cb869dacfaf31d4c all runs: OK # git bisect bad d8f0a87f20ca85bfd927c6e753574d682d2f6c50 Bisecting: 89 revisions left to test after this (roughly 7 steps) [412cc34b718286866b25d09c8be532e42e360aa1] powerpc/xmon: Change printk() to pr_cont() testing commit 412cc34b718286866b25d09c8be532e42e360aa1 with gcc (GCC) 8.1.0 kernel signature: 1359a1b34d8697b7515d00ec2019eec670f8380f3ca28079d7a727cecdacd6c3 all runs: crashed: divide error in do_journal_end # git bisect good 412cc34b718286866b25d09c8be532e42e360aa1 Bisecting: 44 revisions left to test after this (roughly 6 steps) [f8bd479859c9431bf0e951948f76c75e8953d6bd] md/raid10: initialize r10_bio->read_slot before use. testing commit f8bd479859c9431bf0e951948f76c75e8953d6bd with gcc (GCC) 8.1.0 kernel signature: 1b01e3d125dad7931321b7ae7e4bed5e34475ee810fb0675a429a725229c19f1 all runs: crashed: divide error in do_journal_end # git bisect good f8bd479859c9431bf0e951948f76c75e8953d6bd Bisecting: 22 revisions left to test after this (roughly 5 steps) [bea7f4d1ffa33ced2801947eb70e400387b07575] module: set MODULE_STATE_GOING state when a module fails to load testing commit bea7f4d1ffa33ced2801947eb70e400387b07575 with gcc (GCC) 8.1.0 kernel signature: faf478e43f98a6dacb272387086f735bb5ca149c13d8d1fc89cbb6eed4adbc3c all runs: OK # git bisect bad bea7f4d1ffa33ced2801947eb70e400387b07575 Bisecting: 10 revisions left to test after this (roughly 4 steps) [e622fafb4a80d3477ef22961e513bdfc79fa1687] xen/gntdev.c: Mark pages as dirty testing commit e622fafb4a80d3477ef22961e513bdfc79fa1687 with gcc (GCC) 8.1.0 kernel signature: e4e53996d690d36a029c665354324cc2ff40a28ce41f63591439a54810c6e9ca run #0: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #1: crashed: divide error in do_journal_end run #2: crashed: divide error in do_journal_end run #3: crashed: divide error in do_journal_end run #4: crashed: divide error in do_journal_end run #5: crashed: divide error in do_journal_end run #6: crashed: divide error in do_journal_end run #7: crashed: divide error in do_journal_end run #8: crashed: divide error in do_journal_end run #9: crashed: divide error in do_journal_end # git bisect good e622fafb4a80d3477ef22961e513bdfc79fa1687 Bisecting: 5 revisions left to test after this (roughly 3 steps) [074b61ff2127ed1e408f39783b32d1936d6aa3ac] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 074b61ff2127ed1e408f39783b32d1936d6aa3ac with gcc (GCC) 8.1.0 kernel signature: aedacf76d8a3a64934b6df3b642e663c89ce6fc61f847a41756d3309f33f516e all runs: OK # git bisect bad 074b61ff2127ed1e408f39783b32d1936d6aa3ac Bisecting: 2 revisions left to test after this (roughly 1 step) [2f6668bfe30a952f29f12499ad5c038cb1f6653c] of: fix linker-section match-table corruption testing commit 2f6668bfe30a952f29f12499ad5c038cb1f6653c with gcc (GCC) 8.1.0 kernel signature: 20d8cc4fbde196297de550c3d61c775d3aa076cde307746af7ed07f11026bc1f all runs: crashed: divide error in do_journal_end # git bisect good 2f6668bfe30a952f29f12499ad5c038cb1f6653c Bisecting: 0 revisions left to test after this (roughly 1 step) [b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.1.0 kernel signature: f2a0c7276f46c4ed40aad24c5a28adbd6dcfdcb5b533d5bbf2972d5ae400170d all runs: OK # git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333 Bisecting: 0 revisions left to test after this (roughly 0 steps) [88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.1.0 kernel signature: 2387dd36e18d25bf6a2cb7133c1cc3035c77a8cfd332d083aa4b233ba8a8a2c3 all runs: crashed: divide error in do_journal_end # git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: f2a0c7276f46c4ed40aad24c5a28adbd6dcfdcb5b533d5bbf2972d5ae400170d parent signature: 2387dd36e18d25bf6a2cb7133c1cc3035c77a8cfd332d083aa4b233ba8a8a2c3 revisions tested: 13, total time: 3h17m26.595209299s (build: 1h55m43.92081716s, test: 1h20m18.75715328s) first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []