ci starts bisection 2023-01-29 07:25:06.435623252 +0000 UTC m=+562420.381685318
bisecting fixing commit since 3a28c2c89f4b412b648761430720d40a8dc326ef
building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8
ensuring issue is reproducible on original commit 3a28c2c89f4b412b648761430720d40a8dc326ef

testing commit 3a28c2c89f4b412b648761430720d40a8dc326ef gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5084a84cbe71e0280243dfe1f313e572cbfc8558cf8fa0310fe2c9b8969768f9
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
testing current HEAD 6d796c50f84ca79f1722bb131799e5a5710c4700
testing commit 6d796c50f84ca79f1722bb131799e5a5710c4700 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 873e9d8889b685249fdb01e4c5551dac2c8d19088d397359eb6b16d66d9eda88
all runs: OK
# git bisect start 6d796c50f84ca79f1722bb131799e5a5710c4700 3a28c2c89f4b412b648761430720d40a8dc326ef
Bisecting: 8704 revisions left to test after this (roughly 13 steps)
[1ca06f1c1acecbe02124f14a37cce347b8c1a90c] Merge tag 'xtensa-20221213' of https://github.com/jcmvbkbc/linux-xtensa

testing commit 1ca06f1c1acecbe02124f14a37cce347b8c1a90c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 72c0f30474f10764b052d7537c844015f08ceb976ce8f44259968f9c748f52f2
all runs: OK
# git bisect bad 1ca06f1c1acecbe02124f14a37cce347b8c1a90c
Bisecting: 3754 revisions left to test after this (roughly 12 steps)
[8715c6d3100fc7c6edddf29af4a399a1c12d028c] Merge tag 'for-6.2/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

testing commit 8715c6d3100fc7c6edddf29af4a399a1c12d028c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: db7f811f870095217420ef4ea2468d0e400a072a10f1aae5ff1d12267fd3c202
all runs: OK
# git bisect bad 8715c6d3100fc7c6edddf29af4a399a1c12d028c
Bisecting: 1840 revisions left to test after this (roughly 11 steps)
[f10bc40168032962ebee26894bdbdc972cde35bf] Merge tag 'core-debugobjects-2022-12-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit f10bc40168032962ebee26894bdbdc972cde35bf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2f5fe04624a902896692247fafdeb461b66534187c46c191496bbde87b196835
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good f10bc40168032962ebee26894bdbdc972cde35bf
Bisecting: 918 revisions left to test after this (roughly 10 steps)
[cf619f891971bfac659ac64968f8c35db605c884] Merge tag 'fs.ovl.setgid.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

testing commit cf619f891971bfac659ac64968f8c35db605c884 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4a77b97a6a8a7f951817814642534ff4589ac307de7de17e3eba685cfde6e21c
all runs: OK
# git bisect bad cf619f891971bfac659ac64968f8c35db605c884
Bisecting: 459 revisions left to test after this (roughly 9 steps)
[a89ef2aa552db985e0ee8cb458846298c007704c] Merge tag 'x86_tdx_for_6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit a89ef2aa552db985e0ee8cb458846298c007704c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8da0ecbb23f37a332ee98ab3e31aae633eed8ce98149db68083ff149d0bf5305
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good a89ef2aa552db985e0ee8cb458846298c007704c
Bisecting: 238 revisions left to test after this (roughly 8 steps)
[96f42635684739cb563aa48d92d0d16b8dc9bda8] Merge tag 'rust-6.2' of https://github.com/Rust-for-Linux/linux

testing commit 96f42635684739cb563aa48d92d0d16b8dc9bda8 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b88fd9b963bb2d95721c43c97242a1ebc3611beeaad8aab3d43ba78cf90c19a7
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good 96f42635684739cb563aa48d92d0d16b8dc9bda8
Bisecting: 83 revisions left to test after this (roughly 7 steps)
[8702f2c611bf124c48b21b5c57bfc156cd11f4ca] Merge tag 'mm-nonmm-stable-2022-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

testing commit 8702f2c611bf124c48b21b5c57bfc156cd11f4ca gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8ee4f8ddbeab8b7825889fcf58d1633e7259461443229a7d1733b2f101fb088a
all runs: OK
# git bisect bad 8702f2c611bf124c48b21b5c57bfc156cd11f4ca
Bisecting: 77 revisions left to test after this (roughly 6 steps)
[d5b6e6eba3af11cb2a2791fa36a2524990fcde1a] rapidio: devices: fix missing put_device in mport_cdev_open

testing commit d5b6e6eba3af11cb2a2791fa36a2524990fcde1a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d1d583f1bd9d4bd6307d9a0fd102e496879ac845ad3722c279a5b83f0de5dd4b
all runs: OK
# git bisect bad d5b6e6eba3af11cb2a2791fa36a2524990fcde1a
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[ebeccaaef67a4895d2496ab8d9c2fb8d89201211] nilfs2: fix shift-out-of-bounds due to too large exponent of block size

testing commit ebeccaaef67a4895d2496ab8d9c2fb8d89201211 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ff87a86b4ce423c17f7f6c703b8564d03b26719708ab5ef4027ff40bbff80215
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good ebeccaaef67a4895d2496ab8d9c2fb8d89201211
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[fc0e7387926d7704ba54ff0d20db80051392583d] lib/radix-tree.c: fix uninitialized variable compilation warning

testing commit fc0e7387926d7704ba54ff0d20db80051392583d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
failed to run ["make" "-j" "64" "ARCH=x86_64" "bzImage"]: exit status 2
# git bisect skip fc0e7387926d7704ba54ff0d20db80051392583d
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[ce2fcf1516d674a174d9b34d1e1024d64de9fba3] ocfs2: fix memory leak in ocfs2_mount_volume()

testing commit ce2fcf1516d674a174d9b34d1e1024d64de9fba3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1e40fc64db8ab938862da45d2bbd973bdf06064abe3017529e4d60e4db665868
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good ce2fcf1516d674a174d9b34d1e1024d64de9fba3
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[02d7d89f816951e0862147d751b1150d67aaebdd] rapidio: fix possible UAF when kfifo_alloc() fails

testing commit 02d7d89f816951e0862147d751b1150d67aaebdd gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3de273fbdef21c7c2a9bd8196ad5f258100170334b49c988c79f20cba354eb13
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good 02d7d89f816951e0862147d751b1150d67aaebdd
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[c9a934c7d88413a35861387a11e901554810b122] ocfs2: always read both high and low parts of dinode link count

testing commit c9a934c7d88413a35861387a11e901554810b122 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: dd0b3cf11f37f9281f37f5bb8bf917db145080e291b7f20e05b21f51d219350a
all runs: crashed: KASAN: slab-out-of-bounds Read in __hfs_brec_find
# git bisect good c9a934c7d88413a35861387a11e901554810b122
Bisecting: 2 revisions left to test after this (roughly 1 step)
[8d824e69d9f3fa3121b2dda25053bae71e2460d2] hfs: fix OOB Read in __hfs_brec_find

testing commit 8d824e69d9f3fa3121b2dda25053bae71e2460d2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5fe9435efbba9e2100a757189b9a43c3635179e159f423a9a7a6877ad39878d0
all runs: crashed: BUG: workqueue leaked lock or atomic in wb_workfn
# git bisect good 8d824e69d9f3fa3121b2dda25053bae71e2460d2
Bisecting: 0 revisions left to test after this (roughly 1 step)
[204c2f535d05d52bd7334629557087f9983e6879] kcov: fix spelling typos in comments

testing commit 204c2f535d05d52bd7334629557087f9983e6879 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ff46e29f484ac099a68af9430e692fa7aca8bbce664a4dbf29cad5ab91a35db1
all runs: OK
# git bisect bad 204c2f535d05d52bd7334629557087f9983e6879
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c53ed55cb275344086e32a7080a6b19cb183650b] hfs: Fix OOB Write in hfs_asc2mac

testing commit c53ed55cb275344086e32a7080a6b19cb183650b gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: dbf73f07bc45a58212cb3d75e0266a35db6519e3e97411480a29b679b2951bbf
all runs: OK
# git bisect bad c53ed55cb275344086e32a7080a6b19cb183650b
c53ed55cb275344086e32a7080a6b19cb183650b is the first bad commit
commit c53ed55cb275344086e32a7080a6b19cb183650b
Author: ZhangPeng <zhangpeng362@huawei.com>
Date:   Fri Dec 2 03:00:38 2022 +0000

    hfs: Fix OOB Write in hfs_asc2mac
    
    Syzbot reported a OOB Write bug:
    
    loop0: detected capacity change from 0 to 64
    ==================================================================
    BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0
    fs/hfs/trans.c:133
    Write of size 1 at addr ffff88801848314e by task syz-executor391/3632
    
    Call Trace:
     <TASK>
     __dump_stack lib/dump_stack.c:88 [inline]
     dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
     print_address_description+0x74/0x340 mm/kasan/report.c:284
     print_report+0x107/0x1f0 mm/kasan/report.c:395
     kasan_report+0xcd/0x100 mm/kasan/report.c:495
     hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133
     hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28
     hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31
     lookup_open fs/namei.c:3391 [inline]
     open_last_lookups fs/namei.c:3481 [inline]
     path_openat+0x10e6/0x2df0 fs/namei.c:3710
     do_filp_open+0x264/0x4f0 fs/namei.c:3740
    
    If in->len is much larger than HFS_NAMELEN(31) which is the maximum
    length of an HFS filename, a OOB write could occur in hfs_asc2mac(). In
    that case, when the dst reaches the boundary, the srclen is still
    greater than 0, which causes a OOB write.
    Fix this by adding a check on dstlen in while() before writing to dst
    address.
    
    Link: https://lkml.kernel.org/r/20221202030038.1391945-1-zhangpeng362@huawei.com
    Fixes: 328b92278650 ("[PATCH] hfs: NLS support")
    Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
    Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com>
    Reported-by: <syzbot+dc3b1cf9111ab5fe98e7@syzkaller.appspotmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

 fs/hfs/trans.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

culprit signature: dbf73f07bc45a58212cb3d75e0266a35db6519e3e97411480a29b679b2951bbf
parent  signature: 5fe9435efbba9e2100a757189b9a43c3635179e159f423a9a7a6877ad39878d0
revisions tested: 17, total time: 4h45m5.349672932s (build: 2h46m16.70494454s, test: 1h55m20.485706113s)
first good commit: c53ed55cb275344086e32a7080a6b19cb183650b hfs: Fix OOB Write in hfs_asc2mac
recipients (to): ["akpm@linux-foundation.org" "slava@dubeyko.com" "zhangpeng362@huawei.com"]
recipients (cc): []