bisecting fixing commit since 2b79150141611d3c6e1b55d4e70f49602482f0b8 building syzkaller on 18e33098d58c8738cc3b678346141b74d34d4e30 testing commit 2b79150141611d3c6e1b55d4e70f49602482f0b8 with gcc (GCC) 8.1.0 kernel signature: a5a2e3df67f0ff74b06e3e349b2f08b8760ede682bf38c51c4cbe3174463ba15 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! testing current HEAD ec822b3e8bf485ecb543773ad29289e6bb87b338 testing commit ec822b3e8bf485ecb543773ad29289e6bb87b338 with gcc (GCC) 8.1.0 kernel signature: 0bbe7767a017a7b1e1777eca4b2daa1cd2c04c081953cf9b1eaec0a3a0e3b9dc all runs: OK # git bisect start ec822b3e8bf485ecb543773ad29289e6bb87b338 2b79150141611d3c6e1b55d4e70f49602482f0b8 Bisecting: 356 revisions left to test after this (roughly 9 steps) [f3ac86d85eff043f0b0d3bdecdaf7883e2a389a4] dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant testing commit f3ac86d85eff043f0b0d3bdecdaf7883e2a389a4 with gcc (GCC) 8.1.0 kernel signature: c08267e4d4e9f2bf706bf7c958cf2e16a06af66c36cca9b543f905b0dcff5911 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good f3ac86d85eff043f0b0d3bdecdaf7883e2a389a4 Bisecting: 178 revisions left to test after this (roughly 8 steps) [29f360c2807e9a27ea6da3453b16770dbf54bf8e] scsi: core: Fix VPD LUN ID designator priorities testing commit 29f360c2807e9a27ea6da3453b16770dbf54bf8e with gcc (GCC) 8.1.0 kernel signature: a5d671b8ec327766491f7c5649e4c1e406c86d0e14bfa79f0292bfacbb52ddab all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 29f360c2807e9a27ea6da3453b16770dbf54bf8e Bisecting: 89 revisions left to test after this (roughly 7 steps) [9892894dff8ca671bf02e488f8bff5ef5417b88f] media: netup_unidvb: Don't leak SPI master in probe error path testing commit 9892894dff8ca671bf02e488f8bff5ef5417b88f with gcc (GCC) 8.1.0 kernel signature: 903286851e091e6a511a3874ffb790f6711a3467653e3cc48409cabd8f60a5a8 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 9892894dff8ca671bf02e488f8bff5ef5417b88f Bisecting: 44 revisions left to test after this (roughly 6 steps) [894d77998dab7c4db32042c5e80480c8aada1013] iio: buffer: Fix demux update testing commit 894d77998dab7c4db32042c5e80480c8aada1013 with gcc (GCC) 8.1.0 kernel signature: 1650704f916c6cf91afbd1e93c15dcc0740fc6149fbd22fc4e204f2cdbb91ab7 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 894d77998dab7c4db32042c5e80480c8aada1013 Bisecting: 22 revisions left to test after this (roughly 5 steps) [955f8bc9eb69b3be9a7785015c726f7004ec36b9] mm: memcontrol: implement lruvec stat functions on top of each other testing commit 955f8bc9eb69b3be9a7785015c726f7004ec36b9 with gcc (GCC) 8.1.0 kernel signature: 615a3e92a0d6f9b8726542515049a1b64cf603418522571adde8c6378fa4e088 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 955f8bc9eb69b3be9a7785015c726f7004ec36b9 Bisecting: 11 revisions left to test after this (roughly 4 steps) [c5eae3edc5273ac59dab70fd49114cce729f27f4] ALSA: seq: Use bool for snd_seq_queue internal flags testing commit c5eae3edc5273ac59dab70fd49114cce729f27f4 with gcc (GCC) 8.1.0 kernel signature: 9dc1825e84906ef996f4deb39170002e35123cd281b9eb0fe3220d3ad43da866 all runs: OK # git bisect bad c5eae3edc5273ac59dab70fd49114cce729f27f4 Bisecting: 5 revisions left to test after this (roughly 3 steps) [404653452c4382236f0ff57f88a2dbad668f8ed7] powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() testing commit 404653452c4382236f0ff57f88a2dbad668f8ed7 with gcc (GCC) 8.1.0 kernel signature: e5d44845ab71a7cce5fd87a9073d9dbd510ef194b69c84436b8a20ba1d3bd2e9 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 404653452c4382236f0ff57f88a2dbad668f8ed7 Bisecting: 2 revisions left to test after this (roughly 2 steps) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.1.0 kernel signature: 95aebd7eb9e5830f4f20e0910c665e3713febf4b5a46d80415e5baf1b0e038d7 all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a Bisecting: 0 revisions left to test after this (roughly 1 step) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.1.0 kernel signature: caade77d17f484ab34b8b1bf87437a7bcb261d6df1d0b888a4d4394877db2d74 all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE! # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 95aebd7eb9e5830f4f20e0910c665e3713febf4b5a46d80415e5baf1b0e038d7 parent signature: caade77d17f484ab34b8b1bf87437a7bcb261d6df1d0b888a4d4394877db2d74 revisions tested: 11, total time: 2h18m33.220328336s (build: 1h27m23.568754981s, test: 50m3.032000377s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []