bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on 2d5ea0cb6edb828803beea8af38dbc04dc80f028 testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.4.1 20210217 kernel signature: 7f28b51dcf19d716608bbb734ce441feb8f94f123d42f7276e6e369442e6857b run #0: crashed: KASAN: use-after-free Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in search_by_entry_key run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: use-after-free Read in search_by_entry_key run #4: crashed: KASAN: use-after-free Read in search_by_entry_key run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in search_by_entry_key run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: use-after-free Read in leaf_paste_entries run #10: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #11: crashed: KASAN: use-after-free Read in leaf_paste_entries run #12: crashed: KASAN: use-after-free Read in search_by_entry_key run #13: crashed: KASAN: use-after-free Read in search_by_entry_key run #14: crashed: KASAN: use-after-free Read in search_by_entry_key run #15: crashed: KASAN: use-after-free Read in search_by_entry_key run #16: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #17: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #18: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #19: crashed: KASAN: out-of-bounds Read in leaf_paste_entries testing current HEAD 29c52025152bab4c557d8174da58f1a4c8e70438 testing commit 29c52025152bab4c557d8174da58f1a4c8e70438 with gcc (GCC) 8.4.1 20210217 kernel signature: e32bfe3b8e8245644dc106f565dbfd65fef93c911e78b04d04560efa440d4a0f all runs: OK # git bisect start 29c52025152bab4c557d8174da58f1a4c8e70438 cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 761 revisions left to test after this (roughly 10 steps) [6372d0e3d8e808608b61a49593030b1c41c90d51] cosa: Add missing kfree in error path of cosa_write testing commit 6372d0e3d8e808608b61a49593030b1c41c90d51 with gcc (GCC) 8.4.1 20210217 kernel signature: fa61477ccf9964e3500ff3ae8b04444c038e22b73940b23be7e7a167175b7535 run #0: crashed: KASAN: use-after-free Read in search_by_entry_key run #1: crashed: KASAN: use-after-free Read in search_by_entry_key run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: use-after-free Read in search_by_entry_key run #5: crashed: KASAN: use-after-free Read in search_by_entry_key run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: use-after-free Read in search_by_entry_key run #8: crashed: KASAN: use-after-free Read in search_by_entry_key run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 6372d0e3d8e808608b61a49593030b1c41c90d51 Bisecting: 380 revisions left to test after this (roughly 9 steps) [8e601b501fcab24bf4d5751afb2fb09c622448b9] extcon: max77693: Fix modalias string testing commit 8e601b501fcab24bf4d5751afb2fb09c622448b9 with gcc (GCC) 8.4.1 20210217 kernel signature: a4adff5a197debb5f8b36dd159619ef169f23bd2e3e421c042857d63b03bc6dc run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in search_by_entry_key run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 8e601b501fcab24bf4d5751afb2fb09c622448b9 Bisecting: 190 revisions left to test after this (roughly 8 steps) [b4f18c95ae5d893385c117467130a88e8d87337a] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() testing commit b4f18c95ae5d893385c117467130a88e8d87337a with gcc (GCC) 8.4.1 20210217 kernel signature: 160efafd5762bd9754025d3ffba9dc08f80a1ef7c5fa910d6e9cb19494c3fa30 all runs: OK # git bisect bad b4f18c95ae5d893385c117467130a88e8d87337a Bisecting: 94 revisions left to test after this (roughly 7 steps) [6e1278ea35099542b2e5b7c6adb3a0cdfb590d47] vfio/pci: Move dummy_resources_list init in vfio_pci_probe() testing commit 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 with gcc (GCC) 8.4.1 20210217 kernel signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: use-after-free Read in search_by_entry_key run #5: crashed: KASAN: use-after-free Read in search_by_entry_key run #6: crashed: KASAN: use-after-free Read in search_by_entry_key run #7: crashed: KASAN: use-after-free Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 Bisecting: 47 revisions left to test after this (roughly 6 steps) [04c1d6069d93a7c4355177e68b22742bca899dcf] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older testing commit 04c1d6069d93a7c4355177e68b22742bca899dcf with gcc (GCC) 8.4.1 20210217 kernel signature: a62e711578092d3b6a7353087ddc2cd5300ada64ecc5d613f293df47cfef823e all runs: OK # git bisect bad 04c1d6069d93a7c4355177e68b22742bca899dcf Bisecting: 23 revisions left to test after this (roughly 5 steps) [f6d739c476c53585bd56b40492a781d5e43bfc48] workqueue: Kick a worker based on the actual activation of delayed works testing commit f6d739c476c53585bd56b40492a781d5e43bfc48 with gcc (GCC) 8.4.1 20210217 kernel signature: 572434f39a5101f7bacf5848dc7d598ecca76a9d8cf9e8192e91934e43794fc6 all runs: OK # git bisect bad f6d739c476c53585bd56b40492a781d5e43bfc48 Bisecting: 11 revisions left to test after this (roughly 4 steps) [22d29be48cef12cd97beac20bf0431a326847b02] module: set MODULE_STATE_GOING state when a module fails to load testing commit 22d29be48cef12cd97beac20bf0431a326847b02 with gcc (GCC) 8.4.1 20210217 kernel signature: e11e76a1cc4a2d1c40bed913c0b3b84e05522778ce80f15ac815cd413844fc73 all runs: OK # git bisect bad 22d29be48cef12cd97beac20bf0431a326847b02 Bisecting: 5 revisions left to test after this (roughly 3 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.4.1 20210217 kernel signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in search_by_entry_key run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in search_by_entry_key run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: use-after-free Read in search_by_entry_key run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 Bisecting: 2 revisions left to test after this (roughly 2 steps) [63cd39aa6c7b514a2914934cf940d4c86305b699] media: gp8psk: initialize stats at power control logic testing commit 63cd39aa6c7b514a2914934cf940d4c86305b699 with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad 63cd39aa6c7b514a2914934cf940d4c86305b699 Bisecting: 0 revisions left to test after this (roughly 1 step) [68d8414711b4e392fba64b1dd567dedaeb10deb8] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 68d8414711b4e392fba64b1dd567dedaeb10deb8 with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad 68d8414711b4e392fba64b1dd567dedaeb10deb8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 parent signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 revisions tested: 13, total time: 3h25m0.727086703s (build: 1h36m5.011597259s, test: 1h43m41.895931633s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []