bisecting fixing commit since 1752938529c614a8ed4432ecce6ebc95d3b87207 building syzkaller on a0234d980eccaa87f5821ac8e95ed9c94a104acf testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.4.1 20210217 kernel signature: 9bcd3a37ea612b975e3729c2939b1548f500d5b1bc30bf59a764773b1a5f6346 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super testing current HEAD 29c52025152bab4c557d8174da58f1a4c8e70438 testing commit 29c52025152bab4c557d8174da58f1a4c8e70438 with gcc (GCC) 8.4.1 20210217 kernel signature: ddb86a30665a7295fc7f83e03c29dd09a6c21f082d072534df5e1245d078dec8 all runs: OK # git bisect start 29c52025152bab4c557d8174da58f1a4c8e70438 1752938529c614a8ed4432ecce6ebc95d3b87207 Bisecting: 147 revisions left to test after this (roughly 7 steps) [92f72f2c8ef1dcaeefd32efb60788de5b54ab4f2] ALSA: fireface: Fix integer overflow in transmit_midi_msg() testing commit 92f72f2c8ef1dcaeefd32efb60788de5b54ab4f2 with gcc (GCC) 8.4.1 20210217 kernel signature: 1ddb46c305fefb82e74afc55d442e5424291b5ab9b05868b0b511d3f7f6559af all runs: OK # git bisect bad 92f72f2c8ef1dcaeefd32efb60788de5b54ab4f2 Bisecting: 73 revisions left to test after this (roughly 6 steps) [f25e8558777ce4d0cccd1c57e5d6febbd2180c9e] usb: gadget: function: printer: Fix a memory leak for interface descriptor testing commit f25e8558777ce4d0cccd1c57e5d6febbd2180c9e with gcc (GCC) 8.4.1 20210217 kernel signature: b670a91859d1b272ab1c1f76b6da619d712c066c24761c98e8223752493ee03b all runs: OK # git bisect bad f25e8558777ce4d0cccd1c57e5d6febbd2180c9e Bisecting: 36 revisions left to test after this (roughly 5 steps) [f236d698cd71f2bb3ea92c36f9a845a63b3c2812] depmod: handle the case of /sbin/depmod without /sbin in PATH testing commit f236d698cd71f2bb3ea92c36f9a845a63b3c2812 with gcc (GCC) 8.4.1 20210217 kernel signature: 7200fc2b6b6f2f21a74882c58d63e22f54bcc6d141744d2c585a41d95d3625ca all runs: OK # git bisect bad f236d698cd71f2bb3ea92c36f9a845a63b3c2812 Bisecting: 17 revisions left to test after this (roughly 4 steps) [c5eae3edc5273ac59dab70fd49114cce729f27f4] ALSA: seq: Use bool for snd_seq_queue internal flags testing commit c5eae3edc5273ac59dab70fd49114cce729f27f4 with gcc (GCC) 8.4.1 20210217 kernel signature: 1bee00bf9977a8106e3feb82398f53828009de87ea672338181bdad3f8365da7 all runs: OK # git bisect bad c5eae3edc5273ac59dab70fd49114cce729f27f4 Bisecting: 8 revisions left to test after this (roughly 3 steps) [6e1278ea35099542b2e5b7c6adb3a0cdfb590d47] vfio/pci: Move dummy_resources_list init in vfio_pci_probe() testing commit 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 with gcc (GCC) 8.4.1 20210217 kernel signature: f8834cd9f66760755beec26af530f072c14c397dac5e12d26b010f9c1a5c74e2 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b732e14e6218bd925e15c539165f037081ae5176] uapi: move constants from to testing commit b732e14e6218bd925e15c539165f037081ae5176 with gcc (GCC) 8.4.1 20210217 kernel signature: 2d5f0ce8262b3804e31876066cf174c2518feda8b33011688ee0003fcdb3cbd7 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good b732e14e6218bd925e15c539165f037081ae5176 Bisecting: 2 revisions left to test after this (roughly 1 step) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.4.1 20210217 kernel signature: 40eb397f22c3880d38bd1fc4f87d5f0ce975e66e8c072fa20a23897aa054cccb all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a Bisecting: 0 revisions left to test after this (roughly 0 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.4.1 20210217 kernel signature: 169a08a0252904f4dcf20865604bf6e876c911adfbeafdbbb742f4d8c1564479 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 40eb397f22c3880d38bd1fc4f87d5f0ce975e66e8c072fa20a23897aa054cccb parent signature: 169a08a0252904f4dcf20865604bf6e876c911adfbeafdbbb742f4d8c1564479 revisions tested: 10, total time: 2h18m54.227053029s (build: 1h10m53.142544225s, test: 1h3m49.56073891s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []