bisecting fixing commit since 13d2ce42de8cb98ff952f8de6307f896203854c2
building syzkaller on 04201c0669446145fd9c347c5538da0ca13ff29b
testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.1.0
kernel signature: 033bfda208b8fdab92f67f9b6d15f84ea2d4ee7835ac08a90533231ced8c9ba9
all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
testing current HEAD c110fed0e606ff922d5cad8ab74ba9410ca41694
testing commit c110fed0e606ff922d5cad8ab74ba9410ca41694 with gcc (GCC) 8.1.0
kernel signature: 25f24cd110e779d021b5001c886617df81e8d66d1ad306bcd15293bdcf31255f
all runs: OK
# git bisect start c110fed0e606ff922d5cad8ab74ba9410ca41694 13d2ce42de8cb98ff952f8de6307f896203854c2
Bisecting: 252 revisions left to test after this (roughly 8 steps)
[78a73f9556a17efedae85cc769c3c8913a732858] Input: cros_ec_keyb - send 'scancodes' in addition to key events

testing commit 78a73f9556a17efedae85cc769c3c8913a732858 with gcc (GCC) 8.1.0
kernel signature: 8001c2c0a002122218ca430ed7efaae11d596770b6348a0efa4b7b945fe918d3
all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good 78a73f9556a17efedae85cc769c3c8913a732858
Bisecting: 126 revisions left to test after this (roughly 7 steps)
[7d543d23fec75c13facaf64cf7c69813835fc638] dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()

testing commit 7d543d23fec75c13facaf64cf7c69813835fc638 with gcc (GCC) 8.1.0
kernel signature: ff0e1abd8d69bebc3e7219eb5088626e8c7bbcc8e8123e07ee994043e1731c5a
all runs: OK
# git bisect bad 7d543d23fec75c13facaf64cf7c69813835fc638
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[a33642f95269d9390d38d699a7e458dade819fc6] spi: sc18is602: Don't leak SPI master in probe error path

testing commit a33642f95269d9390d38d699a7e458dade819fc6 with gcc (GCC) 8.1.0
kernel signature: b6af1ed73d0f901146c99d9ef6d316e5262b4219f706d9e618c97c08d0e26421
all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good a33642f95269d9390d38d699a7e458dade819fc6
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[1227ffc9d73d78e036f6f166fbdaf7dfe4c7b88b] fscrypt: add fscrypt_is_nokey_name()

testing commit 1227ffc9d73d78e036f6f166fbdaf7dfe4c7b88b with gcc (GCC) 8.1.0
kernel signature: 2e6173c5857aafa82646fdb6086275c4f6821847c755a448c37535e463f892ff
all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good 1227ffc9d73d78e036f6f166fbdaf7dfe4c7b88b
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[fd4f2a5151e6c6294169d983303c485beade5b37] media: gp8psk: initialize stats at power control logic

testing commit fd4f2a5151e6c6294169d983303c485beade5b37 with gcc (GCC) 8.1.0
kernel signature: 715ae551ea3606dd17e5e7d852d2aa5026ad009a8f8d0a53013b475515e55128
all runs: OK
# git bisect bad fd4f2a5151e6c6294169d983303c485beade5b37
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[a37ec98270486828123face45fa811a6b85a0980] KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits

testing commit a37ec98270486828123face45fa811a6b85a0980 with gcc (GCC) 8.1.0
kernel signature: ae6421176d32ffc7dc9a2a4e83f61b00e31f29fba43f10b4dd7579171386b087
run #0: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe
run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good a37ec98270486828123face45fa811a6b85a0980
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[2f6668bfe30a952f29f12499ad5c038cb1f6653c] of: fix linker-section match-table corruption

testing commit 2f6668bfe30a952f29f12499ad5c038cb1f6653c with gcc (GCC) 8.1.0
kernel signature: 2fafd63e607f1d326530e54e59bf9cf20329f1fe66cd5df4b9be6b5241d0370c
all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good 2f6668bfe30a952f29f12499ad5c038cb1f6653c
Bisecting: 1 revision left to test after this (roughly 1 step)
[b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count

testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.1.0
kernel signature: 10f6dfd71e64d6db06687e534fcfd72c762e04e28d1086683b68721fb2a1b5a7
all runs: OK
# git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close

testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.1.0
kernel signature: 56444c6a5105569ce81ae9bf5701ed91576a43138e4f068065c09d0937a00d24
run #0: crashed: KASAN: use-after-free Read in leaf_paste_entries
run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #4: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_entries
# git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f
b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit
commit b8590c82b3ccf9fb4d9f0b0b097be10736869333
Author: Rustam Kovhaev <rkovhaev@gmail.com>
Date:   Sun Nov 1 06:09:58 2020 -0800

    reiserfs: add check for an invalid ih_entry_count
    
    commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream.
    
    when directory item has an invalid value set for ih_entry_count it might
    trigger use-after-free or out-of-bounds read in bin_search_in_dir_item()
    
    ih_entry_count * IH_SIZE for directory item should not be larger than
    ih_item_len
    
    Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com
    Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7
    Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/reiserfs/stree.c | 6 ++++++
 1 file changed, 6 insertions(+)

culprit signature: 10f6dfd71e64d6db06687e534fcfd72c762e04e28d1086683b68721fb2a1b5a7
parent  signature: 56444c6a5105569ce81ae9bf5701ed91576a43138e4f068065c09d0937a00d24
revisions tested: 11, total time: 2h37m52.329625027s (build: 1h31m7.801196906s, test: 1h5m44.134351364s)
first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count
recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"]
recipients (cc): []