bisecting fixing commit since ad326970d25cc85128cd22d62398751ad072efff building syzkaller on 2bb6666ca878753e46b201c508b64e338668694a testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.1.0 kernel signature: 2ea45b198a40d59e440c4263852b0150ca090d338789848213aa36790297b89c run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find testing current HEAD 0c88e405c97ed1828443b67891e6d4bb6e56cd4e testing commit 0c88e405c97ed1828443b67891e6d4bb6e56cd4e with gcc (GCC) 8.1.0 kernel signature: 8841a79d152f72098cc4df1cca394729e4007ca6e280df87b9b0d8c37a07f1e7 all runs: OK # git bisect start 0c88e405c97ed1828443b67891e6d4bb6e56cd4e ad326970d25cc85128cd22d62398751ad072efff Bisecting: 368 revisions left to test after this (roughly 9 steps) [06f2cb14aecf9d8a606db271d1723ee49b050c99] arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes testing commit 06f2cb14aecf9d8a606db271d1723ee49b050c99 with gcc (GCC) 8.1.0 kernel signature: 04861fb80c3bb9e735902657cbec3fa4f0be321ffcc19dc60acdd571e35aaeb7 all runs: OK # git bisect bad 06f2cb14aecf9d8a606db271d1723ee49b050c99 Bisecting: 184 revisions left to test after this (roughly 8 steps) [b04c0ccb51fd60fd0be6a957b2c95103efd2b4fb] Input: ep93xx_keypad - fix handling of platform_get_irq() error testing commit b04c0ccb51fd60fd0be6a957b2c95103efd2b4fb with gcc (GCC) 8.1.0 kernel signature: b348af8ca7a63cd6c7dc45a1b209b904793b45a15b7ecaac9c2bad4283bd1b54 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find # git bisect good b04c0ccb51fd60fd0be6a957b2c95103efd2b4fb Bisecting: 92 revisions left to test after this (roughly 7 steps) [84013ba77c1704c1461b299fbd336d6d6b6d3a9f] mlxsw: core: Fix memory leak on module removal testing commit 84013ba77c1704c1461b299fbd336d6d6b6d3a9f with gcc (GCC) 8.1.0 kernel signature: 9014e828d0737952865e05e129e45143cabd8ea73fb5e5a09e3f8fd635a390d4 all runs: OK # git bisect bad 84013ba77c1704c1461b299fbd336d6d6b6d3a9f Bisecting: 45 revisions left to test after this (roughly 6 steps) [d583c728ce8dc8c3419245f515af8050487f5e83] scsi: target: core: Add CONTROL field for trace events testing commit d583c728ce8dc8c3419245f515af8050487f5e83 with gcc (GCC) 8.1.0 kernel signature: 1124c05ecea6b09f6daed81e4e8a857df6ff7f56302b6a322dbbdfea93e0840d all runs: OK # git bisect bad d583c728ce8dc8c3419245f515af8050487f5e83 Bisecting: 22 revisions left to test after this (roughly 5 steps) [2c37decd6c5a67489c09bfd9fa46d64c1370992a] crypto: ccp - fix error handling testing commit 2c37decd6c5a67489c09bfd9fa46d64c1370992a with gcc (GCC) 8.1.0 kernel signature: ac3205689ff3a83588716921ae107e59c8415fa9c93081a18772e71c699bea25 run #0: crashed: KASAN: use-after-free Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 2c37decd6c5a67489c09bfd9fa46d64c1370992a Bisecting: 11 revisions left to test after this (roughly 4 steps) [60299cf61e1ec5d783e681d84245301deb6fef17] media: bdisp: Fix runtime PM imbalance on error testing commit 60299cf61e1ec5d783e681d84245301deb6fef17 with gcc (GCC) 8.1.0 kernel signature: 8d67c18842d84f303e5b4482394a56d23104d37b9d500d2d52589a63a866ef00 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 60299cf61e1ec5d783e681d84245301deb6fef17 Bisecting: 5 revisions left to test after this (roughly 3 steps) [4b799668bea8b98ad24943658d860fea46cbc389] media: venus: core: Fix runtime PM imbalance in venus_probe testing commit 4b799668bea8b98ad24943658d860fea46cbc389 with gcc (GCC) 8.1.0 kernel signature: 8223dbdd64b59dab39dc43f8bff3518abf3e2464e6ba1c6baf38820c9e227771 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 4b799668bea8b98ad24943658d860fea46cbc389 Bisecting: 2 revisions left to test after this (roughly 2 steps) [20ae51a36840a4d43614157218d5144788661853] mac80211: handle lack of sband->bitrates in rates testing commit 20ae51a36840a4d43614157218d5144788661853 with gcc (GCC) 8.1.0 kernel signature: 4171d0bc79f8ab35f2f1c6292e514d575dc4083148784e63f7db08d7657ebb02 all runs: OK # git bisect bad 20ae51a36840a4d43614157218d5144788661853 Bisecting: 0 revisions left to test after this (roughly 1 step) [cd3ecf114cbe4b12112cd2c175dbd1e41c70758f] ip_gre: set dev->hard_header_len and dev->needed_headroom properly testing commit cd3ecf114cbe4b12112cd2c175dbd1e41c70758f with gcc (GCC) 8.1.0 kernel signature: 30903d989e2d53c728052f107bec82b5bf0dac9ce9e62bde02a8ff0838e70266 all runs: OK # git bisect bad cd3ecf114cbe4b12112cd2c175dbd1e41c70758f Bisecting: 0 revisions left to test after this (roughly 0 steps) [dff5d774119537355b01e5b503d9468228d65044] ntfs: add check for mft record size in superblock testing commit dff5d774119537355b01e5b503d9468228d65044 with gcc (GCC) 8.1.0 kernel signature: e9b66cd5b02cc4fb3eccd184318a79ee8893fd8be0dc2d8bbd49e9b50f160410 all runs: OK # git bisect bad dff5d774119537355b01e5b503d9468228d65044 dff5d774119537355b01e5b503d9468228d65044 is the first bad commit commit dff5d774119537355b01e5b503d9468228d65044 Author: Rustam Kovhaev Date: Tue Oct 13 16:48:17 2020 -0700 ntfs: add check for mft record size in superblock [ Upstream commit 4f8c94022f0bc3babd0a124c0a7dcdd7547bd94e ] Number of bytes allocated for mft record should be equal to the mft record size stored in ntfs superblock as reported by syzbot, userspace might trigger out-of-bounds read by dereferencing ctx->attr in ntfs_attr_find() Reported-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Signed-off-by: Rustam Kovhaev Signed-off-by: Andrew Morton Tested-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Link: https://syzkaller.appspot.com/bug?extid=aed06913f36eff9b544e Link: https://lkml.kernel.org/r/20200824022804.226242-1-rkovhaev@gmail.com Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: e9b66cd5b02cc4fb3eccd184318a79ee8893fd8be0dc2d8bbd49e9b50f160410 parent signature: 8223dbdd64b59dab39dc43f8bff3518abf3e2464e6ba1c6baf38820c9e227771 revisions tested: 12, total time: 3h12m45.119089325s (build: 1h49m19.838781727s, test: 1h22m13.942815612s) first good commit: dff5d774119537355b01e5b503d9468228d65044 ntfs: add check for mft record size in superblock recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "rkovhaev@gmail.com" "sashal@kernel.org" "syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []