bisecting fixing commit since 13d2ce42de8cb98ff952f8de6307f896203854c2 building syzkaller on 821e0b09046a2f972ace26fbdc02aef1116792d4 testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.4.1 20210217 kernel signature: c311491b2169e2813d5652dfbe216a89921b3f7fbf1d4590413dc685c2ea5678 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: out-of-bounds Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget run #10: crashed: KASAN: use-after-free Read in ntfs_iget run #11: crashed: KASAN: use-after-free Read in ntfs_iget run #12: crashed: KASAN: use-after-free Read in ntfs_iget run #13: crashed: KASAN: use-after-free Read in ntfs_iget run #14: crashed: KASAN: use-after-free Read in ntfs_iget run #15: crashed: KASAN: use-after-free Read in ntfs_iget run #16: crashed: KASAN: use-after-free Read in ntfs_iget run #17: crashed: KASAN: use-after-free Read in ntfs_iget run #18: crashed: KASAN: use-after-free Read in ntfs_iget run #19: crashed: KASAN: use-after-free Read in ntfs_iget testing current HEAD 78fec1611cbf7b0bdaddfdbf174a3a2463663bff testing commit 78fec1611cbf7b0bdaddfdbf174a3a2463663bff with gcc (GCC) 8.4.1 20210217 kernel signature: 8f528eefdb0e955d3670f6f3c026a26a4a21f25a4dd23eed66f792bfaca0102e all runs: OK # git bisect start 78fec1611cbf7b0bdaddfdbf174a3a2463663bff 13d2ce42de8cb98ff952f8de6307f896203854c2 Bisecting: 672 revisions left to test after this (roughly 9 steps) [62b47c35c2737a4eb9ef9bdf356e8764d8579ba5] leds: trigger: fix potential deadlock with libata testing commit 62b47c35c2737a4eb9ef9bdf356e8764d8579ba5 with gcc (GCC) 8.4.1 20210217 kernel signature: 86b46bee2d13ee6690bf1d5b2f98887fa68bccb6c752bbc2d09f55ffa309fce2 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: out-of-bounds Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 62b47c35c2737a4eb9ef9bdf356e8764d8579ba5 Bisecting: 336 revisions left to test after this (roughly 8 steps) [7725683a82b6bd32f266bacf2b41d47de0f82e92] ACPI: property: Fix fwnode string properties matching testing commit 7725683a82b6bd32f266bacf2b41d47de0f82e92 with gcc (GCC) 8.4.1 20210217 kernel signature: 3e6e82704e5bd00a1af0f05161963c8cdf9c1fd574aeffe1d35d61532059a370 all runs: OK # git bisect bad 7725683a82b6bd32f266bacf2b41d47de0f82e92 Bisecting: 167 revisions left to test after this (roughly 7 steps) [6c63a7be2b11b378f77adfa8dd81e66b0df2795b] block: fix race between switching elevator and removing queues testing commit 6c63a7be2b11b378f77adfa8dd81e66b0df2795b with gcc (GCC) 8.4.1 20210217 kernel signature: 85583047c8b7d6c9aa140d3c58c6255ebd26f715ee76d153689e93f07aad9a92 all runs: OK # git bisect bad 6c63a7be2b11b378f77adfa8dd81e66b0df2795b Bisecting: 83 revisions left to test after this (roughly 6 steps) [4f12385298d474541a794f4c47980861299f20e7] remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load testing commit 4f12385298d474541a794f4c47980861299f20e7 with gcc (GCC) 8.4.1 20210217 kernel signature: 68b967337ee0d1fe9dd5cef1c81dd49dd313c1b083d486637b02127c9d72e30d all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 4f12385298d474541a794f4c47980861299f20e7 Bisecting: 41 revisions left to test after this (roughly 5 steps) [99109999f7c63ef833deaa8ebaa8e5a7bc6de15c] netfilter: flowtable: fix tcp and udp header checksum update testing commit 99109999f7c63ef833deaa8ebaa8e5a7bc6de15c with gcc (GCC) 8.4.1 20210217 kernel signature: adac299d76dd8c3700252c935b9781c7cd9b3f4ce688b9bc3cf591e0f0f868d2 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 99109999f7c63ef833deaa8ebaa8e5a7bc6de15c Bisecting: 20 revisions left to test after this (roughly 4 steps) [dfed59ee4b41b0937163dfed36752d29e72d0712] Xen/x86: don't bail early from clear_foreign_p2m_mapping() testing commit dfed59ee4b41b0937163dfed36752d29e72d0712 with gcc (GCC) 8.4.1 20210217 kernel signature: e3da2444d750901d73379dcec28d1c1f40dd605f45ccbd7f8baa211de5c32275 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good dfed59ee4b41b0937163dfed36752d29e72d0712 Bisecting: 10 revisions left to test after this (roughly 3 steps) [fc1e3f5d1d7f77be91f85d7d4ce94ebfe3d8d284] kvm: check tlbs_dirty directly testing commit fc1e3f5d1d7f77be91f85d7d4ce94ebfe3d8d284 with gcc (GCC) 8.4.1 20210217 kernel signature: 98136a24730434542f802d9e384cf2068ef8ff06508bddb882e20b31f7fbdf8b all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good fc1e3f5d1d7f77be91f85d7d4ce94ebfe3d8d284 Bisecting: 5 revisions left to test after this (roughly 3 steps) [23e895868b518f48eab7925aeb93aeeac3ac2594] ntfs: check for valid standard information attribute testing commit 23e895868b518f48eab7925aeb93aeeac3ac2594 with gcc (GCC) 8.4.1 20210217 kernel signature: ea0ece861cf94094c9a677c6b8679368b7da4d387aedf0e9539fb87c7b59f8a8 all runs: OK # git bisect bad 23e895868b518f48eab7925aeb93aeeac3ac2594 Bisecting: 2 revisions left to test after this (roughly 1 step) [ffca531f71d078c6caf752d64bc2a592f420f7c6] HID: make arrays usage and value to be the same testing commit ffca531f71d078c6caf752d64bc2a592f420f7c6 with gcc (GCC) 8.4.1 20210217 kernel signature: e02380e059cebf57f0f46eeec48d6863500f45aaebd41ff7d56c7ddd6562efe6 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good ffca531f71d078c6caf752d64bc2a592f420f7c6 Bisecting: 0 revisions left to test after this (roughly 1 step) [9c4a31480b728b706844a47c262d9562e2f86ada] usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable testing commit 9c4a31480b728b706844a47c262d9562e2f86ada with gcc (GCC) 8.4.1 20210217 kernel signature: 8aeb0956a36e00ec2ca5371e2422f7f77f806ce105baf1ab177715866a4a619a run #0: basic kernel testing failed: BUG: program execution failed: executor 0: exit status 67 run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: out-of-bounds Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 9c4a31480b728b706844a47c262d9562e2f86ada 23e895868b518f48eab7925aeb93aeeac3ac2594 is the first bad commit commit 23e895868b518f48eab7925aeb93aeeac3ac2594 Author: Rustam Kovhaev Date: Wed Feb 24 12:00:30 2021 -0800 ntfs: check for valid standard information attribute commit 4dfe6bd94959222e18d512bdf15f6bf9edb9c27c upstream. Mounting a corrupted filesystem with NTFS resulted in a kernel crash. We should check for valid STANDARD_INFORMATION attribute offset and length before trying to access it Link: https://lkml.kernel.org/r/20210217155930.1506815-1-rkovhaev@gmail.com Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969 Signed-off-by: Rustam Kovhaev Reported-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Tested-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: ea0ece861cf94094c9a677c6b8679368b7da4d387aedf0e9539fb87c7b59f8a8 parent signature: 8aeb0956a36e00ec2ca5371e2422f7f77f806ce105baf1ab177715866a4a619a revisions tested: 12, total time: 2h44m26.282066537s (build: 1h33m42.087530839s, test: 1h9m41.883419018s) first good commit: 23e895868b518f48eab7925aeb93aeeac3ac2594 ntfs: check for valid standard information attribute recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "gregkh@linuxfoundation.org" "rkovhaev@gmail.com" "syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []