bisecting fixing commit since 01364dad1d4577e27a57729d41053f661bb8a5b9 building syzkaller on a34e2c332411388ed2b3f6f1a3acdc062feceb79 testing commit 01364dad1d4577e27a57729d41053f661bb8a5b9 with gcc (GCC) 8.1.0 kernel signature: b3e11198fa25ef3e6947d095aca2a1a09137cf3cbc9ffdc0ef33a92a8262e663 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block testing current HEAD 458a534cac0c808fce164cc961f8384ffc8c455e testing commit 458a534cac0c808fce164cc961f8384ffc8c455e with gcc (GCC) 8.1.0 kernel signature: 7dc779d8dd04ce76cb3ff0c0a54d0cc02269bf40e25b8b4c7538e89e302c719f all runs: OK # git bisect start 458a534cac0c808fce164cc961f8384ffc8c455e 01364dad1d4577e27a57729d41053f661bb8a5b9 Bisecting: 994 revisions left to test after this (roughly 10 steps) [ea8dc0f16a383ba5f8f8c59a5008e7f73d9787a1] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN testing commit ea8dc0f16a383ba5f8f8c59a5008e7f73d9787a1 with gcc (GCC) 8.1.0 kernel signature: 64acf1cd127fecd46e01c0a4a504a065ba8951afec3146166e0fab934c0d1434 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip ea8dc0f16a383ba5f8f8c59a5008e7f73d9787a1 Bisecting: 994 revisions left to test after this (roughly 10 steps) [ada62291c3a30692b1e6250da9fd661dbfa188f5] wcn36xx: Fix error handling path in 'wcn36xx_probe()' testing commit ada62291c3a30692b1e6250da9fd661dbfa188f5 with gcc (GCC) 8.1.0 kernel signature: f22b55c9b054df24442629a383ee5de1e08adbb07c152f89d2efe4a5fe0796c5 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip ada62291c3a30692b1e6250da9fd661dbfa188f5 Bisecting: 994 revisions left to test after this (roughly 10 steps) [39e0651cac9c80865b2838f297f95ffc0f34a1d8] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power testing commit 39e0651cac9c80865b2838f297f95ffc0f34a1d8 with gcc (GCC) 8.1.0 kernel signature: 38660abd786aa86d75332fdb67c79cdc326c6c222330dca057a8492eb397f141 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip 39e0651cac9c80865b2838f297f95ffc0f34a1d8 Bisecting: 994 revisions left to test after this (roughly 10 steps) [6a37c005dad22650fe58dde459c6f95eecad7df9] macvlan: Skip loopback packets in RX handler testing commit 6a37c005dad22650fe58dde459c6f95eecad7df9 with gcc (GCC) 8.1.0 kernel signature: 7aaae81f38939f84d665fe54004c9218fdcdaf5ab8d3a7d3136a0d837b29e995 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip 6a37c005dad22650fe58dde459c6f95eecad7df9 Bisecting: 994 revisions left to test after this (roughly 10 steps) [2216157f8ef664170e4fe251716b782953c14885] net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' testing commit 2216157f8ef664170e4fe251716b782953c14885 with gcc (GCC) 8.1.0 kernel signature: 2172cf658e7ff5694898d39fa9785433d0cdf57e81e65b7b856921abd886975c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good 2216157f8ef664170e4fe251716b782953c14885 Bisecting: 690 revisions left to test after this (roughly 10 steps) [adf926d133dec528756b041e4dc4129406acbf2d] ARM: dts: omap4-droid4: Fix spi configuration and increase rate testing commit adf926d133dec528756b041e4dc4129406acbf2d with gcc (GCC) 8.1.0 kernel signature: 8c7a87a5277113dab31f7350d00d058f1d05353e4ad4babc044222e16796b660 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip adf926d133dec528756b041e4dc4129406acbf2d Bisecting: 690 revisions left to test after this (roughly 10 steps) [ac31ef00ad96c2bcf7efc919560cc6404bda8e39] kgdb: Avoid suspicious RCU usage warning testing commit ac31ef00ad96c2bcf7efc919560cc6404bda8e39 with gcc (GCC) 8.1.0 kernel signature: f4cf64a5f3575218fa9fd32bcb3de686616f1937e68e4499167384a21e7b82c9 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip ac31ef00ad96c2bcf7efc919560cc6404bda8e39 Bisecting: 690 revisions left to test after this (roughly 10 steps) [5a7acfe428fd1d4a7d280eb72c357a807b5cf3f2] m68k: mac: Don't call via_flush_cache() on Mac IIfx testing commit 5a7acfe428fd1d4a7d280eb72c357a807b5cf3f2 with gcc (GCC) 8.1.0 kernel signature: 114586bba56b1f935df7435fc9b1238a3f2109a66f0e57a4b70745b0c91fd2cf all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip 5a7acfe428fd1d4a7d280eb72c357a807b5cf3f2 Bisecting: 690 revisions left to test after this (roughly 10 steps) [7f3efcf16a11c159824a3fb8c6fc99314d0f067b] arm64: kgdb: Fix single-step exception handling oops testing commit 7f3efcf16a11c159824a3fb8c6fc99314d0f067b with gcc (GCC) 8.1.0 kernel signature: 141b151822ed9c95300830897443c50bdbf8933111519bb039ee1d713d4cbf07 all runs: boot failed: WARNING in kvm_mmu_set_mmio_spte_mask # git bisect skip 7f3efcf16a11c159824a3fb8c6fc99314d0f067b Bisecting: 690 revisions left to test after this (roughly 10 steps) [49a3f519e22690d902c7a161eeff1fbb391efd4e] vxlan: Ensure FDB dump is performed under RCU testing commit 49a3f519e22690d902c7a161eeff1fbb391efd4e with gcc (GCC) 8.1.0 kernel signature: 932e06fc99f8f17d8a996ddca3eb2d95f23f108d40f920dded3745ccf9eaab13 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good 49a3f519e22690d902c7a161eeff1fbb391efd4e Bisecting: 199 revisions left to test after this (roughly 8 steps) [82ba99cfbdc46075c6c9f8941e6ed6bac0a5dacc] btrfs: don't show full path of bind mounts in subvol= testing commit 82ba99cfbdc46075c6c9f8941e6ed6bac0a5dacc with gcc (GCC) 8.1.0 kernel signature: c1f566f032efb8ff67abcb89a56f193e5107589d498144235fc97464bd692688 all runs: OK # git bisect bad 82ba99cfbdc46075c6c9f8941e6ed6bac0a5dacc Bisecting: 99 revisions left to test after this (roughly 7 steps) [4ac2e3425382667ceb957d0837c81e81dc02a2dc] fsl/fman: fix eth hash table allocation testing commit 4ac2e3425382667ceb957d0837c81e81dc02a2dc with gcc (GCC) 8.1.0 kernel signature: f603d389a4a4de7b15705713588570aed6db9d158e3281cc2787be40dd739cf4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good 4ac2e3425382667ceb957d0837c81e81dc02a2dc Bisecting: 49 revisions left to test after this (roughly 6 steps) [2905e9be282a87cd398441c0f342682df2ddf7ed] ocfs2: change slot number type s16 to u16 testing commit 2905e9be282a87cd398441c0f342682df2ddf7ed with gcc (GCC) 8.1.0 kernel signature: 73484b15a2f42aeb14cb4623439314bfc9c5305647954fe9cd73376c6c544d04 all runs: OK # git bisect bad 2905e9be282a87cd398441c0f342682df2ddf7ed Bisecting: 24 revisions left to test after this (roughly 5 steps) [337be2b46991cf3d5afe3dbb114440946b84fe42] mtd: rawnand: qcom: avoid write to unavailable register testing commit 337be2b46991cf3d5afe3dbb114440946b84fe42 with gcc (GCC) 8.1.0 kernel signature: e93165d40a30cf09da65236faa0046fdb075bd2e5809bb8eefb0a0e25303fff3 all runs: OK # git bisect bad 337be2b46991cf3d5afe3dbb114440946b84fe42 Bisecting: 11 revisions left to test after this (roughly 4 steps) [6fa2227bb563179772163d02697703493e2e1606] ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 testing commit 6fa2227bb563179772163d02697703493e2e1606 with gcc (GCC) 8.1.0 kernel signature: 920ff2fcf2f9633a15630f75624de8b38c8d7af51b6f42eaa26c494728844271 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good 6fa2227bb563179772163d02697703493e2e1606 Bisecting: 5 revisions left to test after this (roughly 3 steps) [3c775629a5ffe3f6305f9a4f53d8167f629435ad] fs/minix: check return value of sb_getblk() testing commit 3c775629a5ffe3f6305f9a4f53d8167f629435ad with gcc (GCC) 8.1.0 kernel signature: 0bb5f6fda604572432b8078164cd89cc0e0040a89e872b1d20bae3f2427af1bf all runs: OK # git bisect bad 3c775629a5ffe3f6305f9a4f53d8167f629435ad Bisecting: 2 revisions left to test after this (roughly 2 steps) [99e69b921dae3ebe63d2c424ce00f91b4cab2826] crypto: ccp - Fix use of merged scatterlists testing commit 99e69b921dae3ebe63d2c424ce00f91b4cab2826 with gcc (GCC) 8.1.0 kernel signature: ac73647b1e57553e339dfa6d78bbec164b71f212fa82b41f6718eac26e619dd4 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good 99e69b921dae3ebe63d2c424ce00f91b4cab2826 Bisecting: 1 revision left to test after this (roughly 1 step) [a2c4136587cf19066758091eb60694a8f5120897] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified testing commit a2c4136587cf19066758091eb60694a8f5120897 with gcc (GCC) 8.1.0 kernel signature: a15864784b6a0348fa53dfa73accf057c6da021a82b31d357255127911e35291 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good a2c4136587cf19066758091eb60694a8f5120897 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b4840e848efa4648a551e3d833bfe7cebde344d2] bitfield.h: don't compile-time validate _val in FIELD_FIT testing commit b4840e848efa4648a551e3d833bfe7cebde344d2 with gcc (GCC) 8.1.0 kernel signature: 54f578f2799774be92192017427ae278f430e5ea82ea71b3a6779787343de8c4 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in get_block # git bisect good b4840e848efa4648a551e3d833bfe7cebde344d2 3c775629a5ffe3f6305f9a4f53d8167f629435ad is the first bad commit commit 3c775629a5ffe3f6305f9a4f53d8167f629435ad Author: Eric Biggers Date: Tue Aug 11 18:35:24 2020 -0700 fs/minix: check return value of sb_getblk() commit da27e0a0e5f655f0d58d4e153c3182bb2b290f64 upstream. Patch series "fs/minix: fix syzbot bugs and set s_maxbytes". This series fixes all syzbot bugs in the minix filesystem: KASAN: null-ptr-deref Write in get_block KASAN: use-after-free Write in get_block KASAN: use-after-free Read in get_block WARNING in inc_nlink KMSAN: uninit-value in get_block WARNING in drop_nlink It also fixes the minix filesystem to set s_maxbytes correctly, so that userspace sees the correct behavior when exceeding the max file size. This patch (of 6): sb_getblk() can fail, so check its return value. This fixes a NULL pointer dereference. Originally from Qiujun Huang. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+4a88b2b9dc280f47baf4@syzkaller.appspotmail.com Signed-off-by: Eric Biggers Signed-off-by: Andrew Morton Cc: Qiujun Huang Cc: Alexander Viro Cc: Link: http://lkml.kernel.org/r/20200628060846.682158-1-ebiggers@kernel.org Link: http://lkml.kernel.org/r/20200628060846.682158-2-ebiggers@kernel.org Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman fs/minix/itree_common.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) culprit signature: 0bb5f6fda604572432b8078164cd89cc0e0040a89e872b1d20bae3f2427af1bf parent signature: 54f578f2799774be92192017427ae278f430e5ea82ea71b3a6779787343de8c4 revisions tested: 21, total time: 6h37m28.425798551s (build: 3h43m53.809658603s, test: 2h50m36.342966874s) first good commit: 3c775629a5ffe3f6305f9a4f53d8167f629435ad fs/minix: check return value of sb_getblk() recipients (to): ["akpm@linux-foundation.org" "ebiggers@google.com" "gregkh@linuxfoundation.org" "torvalds@linux-foundation.org"] recipients (cc): []