bisecting fixing commit since d7e78d08fa77acdea351c8f628f49ca9a0e1029a
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit d7e78d08fa77acdea351c8f628f49ca9a0e1029a with gcc (GCC) 8.1.0
kernel signature: a165c41bbc0c2cf493ff833f10f93d21410f3a8af3ef6da9228fd089732ec6ac
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
testing current HEAD 8961076ed318dfd22aa357b41589f07bf67e73b6
testing commit 8961076ed318dfd22aa357b41589f07bf67e73b6 with gcc (GCC) 8.1.0
kernel signature: 4b589c6aeb6fbe982ab7179aa09184286874f32e63592df75b22a8e1c04debb7
all runs: OK
# git bisect start 8961076ed318dfd22aa357b41589f07bf67e73b6 d7e78d08fa77acdea351c8f628f49ca9a0e1029a
Bisecting: 487 revisions left to test after this (roughly 9 steps)
[2bb379108c4ad36a761fcf1efaf51bb176b326b3] xfrm: clone whole liftime_cur structure in xfrm_do_migrate
testing commit 2bb379108c4ad36a761fcf1efaf51bb176b326b3 with gcc (GCC) 8.1.0
kernel signature: 4d09481e2db512fceff74485c74e282f23048790f542d7abdcb20c654d31c0ab
all runs: OK
# git bisect bad 2bb379108c4ad36a761fcf1efaf51bb176b326b3
Bisecting: 243 revisions left to test after this (roughly 8 steps)
[a8c374444f68ed71a71e14bd6da1e4b13d8c8f19] spi: Fix memory leak on splited transfers
testing commit a8c374444f68ed71a71e14bd6da1e4b13d8c8f19 with gcc (GCC) 8.1.0
kernel signature: 6a0c244d94a286ae65a14d6b5429143dd3bbddc90f914635a84beb1e70aa4625
all runs: OK
# git bisect bad a8c374444f68ed71a71e14bd6da1e4b13d8c8f19
Bisecting: 121 revisions left to test after this (roughly 7 steps)
[dcd257f64ca5340ad96739c917f353383705a057] perf tools: Correct SNOOPX field offset
testing commit dcd257f64ca5340ad96739c917f353383705a057 with gcc (GCC) 8.1.0
kernel signature: 96e6cdedc58e6989eb4ed193674fba112b4f00c56ee141569687825d660a3bd5
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
# git bisect good dcd257f64ca5340ad96739c917f353383705a057
Bisecting: 60 revisions left to test after this (roughly 6 steps)
[824a4ed2767d4568a0eece73fafe0141128b4d18] firestream: Fix memleak in fs_open
testing commit 824a4ed2767d4568a0eece73fafe0141128b4d18 with gcc (GCC) 8.1.0
kernel signature: 0788bcfd2b6fbb8218a4a633c02fdf29effdba7266495637377baad95968ba11
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
# git bisect good 824a4ed2767d4568a0eece73fafe0141128b4d18
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[7c6e70f228a21fc1a964702999c3baa1a6fe6f5d] scsi: target: iscsi: Fix data digest calculation
testing commit 7c6e70f228a21fc1a964702999c3baa1a6fe6f5d with gcc (GCC) 8.1.0
kernel signature: 0394a368339826a1912186eff6c81dc059ef1f0948ce7506a4ff04e3c94d1457
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
# git bisect good 7c6e70f228a21fc1a964702999c3baa1a6fe6f5d
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[0368a8c1117a3fabb476b9ee9a883ec88d10e283] usb: Fix out of sync data toggle if a configured device is reconfigured
testing commit 0368a8c1117a3fabb476b9ee9a883ec88d10e283 with gcc (GCC) 8.1.0
kernel signature: 10fb629ef294e70c2083c5e0dcfc87899ff514acbc92a08e9eb36888f3d26444
all runs: OK
# git bisect bad 0368a8c1117a3fabb476b9ee9a883ec88d10e283
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[eb346c8d9eaf2850f90182b3090795e14856d926] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
testing commit eb346c8d9eaf2850f90182b3090795e14856d926 with gcc (GCC) 8.1.0
kernel signature: d0466d88b11ad897972f90b1d27345a0d6e1bb7cebfbc3982e4e50bf344853e0
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
# git bisect good eb346c8d9eaf2850f90182b3090795e14856d926
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e94f445c951917e44d011c7b3380d443a4822c66] usb: core: fix slab-out-of-bounds Read in read_descriptors
testing commit e94f445c951917e44d011c7b3380d443a4822c66 with gcc (GCC) 8.1.0
kernel signature: b5433e269e3198d98379c0ce8141b7e9fda2a79a7e2507c189b51a8ca6fbe898
all runs: OK
# git bisect bad e94f445c951917e44d011c7b3380d443a4822c66
Bisecting: 1 revision left to test after this (roughly 1 step)
[0472aa0c36c7bb3756629a3bbc834604167567f7] video: fbdev: fix OOB read in vga_8planes_imageblit()
testing commit 0472aa0c36c7bb3756629a3bbc834604167567f7 with gcc (GCC) 8.1.0
kernel signature: e49cade6483d8b9de49e7f59cbf216acb1215200ea23b1ed86e01d44c3759fa5
all runs: OK
# git bisect bad 0472aa0c36c7bb3756629a3bbc834604167567f7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e0db83ee7f61d21cd04c27589874370dd7141ac8] ARM: dts: vfxxx: Add syscon compatible with OCOTP
testing commit e0db83ee7f61d21cd04c27589874370dd7141ac8 with gcc (GCC) 8.1.0
kernel signature: d0466d88b11ad897972f90b1d27345a0d6e1bb7cebfbc3982e4e50bf344853e0
all runs: crashed: KASAN: global-out-of-bounds Read in vga16fb_imageblit
# git bisect good e0db83ee7f61d21cd04c27589874370dd7141ac8
0472aa0c36c7bb3756629a3bbc834604167567f7 is the first bad commit
commit 0472aa0c36c7bb3756629a3bbc834604167567f7
Author: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date:   Mon Aug 31 19:37:00 2020 +0900

    video: fbdev: fix OOB read in vga_8planes_imageblit()
    
    commit bd018a6a75cebb511bb55a0e7690024be975fe93 upstream.
    
    syzbot is reporting OOB read at vga_8planes_imageblit() [1], for
    "cdat[y] >> 4" can become a negative value due to "const char *cdat".
    
    [1] https://syzkaller.appspot.com/bug?id=0d7a0da1557dcd1989e00cb3692b26d4173b4132
    
    Reported-by: syzbot <syzbot+69fbd3e01470f169c8c4@syzkaller.appspotmail.com>
    Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: stable <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/90b55ec3-d5b0-3307-9f7c-7ff5c5fd6ad3@i-love.sakura.ne.jp
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/video/fbdev/vga16fb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
culprit signature: e49cade6483d8b9de49e7f59cbf216acb1215200ea23b1ed86e01d44c3759fa5
parent  signature: d0466d88b11ad897972f90b1d27345a0d6e1bb7cebfbc3982e4e50bf344853e0
revisions tested: 12, total time: 2h53m24.61610272s (build: 1h38m37.809714316s, test: 1h13m26.770359793s)
first good commit: 0472aa0c36c7bb3756629a3bbc834604167567f7 video: fbdev: fix OOB read in vga_8planes_imageblit()
recipients (to): ["b.zolnierkie@samsung.com" "gregkh@linuxfoundation.org" "linux-fbdev@vger.kernel.org" "penguin-kernel@i-love.sakura.ne.jp"]
recipients (cc): ["colin.king@canonical.com" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "penguin-kernel@i-love.sakura.ne.jp" "sashal@kernel.org"]