bisecting fixing commit since 87335852c5d9ec629f80bb2257b9a9945962b719 building syzkaller on a0092f9dfdd33924abe5cf5565e4ec4748217c7b testing commit 87335852c5d9ec629f80bb2257b9a9945962b719 with gcc (GCC) 8.1.0 kernel signature: 619fa0ca32649467d2613d8efea0939e806fea21c92b58b15ffc24a7528d4fc9 run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: use-after-free Read in leaf_paste_entries run #4: crashed: KASAN: use-after-free Read in leaf_paste_entries run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: use-after-free Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries testing current HEAD 2d2791fce891fc20709232d49a6bae075b9a77f8 testing commit 2d2791fce891fc20709232d49a6bae075b9a77f8 with gcc (GCC) 8.1.0 kernel signature: 62c1a484acb0229adea1973fcd17fc23b278e43fd5f5a056dd0d6ce9b0a9a9b9 all runs: OK # git bisect start 2d2791fce891fc20709232d49a6bae075b9a77f8 87335852c5d9ec629f80bb2257b9a9945962b719 Bisecting: 254 revisions left to test after this (roughly 8 steps) [f2fa0444627df738f7d92f40c6ae82897b16826a] nfs_common: need lock during iterate through the list testing commit f2fa0444627df738f7d92f40c6ae82897b16826a with gcc (GCC) 8.1.0 kernel signature: 4c689375a68c0cbff175171f2dafe0d11cb5b0e88dc9a20628a509f0181f53da run #0: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: use-after-free Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good f2fa0444627df738f7d92f40c6ae82897b16826a Bisecting: 127 revisions left to test after this (roughly 7 steps) [07f5d369405fe95ec5d2704fc4cadffd1e4a1740] ethernet: ucc_geth: set dev->max_mtu to 1518 testing commit 07f5d369405fe95ec5d2704fc4cadffd1e4a1740 with gcc (GCC) 8.1.0 kernel signature: d0856517b8ced9a8e412cd924fe1de53935ae765dd8fce623518da9054aac9e6 all runs: OK # git bisect bad 07f5d369405fe95ec5d2704fc4cadffd1e4a1740 Bisecting: 63 revisions left to test after this (roughly 6 steps) [598618c38a77b43c4b70ab4f14657127a12cbf1e] jffs2: Fix GC exit abnormally testing commit 598618c38a77b43c4b70ab4f14657127a12cbf1e with gcc (GCC) 8.1.0 kernel signature: af812d0a438af228d74138a40883460bdf1d003dae72f1c807bf1ea01af3d6c1 run #0: crashed: KASAN: use-after-free Read in leaf_paste_entries run #1: crashed: KASAN: use-after-free Read in leaf_paste_entries run #2: crashed: KASAN: use-after-free Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: use-after-free Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in leaf_paste_entries run #6: crashed: KASAN: use-after-free Read in leaf_paste_entries run #7: crashed: KASAN: use-after-free Read in leaf_paste_entries run #8: crashed: KASAN: use-after-free Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 598618c38a77b43c4b70ab4f14657127a12cbf1e Bisecting: 31 revisions left to test after this (roughly 5 steps) [fdcda71d87acfe8f645f3ce5e9303688cad8b8f1] mm: memcontrol: eliminate raw access to stat and event counters testing commit fdcda71d87acfe8f645f3ce5e9303688cad8b8f1 with gcc (GCC) 8.1.0 kernel signature: 7a4b1fc77e5d35b38a35d818393442d44e8b160b02a83dadc04710e004b93739 run #0: crashed: KASAN: use-after-free Read in leaf_paste_entries run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: use-after-free Read in leaf_paste_entries run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good fdcda71d87acfe8f645f3ce5e9303688cad8b8f1 Bisecting: 15 revisions left to test after this (roughly 4 steps) [3569349e760c7903fd6990b835f64fdc98c016a8] powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() testing commit 3569349e760c7903fd6990b835f64fdc98c016a8 with gcc (GCC) 8.1.0 kernel signature: ec19fcec13e313fae2fc5259ece944f3f3bd916dc9c3045f7817e310561e6174 all runs: OK # git bisect bad 3569349e760c7903fd6990b835f64fdc98c016a8 Bisecting: 7 revisions left to test after this (roughly 3 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.1.0 kernel signature: 08ba78fc5d641b0f5fdc8329ec785acf9a3054199db9e29a553a546014a4fb11 run #0: crashed: KASAN: use-after-free Read in leaf_paste_entries run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #5: crashed: KASAN: use-after-free Read in leaf_paste_entries run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries run #8: crashed: KASAN: use-after-free Read in leaf_paste_entries run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c5eae3edc5273ac59dab70fd49114cce729f27f4] ALSA: seq: Use bool for snd_seq_queue internal flags testing commit c5eae3edc5273ac59dab70fd49114cce729f27f4 with gcc (GCC) 8.1.0 kernel signature: b2397b3a6c1e0a1c270b09d009fed121f90074b0e4af84cdfac1f3c3c2253431 all runs: OK # git bisect bad c5eae3edc5273ac59dab70fd49114cce729f27f4 Bisecting: 1 revision left to test after this (roughly 1 step) [68d8414711b4e392fba64b1dd567dedaeb10deb8] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 68d8414711b4e392fba64b1dd567dedaeb10deb8 with gcc (GCC) 8.1.0 kernel signature: 1164fbac8f2f216d72fee278e7cf8e58457fa597cd3f43e768a584b88f7e2e39 all runs: OK # git bisect bad 68d8414711b4e392fba64b1dd567dedaeb10deb8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.1.0 kernel signature: 4a56af576a30bea37e431226c6b08ea254614ece36e43a3c1f7d02dcb540caed all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 4a56af576a30bea37e431226c6b08ea254614ece36e43a3c1f7d02dcb540caed parent signature: 08ba78fc5d641b0f5fdc8329ec785acf9a3054199db9e29a553a546014a4fb11 revisions tested: 11, total time: 2h34m47.791430467s (build: 1h27m50.2946884s, test: 1h5m54.331948464s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []