bisecting fixing commit since 31acccdc877486a649a86d37725a15175fcd5ed6 building syzkaller on cca8798699baeeccbf80af23d234ac19a5d667aa testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.4.1 20210217 kernel signature: fddfd8f96435416b02005512db4f8bd01aa5a9a4a55b4154373a30a1d3ee0d07 run #0: crashed: kernel BUG in do_journal_end run #1: crashed: kernel BUG in do_journal_end run #2: crashed: kernel BUG in corrupted run #3: crashed: kernel BUG in do_journal_end run #4: crashed: kernel BUG in do_journal_end run #5: crashed: kernel BUG in corrupted run #6: crashed: kernel BUG in do_journal_end run #7: crashed: kernel BUG in corrupted run #8: crashed: kernel BUG in do_journal_end run #9: crashed: kernel BUG in do_journal_end run #10: crashed: kernel BUG in corrupted run #11: crashed: kernel BUG in do_journal_end run #12: crashed: kernel BUG in do_journal_end run #13: crashed: kernel BUG in do_journal_end run #14: crashed: kernel BUG in do_journal_end run #15: crashed: kernel BUG in do_journal_end run #16: crashed: kernel BUG in do_journal_end run #17: crashed: kernel BUG in do_journal_end run #18: crashed: kernel BUG in do_journal_end run #19: crashed: kernel BUG in do_journal_end testing current HEAD 255b58a2b3af0baa0ee11507390349217b8b73b0 testing commit 255b58a2b3af0baa0ee11507390349217b8b73b0 with gcc (GCC) 8.4.1 20210217 kernel signature: 085735aa61fa2547129b55b3ebb80c0b0024da81646a6a66178d960bc3a97265 all runs: OK # git bisect start 255b58a2b3af0baa0ee11507390349217b8b73b0 31acccdc877486a649a86d37725a15175fcd5ed6 Bisecting: 558 revisions left to test after this (roughly 9 steps) [73dcbf938b10c8e4680f65dff2951e8ea826c87c] clk: tegra: Fix duplicated SE clock entry testing commit 73dcbf938b10c8e4680f65dff2951e8ea826c87c with gcc (GCC) 8.4.1 20210217 kernel signature: 91483a9bce44e91c6e323db9ae11c344b8723986891e2f652280eb1ec2a2a1f9 run #0: crashed: kernel BUG in do_journal_end run #1: crashed: kernel BUG in do_journal_end run #2: crashed: kernel BUG in do_journal_end run #3: crashed: kernel BUG in do_journal_end run #4: crashed: kernel BUG in corrupted run #5: crashed: kernel BUG in do_journal_end run #6: crashed: kernel BUG in do_journal_end run #7: crashed: kernel BUG in do_journal_end run #8: crashed: kernel BUG in do_journal_end run #9: crashed: kernel BUG in do_journal_end # git bisect good 73dcbf938b10c8e4680f65dff2951e8ea826c87c Bisecting: 279 revisions left to test after this (roughly 8 steps) [087ca73fc5d2bc8ef8ab12c756c14740a91f2ae3] net/mlx5e: Fix two double free cases testing commit 087ca73fc5d2bc8ef8ab12c756c14740a91f2ae3 with gcc (GCC) 8.4.1 20210217 kernel signature: c6cd7e303aeacbd3074d2a5b3a0346c2f50bbe2b06dcd77e8e09f51743cadebd all runs: OK # git bisect bad 087ca73fc5d2bc8ef8ab12c756c14740a91f2ae3 Bisecting: 139 revisions left to test after this (roughly 7 steps) [2f6668bfe30a952f29f12499ad5c038cb1f6653c] of: fix linker-section match-table corruption testing commit 2f6668bfe30a952f29f12499ad5c038cb1f6653c with gcc (GCC) 8.4.1 20210217 kernel signature: 5f7bd2ba1cf6c3ee3507d3167338bb114389023cf362969e47822d58eb838abf all runs: crashed: kernel BUG in do_journal_end # git bisect good 2f6668bfe30a952f29f12499ad5c038cb1f6653c Bisecting: 69 revisions left to test after this (roughly 6 steps) [a7abd667eab58ce46539bf526ec3b7bdca9855eb] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion testing commit a7abd667eab58ce46539bf526ec3b7bdca9855eb with gcc (GCC) 8.4.1 20210217 kernel signature: 1368d31e6730dc772c0bf3e208115e24fa900271a69edcc034a728d1efa8ab87 all runs: OK # git bisect bad a7abd667eab58ce46539bf526ec3b7bdca9855eb Bisecting: 34 revisions left to test after this (roughly 5 steps) [6ccab11c562666b2a850c4db21c0bd10a7d63707] proc: fix lookup in /proc/net subdirectories after setns(2) testing commit 6ccab11c562666b2a850c4db21c0bd10a7d63707 with gcc (GCC) 8.4.1 20210217 kernel signature: eec4745a31c4ffa4a1d1f0f8c1f0338bb1f32de71d75c0d120ddc88b9f235dc6 all runs: OK # git bisect bad 6ccab11c562666b2a850c4db21c0bd10a7d63707 Bisecting: 17 revisions left to test after this (roughly 4 steps) [e138a9e4d4099b269581c18f0fd85c9d8c2c207b] Revert "mtd: spinand: Fix OOB read" testing commit e138a9e4d4099b269581c18f0fd85c9d8c2c207b with gcc (GCC) 8.4.1 20210217 kernel signature: 69e1eccf63cde4d7b46591a7eaf6344bf953336772ed1fc980b25a9ac9105e19 all runs: OK # git bisect bad e138a9e4d4099b269581c18f0fd85c9d8c2c207b Bisecting: 8 revisions left to test after this (roughly 3 steps) [4cb33d97b067682e4e3c398a57426e4c7e493a3d] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init testing commit 4cb33d97b067682e4e3c398a57426e4c7e493a3d with gcc (GCC) 8.4.1 20210217 kernel signature: 4ff493b24d565544b82f4c3c7e0fbd2c480e2c71a5ee35fbf6d6509cc394dbcc all runs: OK # git bisect bad 4cb33d97b067682e4e3c398a57426e4c7e493a3d Bisecting: 3 revisions left to test after this (roughly 2 steps) [fd4f2a5151e6c6294169d983303c485beade5b37] media: gp8psk: initialize stats at power control logic testing commit fd4f2a5151e6c6294169d983303c485beade5b37 with gcc (GCC) 8.4.1 20210217 kernel signature: a584824d6d9689cadf7ede3765e14959b3eafcbae9f2619b896b20af650625cb all runs: OK # git bisect bad fd4f2a5151e6c6294169d983303c485beade5b37 Bisecting: 1 revision left to test after this (roughly 1 step) [b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.4.1 20210217 kernel signature: 72c49720a955780f9ece374c662b9c3c6c5e6b765e750b091f2196bea6ffc954 all runs: OK # git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333 Bisecting: 0 revisions left to test after this (roughly 0 steps) [88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.4.1 20210217 kernel signature: 1e4c0177cbe649ab041448f652e4af04435ee60ad6d554321570e7354d3beafc all runs: crashed: kernel BUG in do_journal_end # git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 72c49720a955780f9ece374c662b9c3c6c5e6b765e750b091f2196bea6ffc954 parent signature: 1e4c0177cbe649ab041448f652e4af04435ee60ad6d554321570e7354d3beafc revisions tested: 12, total time: 3h18m42.804680121s (build: 1h30m43.534508946s, test: 1h43m8.696927846s) first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []