bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217 building syzkaller on fc7735a27949755327024847e12dcc1b868bcb99 testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.4.1 20210217 kernel signature: 133fc428369b72c78230c6b1c9bafaa3b6b6c772a51a9c796bdfe632e7ee9371 all runs: crashed: KASAN: use-after-free Read in ntfs_iget testing current HEAD 125222814e7b8f84df767d6ab622aff2a6d2f234 testing commit 125222814e7b8f84df767d6ab622aff2a6d2f234 with gcc (GCC) 8.4.1 20210217 kernel signature: 12f97e1655c2d7bdea2faefc11deb884d50bbdcff653168fab41e71e38e9146f all runs: OK # git bisect start 125222814e7b8f84df767d6ab622aff2a6d2f234 a1b977b49b66c75e6c51a515f6700371ae720217 Bisecting: 1120 revisions left to test after this (roughly 10 steps) [06773ce45d65c74c0aebdd766fbc3a916546d4ba] PCI: iproc: Fix out-of-bound array accesses testing commit 06773ce45d65c74c0aebdd766fbc3a916546d4ba with gcc (GCC) 8.4.1 20210217 kernel signature: a406c5a8d41ca147e6d2faaa631f30a9121c4cb0aa90dfe62022bd9dba6f7ce5 run #0: crashed: KASAN: out-of-bounds Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 06773ce45d65c74c0aebdd766fbc3a916546d4ba Bisecting: 560 revisions left to test after this (roughly 9 steps) [b6e04c19c5b2060c91b07acec5d650a1beb6855f] mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page testing commit b6e04c19c5b2060c91b07acec5d650a1beb6855f with gcc (GCC) 8.4.1 20210217 kernel signature: 759f9a4257a506522a153dad63b752e11f92d577b3c1bee6d7f344f21c0c0e40 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good b6e04c19c5b2060c91b07acec5d650a1beb6855f Bisecting: 280 revisions left to test after this (roughly 8 steps) [4e33bc5b4ac2cc33510649ac14a1df31b45a393d] USB: serial: ftdi_sio: fix FTX sub-integer prescaler testing commit 4e33bc5b4ac2cc33510649ac14a1df31b45a393d with gcc (GCC) 8.4.1 20210217 kernel signature: c0d16ece47f329cba31366b208129960259db56c600b4e26267b9df41d779403 all runs: OK # git bisect bad 4e33bc5b4ac2cc33510649ac14a1df31b45a393d Bisecting: 139 revisions left to test after this (roughly 7 steps) [9b707bc92c97b694fbcf0396d0d066a2eb6e93db] usb: dwc2: Make "trimming xfer length" a debug message testing commit 9b707bc92c97b694fbcf0396d0d066a2eb6e93db with gcc (GCC) 8.4.1 20210217 kernel signature: cd517fe58bdf00cb3386bb206789a8bc1bb8bae02c6dfb943e7b9b1e6eba1162 all runs: OK # git bisect bad 9b707bc92c97b694fbcf0396d0d066a2eb6e93db Bisecting: 69 revisions left to test after this (roughly 6 steps) [52862c2fe8e76d7ff23e6e48f310d5b9113603e1] net/vmw_vsock: improve locking in vsock_connect_timeout() testing commit 52862c2fe8e76d7ff23e6e48f310d5b9113603e1 with gcc (GCC) 8.4.1 20210217 kernel signature: f141121e176ca846b273f36c0dd11657e92b30d689e6e6a834692e78156216bd run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: out-of-bounds Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 52862c2fe8e76d7ff23e6e48f310d5b9113603e1 Bisecting: 34 revisions left to test after this (roughly 5 steps) [c5aefd25d2be3a73cec4f3d81d5a7eb714302377] scripts/recordmcount.pl: support big endian for ARCH sh testing commit c5aefd25d2be3a73cec4f3d81d5a7eb714302377 with gcc (GCC) 8.4.1 20210217 kernel signature: 40839e290654a21e0c12239512f0e959a9c7c5ba23f0f0474d732e495377679a all runs: OK # git bisect bad c5aefd25d2be3a73cec4f3d81d5a7eb714302377 Bisecting: 17 revisions left to test after this (roughly 4 steps) [f84c00fbd27b043fa42a56eaaa14e293877bc69b] xen-scsiback: don't "handle" error by BUG() testing commit f84c00fbd27b043fa42a56eaaa14e293877bc69b with gcc (GCC) 8.4.1 20210217 kernel signature: b75a810a39fad75b613b74a5fd719b23002c6eb6201a8147df897f10f6c2b17c all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good f84c00fbd27b043fa42a56eaaa14e293877bc69b Bisecting: 8 revisions left to test after this (roughly 3 steps) [94c28da48cc54f273f6b2dffaf890f7e6f5d668e] arm64: tegra: Add power-domain for Tegra210 HDA testing commit 94c28da48cc54f273f6b2dffaf890f7e6f5d668e with gcc (GCC) 8.4.1 20210217 kernel signature: 7051bd46781782f72d73b84fe5c3064108e789370f0be60200fc22fc02c8e506 all runs: OK # git bisect bad 94c28da48cc54f273f6b2dffaf890f7e6f5d668e Bisecting: 4 revisions left to test after this (roughly 2 steps) [2d19be4653f5e74ed95560b69f94eb6791d49af3] Linux 4.19.177 testing commit 2d19be4653f5e74ed95560b69f94eb6791d49af3 with gcc (GCC) 8.4.1 20210217 kernel signature: 78b8207b90a760b2e6d040e5513698e83566cde7432bbb5692e5a3944266a6f8 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: out-of-bounds Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: out-of-bounds Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: out-of-bounds Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 2d19be4653f5e74ed95560b69f94eb6791d49af3 Bisecting: 2 revisions left to test after this (roughly 1 step) [223a86b933bca7cf449f25af1c34ce2183a66711] USB: quirks: sort quirk entries testing commit 223a86b933bca7cf449f25af1c34ce2183a66711 with gcc (GCC) 8.4.1 20210217 kernel signature: b2979b9767bb106bc13a37a1acd0499f7fab3fc114ee03a52fdede1de11580b4 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: out-of-bounds Read in ntfs_iget # git bisect good 223a86b933bca7cf449f25af1c34ce2183a66711 Bisecting: 0 revisions left to test after this (roughly 1 step) [23e895868b518f48eab7925aeb93aeeac3ac2594] ntfs: check for valid standard information attribute testing commit 23e895868b518f48eab7925aeb93aeeac3ac2594 with gcc (GCC) 8.4.1 20210217 kernel signature: 7051bd46781782f72d73b84fe5c3064108e789370f0be60200fc22fc02c8e506 all runs: OK # git bisect bad 23e895868b518f48eab7925aeb93aeeac3ac2594 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9c4a31480b728b706844a47c262d9562e2f86ada] usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable testing commit 9c4a31480b728b706844a47c262d9562e2f86ada with gcc (GCC) 8.4.1 20210217 kernel signature: 328da5c0de081b353b6c2c312cd3dd8eb49c9a00fd8169cb71aac72faa10f99c all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 9c4a31480b728b706844a47c262d9562e2f86ada 23e895868b518f48eab7925aeb93aeeac3ac2594 is the first bad commit commit 23e895868b518f48eab7925aeb93aeeac3ac2594 Author: Rustam Kovhaev Date: Wed Feb 24 12:00:30 2021 -0800 ntfs: check for valid standard information attribute commit 4dfe6bd94959222e18d512bdf15f6bf9edb9c27c upstream. Mounting a corrupted filesystem with NTFS resulted in a kernel crash. We should check for valid STANDARD_INFORMATION attribute offset and length before trying to access it Link: https://lkml.kernel.org/r/20210217155930.1506815-1-rkovhaev@gmail.com Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969 Signed-off-by: Rustam Kovhaev Reported-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Tested-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 7051bd46781782f72d73b84fe5c3064108e789370f0be60200fc22fc02c8e506 parent signature: 328da5c0de081b353b6c2c312cd3dd8eb49c9a00fd8169cb71aac72faa10f99c revisions tested: 14, total time: 3h12m54.028132586s (build: 1h55m14.631689306s, test: 1h16m27.145465514s) first good commit: 23e895868b518f48eab7925aeb93aeeac3ac2594 ntfs: check for valid standard information attribute recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "gregkh@linuxfoundation.org" "rkovhaev@gmail.com" "syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []