bisecting fixing commit since c196b3a9c83ae3491280b739d231d02b3cb9d041 building syzkaller on f80ce148aeb891e3335fb38ed9b48b005ca76529 testing commit c196b3a9c83ae3491280b739d231d02b3cb9d041 with gcc (GCC) 8.4.1 20210217 kernel signature: f36d7059090a3e0c7a77a6784d0e4d25771c72589afe297694c217c947fd4865 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: use-after-free Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget run #10: crashed: KASAN: use-after-free Read in ntfs_iget run #11: crashed: KASAN: out-of-bounds Read in ntfs_iget run #12: crashed: KASAN: use-after-free Read in ntfs_iget run #13: crashed: KASAN: use-after-free Read in ntfs_iget run #14: crashed: KASAN: use-after-free Read in ntfs_iget run #15: crashed: KASAN: out-of-bounds Read in ntfs_iget run #16: crashed: KASAN: use-after-free Read in ntfs_iget run #17: crashed: KASAN: use-after-free Read in ntfs_iget run #18: crashed: KASAN: use-after-free Read in ntfs_iget run #19: crashed: KASAN: use-after-free Read in ntfs_iget testing current HEAD cb83ddcd5332fcc3efd52ba994976efc4dd6061e testing commit cb83ddcd5332fcc3efd52ba994976efc4dd6061e with gcc (GCC) 8.4.1 20210217 kernel signature: 558b0f227d1a2a34ad018b2d196b08c3236d3c032c305691c60e2f5acf16aa5d all runs: OK # git bisect start cb83ddcd5332fcc3efd52ba994976efc4dd6061e c196b3a9c83ae3491280b739d231d02b3cb9d041 Bisecting: 488 revisions left to test after this (roughly 9 steps) [465196a0a5aafe44b5d8b7b2c0881cdbcb5d2c93] sh_eth: Fix power down vs. is_opened flag ordering testing commit 465196a0a5aafe44b5d8b7b2c0881cdbcb5d2c93 with gcc (GCC) 8.4.1 20210217 kernel signature: 78e5a178b2b74655a6ae36bcd99d4563ecaa2e1863784e1044cefadd0e25f396 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 465196a0a5aafe44b5d8b7b2c0881cdbcb5d2c93 Bisecting: 244 revisions left to test after this (roughly 8 steps) [30af715437e37a9fe9b104c654fc7d0e86802b04] powerpc/47x: Disable 256k page size testing commit 30af715437e37a9fe9b104c654fc7d0e86802b04 with gcc (GCC) 8.4.1 20210217 kernel signature: e427d61c3e978ec2249bb657cc36190e8e94a368ec33349c21c89b01b0787983 all runs: OK # git bisect bad 30af715437e37a9fe9b104c654fc7d0e86802b04 Bisecting: 121 revisions left to test after this (roughly 7 steps) [7b6887b4d09af91f1a8cd905b627ce7f1408071c] ovl: perform vfs_getxattr() with mounter creds testing commit 7b6887b4d09af91f1a8cd905b627ce7f1408071c with gcc (GCC) 8.4.1 20210217 kernel signature: c57cb2af302698fc22a3001da5fbd553397a78a603d6b51678bd4b215e356307 run #0: crashed: KASAN: use-after-free Read in ntfs_iget run #1: crashed: KASAN: use-after-free Read in ntfs_iget run #2: crashed: KASAN: use-after-free Read in ntfs_iget run #3: crashed: KASAN: out-of-bounds Read in ntfs_iget run #4: crashed: KASAN: use-after-free Read in ntfs_iget run #5: crashed: KASAN: use-after-free Read in ntfs_iget run #6: crashed: KASAN: use-after-free Read in ntfs_iget run #7: crashed: KASAN: use-after-free Read in ntfs_iget run #8: crashed: KASAN: use-after-free Read in ntfs_iget run #9: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 7b6887b4d09af91f1a8cd905b627ce7f1408071c Bisecting: 60 revisions left to test after this (roughly 6 steps) [65be3969b15e213c96279e93e753a77c1982f503] usb: dwc2: Abort transaction after errors with unknown reason testing commit 65be3969b15e213c96279e93e753a77c1982f503 with gcc (GCC) 8.4.1 20210217 kernel signature: 9ce794511fda5f058dfd178195b334e9e6222ac4629f29e7a4f9bfca72d32d9c all runs: OK # git bisect bad 65be3969b15e213c96279e93e753a77c1982f503 Bisecting: 30 revisions left to test after this (roughly 5 steps) [5571633988e02a1107720544a57ab4878c4446be] xen-blkback: fix error handling in xen_blkbk_map() testing commit 5571633988e02a1107720544a57ab4878c4446be with gcc (GCC) 8.4.1 20210217 kernel signature: e966aca0ba3d32d9607fcd555cf120308c4956b1aaa6d485fd7cc3654fe8d385 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good 5571633988e02a1107720544a57ab4878c4446be Bisecting: 15 revisions left to test after this (roughly 4 steps) [0516cf27f0eafc016455e70e23fc8f6467a0983a] MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section testing commit 0516cf27f0eafc016455e70e23fc8f6467a0983a with gcc (GCC) 8.4.1 20210217 kernel signature: 9eccc2d43e6e8293448e6b036cd045cc821e1e2808d81d80a64287f6aa33ff51 all runs: OK # git bisect bad 0516cf27f0eafc016455e70e23fc8f6467a0983a Bisecting: 7 revisions left to test after this (roughly 3 steps) [afd4a33779bd37cf8b566ef1fbbbac06366c61f6] usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable testing commit afd4a33779bd37cf8b566ef1fbbbac06366c61f6 with gcc (GCC) 8.4.1 20210217 kernel signature: 64ac2b15ca19331a6981ff4bf03d5bd5302f4c8703e10e24485c7639fe77ece6 all runs: crashed: KASAN: use-after-free Read in ntfs_iget # git bisect good afd4a33779bd37cf8b566ef1fbbbac06366c61f6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [ad48c641e7c344ae7aba243d3056a22eaba71bfd] cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath. testing commit ad48c641e7c344ae7aba243d3056a22eaba71bfd with gcc (GCC) 8.4.1 20210217 kernel signature: 9eccc2d43e6e8293448e6b036cd045cc821e1e2808d81d80a64287f6aa33ff51 all runs: OK # git bisect bad ad48c641e7c344ae7aba243d3056a22eaba71bfd Bisecting: 1 revision left to test after this (roughly 1 step) [c11e6ca7a84e92b4933bd2c29ade08c18a47a430] arm64: tegra: Add power-domain for Tegra210 HDA testing commit c11e6ca7a84e92b4933bd2c29ade08c18a47a430 with gcc (GCC) 8.4.1 20210217 kernel signature: c1e97c6511eaf9bdf5ace34988151404620a2b37423ebbfdd35f8c8e0069de9e all runs: OK # git bisect bad c11e6ca7a84e92b4933bd2c29ade08c18a47a430 Bisecting: 0 revisions left to test after this (roughly 0 steps) [49ee014a2070b209fd73ad96a7a36193dcdd149c] ntfs: check for valid standard information attribute testing commit 49ee014a2070b209fd73ad96a7a36193dcdd149c with gcc (GCC) 8.4.1 20210217 kernel signature: c1e97c6511eaf9bdf5ace34988151404620a2b37423ebbfdd35f8c8e0069de9e all runs: OK # git bisect bad 49ee014a2070b209fd73ad96a7a36193dcdd149c 49ee014a2070b209fd73ad96a7a36193dcdd149c is the first bad commit commit 49ee014a2070b209fd73ad96a7a36193dcdd149c Author: Rustam Kovhaev Date: Wed Feb 24 12:00:30 2021 -0800 ntfs: check for valid standard information attribute commit 4dfe6bd94959222e18d512bdf15f6bf9edb9c27c upstream. Mounting a corrupted filesystem with NTFS resulted in a kernel crash. We should check for valid STANDARD_INFORMATION attribute offset and length before trying to access it Link: https://lkml.kernel.org/r/20210217155930.1506815-1-rkovhaev@gmail.com Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969 Signed-off-by: Rustam Kovhaev Reported-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Tested-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: c1e97c6511eaf9bdf5ace34988151404620a2b37423ebbfdd35f8c8e0069de9e parent signature: 64ac2b15ca19331a6981ff4bf03d5bd5302f4c8703e10e24485c7639fe77ece6 revisions tested: 12, total time: 3h0m23.017339198s (build: 1h26m11.183238011s, test: 1h33m11.809045401s) first good commit: 49ee014a2070b209fd73ad96a7a36193dcdd149c ntfs: check for valid standard information attribute recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "gregkh@linuxfoundation.org" "rkovhaev@gmail.com" "syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []