bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on 9e1fa68ee1625a7f0ef03906ee1abb40cb987fbf testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.1.0 kernel signature: 47867714513c6d00969cf998332bdf15c108c8b596fcf3018474ea8ee992a37a all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb testing current HEAD 87335852c5d9ec629f80bb2257b9a9945962b719 testing commit 87335852c5d9ec629f80bb2257b9a9945962b719 with gcc (GCC) 8.1.0 kernel signature: 5fa3ec89623c92f7bd6940a5c3a430e51c95c8dbf22c873820c7c59c3d79ab4e all runs: OK # git bisect start 87335852c5d9ec629f80bb2257b9a9945962b719 cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 442 revisions left to test after this (roughly 9 steps) [b26380cfbf0489ee9f88e68f466cf4cc00520ac3] mtd: mtdoops: Don't write panic data twice testing commit b26380cfbf0489ee9f88e68f466cf4cc00520ac3 with gcc (GCC) 8.1.0 kernel signature: 531c2734901002346a63d38278cbbadfd9d9b46d0e0dfe2970102d9e44407016 all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb # git bisect good b26380cfbf0489ee9f88e68f466cf4cc00520ac3 Bisecting: 221 revisions left to test after this (roughly 8 steps) [d2fcb5720e21c105388b1ca9f136cd8efd72b2e4] device property: Keep secondary firmware node secondary by type testing commit d2fcb5720e21c105388b1ca9f136cd8efd72b2e4 with gcc (GCC) 8.1.0 kernel signature: f7d0e6d457008a4d059c3cff8d1468dbc8724e96c9f5242b2e4574eb43f044db all runs: OK # git bisect bad d2fcb5720e21c105388b1ca9f136cd8efd72b2e4 Bisecting: 110 revisions left to test after this (roughly 7 steps) [2e9ec107f92c6c70cc47da40690c0c6edd8faf94] arch/x86/amd/ibs: Fix re-arming IBS Fetch testing commit 2e9ec107f92c6c70cc47da40690c0c6edd8faf94 with gcc (GCC) 8.1.0 kernel signature: e19b69f5c67fab6517fd2a8cdde9db728e52035654a73711ae367052052b2b5a all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb # git bisect good 2e9ec107f92c6c70cc47da40690c0c6edd8faf94 Bisecting: 55 revisions left to test after this (roughly 6 steps) [45194d6923cb9357136819d96dc16a4521b5785f] perf/x86/amd/ibs: Fix raw sample data accumulation testing commit 45194d6923cb9357136819d96dc16a4521b5785f with gcc (GCC) 8.1.0 kernel signature: 13bcf7ded4d79aa27aced531b6a2894568c9a4d20de7bf7c5c118f3009f6e75d all runs: OK # git bisect bad 45194d6923cb9357136819d96dc16a4521b5785f Bisecting: 27 revisions left to test after this (roughly 5 steps) [9ef54f898a7dfa43f9c065aeac212e1102f4abc9] drm/bridge/synopsys: dsi: add support for non-continuous HS clock testing commit 9ef54f898a7dfa43f9c065aeac212e1102f4abc9 with gcc (GCC) 8.1.0 kernel signature: 233e58522e112ad2e15d8ad81a56064bd01dc7c4beea06990bc8b3a0cccb2092 all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb # git bisect good 9ef54f898a7dfa43f9c065aeac212e1102f4abc9 Bisecting: 13 revisions left to test after this (roughly 4 steps) [d39cd0d82f608f49d67915874cd8a8d424736e0e] net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid testing commit d39cd0d82f608f49d67915874cd8a8d424736e0e with gcc (GCC) 8.1.0 kernel signature: e64d52bf0a986d9caa724dd105f247b6f08b055dc5a33597587d020701949e31 all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb # git bisect good d39cd0d82f608f49d67915874cd8a8d424736e0e Bisecting: 6 revisions left to test after this (roughly 3 steps) [391bedad1dc8f1c9453b1664d01b4d13f22308ac] ARM: dts: s5pv210: move PMU node out of clock controller testing commit 391bedad1dc8f1c9453b1664d01b4d13f22308ac with gcc (GCC) 8.1.0 kernel signature: 66e2bb974626a0810790b8c27afa7278bade5969764e9ec9c25dfc0935e7e8c5 all runs: OK # git bisect bad 391bedad1dc8f1c9453b1664d01b4d13f22308ac Bisecting: 3 revisions left to test after this (roughly 2 steps) [78734edd11ccd3e4f88db9021a4d9856396aeabc] gfs2: add validation checks for size of superblock testing commit 78734edd11ccd3e4f88db9021a4d9856396aeabc with gcc (GCC) 8.1.0 kernel signature: 66e2bb974626a0810790b8c27afa7278bade5969764e9ec9c25dfc0935e7e8c5 all runs: OK # git bisect bad 78734edd11ccd3e4f88db9021a4d9856396aeabc Bisecting: 0 revisions left to test after this (roughly 1 step) [a991f90aeee1e062c7b6c6d06ce95b8f0e4cb27c] ext4: Detect already used quota file early testing commit a991f90aeee1e062c7b6c6d06ce95b8f0e4cb27c with gcc (GCC) 8.1.0 kernel signature: 5894201f62399ee8e84be8e0cf7b15ded16c0f7a99b49b9fca5bcbf71d4aada1 all runs: crashed: KASAN: slab-out-of-bounds Write in init_sb # git bisect good a991f90aeee1e062c7b6c6d06ce95b8f0e4cb27c 78734edd11ccd3e4f88db9021a4d9856396aeabc is the first bad commit commit 78734edd11ccd3e4f88db9021a4d9856396aeabc Author: Anant Thazhemadam Date: Wed Oct 14 22:01:09 2020 +0530 gfs2: add validation checks for size of superblock [ Upstream commit 0ddc5154b24c96f20e94d653b0a814438de6032b ] In gfs2_check_sb(), no validation checks are performed with regards to the size of the superblock. syzkaller detected a slab-out-of-bounds bug that was primarily caused because the block size for a superblock was set to zero. A valid size for a superblock is a power of 2 between 512 and PAGE_SIZE. Performing validation checks and ensuring that the size of the superblock is valid fixes this bug. Reported-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com Tested-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com Suggested-by: Andrew Price Signed-off-by: Anant Thazhemadam [Minor code reordering.] Signed-off-by: Andreas Gruenbacher Signed-off-by: Sasha Levin fs/gfs2/ops_fstype.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) culprit signature: 66e2bb974626a0810790b8c27afa7278bade5969764e9ec9c25dfc0935e7e8c5 parent signature: 5894201f62399ee8e84be8e0cf7b15ded16c0f7a99b49b9fca5bcbf71d4aada1 revisions tested: 11, total time: 2h39m48.7083202s (build: 1h33m38.297096256s, test: 1h4m38.937700968s) first good commit: 78734edd11ccd3e4f88db9021a4d9856396aeabc gfs2: add validation checks for size of superblock recipients (to): ["agruenba@redhat.com" "anant.thazhemadam@gmail.com" "sashal@kernel.org" "syzbot+af90d47a37376844e731@syzkaller.appspotmail.com"] recipients (cc): []