bisecting fixing commit since ad326970d25cc85128cd22d62398751ad072efff building syzkaller on ff4a3345a1b2a40ff1b8b983153d0b1fcc72f1c5 testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.1.0 kernel signature: 82db8bc670ef190020d000cae382bd18e661d517b3940c2286a49c1d44c6cd09 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: use-after-free Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find testing current HEAD 13d2ce42de8cb98ff952f8de6307f896203854c2 testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.1.0 kernel signature: c17736c5e3c06d56aaff84c8772297323ff270590db40195f6c2b0c46392b2ce all runs: OK # git bisect start 13d2ce42de8cb98ff952f8de6307f896203854c2 ad326970d25cc85128cd22d62398751ad072efff Bisecting: 434 revisions left to test after this (roughly 9 steps) [4f3b78e25a073115c52b064c9f35e6a9aa39e566] ceph: promote to unsigned long long before shifting testing commit 4f3b78e25a073115c52b064c9f35e6a9aa39e566 with gcc (GCC) 8.1.0 kernel signature: cfe13e4be2ae6709fb350b3885b10f0511f6bcefd99d52024570c252bfbc90bd all runs: OK # git bisect bad 4f3b78e25a073115c52b064c9f35e6a9aa39e566 Bisecting: 216 revisions left to test after this (roughly 8 steps) [8a517a48cb16f161523a132b0d6c925203b4bc4a] media: platform: sti: hva: Fix runtime PM imbalance on error testing commit 8a517a48cb16f161523a132b0d6c925203b4bc4a with gcc (GCC) 8.1.0 kernel signature: 5c701c103fdbc8883cc2aecd73fdd024cedd4cd480d591e826e6cedd026943c8 run #0: crashed: KASAN: use-after-free Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: use-after-free Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 8a517a48cb16f161523a132b0d6c925203b4bc4a Bisecting: 108 revisions left to test after this (roughly 7 steps) [0ca99ffc6befae0f2d90182a66182b19c0954c94] f2fs: fix uninit-value in f2fs_lookup testing commit 0ca99ffc6befae0f2d90182a66182b19c0954c94 with gcc (GCC) 8.1.0 kernel signature: 9c660dde2b287c40453907fcd34051eec9d80b644814a6315d6605c9adf90e52 all runs: OK # git bisect bad 0ca99ffc6befae0f2d90182a66182b19c0954c94 Bisecting: 53 revisions left to test after this (roughly 6 steps) [02bb497cd6de22e9ce17396957e76fa5aa11102f] efivarfs: Replace invalid slashes with exclamation marks in dentries. testing commit 02bb497cd6de22e9ce17396957e76fa5aa11102f with gcc (GCC) 8.1.0 kernel signature: 7a80f0f67b524333115ac821e37af2e143f81c93866a68ae28d699131992507d all runs: OK # git bisect bad 02bb497cd6de22e9ce17396957e76fa5aa11102f Bisecting: 26 revisions left to test after this (roughly 5 steps) [738315384e49e4268a9c7fdeae57d59d43af3247] Bluetooth: Only mark socket zapped after unlocking testing commit 738315384e49e4268a9c7fdeae57d59d43af3247 with gcc (GCC) 8.1.0 kernel signature: 453d259091024c7aa47950e53d8ce897873292c99d43a7713fdc261b0d7b5ea5 all runs: OK # git bisect bad 738315384e49e4268a9c7fdeae57d59d43af3247 Bisecting: 13 revisions left to test after this (roughly 4 steps) [d583c728ce8dc8c3419245f515af8050487f5e83] scsi: target: core: Add CONTROL field for trace events testing commit d583c728ce8dc8c3419245f515af8050487f5e83 with gcc (GCC) 8.1.0 kernel signature: 347a9f0ba294fe2f4df20d2a8f64fa38d4fb49616d8d1922a50e90360cc77fcf all runs: OK # git bisect bad d583c728ce8dc8c3419245f515af8050487f5e83 Bisecting: 6 revisions left to test after this (roughly 3 steps) [13296b64a81c74b0ec14c80d5c946ab77e4cee83] fs: dlm: fix configfs memory leak testing commit 13296b64a81c74b0ec14c80d5c946ab77e4cee83 with gcc (GCC) 8.1.0 kernel signature: 9342dc9751aea6d3d8ccfe0f13debaa9f33370651e81970de52cbccd5c6a120a run #0: crashed: KASAN: use-after-free Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: use-after-free Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find # git bisect good 13296b64a81c74b0ec14c80d5c946ab77e4cee83 Bisecting: 3 revisions left to test after this (roughly 2 steps) [cd3ecf114cbe4b12112cd2c175dbd1e41c70758f] ip_gre: set dev->hard_header_len and dev->needed_headroom properly testing commit cd3ecf114cbe4b12112cd2c175dbd1e41c70758f with gcc (GCC) 8.1.0 kernel signature: 0f1190a57fa1055dd1683da05ab4ecbe5b142daf78ed8f0b2e55522c76ad5ba3 all runs: OK # git bisect bad cd3ecf114cbe4b12112cd2c175dbd1e41c70758f Bisecting: 0 revisions left to test after this (roughly 1 step) [dff5d774119537355b01e5b503d9468228d65044] ntfs: add check for mft record size in superblock testing commit dff5d774119537355b01e5b503d9468228d65044 with gcc (GCC) 8.1.0 kernel signature: d25f943ffbd5621cfcde790514d2d27fe53dbadf85217e9852d806fc7ca83369 all runs: OK # git bisect bad dff5d774119537355b01e5b503d9468228d65044 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4b799668bea8b98ad24943658d860fea46cbc389] media: venus: core: Fix runtime PM imbalance in venus_probe testing commit 4b799668bea8b98ad24943658d860fea46cbc389 with gcc (GCC) 8.1.0 kernel signature: 9342dc9751aea6d3d8ccfe0f13debaa9f33370651e81970de52cbccd5c6a120a run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: use-after-free Read in ntfs_attr_find run #2: crashed: KASAN: use-after-free Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: use-after-free Read in ntfs_attr_find run #8: crashed: KASAN: use-after-free Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find # git bisect good 4b799668bea8b98ad24943658d860fea46cbc389 dff5d774119537355b01e5b503d9468228d65044 is the first bad commit commit dff5d774119537355b01e5b503d9468228d65044 Author: Rustam Kovhaev Date: Tue Oct 13 16:48:17 2020 -0700 ntfs: add check for mft record size in superblock [ Upstream commit 4f8c94022f0bc3babd0a124c0a7dcdd7547bd94e ] Number of bytes allocated for mft record should be equal to the mft record size stored in ntfs superblock as reported by syzbot, userspace might trigger out-of-bounds read by dereferencing ctx->attr in ntfs_attr_find() Reported-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Signed-off-by: Rustam Kovhaev Signed-off-by: Andrew Morton Tested-by: syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com Acked-by: Anton Altaparmakov Link: https://syzkaller.appspot.com/bug?extid=aed06913f36eff9b544e Link: https://lkml.kernel.org/r/20200824022804.226242-1-rkovhaev@gmail.com Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin fs/ntfs/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: d25f943ffbd5621cfcde790514d2d27fe53dbadf85217e9852d806fc7ca83369 parent signature: 9342dc9751aea6d3d8ccfe0f13debaa9f33370651e81970de52cbccd5c6a120a revisions tested: 12, total time: 3h22m16.295694155s (build: 1h51m54.87174122s, test: 1h28m59.400748589s) first good commit: dff5d774119537355b01e5b503d9468228d65044 ntfs: add check for mft record size in superblock recipients (to): ["akpm@linux-foundation.org" "anton@tuxera.com" "rkovhaev@gmail.com" "sashal@kernel.org" "syzbot+aed06913f36eff9b544e@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []