bisecting fixing commit since 6b6446efedb27c2766745a04f9b5d4449f51391d building syzkaller on cba33199be220cbf61f7c0c8223d88a25a913d6f testing commit 6b6446efedb27c2766745a04f9b5d4449f51391d with gcc (GCC) 8.4.1 20210217 kernel signature: 55923442256197147826cbfe55684e80f492c04bf7bb0da0e545d732a6910a12 all runs: crashed: divide error in do_journal_end testing current HEAD 29c52025152bab4c557d8174da58f1a4c8e70438 testing commit 29c52025152bab4c557d8174da58f1a4c8e70438 with gcc (GCC) 8.4.1 20210217 kernel signature: f3c8bf1735093ded8ef468597f1e204476a878124fdd4159368eedd153b97299 all runs: OK # git bisect start 29c52025152bab4c557d8174da58f1a4c8e70438 6b6446efedb27c2766745a04f9b5d4449f51391d Bisecting: 426 revisions left to test after this (roughly 9 steps) [81dfcd5256280cdc45823a9484df9f0baf0511e6] cw1200: fix missing destroy_workqueue() on error in cw1200_init_common testing commit 81dfcd5256280cdc45823a9484df9f0baf0511e6 with gcc (GCC) 8.4.1 20210217 kernel signature: 369ab173303741aa1cf39056a6dd4d0a8847052f489a50e14f96e6244bbc64ee all runs: crashed: divide error in do_journal_end # git bisect good 81dfcd5256280cdc45823a9484df9f0baf0511e6 Bisecting: 213 revisions left to test after this (roughly 8 steps) [ee511e65c92814ec4e675328759c37f4661f7f45] ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 testing commit ee511e65c92814ec4e675328759c37f4661f7f45 with gcc (GCC) 8.4.1 20210217 kernel signature: 683a089a4faada5bd958e3e446b66496f3369ed8213209afcf8ed250e11d2e9e all runs: OK # git bisect bad ee511e65c92814ec4e675328759c37f4661f7f45 Bisecting: 106 revisions left to test after this (roughly 7 steps) [598618c38a77b43c4b70ab4f14657127a12cbf1e] jffs2: Fix GC exit abnormally testing commit 598618c38a77b43c4b70ab4f14657127a12cbf1e with gcc (GCC) 8.4.1 20210217 kernel signature: b999319ee262671cf68dc94b45150c2a59101065929e324923ed96a151986227 all runs: crashed: divide error in do_journal_end # git bisect good 598618c38a77b43c4b70ab4f14657127a12cbf1e Bisecting: 53 revisions left to test after this (roughly 6 steps) [92879e6e86bb8c6dbe25d601116ecfd21fc5605b] iio:imu:bmi160: Fix alignment and data leak issues testing commit 92879e6e86bb8c6dbe25d601116ecfd21fc5605b with gcc (GCC) 8.4.1 20210217 kernel signature: 954a0ceebf9697bdb5dc908d1c6f205eda0e39ba12cc3b41ecbf87cfc5b1ca5c all runs: OK # git bisect bad 92879e6e86bb8c6dbe25d601116ecfd21fc5605b Bisecting: 26 revisions left to test after this (roughly 5 steps) [1752938529c614a8ed4432ecce6ebc95d3b87207] Linux 4.14.213 testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.4.1 20210217 kernel signature: ea94111e8c77486b468a4da097ecda86e697dbcd3c77ece17ddadeee86e7011a all runs: crashed: divide error in do_journal_end # git bisect good 1752938529c614a8ed4432ecce6ebc95d3b87207 Bisecting: 13 revisions left to test after this (roughly 4 steps) [b732e14e6218bd925e15c539165f037081ae5176] uapi: move constants from to testing commit b732e14e6218bd925e15c539165f037081ae5176 with gcc (GCC) 8.4.1 20210217 kernel signature: fb1d090be43c5dbe40c05c9e6586a2929298cc2167ce2223889f421dc1c785d9 all runs: crashed: divide error in do_journal_end # git bisect good b732e14e6218bd925e15c539165f037081ae5176 Bisecting: 6 revisions left to test after this (roughly 3 steps) [22d29be48cef12cd97beac20bf0431a326847b02] module: set MODULE_STATE_GOING state when a module fails to load testing commit 22d29be48cef12cd97beac20bf0431a326847b02 with gcc (GCC) 8.4.1 20210217 kernel signature: 58025da30b6c362833c8524baad9750df8deb6790d40d4690b4f69d6c4211d3f all runs: OK # git bisect bad 22d29be48cef12cd97beac20bf0431a326847b02 Bisecting: 3 revisions left to test after this (roughly 2 steps) [68d8414711b4e392fba64b1dd567dedaeb10deb8] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 68d8414711b4e392fba64b1dd567dedaeb10deb8 with gcc (GCC) 8.4.1 20210217 kernel signature: a950ae885606d83e3e09314bd0754c7f8b940476c1b2cef284cd774355d0976e all runs: OK # git bisect bad 68d8414711b4e392fba64b1dd567dedaeb10deb8 Bisecting: 0 revisions left to test after this (roughly 1 step) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.4.1 20210217 kernel signature: 8dcdc3decad343ba2d1bb75bcac01d8a4e1c98c60d001a414e51eac0ebb673dc all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a Bisecting: 0 revisions left to test after this (roughly 0 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.4.1 20210217 kernel signature: 6be31ec4a1381c27d16b5d7ebf98f7b7a396a91127d419e0e8c9c4ee8ea7897d all runs: crashed: divide error in do_journal_end # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 8dcdc3decad343ba2d1bb75bcac01d8a4e1c98c60d001a414e51eac0ebb673dc parent signature: 6be31ec4a1381c27d16b5d7ebf98f7b7a396a91127d419e0e8c9c4ee8ea7897d revisions tested: 12, total time: 2h41m59.551020588s (build: 1h25m5.470484913s, test: 1h12m10.210173818s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []