bisecting fixing commit since 106fa147d3daa58d2c1ae5f41a29d07036fe7d0a
building syzkaller on 7751efd04aebb07bc82b5c0e8eeaca07be1ae112
testing commit 106fa147d3daa58d2c1ae5f41a29d07036fe7d0a with gcc (GCC) 8.1.0
kernel signature: e8d3f2ecc4b4342958be9f1ee2c81d551bbb27fb11c346edd580578f7f9f6e41
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
testing current HEAD c37da90efff5f183bea6ae4c2af33571f61fe317
testing commit c37da90efff5f183bea6ae4c2af33571f61fe317 with gcc (GCC) 8.1.0
kernel signature: 293b0b6d8fb632bfbfa7bc4d3966e42fd6ff78cac32404bbdedd7c6ecc1f9717
all runs: OK
# git bisect start c37da90efff5f183bea6ae4c2af33571f61fe317 106fa147d3daa58d2c1ae5f41a29d07036fe7d0a
Bisecting: 763 revisions left to test after this (roughly 10 steps)
[7c2011825d6717a48c5233544949d30e3a77d084] Revert "usb/xhci-plat: Set PM runtime as active on resume"
testing commit 7c2011825d6717a48c5233544949d30e3a77d084 with gcc (GCC) 8.1.0
kernel signature: f3fd330c64c7041e4b925023b0f21c000a49cec0ce66cbdc2dd8e99f1003b213
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good 7c2011825d6717a48c5233544949d30e3a77d084
Bisecting: 381 revisions left to test after this (roughly 9 steps)
[4c2c947f4888454a91f04a5df26cf8303453e089] xfs: fix reflink quota reservation accounting error
testing commit 4c2c947f4888454a91f04a5df26cf8303453e089 with gcc (GCC) 8.1.0
kernel signature: c5eeabb560e04df74f24f518d071b922a56a61688ec78a36d0b1f1f1919ad85a
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good 4c2c947f4888454a91f04a5df26cf8303453e089
Bisecting: 190 revisions left to test after this (roughly 8 steps)
[2a3d84f1c2654c7210eab41e5894db4745db5029] btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range
testing commit 2a3d84f1c2654c7210eab41e5894db4745db5029 with gcc (GCC) 8.1.0
kernel signature: 5f46e9d3a00593ffe4c1056560c9eb353a804718f9e8462ae1eb3818db64be3c
all runs: OK
# git bisect bad 2a3d84f1c2654c7210eab41e5894db4745db5029
Bisecting: 95 revisions left to test after this (roughly 7 steps)
[5c4d9eefd314e763dcb2a499797176c17ad6ab69] genirq/affinity: Make affinity setting if activated opt-in
testing commit 5c4d9eefd314e763dcb2a499797176c17ad6ab69 with gcc (GCC) 8.1.0
kernel signature: 46fde779afb2ff01be2f13f332b8d748f79f3c316e7de6fa7405cd0039228a5f
all runs: OK
# git bisect bad 5c4d9eefd314e763dcb2a499797176c17ad6ab69
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[623b1bba4cbd8d3551c3d07cb4f541f507d6eff2] fsl/fman: check dereferencing null pointer
testing commit 623b1bba4cbd8d3551c3d07cb4f541f507d6eff2 with gcc (GCC) 8.1.0
kernel signature: f64249aeefbc9a691630469cddbf40f121a79f142218d073ff4f2aec93f90d15
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good 623b1bba4cbd8d3551c3d07cb4f541f507d6eff2
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[aabc11c145177650ec2cd7f6a496aa4c4a77a64f] crypto: ccp - Fix use of merged scatterlists
testing commit aabc11c145177650ec2cd7f6a496aa4c4a77a64f with gcc (GCC) 8.1.0
kernel signature: a1e4c3afa23d9d0f933e36bb61d753e6a5e25b0e5dca85f99b7dc041b980d6db
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good aabc11c145177650ec2cd7f6a496aa4c4a77a64f
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[5de7ab80c866b4e31907109cb1993ac7422e09ae] include/asm-generic/vmlinux.lds.h: align ro_after_init
testing commit 5de7ab80c866b4e31907109cb1993ac7422e09ae with gcc (GCC) 8.1.0
kernel signature: 0dd2758016ab715607de62c48b7ec5b0426bcff3afee2771bb249c1fa33e407b
all runs: OK
# git bisect bad 5de7ab80c866b4e31907109cb1993ac7422e09ae
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[d22c224704b720887e3fad683281a2cf97b679ea] ALSA: usb-audio: add quirk for Pioneer DDJ-RB
testing commit d22c224704b720887e3fad683281a2cf97b679ea with gcc (GCC) 8.1.0
kernel signature: ccc037a04f520945c6b064b54c01deb58ee54fcd2a7efea23e8c475c7e57aee5
all runs: OK
# git bisect bad d22c224704b720887e3fad683281a2cf97b679ea
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[b846b77fba7b62246a6538618498bf13f5c148a7] fs/minix: check return value of sb_getblk()
testing commit b846b77fba7b62246a6538618498bf13f5c148a7 with gcc (GCC) 8.1.0
kernel signature: 0b5dec685d2f96f8a6af55e175e2ad314a21dd9c932cc99bec9926de999776f2
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good b846b77fba7b62246a6538618498bf13f5c148a7
Bisecting: 0 revisions left to test after this (roughly 1 step)
[954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d] fs/minix: reject too-large maximum file size
testing commit 954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d with gcc (GCC) 8.1.0
kernel signature: 11b03b5ac8b8e98730bfc28fd858d73f44dfa568583d5c0bceae1190875d9e95
all runs: OK
# git bisect bad 954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[169f7f37bd6b0bb91242099cc261219791067d5c] fs/minix: don't allow getting deleted inodes
testing commit 169f7f37bd6b0bb91242099cc261219791067d5c with gcc (GCC) 8.1.0
kernel signature: ec6b3b55d2538413c8ff261f3b5851fdf32d2a29848eaf6f7279a3ec8268cebb
all runs: crashed: KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor
# git bisect good 169f7f37bd6b0bb91242099cc261219791067d5c
954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d is the first bad commit
commit 954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d
Author: Eric Biggers <ebiggers@google.com>
Date:   Tue Aug 11 18:35:30 2020 -0700

    fs/minix: reject too-large maximum file size
    
    commit 270ef41094e9fa95273f288d7d785313ceab2ff3 upstream.
    
    If the minix filesystem tries to map a very large logical block number to
    its on-disk location, block_to_path() can return offsets that are too
    large, causing out-of-bounds memory accesses when accessing indirect index
    blocks.  This should be prevented by the check against the maximum file
    size, but this doesn't work because the maximum file size is read directly
    from the on-disk superblock and isn't validated itself.
    
    Fix this by validating the maximum file size at mount time.
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Reported-by: syzbot+c7d9ec7a1a7272dd71b3@syzkaller.appspotmail.com
    Reported-by: syzbot+3b7b03a0c28948054fb5@syzkaller.appspotmail.com
    Reported-by: syzbot+6e056ee473568865f3e6@syzkaller.appspotmail.com
    Signed-off-by: Eric Biggers <ebiggers@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Qiujun Huang <anenbupt@gmail.com>
    Cc: <stable@vger.kernel.org>
    Link: http://lkml.kernel.org/r/20200628060846.682158-4-ebiggers@kernel.org
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/minix/inode.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)
culprit signature: 11b03b5ac8b8e98730bfc28fd858d73f44dfa568583d5c0bceae1190875d9e95
parent  signature: ec6b3b55d2538413c8ff261f3b5851fdf32d2a29848eaf6f7279a3ec8268cebb
revisions tested: 13, total time: 3h40m8.995370797s (build: 2h17m29.856058659s, test: 1h20m26.187905164s)
first good commit: 954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d fs/minix: reject too-large maximum file size
recipients (to): ["akpm@linux-foundation.org" "ebiggers@google.com" "gregkh@linuxfoundation.org" "torvalds@linux-foundation.org"]
recipients (cc): []