bisecting fixing commit since eb575cd5d7f60241d016fdd13a9e86d962093c9b
building syzkaller on aba2b2fb3544d9e42991237c13d8cada421deda5
testing commit eb575cd5d7f60241d016fdd13a9e86d962093c9b
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 38d7f1ae61316364ae6b4645e052157bc1d7dd8286fd0630ea78d601d49146f9
all runs: crashed: KASAN: use-after-free Read in ntfs_iget
testing current HEAD 4938296e03bd227e5020d63d418956fe52baf97c
testing commit 4938296e03bd227e5020d63d418956fe52baf97c
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 276b52cdd1955a49a057fd3ccd5e5f4186b4d00b1d0c3a6f2ee95d228fcc0a25
all runs: OK
# git bisect start 4938296e03bd227e5020d63d418956fe52baf97c eb575cd5d7f60241d016fdd13a9e86d962093c9b
Bisecting: 282 revisions left to test after this (roughly 8 steps)
[3225cd78880a15928f8930e3de698a6edca63f42] netfilter: nft_osf: check for TCP packet before further processing

testing commit 3225cd78880a15928f8930e3de698a6edca63f42
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a86784db83ffc429df35d4d4e5736f1e7cb1a4e9c004b114d8c31af68e9cb4f8
all runs: OK
# git bisect bad 3225cd78880a15928f8930e3de698a6edca63f42
Bisecting: 140 revisions left to test after this (roughly 7 steps)
[78130e2e4e405d51f74cfebec47dd43ec6164277] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support

testing commit 78130e2e4e405d51f74cfebec47dd43ec6164277
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 7c5d5e19742b8def018aadcd360a6c543b7940fe9134193268c9ca645b0bd445
all runs: crashed: KASAN: use-after-free Read in ntfs_iget
# git bisect good 78130e2e4e405d51f74cfebec47dd43ec6164277
Bisecting: 70 revisions left to test after this (roughly 6 steps)
[a3c67e5a5266d29fe269c16c88433f55d8e5b80b] media: dvd_usb: memory leak in cinergyt2_fe_attach

testing commit a3c67e5a5266d29fe269c16c88433f55d8e5b80b
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 39e9167be45be6c215b33ca68c44f600d6781df446af3d5d67d97e5197682fec
all runs: OK
# git bisect bad a3c67e5a5266d29fe269c16c88433f55d8e5b80b
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[3f1aab2fa0c20a209618c2c6187d2362e828f3fc] rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path

testing commit 3f1aab2fa0c20a209618c2c6187d2362e828f3fc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c029051a95b3c771b44b9f5e5c41e66caef8c1c68b95b77ef07cc2b57e8b0716
all runs: OK
# git bisect bad 3f1aab2fa0c20a209618c2c6187d2362e828f3fc
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[b62ce8e3f7fbd81ea7c9341ac5e0d445f685f6af] Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl

testing commit b62ce8e3f7fbd81ea7c9341ac5e0d445f685f6af
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 6e4031bab127c3d1958e6c74fe8a7278b752495d6cd51e771f75001ba7b5dbf7
all runs: OK
# git bisect bad b62ce8e3f7fbd81ea7c9341ac5e0d445f685f6af
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[bfa8fce9c16596643939bacdf72fa6a4dc84a706] Input: usbtouchscreen - fix control-request directions

testing commit bfa8fce9c16596643939bacdf72fa6a4dc84a706
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a4dbc1cae63e14c9862e636db6e6cc8beffcbf1df0c02f303143f87901f25dc2
all runs: crashed: KASAN: use-after-free Read in ntfs_iget
# git bisect good bfa8fce9c16596643939bacdf72fa6a4dc84a706
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[309970bf56ed469eef1d59d20be5d37693845076] usb: dwc3: Fix debugfs creation flow

testing commit 309970bf56ed469eef1d59d20be5d37693845076
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: ae6bac61125104c89d2b09c98963cbe044357a2579d242f64b42c5601aacd3a8
all runs: crashed: KASAN: use-after-free Read in ntfs_iget
# git bisect good 309970bf56ed469eef1d59d20be5d37693845076
Bisecting: 2 revisions left to test after this (roughly 1 step)
[6f26f2e79dcc8b2698960cf73f38bf100c250ba8] xhci: solve a double free problem while doing s4

testing commit 6f26f2e79dcc8b2698960cf73f38bf100c250ba8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8c849f060d1ef4583725327f2472725059d2cd5fff03e2f9abe5f4d493335425
all runs: crashed: KASAN: use-after-free Read in ntfs_iget
# git bisect good 6f26f2e79dcc8b2698960cf73f38bf100c250ba8
Bisecting: 0 revisions left to test after this (roughly 1 step)
[faf8ab4355ec527f7fd1a4bab8c66f596c8490a8] iov_iter_fault_in_readable() should do nothing in xarray case

testing commit faf8ab4355ec527f7fd1a4bab8c66f596c8490a8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 1b3194da1b272cb40b3575932048272c41423edda0501f23065ced7495f5cb36
all runs: OK
# git bisect bad faf8ab4355ec527f7fd1a4bab8c66f596c8490a8
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b] ntfs: fix validity check for file name attribute

testing commit 00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: b02fea0da8ae5fc138ee00893bfc276c0561fc8b6e8c6854e2307c459b0d6377
all runs: OK
# git bisect bad 00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b
00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b is the first bad commit
commit 00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b
Author: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
Date:   Mon Jun 28 19:33:52 2021 -0700

    ntfs: fix validity check for file name attribute
    
    commit d98e4d95411bbde2220a7afa38dcc9c14d71acbe upstream.
    
    When checking the file name attribute, we want to ensure that it fits
    within the bounds of ATTR_RECORD.  To do this, we should check that (attr
    record + file name offset + file name length) < (attr record + attr record
    length).
    
    However, the original check did not include the file name offset in the
    calculation.  This means that corrupted on-disk metadata might not caught
    by the incorrect file name check, and lead to an invalid memory access.
    
    An example can be seen in the crash report of a memory corruption error
    found by Syzbot:
    https://syzkaller.appspot.com/bug?id=a1a1e379b225812688566745c3e2f7242bffc246
    
    Adding the file name offset to the validity check fixes this error and
    passes the Syzbot reproducer test.
    
    Link: https://lkml.kernel.org/r/20210614050540.289494-1-desmondcheongzx@gmail.com
    Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
    Reported-by: syzbot+213ac8bb98f7f4420840@syzkaller.appspotmail.com
    Tested-by: syzbot+213ac8bb98f7f4420840@syzkaller.appspotmail.com
    Acked-by: Anton Altaparmakov <anton@tuxera.com>
    Cc: Shuah Khan <skhan@linuxfoundation.org>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ntfs/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

culprit signature: b02fea0da8ae5fc138ee00893bfc276c0561fc8b6e8c6854e2307c459b0d6377
parent  signature: 8c849f060d1ef4583725327f2472725059d2cd5fff03e2f9abe5f4d493335425
revisions tested: 12, total time: 3h21m20.475710392s (build: 1h45m43.853968027s, test: 1h34m37.883477709s)
first good commit: 00f00f5db888e9f8dfaaa2e6b8d6cf5a6c28753b ntfs: fix validity check for file name attribute
recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "desmondcheongzx@gmail.com" "gregkh@linuxfoundation.org" "syzbot+213ac8bb98f7f4420840@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"]
recipients (cc): []