bisecting fixing commit since b3298500b23f0b53a8d81e0d5ad98a29db71f4f0 building syzkaller on 5050311712ecf43945d306df4653fc28da89fb43 testing commit b3298500b23f0b53a8d81e0d5ad98a29db71f4f0 with gcc (GCC) 8.1.0 kernel signature: 12b8e43028954905800b0768bf6a92607f081c8c8b56e62354b95aa33d824e80 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky testing current HEAD 36bbbd0e234d817938bdc52121a0f5473b3e58f5 testing commit 36bbbd0e234d817938bdc52121a0f5473b3e58f5 with gcc (GCC) 8.1.0 kernel signature: 9b7f05db78eaa999a1445feeceecae58831cb508b6ddc1c105df66187af95542 all runs: OK # git bisect start 36bbbd0e234d817938bdc52121a0f5473b3e58f5 b3298500b23f0b53a8d81e0d5ad98a29db71f4f0 Bisecting: 6723 revisions left to test after this (roughly 13 steps) [2911ed9f47b47cb5ab87d03314b3b9fe008e607f] Merge tag 'char-misc-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 2911ed9f47b47cb5ab87d03314b3b9fe008e607f with gcc (GCC) 8.1.0 kernel signature: 10f3f766bac17836ef127f188a4be261fcd9ea13a9f3c480522dc2c08cb31063 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 2911ed9f47b47cb5ab87d03314b3b9fe008e607f Bisecting: 3501 revisions left to test after this (roughly 12 steps) [b0a6cd29e00a317d7fd823e0db57abbbd9bbb610] Merge tag 'arm-soc-defconfig-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit b0a6cd29e00a317d7fd823e0db57abbbd9bbb610 with gcc (GCC) 8.1.0 kernel signature: e07134accee6402a94e0a446a67128a00a8cbf519db319c7c81c7e705ecc55f0 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good b0a6cd29e00a317d7fd823e0db57abbbd9bbb610 Bisecting: 1738 revisions left to test after this (roughly 11 steps) [d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214] Merge tag 'net-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214 with gcc (GCC) 8.1.0 kernel signature: d0d055cefd99d237cac07bc6e50274e52830c4bc5f1acabcc04cd40092961fb8 all runs: OK # git bisect bad d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214 Bisecting: 782 revisions left to test after this (roughly 10 steps) [48c1c40ab40cb087b992e7b77518c3a2926743cc] Merge tag 'arm-soc-drivers-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 48c1c40ab40cb087b992e7b77518c3a2926743cc with gcc (GCC) 8.1.0 kernel signature: 9e75298ef426630e392ccbc898d905ea08fc345f720fa1dcc677d51ea79e2419 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 48c1c40ab40cb087b992e7b77518c3a2926743cc Bisecting: 385 revisions left to test after this (roughly 9 steps) [312dcaf967219effe0483785f24e4072a5bed9a5] Merge tag 'modules-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux testing commit 312dcaf967219effe0483785f24e4072a5bed9a5 with gcc (GCC) 8.1.0 kernel signature: 649d40148661acc6ca324eb27f3d299af88096e48f95ea878062fd9df0417598 all runs: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. # git bisect skip 312dcaf967219effe0483785f24e4072a5bed9a5 Bisecting: 385 revisions left to test after this (roughly 9 steps) [7a03aeb66c410366acc5439ae2a341f110c4f845] xprtrdma: Micro-optimize MR DMA-unmapping testing commit 7a03aeb66c410366acc5439ae2a341f110c4f845 with gcc (GCC) 8.1.0 kernel signature: 826d23a19d7f84b583cd1cbad542d3a78d77855e8b221d386825a04462931011 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 7a03aeb66c410366acc5439ae2a341f110c4f845 Bisecting: 385 revisions left to test after this (roughly 9 steps) [7bfe54b5f16561bb703de6482f880614ada8dbf2] powerpc/mm: Refactor the floor/ceiling check in hugetlb range freeing functions testing commit 7bfe54b5f16561bb703de6482f880614ada8dbf2 with gcc (GCC) 8.1.0 kernel signature: 63ed3c089653a8d0fcfe2dc77a052b7e585d504fbf751c8cd1f5bae80704d7f1 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 7bfe54b5f16561bb703de6482f880614ada8dbf2 Bisecting: 225 revisions left to test after this (roughly 8 steps) [74f602dc96dd854c7b2034947798c1e2a6b84066] Merge tag 'nfs-for-5.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs testing commit 74f602dc96dd854c7b2034947798c1e2a6b84066 with gcc (GCC) 8.1.0 kernel signature: 33317968c17a0829ecc3d06d791fc504adaa4bd82e935306ce78c8c4aca07a71 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 74f602dc96dd854c7b2034947798c1e2a6b84066 Bisecting: 138 revisions left to test after this (roughly 7 steps) [92dbc9dedccb9759c7f9f2f0ae6242396376988f] Merge tag 'ovl-update-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 92dbc9dedccb9759c7f9f2f0ae6242396376988f with gcc (GCC) 8.1.0 kernel signature: 9899d25282440815928c18db28c43faefc4f96352addffec153f6438b732abe2 all runs: OK # git bisect bad 92dbc9dedccb9759c7f9f2f0ae6242396376988f Bisecting: 71 revisions left to test after this (roughly 6 steps) [b97d4c424e362ebf88fd9aa1b7ad82e3a28c26d3] Merge tag 'for_v5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit b97d4c424e362ebf88fd9aa1b7ad82e3a28c26d3 with gcc (GCC) 8.1.0 kernel signature: 02fe043c1f8d90a746366746e8d02752070291379567134481faf1dae93c5c3f all runs: OK # git bisect bad b97d4c424e362ebf88fd9aa1b7ad82e3a28c26d3 Bisecting: 36 revisions left to test after this (roughly 5 steps) [3614fb09f998c8f710142fb722ba216ddc79db24] clk: ti: omap4: Drop idlest polling from IVA clkctrl clocks testing commit 3614fb09f998c8f710142fb722ba216ddc79db24 with gcc (GCC) 8.1.0 kernel signature: f638618528142a69f8f64db1f8952aa630bd087c1726ced5b128345dd6a86860 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #2: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 3614fb09f998c8f710142fb722ba216ddc79db24 Bisecting: 17 revisions left to test after this (roughly 4 steps) [7fbee7e3386cb51e5ebc60c4d7cea13ffeab31d6] Merge tag 'omap-for-v5.11/genpd-rest-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/omap-genpd testing commit 7fbee7e3386cb51e5ebc60c4d7cea13ffeab31d6 with gcc (GCC) 8.1.0 kernel signature: f638618528142a69f8f64db1f8952aa630bd087c1726ced5b128345dd6a86860 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 7fbee7e3386cb51e5ebc60c4d7cea13ffeab31d6 Bisecting: 8 revisions left to test after this (roughly 3 steps) [e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc] fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode() testing commit e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc with gcc (GCC) 8.1.0 kernel signature: a0661e37305634f9687c5b6243ace9b123b60135ac9f5ea0b3319f7feaa4869f all runs: OK # git bisect bad e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc Bisecting: 4 revisions left to test after this (roughly 2 steps) [11c514a99bb960941535134f0587102855e8ddee] quota: Sanity-check quota file headers on load testing commit 11c514a99bb960941535134f0587102855e8ddee with gcc (GCC) 8.1.0 kernel signature: 7e406842bb4cc87fd3585382f954644f1c53c2c1e0975fab93c1177413940729 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 11c514a99bb960941535134f0587102855e8ddee Bisecting: 1 revision left to test after this (roughly 1 step) [8fca3c8a3451514c6f20dd26d5e66e78220d16e3] ext2: Fix fall-through warnings for Clang testing commit 8fca3c8a3451514c6f20dd26d5e66e78220d16e3 with gcc (GCC) 8.1.0 kernel signature: 7e406842bb4cc87fd3585382f954644f1c53c2c1e0975fab93c1177413940729 run #0: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #1: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #2: crashed: kernel BUG at fs/reiserfs/journal.c:LINE! run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 8fca3c8a3451514c6f20dd26d5e66e78220d16e3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d24396c5290ba8ab04ba505176874c4e04a2d53c] reiserfs: add check for an invalid ih_entry_count testing commit d24396c5290ba8ab04ba505176874c4e04a2d53c with gcc (GCC) 8.1.0 kernel signature: ed7cab9730dcd61df5aa499437ba30ad85312e61f42fbb3281e3a28f99597b21 all runs: OK # git bisect bad d24396c5290ba8ab04ba505176874c4e04a2d53c d24396c5290ba8ab04ba505176874c4e04a2d53c is the first bad commit commit d24396c5290ba8ab04ba505176874c4e04a2d53c Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: ed7cab9730dcd61df5aa499437ba30ad85312e61f42fbb3281e3a28f99597b21 parent signature: 7e406842bb4cc87fd3585382f954644f1c53c2c1e0975fab93c1177413940729 Reproducer flagged being flaky revisions tested: 18, total time: 4h39m30.633665406s (build: 1h26m5.479426824s, test: 3h11m24.639726249s) first good commit: d24396c5290ba8ab04ba505176874c4e04a2d53c reiserfs: add check for an invalid ih_entry_count recipients (to): ["jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []