bisecting fixing commit since 312017a460d5ea31d646e7148e400e13db799ddc building syzkaller on 2a752b7c5e39457c3c16ef91cf2192a42813c802 testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0 kernel signature: 46efc4bbb67540291fc0aed8870c487cd196f42109dc43c92fad404ee478770e all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font testing current HEAD f5d8eef067acee3fda37137f4a08c0d3f6427a8e testing commit f5d8eef067acee3fda37137f4a08c0d3f6427a8e with gcc (GCC) 8.1.0 kernel signature: ef8282ccb1d95e644746c3797be098b65d7bdfa6fe4bdfd0269753dec07f9ab5 all runs: OK # git bisect start f5d8eef067acee3fda37137f4a08c0d3f6427a8e 312017a460d5ea31d646e7148e400e13db799ddc Bisecting: 3098 revisions left to test after this (roughly 12 steps) [80dd8146df680b8982b659341b8ecd3361f032ca] net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin testing commit 80dd8146df680b8982b659341b8ecd3361f032ca with gcc (GCC) 8.1.0 kernel signature: 4f90d0f2c20ad00717ce0cb804262813a6dc3f20e9690f90decc8f3895e77d6c all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good 80dd8146df680b8982b659341b8ecd3361f032ca Bisecting: 1549 revisions left to test after this (roughly 11 steps) [fe9827577310fe60e3b1716ea7faef96546e44b0] xtensa: fix __sync_fetch_and_{and,or}_4 declarations testing commit fe9827577310fe60e3b1716ea7faef96546e44b0 with gcc (GCC) 8.1.0 kernel signature: 8a88094d98fc1a14a7b25e682cf814f006b0402958ca53340959dd10a432cace all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good fe9827577310fe60e3b1716ea7faef96546e44b0 Bisecting: 774 revisions left to test after this (roughly 10 steps) [ad40dab62da3f69a583737f82e8820ecacb13510] ARM: dts: NSP: Fixed QSPI compatible string testing commit ad40dab62da3f69a583737f82e8820ecacb13510 with gcc (GCC) 8.1.0 kernel signature: cd34c4caeca0bdf51fb8a7fbfbce3a5584d908396f47545b6f066a7ff853e493 all runs: OK # git bisect bad ad40dab62da3f69a583737f82e8820ecacb13510 Bisecting: 387 revisions left to test after this (roughly 9 steps) [6bf983c8db01d69eb3eb0a1ee90e43ad3a7b8709] btrfs: ref-verify: fix memory leak in add_block_entry testing commit 6bf983c8db01d69eb3eb0a1ee90e43ad3a7b8709 with gcc (GCC) 8.1.0 kernel signature: 1d23bc77ee1ec9f2f035d93cbfb5a6582501be6db1556535f4186e894ab6be74 all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good 6bf983c8db01d69eb3eb0a1ee90e43ad3a7b8709 Bisecting: 193 revisions left to test after this (roughly 8 steps) [db454f8ab4b694eaf6a23b97479aa4b42c38e6e3] locking/lockdep: Fix overflow in presentation of average lock-time testing commit db454f8ab4b694eaf6a23b97479aa4b42c38e6e3 with gcc (GCC) 8.1.0 kernel signature: c7c6254c81ed192e40a4a9adcc706a2dd1a710f13b806ea2d4c45fffcc7ff30c all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good db454f8ab4b694eaf6a23b97479aa4b42c38e6e3 Bisecting: 96 revisions left to test after this (roughly 7 steps) [228d5227dcdc74d9157a4f36cfa52ac6c1a088f9] s390: don't trace preemption in percpu macros testing commit 228d5227dcdc74d9157a4f36cfa52ac6c1a088f9 with gcc (GCC) 8.1.0 kernel signature: 60507e7ec351f354d3c0cd501e863d65cb8723679606a5721522421ee9644a63 all runs: OK # git bisect bad 228d5227dcdc74d9157a4f36cfa52ac6c1a088f9 Bisecting: 48 revisions left to test after this (roughly 6 steps) [eec2f7d9f0352a8bfe41980632e4e67a0d5c032b] serial: pl011: Fix oops on -EPROBE_DEFER testing commit eec2f7d9f0352a8bfe41980632e4e67a0d5c032b with gcc (GCC) 8.1.0 kernel signature: 2e9945dc2c0e6e8ac2ed9d50159ced74023f554367f275cbc7811af0b9e42ae4 all runs: OK # git bisect bad eec2f7d9f0352a8bfe41980632e4e67a0d5c032b Bisecting: 23 revisions left to test after this (roughly 5 steps) [4aaac9c537b79ffd0602db06cd5127a455e49275] fs: prevent BUG_ON in submit_bh_wbc() testing commit 4aaac9c537b79ffd0602db06cd5127a455e49275 with gcc (GCC) 8.1.0 kernel signature: c8bb504336d63a2dd4688baeff7e8e1f5fbde132ec4b935230f5bc40e970b2fc all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good 4aaac9c537b79ffd0602db06cd5127a455e49275 Bisecting: 11 revisions left to test after this (roughly 4 steps) [50b83d19ab3f9a07a70d0bb6d8efb66bff970a4f] net: gianfar: Add of_node_put() before goto statement testing commit 50b83d19ab3f9a07a70d0bb6d8efb66bff970a4f with gcc (GCC) 8.1.0 kernel signature: bc8eb1aad3671f621be25fef9d9b58e6245c92ce320aaee3f46d1ffa8e8602ea all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good 50b83d19ab3f9a07a70d0bb6d8efb66bff970a4f Bisecting: 5 revisions left to test after this (roughly 3 steps) [b0186a11dfe7b2ee767b4e7acfea921594ecdb7f] btrfs: fix space cache memory leak after transaction abort testing commit b0186a11dfe7b2ee767b4e7acfea921594ecdb7f with gcc (GCC) 8.1.0 kernel signature: f5169f53d32f403dd645132bdb74bb69a61c2724fa011f0c19fdeda8a9967821 all runs: crashed: KASAN: slab-out-of-bounds Read in fbcon_get_font # git bisect good b0186a11dfe7b2ee767b4e7acfea921594ecdb7f Bisecting: 2 revisions left to test after this (roughly 2 steps) [c1fe757dd3d18497eaca831ed82aa20b4186affd] vt: defer kfree() of vc_screenbuf in vc_do_resize() testing commit c1fe757dd3d18497eaca831ed82aa20b4186affd with gcc (GCC) 8.1.0 kernel signature: 08e4fd40df69d1c0ec2d8643a208250e78acad9c7f7d36a5c824abd315839877 all runs: crashed: KASAN: global-out-of-bounds Read in fbcon_resize # git bisect good c1fe757dd3d18497eaca831ed82aa20b4186affd Bisecting: 0 revisions left to test after this (roughly 1 step) [8a0d860cbdfd5557838bd0e46052907d5dcfdeb4] serial: samsung: Removes the IRQ not found warning testing commit 8a0d860cbdfd5557838bd0e46052907d5dcfdeb4 with gcc (GCC) 8.1.0 kernel signature: 2e9945dc2c0e6e8ac2ed9d50159ced74023f554367f275cbc7811af0b9e42ae4 all runs: OK # git bisect bad 8a0d860cbdfd5557838bd0e46052907d5dcfdeb4 Bisecting: 0 revisions left to test after this (roughly 0 steps) [1221d11e5c35db18323ade3d4b2130bde89cc9df] vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() testing commit 1221d11e5c35db18323ade3d4b2130bde89cc9df with gcc (GCC) 8.1.0 kernel signature: 2e9945dc2c0e6e8ac2ed9d50159ced74023f554367f275cbc7811af0b9e42ae4 all runs: OK # git bisect bad 1221d11e5c35db18323ade3d4b2130bde89cc9df 1221d11e5c35db18323ade3d4b2130bde89cc9df is the first bad commit commit 1221d11e5c35db18323ade3d4b2130bde89cc9df Author: George Kennedy Date: Fri Jul 31 12:33:12 2020 -0400 vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() commit bc5269ca765057a1b762e79a1cfd267cd7bf1c46 upstream. vc_resize() can return with an error after failure. Change VT_RESIZEX ioctl to save struct vc_data values that are modified and restore the original values in case of error. Signed-off-by: George Kennedy Cc: stable Reported-by: syzbot+38a3699c7eaf165b97a6@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/1596213192-6635-2-git-send-email-george.kennedy@oracle.com Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vt_ioctl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) culprit signature: 2e9945dc2c0e6e8ac2ed9d50159ced74023f554367f275cbc7811af0b9e42ae4 parent signature: 08e4fd40df69d1c0ec2d8643a208250e78acad9c7f7d36a5c824abd315839877 revisions tested: 15, total time: 3h44m12.548964736s (build: 2h12m21.917132451s, test: 1h30m7.519162123s) first good commit: 1221d11e5c35db18323ade3d4b2130bde89cc9df vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() recipients (to): ["george.kennedy@oracle.com" "gregkh@linuxfoundation.org" "gregkh@linuxfoundation.org" "jslaby@suse.com" "linux-kernel@vger.kernel.org"] recipients (cc): ["ebiggers@google.com"]