bisecting fixing commit since b09c34517e1ac4018e3bb75ed5c8610a8a1f486b building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463 testing commit b09c34517e1ac4018e3bb75ed5c8610a8a1f486b with gcc (GCC) 8.4.1 20210217 kernel signature: f47fbe6180cde8e864d7275f280b8ae9542ffcf1b07615c5096b92abe3ce2e44 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries testing current HEAD 255b58a2b3af0baa0ee11507390349217b8b73b0 testing commit 255b58a2b3af0baa0ee11507390349217b8b73b0 with gcc (GCC) 8.4.1 20210217 kernel signature: 31d2d0538dc4052f438f322c26f140d1e9683e3802aa62f99f5f0e8b904f9612 all runs: OK # git bisect start 255b58a2b3af0baa0ee11507390349217b8b73b0 b09c34517e1ac4018e3bb75ed5c8610a8a1f486b Bisecting: 879 revisions left to test after this (roughly 10 steps) [593cd9d5c7f8ea6ae46d10a0805a33608b3c326f] ARM: dts: dra76x: m_can: fix order of clocks testing commit 593cd9d5c7f8ea6ae46d10a0805a33608b3c326f with gcc (GCC) 8.4.1 20210217 kernel signature: 2d68940c947c92f11794d2b1eb1e3402a210648d50e77c5bf26ae0bb6aff9435 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 593cd9d5c7f8ea6ae46d10a0805a33608b3c326f Bisecting: 439 revisions left to test after this (roughly 9 steps) [85597c4369c9941dd38e47176ff8b540b2b583a3] xen/xenbus: Count pending messages for each watch testing commit 85597c4369c9941dd38e47176ff8b540b2b583a3 with gcc (GCC) 8.4.1 20210217 kernel signature: b7461bbbf0bdc8e178a01a9fe2d3c6ab935bc9da79ca97b25b02dd8dd4f89326 run #0: crashed: KASAN: use-after-free Read in search_by_entry_key run #1: crashed: KASAN: use-after-free Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in search_by_entry_key run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 85597c4369c9941dd38e47176ff8b540b2b583a3 Bisecting: 219 revisions left to test after this (roughly 8 steps) [d4ede0a453cb2658a72dfed7572415c5366cdf4d] esp: avoid unneeded kmap_atomic call testing commit d4ede0a453cb2658a72dfed7572415c5366cdf4d with gcc (GCC) 8.4.1 20210217 kernel signature: a2584714905c2f7ce6cb18aad6d19f948353ea81ec0b2e2e84fed0b1ad272d6d all runs: OK # git bisect bad d4ede0a453cb2658a72dfed7572415c5366cdf4d Bisecting: 109 revisions left to test after this (roughly 7 steps) [41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3] x86/mm: Fix leak of pmd ptlock testing commit 41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3 with gcc (GCC) 8.4.1 20210217 kernel signature: 7e955935508b89e3d9a86913f3faa6734a841cdbfb9041760d95864ecbc7536f all runs: OK # git bisect bad 41927dd11b9a4dfe1d2e8c9e21c50fe865c256e3 Bisecting: 54 revisions left to test after this (roughly 6 steps) [6ccab11c562666b2a850c4db21c0bd10a7d63707] proc: fix lookup in /proc/net subdirectories after setns(2) testing commit 6ccab11c562666b2a850c4db21c0bd10a7d63707 with gcc (GCC) 8.4.1 20210217 kernel signature: 22f12d15de8e0c67ac9cd0fcb4054974359bfa22a13dc9d1ce324537959d2736 all runs: OK # git bisect bad 6ccab11c562666b2a850c4db21c0bd10a7d63707 Bisecting: 27 revisions left to test after this (roughly 5 steps) [8e63266b0d42a2dc233cfc468636889b5b3ba1cf] fcntl: Fix potential deadlock in send_sig{io, urg}() testing commit 8e63266b0d42a2dc233cfc468636889b5b3ba1cf with gcc (GCC) 8.4.1 20210217 kernel signature: 6368e91955a9b9b026d627100832e046ea3eea242496290e344a80f1468cc872 all runs: OK # git bisect bad 8e63266b0d42a2dc233cfc468636889b5b3ba1cf Bisecting: 13 revisions left to test after this (roughly 4 steps) [81629230815ff27439a61d675ad9873e93190204] ext4: don't remount read-only with errors=continue on reboot testing commit 81629230815ff27439a61d675ad9873e93190204 with gcc (GCC) 8.4.1 20210217 kernel signature: d3a91882f9d2bc427f232e87acae48adb7a7f5fcea5fedab57028e63cd078909 run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #2: crashed: KASAN: use-after-free Read in search_by_entry_key run #3: crashed: KASAN: use-after-free Read in search_by_entry_key run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in search_by_entry_key run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: use-after-free Read in search_by_entry_key run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 81629230815ff27439a61d675ad9873e93190204 Bisecting: 6 revisions left to test after this (roughly 3 steps) [2f6668bfe30a952f29f12499ad5c038cb1f6653c] of: fix linker-section match-table corruption testing commit 2f6668bfe30a952f29f12499ad5c038cb1f6653c with gcc (GCC) 8.4.1 20210217 kernel signature: ce6c39f003596b27991cc7224bd7569b4bc974db7253ad0451786a6f4ba2de35 run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in search_by_entry_key run #2: crashed: KASAN: use-after-free Read in search_by_entry_key run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in search_by_entry_key run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 2f6668bfe30a952f29f12499ad5c038cb1f6653c Bisecting: 3 revisions left to test after this (roughly 2 steps) [074b61ff2127ed1e408f39783b32d1936d6aa3ac] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 074b61ff2127ed1e408f39783b32d1936d6aa3ac with gcc (GCC) 8.4.1 20210217 kernel signature: c38c853e6ff830f09df13fc3d4fef0a60d7129a61707844b71bdecdae5f06903 all runs: OK # git bisect bad 074b61ff2127ed1e408f39783b32d1936d6aa3ac Bisecting: 0 revisions left to test after this (roughly 1 step) [b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.4.1 20210217 kernel signature: f7d97264d65e95c970cc9bdb6ab0318c4fe7d65ac017e082b8ca7ca4df04958e all runs: OK # git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333 Bisecting: 0 revisions left to test after this (roughly 0 steps) [88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.4.1 20210217 kernel signature: 0ed6f03a4366ca7591b498588986b6c3b4d065082fd1378d0384002b3b505a6c all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: f7d97264d65e95c970cc9bdb6ab0318c4fe7d65ac017e082b8ca7ca4df04958e parent signature: 0ed6f03a4366ca7591b498588986b6c3b4d065082fd1378d0384002b3b505a6c revisions tested: 13, total time: 3h23m1.230410787s (build: 1h43m20.969598981s, test: 1h34m26.264672266s) first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []