bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on bd69ee0d2dd6fc13399841bf7b6b34a1fc56448a testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.4.1 20210217 kernel signature: 0851f8063431f5e09502e353f506b3a37097eb30243965431fe041d214df2ef7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash testing current HEAD 7d7d1c0ab3eb7c8d8f63a126535018007823b207 testing commit 7d7d1c0ab3eb7c8d8f63a126535018007823b207 with gcc (GCC) 8.4.1 20210217 kernel signature: f2770cb6d84df7a6fa8076931d717252d511c191483e712134c5e8322edb1920 all runs: OK # git bisect start 7d7d1c0ab3eb7c8d8f63a126535018007823b207 cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 1103 revisions left to test after this (roughly 10 steps) [d1874e36cb3d00ba53f9e7bc3ca58d3058659cee] genirq/irqdomain: Don't try to free an interrupt that has no mapping testing commit d1874e36cb3d00ba53f9e7bc3ca58d3058659cee with gcc (GCC) 8.4.1 20210217 kernel signature: ec0ec35d7e4371e5ddd0f32253191c2c414ddc89739a39732ad2ff3e5ca2c963 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #1: crashed: BUG: unable to handle kernel run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash # git bisect good d1874e36cb3d00ba53f9e7bc3ca58d3058659cee Bisecting: 551 revisions left to test after this (roughly 9 steps) [b60659c70ecf41d07b736da17fe189d7344f0774] mfd: bd9571mwv: Use devm_mfd_add_devices() testing commit b60659c70ecf41d07b736da17fe189d7344f0774 with gcc (GCC) 8.4.1 20210217 kernel signature: 423d4a22b8837a58db0b9293ddeb7902f7341f7a74d943db0bfc678dac6ff01f all runs: OK # git bisect bad b60659c70ecf41d07b736da17fe189d7344f0774 Bisecting: 275 revisions left to test after this (roughly 8 steps) [4788d7d6ffe5225d9e052d38cf5523888e877a43] rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request testing commit 4788d7d6ffe5225d9e052d38cf5523888e877a43 with gcc (GCC) 8.4.1 20210217 kernel signature: 9190272f781087da06b530e54d5989caed47004b26240aba8556c77144ad21de all runs: OK # git bisect bad 4788d7d6ffe5225d9e052d38cf5523888e877a43 Bisecting: 137 revisions left to test after this (roughly 7 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.4.1 20210217 kernel signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_hash # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 Bisecting: 68 revisions left to test after this (roughly 6 steps) [45eb54786f96f2790e00db85b4afc40928342170] netfilter: ipset: fix shift-out-of-bounds in htable_bits() testing commit 45eb54786f96f2790e00db85b4afc40928342170 with gcc (GCC) 8.4.1 20210217 kernel signature: 5a36f889fd195f4c423fb77c994fac8d535a0ad0aac61116130542ef1bc63006 all runs: OK # git bisect bad 45eb54786f96f2790e00db85b4afc40928342170 Bisecting: 34 revisions left to test after this (roughly 5 steps) [ba1c72ef111cd6df714cadf13e2f4860bb50275d] net: hdlc_ppp: Fix issues when mod_timer is called while timer is running testing commit ba1c72ef111cd6df714cadf13e2f4860bb50275d with gcc (GCC) 8.4.1 20210217 kernel signature: 2a08ec5b80d7d4407aae7b9f9da6866755ffd3a753c5875327e349cf731d5208 all runs: OK # git bisect bad ba1c72ef111cd6df714cadf13e2f4860bb50275d Bisecting: 16 revisions left to test after this (roughly 4 steps) [5d59eff4432198b10231a32625692965498511a0] kbuild: don't hardcode depmod path testing commit 5d59eff4432198b10231a32625692965498511a0 with gcc (GCC) 8.4.1 20210217 kernel signature: 0212a0e9f63a9d899eb7017201acff7493f81801b53fa1507ab8534f40eef241 all runs: OK # git bisect bad 5d59eff4432198b10231a32625692965498511a0 Bisecting: 8 revisions left to test after this (roughly 3 steps) [3569349e760c7903fd6990b835f64fdc98c016a8] powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() testing commit 3569349e760c7903fd6990b835f64fdc98c016a8 with gcc (GCC) 8.4.1 20210217 kernel signature: f95d9d570f9773d7cc760e79f384aac5bb65102bb5728a1391301f6935b93dac all runs: OK # git bisect bad 3569349e760c7903fd6990b835f64fdc98c016a8 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c5eae3edc5273ac59dab70fd49114cce729f27f4] ALSA: seq: Use bool for snd_seq_queue internal flags testing commit c5eae3edc5273ac59dab70fd49114cce729f27f4 with gcc (GCC) 8.4.1 20210217 kernel signature: d1d6dbd1078257fc9d215af7525d8b7a3c35ac08110ad9d70ebff34c934e37c8 all runs: OK # git bisect bad c5eae3edc5273ac59dab70fd49114cce729f27f4 Bisecting: 1 revision left to test after this (roughly 1 step) [68d8414711b4e392fba64b1dd567dedaeb10deb8] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 68d8414711b4e392fba64b1dd567dedaeb10deb8 with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad 68d8414711b4e392fba64b1dd567dedaeb10deb8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 parent signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 revisions tested: 13, total time: 3h57m19.853669576s (build: 2h17m35.940063266s, test: 1h37m56.773509479s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []