bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0 kernel signature: 45e6a7df32eef3dfcc65127dc18c06a366ce07d7010037a252ba8b875a68dc91 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize testing current HEAD 8961076ed318dfd22aa357b41589f07bf67e73b6 testing commit 8961076ed318dfd22aa357b41589f07bf67e73b6 with gcc (GCC) 8.1.0 kernel signature: 6d2111603d09fdc274816934ff25b42c5c4465d5c2c359ee1483daa62556ad11 all runs: OK # git bisect start 8961076ed318dfd22aa357b41589f07bf67e73b6 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 Bisecting: 441 revisions left to test after this (roughly 9 steps) [712777b2bc9b2b5c66ef33774ac6d05ef8bb0321] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup testing commit 712777b2bc9b2b5c66ef33774ac6d05ef8bb0321 with gcc (GCC) 8.1.0 kernel signature: 3b6e9725b7cf4431137027b1a3ad9d9566974eff1c6cdf72d240c3dca527fa84 all runs: OK # git bisect bad 712777b2bc9b2b5c66ef33774ac6d05ef8bb0321 Bisecting: 220 revisions left to test after this (roughly 8 steps) [0ccf7b9c6852279ef1fccf5315e605775e90c257] dmaengine: zynqmp_dma: fix burst length configuration testing commit 0ccf7b9c6852279ef1fccf5315e605775e90c257 with gcc (GCC) 8.1.0 kernel signature: 5ce1cf139e26eaebd0d9ca1a4c463880b83282a5549f3899098f98589f9478c7 all runs: OK # git bisect bad 0ccf7b9c6852279ef1fccf5315e605775e90c257 Bisecting: 110 revisions left to test after this (roughly 7 steps) [caa75847c333ad18d6b9d68f94a255418f3c006a] iio:magnetometer:ak8975 Fix alignment and data leak issues. testing commit caa75847c333ad18d6b9d68f94a255418f3c006a with gcc (GCC) 8.1.0 kernel signature: ac4f12630bc169879fe310aad482b6346e63493ee7a07ab5f2b96cf0131e2693 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good caa75847c333ad18d6b9d68f94a255418f3c006a Bisecting: 55 revisions left to test after this (roughly 6 steps) [7e065e0242fc285cc29c5ea4a80d108262af5148] i2c: i801: Fix resume bug testing commit 7e065e0242fc285cc29c5ea4a80d108262af5148 with gcc (GCC) 8.1.0 kernel signature: 82077d22a1cd52dad5e8c8e341aa4a3695f130a6eb18ed884fd2106b0231bf98 all runs: OK # git bisect bad 7e065e0242fc285cc29c5ea4a80d108262af5148 Bisecting: 27 revisions left to test after this (roughly 5 steps) [89c61374785f5590f61161334a6192ab3c165ec9] usb: typec: ucsi: acpi: Check the _DEP dependencies testing commit 89c61374785f5590f61161334a6192ab3c165ec9 with gcc (GCC) 8.1.0 kernel signature: 956d7cc4727d8cc3e41ff0d40cbdedfd215d15c4606dd31922580a235548efa8 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good 89c61374785f5590f61161334a6192ab3c165ec9 Bisecting: 13 revisions left to test after this (roughly 4 steps) [30ce9a30a3881ae384e98aabd68310d053474e7e] i2c: algo: pca: Reapply i2c bus settings after reset testing commit 30ce9a30a3881ae384e98aabd68310d053474e7e with gcc (GCC) 8.1.0 kernel signature: f46766d2b8ca9eb38e98a4ca46bce16c944c8128c22c3a91ee3c4c59033811d3 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good 30ce9a30a3881ae384e98aabd68310d053474e7e Bisecting: 6 revisions left to test after this (roughly 3 steps) [d31eccab7abd41e9d198c0f4f226d937cc7bbd58] fbcon: Fix user font detection test at fbcon_resize(). testing commit d31eccab7abd41e9d198c0f4f226d937cc7bbd58 with gcc (GCC) 8.1.0 kernel signature: 7be522504f00c6305edd2d12ed30fdd738068070762b49db4e97cb233e53529f all runs: OK # git bisect bad d31eccab7abd41e9d198c0f4f226d937cc7bbd58 Bisecting: 3 revisions left to test after this (roughly 2 steps) [292a391e668b159b05eedcc2f23b09ee1b94a95c] clk: rockchip: Fix initialization of mux_pll_src_4plls_p testing commit 292a391e668b159b05eedcc2f23b09ee1b94a95c with gcc (GCC) 8.1.0 kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good 292a391e668b159b05eedcc2f23b09ee1b94a95c Bisecting: 1 revision left to test after this (roughly 1 step) [38eefb1964388f93644b35ec77000c5fbecca9cc] MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT testing commit 38eefb1964388f93644b35ec77000c5fbecca9cc with gcc (GCC) 8.1.0 kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good 38eefb1964388f93644b35ec77000c5fbecca9cc Bisecting: 0 revisions left to test after this (roughly 0 steps) [1cf043baa068a5deecaf800e9122b462ac418159] perf test: Free formats for perf pmu parse test testing commit 1cf043baa068a5deecaf800e9122b462ac418159 with gcc (GCC) 8.1.0 kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good 1cf043baa068a5deecaf800e9122b462ac418159 d31eccab7abd41e9d198c0f4f226d937cc7bbd58 is the first bad commit commit d31eccab7abd41e9d198c0f4f226d937cc7bbd58 Author: Tetsuo Handa Date: Fri Sep 11 07:57:06 2020 +0900 fbcon: Fix user font detection test at fbcon_resize(). [ Upstream commit ec0972adecb391a8d8650832263a4790f3bfb4df ] syzbot is reporting OOB read at fbcon_resize() [1], for commit 39b3cffb8cf31117 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access") is by error using registered_fb[con2fb_map[vc->vc_num]]->fbcon_par->p->userfont (which was set to non-zero) instead of fb_display[vc->vc_num].userfont (which remains zero for that display). We could remove tricky userfont flag [2], for we can determine it by comparing address of the font data and addresses of built-in font data. But since that commit is failing to fix the original OOB read [3], this patch keeps the change minimal in case we decide to revert altogether. [1] https://syzkaller.appspot.com/bug?id=ebcbbb6576958a496500fee9cf7aa83ea00b5920 [2] https://syzkaller.appspot.com/text?tag=Patch&x=14030853900000 [3] https://syzkaller.appspot.com/bug?id=6fba8c186d97cf1011ab17660e633b1cc4e080c9 Reported-by: syzbot Signed-off-by: Tetsuo Handa Fixes: 39b3cffb8cf31117 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access") Cc: George Kennedy Link: https://lore.kernel.org/r/f6e3e611-8704-1263-d163-f52c906a4f06@I-love.SAKURA.ne.jp Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin drivers/video/fbdev/core/fbcon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 7be522504f00c6305edd2d12ed30fdd738068070762b49db4e97cb233e53529f parent signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625 revisions tested: 12, total time: 2h50m38.79693566s (build: 1h42m33.614073645s, test: 1h6m43.436351095s) first good commit: d31eccab7abd41e9d198c0f4f226d937cc7bbd58 fbcon: Fix user font detection test at fbcon_resize(). recipients (to): ["gregkh@linuxfoundation.org" "penguin-kernel@i-love.sakura.ne.jp" "sashal@kernel.org"] recipients (cc): []