bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on a9767fb2a6393444e871a02e79a14ccfa2aef52b testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.1.0 kernel signature: 7d7be863cab96e73bcd20a5c3b629f1ffae2096014c71e9c4bdf45906077944d run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find testing current HEAD 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c testing commit 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c with gcc (GCC) 8.1.0 kernel signature: c8cdd647f3596f617d2fd83c4fc02afc4b3115128014d1f89013f852b1e25e66 all runs: OK # git bisect start 27ce4f2a6817e38ca74c643d47a96359f6cc0c1c cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 359 revisions left to test after this (roughly 9 steps) [7ed96d96bfe93d1c8fe1d387105aa27c5791ba65] r8169: fix data corruption issue on RTL8402 testing commit 7ed96d96bfe93d1c8fe1d387105aa27c5791ba65 with gcc (GCC) 8.1.0 kernel signature: 846d83818528685334b58cd2a2958a8464ce35d11421efa1ea7575e959d20156 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: use-after-free Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find # git bisect good 7ed96d96bfe93d1c8fe1d387105aa27c5791ba65 Bisecting: 179 revisions left to test after this (roughly 8 steps) [d0528bf559b547a4450a4d9b9b3ea2d2586fff0c] usb: cdc-acm: add quirk to blacklist ETAS ES58X devices testing commit d0528bf559b547a4450a4d9b9b3ea2d2586fff0c with gcc (GCC) 8.1.0 kernel signature: 043396c153f6ea8278ab2f1a0cb42ee5515d747365b13a96819fbbae9a9b1fa3 all runs: OK # git bisect bad d0528bf559b547a4450a4d9b9b3ea2d2586fff0c Bisecting: 89 revisions left to test after this (roughly 7 steps) [98f78dd3caf9836b1a5fe9b96084319cfcb0c1cb] perf intel-pt: Fix "context_switch event has no tid" error testing commit 98f78dd3caf9836b1a5fe9b96084319cfcb0c1cb with gcc (GCC) 8.1.0 kernel signature: e229587c31b7317f22716726f5365fe7b19b5e0095f6bccb28c2a8ba6ec118ee run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 98f78dd3caf9836b1a5fe9b96084319cfcb0c1cb Bisecting: 44 revisions left to test after this (roughly 6 steps) [7713c060f1c11b435a6f4e57ee39559645454c5c] media: exynos4-is: Fix a reference count leak testing commit 7713c060f1c11b435a6f4e57ee39559645454c5c with gcc (GCC) 8.1.0 kernel signature: 9126efac07b0634906eaf48d302e49a056fa94178e07b7d55b80fd4eb0cef979 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find # git bisect good 7713c060f1c11b435a6f4e57ee39559645454c5c Bisecting: 22 revisions left to test after this (roughly 5 steps) [dcd5c6006eb2d5d4f3682a10f3cfc64f893b3542] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value testing commit dcd5c6006eb2d5d4f3682a10f3cfc64f893b3542 with gcc (GCC) 8.1.0 kernel signature: 78b4ea173884d35bf890827989149070c372dbb47cd725b86b33cf89652515c3 all runs: OK # git bisect bad dcd5c6006eb2d5d4f3682a10f3cfc64f893b3542 Bisecting: 10 revisions left to test after this (roughly 4 steps) [d2918cca649f7457018f2c94176a8302e7a9f311] ntfs: add check for mft record size in superblock testing commit d2918cca649f7457018f2c94176a8302e7a9f311 with gcc (GCC) 8.1.0 kernel signature: 28b233e7dca4173b2f0f47d1c02509d778267f0bffcb97f7a506be7cca39a8ba all runs: OK # git bisect bad d2918cca649f7457018f2c94176a8302e7a9f311 Bisecting: 5 revisions left to test after this (roughly 3 steps) [6fab85f03cfacc02ff42776985819b4f348ea72c] media: media/pci: prevent memory leak in bttv_probe testing commit 6fab85f03cfacc02ff42776985819b4f348ea72c with gcc (GCC) 8.1.0 kernel signature: 9126efac07b0634906eaf48d302e49a056fa94178e07b7d55b80fd4eb0cef979 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: use-after-free Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find # git bisect good 6fab85f03cfacc02ff42776985819b4f348ea72c Bisecting: 2 revisions left to test after this (roughly 2 steps) [03d78253277aa4a44e4c97736756f8523798eca7] media: saa7134: avoid a shift overflow testing commit 03d78253277aa4a44e4c97736756f8523798eca7 with gcc (GCC) 8.1.0 kernel signature: 03c7ef1542aa98112f94333a012d954d310f6fa312701ee2534fdd39f77d5cbe run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 03d78253277aa4a44e4c97736756f8523798eca7 Bisecting: 0 revisions left to test after this (roughly 1 step) [699cbe4895d54792114e7231e0d4195b3ec8d986] media: venus: core: Fix runtime PM imbalance in venus_probe testing commit 699cbe4895d54792114e7231e0d4195b3ec8d986 with gcc (GCC) 8.1.0 kernel signature: 534f8a1c203a9254e69138685bbb907d1e8e6b9b61be801b13b0dafc97a530d2 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 699cbe4895d54792114e7231e0d4195b3ec8d986 d2918cca649f7457018f2c94176a8302e7a9f311 is the first bad commit commit d2918cca649f7457018f2c94176a8302e7a9f311 Author: Rustam Kovhaev Date: Tue Oct 13 16:48:17 2020 -0700 ntfs: add check for mft record size in superblock [ Upstream commit 4f8c94022f0bc3babd0a124c0a7dcdd7547bd94e ] Number of bytes allocated for mft record should be equal to the mft record size stored in ntfs superblock as reported by syzbot, userspace might trigger out-of-bounds read by dereferencing ctx->attr in ntfs_attr_find() Reported-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Signed-off-by: Rustam Kovhaev Signed-off-by: Andrew Morton Tested-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Link: https://syzkaller.appspot.com/bug?extid=aed06913f36eff9b544e Link: https://lkml.kernel.org/r/20200824022804.226242-1-rkovhaev@gmail.com Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 28b233e7dca4173b2f0f47d1c02509d778267f0bffcb97f7a506be7cca39a8ba parent signature: 534f8a1c203a9254e69138685bbb907d1e8e6b9b61be801b13b0dafc97a530d2 revisions tested: 11, total time: 2h33m7.616714955s (build: 1h34m10.327058754s, test: 57m29.768390959s) first good commit: d2918cca649f7457018f2c94176a8302e7a9f311 ntfs: add check for mft record size in superblock recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "rkovhaev@gmail.com" "sashal@kernel.org" "syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []