bisecting fixing commit since c37da90efff5f183bea6ae4c2af33571f61fe317
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit c37da90efff5f183bea6ae4c2af33571f61fe317 with gcc (GCC) 8.1.0
kernel signature: 487e23e7e3c7d573ba9aeaff0c62b65694eb9c252d047cff906452ebad6362f7
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
testing current HEAD ad326970d25cc85128cd22d62398751ad072efff
testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.1.0
kernel signature: 240d3aba741638be5411e2c1a19f301fffe61578b8351bb750f96c0ecb488e11
all runs: OK
# git bisect start ad326970d25cc85128cd22d62398751ad072efff c37da90efff5f183bea6ae4c2af33571f61fe317
Bisecting: 309 revisions left to test after this (roughly 8 steps)
[576f57da9107056935364824ecd2d78a07d542e6] xfs: fix log reservation overflows when allocating large rt extents
testing commit 576f57da9107056935364824ecd2d78a07d542e6 with gcc (GCC) 8.1.0
kernel signature: 861704cba3045731b93f86b9582ad5ced1a69ebe9f9fe3a7f75da554704da042
all runs: OK
# git bisect bad 576f57da9107056935364824ecd2d78a07d542e6
Bisecting: 154 revisions left to test after this (roughly 7 steps)
[549a2cac6bc278b7f238a59eeb644205a10a86ca] scsi: target: iscsi: Fix data digest calculation
testing commit 549a2cac6bc278b7f238a59eeb644205a10a86ca with gcc (GCC) 8.1.0
kernel signature: e7c0875779ae83158f6e8c78bb087d90f6646b1b8b29878d6786f825f918e955
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 549a2cac6bc278b7f238a59eeb644205a10a86ca
Bisecting: 77 revisions left to test after this (roughly 6 steps)
[c797110d97c48054d1491251fd713900ff51615c] geneve: add transport ports in route lookup for geneve
testing commit c797110d97c48054d1491251fd713900ff51615c with gcc (GCC) 8.1.0
kernel signature: 956326d588df6353ffc3f85e237792487495dd1c1758a5019a071f3ccc9e2e3a
all runs: OK
# git bisect bad c797110d97c48054d1491251fd713900ff51615c
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[30857be3992300481d31b87d7d1d126163c858eb] rapidio: Replace 'select' DMAENGINES 'with depends on'
testing commit 30857be3992300481d31b87d7d1d126163c858eb with gcc (GCC) 8.1.0
kernel signature: 4eed0294be39a18191ae44cce70ae238d9c4a9ea1af233ee8080e8e325830e23
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 30857be3992300481d31b87d7d1d126163c858eb
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[f47ba6941d10479838086234d4bb73d7aea0d61b] drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
testing commit f47ba6941d10479838086234d4bb73d7aea0d61b with gcc (GCC) 8.1.0
kernel signature: 38dc7112f12e1fe193fc77cfb067dc8825abab727f9977da197d06436ac1b9d8
all runs: OK
# git bisect bad f47ba6941d10479838086234d4bb73d7aea0d61b
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[b2cbd001d34d12358eb4e1600e4720be224b4900] clk: davinci: Use the correct size when allocating memory
testing commit b2cbd001d34d12358eb4e1600e4720be224b4900 with gcc (GCC) 8.1.0
kernel signature: 66897c01260d0ad0a7a94b562d3031b315a3220a1ecc88a10f78adc551624456
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good b2cbd001d34d12358eb4e1600e4720be224b4900
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[4cf1b96a36d5b26dadca1e2ab0f85180259bab75] MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
testing commit 4cf1b96a36d5b26dadca1e2ab0f85180259bab75 with gcc (GCC) 8.1.0
kernel signature: 66897c01260d0ad0a7a94b562d3031b315a3220a1ecc88a10f78adc551624456
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 4cf1b96a36d5b26dadca1e2ab0f85180259bab75
Bisecting: 2 revisions left to test after this (roughly 1 step)
[76fe92986c5c2fff36d8fb83e86332113b6c1725] fbcon: Fix user font detection test at fbcon_resize().
testing commit 76fe92986c5c2fff36d8fb83e86332113b6c1725 with gcc (GCC) 8.1.0
kernel signature: 38dc7112f12e1fe193fc77cfb067dc8825abab727f9977da197d06436ac1b9d8
all runs: OK
# git bisect bad 76fe92986c5c2fff36d8fb83e86332113b6c1725
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[1e96d27099ef4b9ee2c3ad09025083779657e175] perf test: Free formats for perf pmu parse test
testing commit 1e96d27099ef4b9ee2c3ad09025083779657e175 with gcc (GCC) 8.1.0
kernel signature: 66897c01260d0ad0a7a94b562d3031b315a3220a1ecc88a10f78adc551624456
all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize
# git bisect good 1e96d27099ef4b9ee2c3ad09025083779657e175
76fe92986c5c2fff36d8fb83e86332113b6c1725 is the first bad commit
commit 76fe92986c5c2fff36d8fb83e86332113b6c1725
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date:   Fri Sep 11 07:57:06 2020 +0900

    fbcon: Fix user font detection test at fbcon_resize().
    
    [ Upstream commit ec0972adecb391a8d8650832263a4790f3bfb4df ]
    
    syzbot is reporting OOB read at fbcon_resize() [1], for
    commit 39b3cffb8cf31117 ("fbcon: prevent user font height or width change
     from causing potential out-of-bounds access") is by error using
    registered_fb[con2fb_map[vc->vc_num]]->fbcon_par->p->userfont (which was
    set to non-zero) instead of fb_display[vc->vc_num].userfont (which remains
    zero for that display).
    
    We could remove tricky userfont flag [2], for we can determine it by
    comparing address of the font data and addresses of built-in font data.
    But since that commit is failing to fix the original OOB read [3], this
    patch keeps the change minimal in case we decide to revert altogether.
    
    [1] https://syzkaller.appspot.com/bug?id=ebcbbb6576958a496500fee9cf7aa83ea00b5920
    [2] https://syzkaller.appspot.com/text?tag=Patch&x=14030853900000
    [3] https://syzkaller.appspot.com/bug?id=6fba8c186d97cf1011ab17660e633b1cc4e080c9
    
    Reported-by: syzbot <syzbot+b38b1ef6edf0c74a8d97@syzkaller.appspotmail.com>
    Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Fixes: 39b3cffb8cf31117 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access")
    Cc: George Kennedy <george.kennedy@oracle.com>
    Link: https://lore.kernel.org/r/f6e3e611-8704-1263-d163-f52c906a4f06@I-love.SAKURA.ne.jp
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 drivers/video/fbdev/core/fbcon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
culprit signature: 38dc7112f12e1fe193fc77cfb067dc8825abab727f9977da197d06436ac1b9d8
parent  signature: 66897c01260d0ad0a7a94b562d3031b315a3220a1ecc88a10f78adc551624456
revisions tested: 11, total time: 2h42m29.30186076s (build: 1h31m59.079353299s, test: 1h9m25.905140435s)
first good commit: 76fe92986c5c2fff36d8fb83e86332113b6c1725 fbcon: Fix user font detection test at fbcon_resize().
recipients (to): ["gregkh@linuxfoundation.org" "penguin-kernel@i-love.sakura.ne.jp" "sashal@kernel.org"]
recipients (cc): []