bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217
building syzkaller on 6e262c73cd452097096f0b4d5d96f5ae496bc021
testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.1.0
kernel signature: 65df9daa8f96f602cbe48c118e5241cb8be195921a735631d6447011a80a694d
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
testing current HEAD 675cc038067f0e530471c56a7442935f84669d95
testing commit 675cc038067f0e530471c56a7442935f84669d95 with gcc (GCC) 8.1.0
kernel signature: 7ef4b0b8f30c162fc1d8cc69a3bcba85cf85073fc2531b7ff34902ff2f2465da
all runs: OK
# git bisect start 675cc038067f0e530471c56a7442935f84669d95 a1b977b49b66c75e6c51a515f6700371ae720217
Bisecting: 701 revisions left to test after this (roughly 10 steps)
[81504d1952d712c8bb9c3966896efee8a37ea966] net: sch_generic: fix the missing new qdisc assignment bug

testing commit 81504d1952d712c8bb9c3966896efee8a37ea966 with gcc (GCC) 8.1.0
kernel signature: b44c075de5a9b0ab2269a4e139d359cc331150a38f219303d8d9e8c3911f70ff
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good 81504d1952d712c8bb9c3966896efee8a37ea966
Bisecting: 350 revisions left to test after this (roughly 9 steps)
[b6b6ba5754eee1907497504e4b31e22c78f7670f] sched: Reenable interrupts in do_sched_yield()

testing commit b6b6ba5754eee1907497504e4b31e22c78f7670f with gcc (GCC) 8.1.0
kernel signature: 2d6ab40b69af91fdfe207cb1a1f033f69f94aef1a8683270d68a9a32adc6dcd3
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good b6b6ba5754eee1907497504e4b31e22c78f7670f
Bisecting: 175 revisions left to test after this (roughly 8 steps)
[2d27af9d8e806a46b281deba6ab11c3635021c9e] USB: serial: mos7720: fix parallel-port state restore

testing commit 2d27af9d8e806a46b281deba6ab11c3635021c9e with gcc (GCC) 8.1.0
kernel signature: 0b1aec7785a09badeeefb470bcd67a6d8cf2454bf5aa1ff70ab7ddcc037b55f2
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good 2d27af9d8e806a46b281deba6ab11c3635021c9e
Bisecting: 87 revisions left to test after this (roughly 7 steps)
[63d881957e59dde38f38100631ae138d5c0cee88] dm verity: skip verity work if I/O error when system is shutting down

testing commit 63d881957e59dde38f38100631ae138d5c0cee88 with gcc (GCC) 8.1.0
kernel signature: 6f79f368655afea5cfc8696c3881e1c91d5de89282670cc833ddf3a024267eec
all runs: OK
# git bisect bad 63d881957e59dde38f38100631ae138d5c0cee88
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[d4911cdcd3576089d874b11040320e05071e57d6] iio:imu:bmi160: Fix too large a buffer.

testing commit d4911cdcd3576089d874b11040320e05071e57d6 with gcc (GCC) 8.1.0
kernel signature: 8338a70cca85cf1c93b175decc3343eb7159876072614577d02be805df1afb85
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good d4911cdcd3576089d874b11040320e05071e57d6
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[81629230815ff27439a61d675ad9873e93190204] ext4: don't remount read-only with errors=continue on reboot

testing commit 81629230815ff27439a61d675ad9873e93190204 with gcc (GCC) 8.1.0
kernel signature: d82f1ee874fbb5f37303297c02591028dec5feddcb92f92e40e79ed69fc9df1f
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good 81629230815ff27439a61d675ad9873e93190204
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[fd4f2a5151e6c6294169d983303c485beade5b37] media: gp8psk: initialize stats at power control logic

testing commit fd4f2a5151e6c6294169d983303c485beade5b37 with gcc (GCC) 8.1.0
kernel signature: 4342607298ab8b6cfd71df4d5e4bad34a8a2a652ac93599b12155089055fb11f
all runs: OK
# git bisect bad fd4f2a5151e6c6294169d983303c485beade5b37
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[e622fafb4a80d3477ef22961e513bdfc79fa1687] xen/gntdev.c: Mark pages as dirty

testing commit e622fafb4a80d3477ef22961e513bdfc79fa1687 with gcc (GCC) 8.1.0
kernel signature: a7cc6b0e20f7b2bf81738c46c97cc7ffe7f4bd74544a28f845d463422cff0680
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good e622fafb4a80d3477ef22961e513bdfc79fa1687
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[88520a207121c3f7c513ac69a7392da89ed0955f] Bluetooth: hci_h5: close serdev device and free hu in h5_close

testing commit 88520a207121c3f7c513ac69a7392da89ed0955f with gcc (GCC) 8.1.0
kernel signature: 10a006379a4a2ca44d40a28572e7560397144e46960bfbec1dd1ada685398691
all runs: crashed: KASAN: use-after-free Read in reiserfs_fill_super
# git bisect good 88520a207121c3f7c513ac69a7392da89ed0955f
Bisecting: 0 revisions left to test after this (roughly 1 step)
[074b61ff2127ed1e408f39783b32d1936d6aa3ac] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()

testing commit 074b61ff2127ed1e408f39783b32d1936d6aa3ac with gcc (GCC) 8.1.0
kernel signature: 4342607298ab8b6cfd71df4d5e4bad34a8a2a652ac93599b12155089055fb11f
all runs: OK
# git bisect bad 074b61ff2127ed1e408f39783b32d1936d6aa3ac
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b8590c82b3ccf9fb4d9f0b0b097be10736869333] reiserfs: add check for an invalid ih_entry_count

testing commit b8590c82b3ccf9fb4d9f0b0b097be10736869333 with gcc (GCC) 8.1.0
kernel signature: 53243b01264bbbed05349adc714a859bb6e302a5b6d3910bad9554e71352d99a
all runs: OK
# git bisect bad b8590c82b3ccf9fb4d9f0b0b097be10736869333
b8590c82b3ccf9fb4d9f0b0b097be10736869333 is the first bad commit
commit b8590c82b3ccf9fb4d9f0b0b097be10736869333
Author: Rustam Kovhaev <rkovhaev@gmail.com>
Date:   Sun Nov 1 06:09:58 2020 -0800

    reiserfs: add check for an invalid ih_entry_count
    
    commit d24396c5290ba8ab04ba505176874c4e04a2d53c upstream.
    
    when directory item has an invalid value set for ih_entry_count it might
    trigger use-after-free or out-of-bounds read in bin_search_in_dir_item()
    
    ih_entry_count * IH_SIZE for directory item should not be larger than
    ih_item_len
    
    Link: https://lore.kernel.org/r/20201101140958.3650143-1-rkovhaev@gmail.com
    Reported-and-tested-by: syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=83b6f7cf9922cae5c4d7
    Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/reiserfs/stree.c | 6 ++++++
 1 file changed, 6 insertions(+)

culprit signature: 53243b01264bbbed05349adc714a859bb6e302a5b6d3910bad9554e71352d99a
parent  signature: 10a006379a4a2ca44d40a28572e7560397144e46960bfbec1dd1ada685398691
revisions tested: 13, total time: 3h21m9.077816762s (build: 1h59m24.283262634s, test: 1h20m23.171303059s)
first good commit: b8590c82b3ccf9fb4d9f0b0b097be10736869333 reiserfs: add check for an invalid ih_entry_count
recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "rkovhaev@gmail.com" "syzbot+83b6f7cf9922cae5c4d7@syzkaller.appspotmail.com"]
recipients (cc): []