bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67 building syzkaller on 5ef9c29141f85f210b326ce68718498ae0c1fd35 testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.4.1 20210217 kernel signature: d68dda0077a5836befd288ea4b0d7d1de2cb509656872ab921010ca3390b01a7 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super testing current HEAD 29c52025152bab4c557d8174da58f1a4c8e70438 testing commit 29c52025152bab4c557d8174da58f1a4c8e70438 with gcc (GCC) 8.4.1 20210217 kernel signature: 1916945d54831ef3df5e3d6f0ca920c0a1026ea884b0f7d74d14d81539625e6f all runs: OK # git bisect start 29c52025152bab4c557d8174da58f1a4c8e70438 cbfa1702aaf69b2311ea1b35e04f113c48368c67 Bisecting: 761 revisions left to test after this (roughly 10 steps) [6372d0e3d8e808608b61a49593030b1c41c90d51] cosa: Add missing kfree in error path of cosa_write testing commit 6372d0e3d8e808608b61a49593030b1c41c90d51 with gcc (GCC) 8.4.1 20210217 kernel signature: e79284ed2679e23b250244e6b69e4185dc7621b701f3dc3f91bd02a92dae4245 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 6372d0e3d8e808608b61a49593030b1c41c90d51 Bisecting: 380 revisions left to test after this (roughly 9 steps) [8e601b501fcab24bf4d5751afb2fb09c622448b9] extcon: max77693: Fix modalias string testing commit 8e601b501fcab24bf4d5751afb2fb09c622448b9 with gcc (GCC) 8.4.1 20210217 kernel signature: a4adff5a197debb5f8b36dd159619ef169f23bd2e3e421c042857d63b03bc6dc all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 8e601b501fcab24bf4d5751afb2fb09c622448b9 Bisecting: 190 revisions left to test after this (roughly 8 steps) [b4f18c95ae5d893385c117467130a88e8d87337a] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() testing commit b4f18c95ae5d893385c117467130a88e8d87337a with gcc (GCC) 8.4.1 20210217 kernel signature: 160efafd5762bd9754025d3ffba9dc08f80a1ef7c5fa910d6e9cb19494c3fa30 all runs: OK # git bisect bad b4f18c95ae5d893385c117467130a88e8d87337a Bisecting: 94 revisions left to test after this (roughly 7 steps) [6e1278ea35099542b2e5b7c6adb3a0cdfb590d47] vfio/pci: Move dummy_resources_list init in vfio_pci_probe() testing commit 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 with gcc (GCC) 8.4.1 20210217 kernel signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 6e1278ea35099542b2e5b7c6adb3a0cdfb590d47 Bisecting: 47 revisions left to test after this (roughly 6 steps) [04c1d6069d93a7c4355177e68b22742bca899dcf] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older testing commit 04c1d6069d93a7c4355177e68b22742bca899dcf with gcc (GCC) 8.4.1 20210217 kernel signature: a62e711578092d3b6a7353087ddc2cd5300ada64ecc5d613f293df47cfef823e all runs: OK # git bisect bad 04c1d6069d93a7c4355177e68b22742bca899dcf Bisecting: 23 revisions left to test after this (roughly 5 steps) [f6d739c476c53585bd56b40492a781d5e43bfc48] workqueue: Kick a worker based on the actual activation of delayed works testing commit f6d739c476c53585bd56b40492a781d5e43bfc48 with gcc (GCC) 8.4.1 20210217 kernel signature: 572434f39a5101f7bacf5848dc7d598ecca76a9d8cf9e8192e91934e43794fc6 all runs: OK # git bisect bad f6d739c476c53585bd56b40492a781d5e43bfc48 Bisecting: 11 revisions left to test after this (roughly 4 steps) [22d29be48cef12cd97beac20bf0431a326847b02] module: set MODULE_STATE_GOING state when a module fails to load testing commit 22d29be48cef12cd97beac20bf0431a326847b02 with gcc (GCC) 8.4.1 20210217 kernel signature: e11e76a1cc4a2d1c40bed913c0b3b84e05522778ce80f15ac815cd413844fc73 all runs: OK # git bisect bad 22d29be48cef12cd97beac20bf0431a326847b02 Bisecting: 5 revisions left to test after this (roughly 3 steps) [320f61926b081865181de2d7edd18f1d06c4e600] of: fix linker-section match-table corruption testing commit 320f61926b081865181de2d7edd18f1d06c4e600 with gcc (GCC) 8.4.1 20210217 kernel signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super # git bisect good 320f61926b081865181de2d7edd18f1d06c4e600 Bisecting: 2 revisions left to test after this (roughly 2 steps) [63cd39aa6c7b514a2914934cf940d4c86305b699] media: gp8psk: initialize stats at power control logic testing commit 63cd39aa6c7b514a2914934cf940d4c86305b699 with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad 63cd39aa6c7b514a2914934cf940d4c86305b699 Bisecting: 0 revisions left to test after this (roughly 1 step) [68d8414711b4e392fba64b1dd567dedaeb10deb8] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() testing commit 68d8414711b4e392fba64b1dd567dedaeb10deb8 with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad 68d8414711b4e392fba64b1dd567dedaeb10deb8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b74d5f70523a819aac71e0eee4f4b530e69e463a] reiserfs: add check for an invalid ih_entry_count testing commit b74d5f70523a819aac71e0eee4f4b530e69e463a with gcc (GCC) 8.4.1 20210217 kernel signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 all runs: OK # git bisect bad b74d5f70523a819aac71e0eee4f4b530e69e463a b74d5f70523a819aac71e0eee4f4b530e69e463a is the first bad commit commit b74d5f70523a819aac71e0eee4f4b530e69e463a Author: Rustam Kovhaev Date: Sun Nov 1 06:09:58 2020 -0800 reiserfs: add check for an invalid ih_entry_count commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream. when directory item has an invalid value set for ih_entry_count it might trigger use-after-free or out-of-bounds read in bin_search_in_dir_item() ih_entry_count * IH_SIZE for directory item should not be larger than ih_item_len Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7 Signed-off-by: Rustam Kovhaev Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman fs/reiserfs/stree.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: c678a5182b7e64d9c53ac86a3a0c474aaea8662f5cb00a97a361a75ed94235d8 parent signature: 8e40049f1ea0455c4d6d5f83eaee859da8c589a6a2c2cb297c401e0c9335d3e3 revisions tested: 13, total time: 3h2m22.801071665s (build: 1h34m44.924870877s, test: 1h22m31.827183946s) first good commit: b74d5f70523a819aac71e0eee4f4b530e69e463a reiserfs: add check for an invalid ih_entry_count recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"] recipients (cc): []