bisecting fixing commit since ad326970d25cc85128cd22d62398751ad072efff building syzkaller on a1839e81524f4e427a4b57bca0e4633d459d3d18 testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.4.1 20210217 kernel signature: 7c45e8bb200467c54e0960ffb65dd11d215f86cc0b4af1a49bc241555110c9c8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow testing current HEAD b4454811f122c6a0a330ced6b854e6ef32c37857 testing commit b4454811f122c6a0a330ced6b854e6ef32c37857 with gcc (GCC) 8.4.1 20210217 kernel signature: 9e5daba5496f7949d2652c8651d39b02b4eba5facda10246db8a668e86f6deeb all runs: OK # git bisect start b4454811f122c6a0a330ced6b854e6ef32c37857 ad326970d25cc85128cd22d62398751ad072efff Bisecting: 1172 revisions left to test after this (roughly 10 steps) [96ffece6c6ddd6a6ac57216a0078071cf7a32fec] powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently testing commit 96ffece6c6ddd6a6ac57216a0078071cf7a32fec with gcc (GCC) 8.4.1 20210217 kernel signature: 3d5172f3ca3286da55a6c322025a4f7139aea04aef1cf9245e7bf064c08984b7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow # git bisect good 96ffece6c6ddd6a6ac57216a0078071cf7a32fec Bisecting: 586 revisions left to test after this (roughly 9 steps) [4bd28e4aaa1be84f6c1d5bb20e7a9286ca57e5a9] bnxt_en: reverse order of TX disable and carrier off testing commit 4bd28e4aaa1be84f6c1d5bb20e7a9286ca57e5a9 with gcc (GCC) 8.4.1 20210217 kernel signature: 4e527a958508b626e3abf390d5adcad5d93300fdac77ed44b875ca2d3d04b535 all runs: OK # git bisect bad 4bd28e4aaa1be84f6c1d5bb20e7a9286ca57e5a9 Bisecting: 292 revisions left to test after this (roughly 8 steps) [97db41d7c828c8e20f6d7444f7464a98f63f5aa8] i2c: octeon: check correct size of maximum RECV_LEN packet testing commit 97db41d7c828c8e20f6d7444f7464a98f63f5aa8 with gcc (GCC) 8.4.1 20210217 kernel signature: 58ab7cfc626230a451e2c3064108e09a3d2a3ce4011ae0b11d3d1fa2a52e3c90 all runs: OK # git bisect bad 97db41d7c828c8e20f6d7444f7464a98f63f5aa8 Bisecting: 146 revisions left to test after this (roughly 7 steps) [41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3] x86/mm: Fix leak of pmd ptlock testing commit 41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3 with gcc (GCC) 8.4.1 20210217 kernel signature: 0ad3f52feaa4846efd74f7505cdf9a5056f5a19b1bd561bb48ae3d5d64390d9c all runs: OK # git bisect bad 41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3 Bisecting: 72 revisions left to test after this (roughly 6 steps) [e138a9e4d4099b269581c18f0fd85c9d8c2c207b] Revert "mtd: spinand: Fix OOB read" testing commit e138a9e4d4099b269581c18f0fd85c9d8c2c207b with gcc (GCC) 8.4.1 20210217 kernel signature: 69e1eccf63cde4d7b46591a7eaf6344bf953336772ed1fc980b25a9ac9105e19 all runs: OK # git bisect bad e138a9e4d4099b269581c18f0fd85c9d8c2c207b Bisecting: 36 revisions left to test after this (roughly 5 steps) [85597c4369c9941dd38e47176ff8b540b2b583a3] xen/xenbus: Count pending messages for each watch testing commit 85597c4369c9941dd38e47176ff8b540b2b583a3 with gcc (GCC) 8.4.1 20210217 kernel signature: dc35f91b7268598c78bc9d9f7156c8be4ddbd472cef9e48c854adce078d6f695 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow # git bisect good 85597c4369c9941dd38e47176ff8b540b2b583a3 Bisecting: 18 revisions left to test after this (roughly 4 steps) [e622fafb4a80d3477ef22961e513bdfc79fa1687] xen/gntdev.c: Mark pages as dirty testing commit e622fafb4a80d3477ef22961e513bdfc79fa1687 with gcc (GCC) 8.4.1 20210217 kernel signature: e1e9cf0a946ae4a9aa91cbcdf63453041b9434b54d762fbeb3deba5b152ab36d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow # git bisect good e622fafb4a80d3477ef22961e513bdfc79fa1687 Bisecting: 9 revisions left to test after this (roughly 3 steps) [8e63266b0d42a2dc233cfc468636889b5b3ba1cf] fcntl: Fix potential deadlock in send_sig{io, urg}() testing commit 8e63266b0d42a2dc233cfc468636889b5b3ba1cf with gcc (GCC) 8.4.1 20210217 kernel signature: 4ff493b24d565544b82f4c3c7e0fbd2c480e2c71a5ee35fbf6d6509cc394dbcc all runs: OK # git bisect bad 8e63266b0d42a2dc233cfc468636889b5b3ba1cf Bisecting: 4 revisions left to test after this (roughly 2 steps) [b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.4.1 20210217 kernel signature: 72c49720a955780f9ece374c662b9c3c6c5e6b765e750b091f2196bea6ffc954 all runs: OK # git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333 Bisecting: 1 revision left to test after this (roughly 1 step) [2f6668bfe30a952f29f12499ad5c038cb1f6653c] of: fix linker-section match-table corruption testing commit 2f6668bfe30a952f29f12499ad5c038cb1f6653c with gcc (GCC) 8.4.1 20210217 kernel signature: 5f7bd2ba1cf6c3ee3507d3167338bb114389023cf362969e47822d58eb838abf all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow # git bisect good 2f6668bfe30a952f29f12499ad5c038cb1f6653c Bisecting: 0 revisions left to test after this (roughly 0 steps) [88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.4.1 20210217 kernel signature: 1e4c0177cbe649ab041448f652e4af04435ee60ad6d554321570e7354d3beafc all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __lookup_slow # git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 72c49720a955780f9ece374c662b9c3c6c5e6b765e750b091f2196bea6ffc954 parent signature: 1e4c0177cbe649ab041448f652e4af04435ee60ad6d554321570e7354d3beafc revisions tested: 13, total time: 3h20m44.297473209s (build: 1h41m28.70459266s, test: 1h37m53.273626202s) first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []