ci2 starts bisection 2024-03-30 15:56:07.731844269 +0000 UTC m=+52924.463162266 bisecting fixing commit since 4aa6747d935281df8a1888feeb6e22e0097d0b86 building syzkaller on fb427a0782000106c62de76d251e5a02de5406a9 ensuring issue is reproducible on original commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4bd562809557e6a033afc05d89c30efb50033d18139bf840426fc5579e145063 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fe8b5e78715e16a67f8d526306c3ab7a19fd8c3f523946fb0229cf216c1b46cb all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed kconfig minimization: base=3820 full=7526 leaves diff=1994 split chunks (needed=false): <1994> split chunk #0 of len 1994 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fe3d020161eb2139765b4ba80f9e46cb7ad64fff88a58b97f9ffecd3a86db4f1 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3511d9f89d17299e6a20c169ff377112333bf2fda6310bfd3c80ac0317a181fc all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 652ef83fbe077fafbb7a3f244131ffbb6d72aa868151b421a7d032dc62c47139 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7af46aa1f6514d0f98ebeedcdd0b46d20e3952cb16dc3458f0f7477d2e70950a all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 4aa6747d935281df8a1888feeb6e22e0097d0b86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: beea3d519c8ef559ae50ccbc8fcd2db8faf7229664f91993b1f34abcf3aff939 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] the chunk can be dropped minimized to 399 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 CFG80211 CMA DAX DLM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IP_SCTP L2TP LIBNVDIMM MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_842_COMPRESS PSTORE_COMPRESS PSTORE_DEFLATE_COMPRESS PSTORE_DEFLATE_COMPRESS_DEFAULT PSTORE_LZ4HC_COMPRESS PSTORE_LZ4_COMPRESS PSTORE_LZO_COMPRESS PSTORE_ZSTD_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STAGING_MEDIA STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TARGET_CORE TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN ZONE_DEVICE] disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing current HEAD e5cd595e23c1a075359a337c0e5c3a4f2dc28dd1 testing commit e5cd595e23c1a075359a337c0e5c3a4f2dc28dd1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7fdcd489632487dcc54de2b859106c6dca5621d5af7bdd7927b31f5098649c73 all runs: OK false negative chance: 0.000 # git bisect start e5cd595e23c1a075359a337c0e5c3a4f2dc28dd1 4aa6747d935281df8a1888feeb6e22e0097d0b86 Bisecting: 1241 revisions left to test after this (roughly 10 steps) [fc557b76dcf02f43ba4ad95fb6a26b7dd594156c] PCI/AER: Decode Requester ID when no error info found determine whether the revision contains the guilty commit revision 4aa6747d935281df8a1888feeb6e22e0097d0b86 crashed and is reachable testing commit fc557b76dcf02f43ba4ad95fb6a26b7dd594156c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 52e6208bf84bb9b136c23bbe89c086a2b1a30ec1c9dafa9c7a0eb4981101464b all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good fc557b76dcf02f43ba4ad95fb6a26b7dd594156c Bisecting: 620 revisions left to test after this (roughly 9 steps) [c9fa51d4c434fa7bdafd0c7a9e19cf9023787fd4] x86/e820: Don't reserve SETUP_RNG_SEED in e820 determine whether the revision contains the guilty commit revision 4aa6747d935281df8a1888feeb6e22e0097d0b86 crashed and is reachable testing commit c9fa51d4c434fa7bdafd0c7a9e19cf9023787fd4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5bc3ab6ecad86a443ee38f1234990168fa533182fe7b813cfcc6fe56194c9b39 all runs: OK false negative chance: 0.000 # git bisect bad c9fa51d4c434fa7bdafd0c7a9e19cf9023787fd4 Bisecting: 310 revisions left to test after this (roughly 8 steps) [e1c1bdaa387976cb577769a58abce5ef3e2bc88d] hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() determine whether the revision contains the guilty commit revision 4aa6747d935281df8a1888feeb6e22e0097d0b86 crashed and is reachable testing commit e1c1bdaa387976cb577769a58abce5ef3e2bc88d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7508358e5951d3531babf63939c1398e9ef9dfaf3f9d11e6910cf0b75e1b6220 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good e1c1bdaa387976cb577769a58abce5ef3e2bc88d Bisecting: 155 revisions left to test after this (roughly 7 steps) [6f4553096eceefe5b41e4c1bc03d9892cb903284] RDMA/irdma: Set the CQ read threshold for GEN 1 determine whether the revision contains the guilty commit revision fc557b76dcf02f43ba4ad95fb6a26b7dd594156c crashed and is reachable testing commit 6f4553096eceefe5b41e4c1bc03d9892cb903284 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3c9be69ed55fdd04460c066298cb9cb8c40f5748e77db812fa5a2f895ac982a all runs: OK false negative chance: 0.000 # git bisect bad 6f4553096eceefe5b41e4c1bc03d9892cb903284 Bisecting: 77 revisions left to test after this (roughly 6 steps) [25d1694d6e34321d3dacccafe85f6b15719a5c62] fs/ntfs3: Correct hard links updating when dealing with DOS names determine whether the revision contains the guilty commit revision 4aa6747d935281df8a1888feeb6e22e0097d0b86 crashed and is reachable testing commit 25d1694d6e34321d3dacccafe85f6b15719a5c62 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c0829625fb005054d16e5d7fcbcbbb70c2b44fb051d5b59d715d21a17eec8e7 all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good 25d1694d6e34321d3dacccafe85f6b15719a5c62 Bisecting: 38 revisions left to test after this (roughly 5 steps) [e3bf0a24e050538d3e4c8d8319b8e04e18188ce7] scsi: core: Consult supported VPD page list prior to fetching page determine whether the revision contains the guilty commit revision e1c1bdaa387976cb577769a58abce5ef3e2bc88d crashed and is reachable testing commit e3bf0a24e050538d3e4c8d8319b8e04e18188ce7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 748220a03a8f96bff924d5b715711e8f389c63e2237d44a0dc889028342595a6 all runs: OK false negative chance: 0.000 # git bisect bad e3bf0a24e050538d3e4c8d8319b8e04e18188ce7 Bisecting: 19 revisions left to test after this (roughly 4 steps) [6b82ffe7a265b832b40fd31ee5503170cb3407e2] firewire: core: send bus reset promptly on gap count error determine whether the revision contains the guilty commit revision 25d1694d6e34321d3dacccafe85f6b15719a5c62 crashed and is reachable testing commit 6b82ffe7a265b832b40fd31ee5503170cb3407e2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ad5ba68da1adf5a012e74aaff5f298bc6a6c1ce2ee3a70958af8f428d85174c3 all runs: OK false negative chance: 0.000 # git bisect bad 6b82ffe7a265b832b40fd31ee5503170cb3407e2 Bisecting: 9 revisions left to test after this (roughly 3 steps) [6ed6cdbe88334ca3430c5aee7754dc4597498dfb] fs/ntfs3: Fix oob in ntfs_listxattr determine whether the revision contains the guilty commit revision fc557b76dcf02f43ba4ad95fb6a26b7dd594156c crashed and is reachable testing commit 6ed6cdbe88334ca3430c5aee7754dc4597498dfb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 758326e3364b7d72672c2affe40bcd30ca56fc349caa546d99497636a248df85 all runs: OK false negative chance: 0.000 # git bisect bad 6ed6cdbe88334ca3430c5aee7754dc4597498dfb Bisecting: 4 revisions left to test after this (roughly 2 steps) [ee12c3102027ba3c1ea08ca292dc9d7ccf7c21e4] fs/ntfs3: Disable ATTR_LIST_ENTRY size check determine whether the revision contains the guilty commit revision fc557b76dcf02f43ba4ad95fb6a26b7dd594156c crashed and is reachable testing commit ee12c3102027ba3c1ea08ca292dc9d7ccf7c21e4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 05b84b42306026e935e6960038e942099cca735468ffea7773f91171bc30dc1c all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good ee12c3102027ba3c1ea08ca292dc9d7ccf7c21e4 Bisecting: 2 revisions left to test after this (roughly 1 step) [0d2f804b9f5424d1970403d7bfcf1f22b7853e25] fs/ntfs3: Prevent generic message "attempt to access beyond end of device" determine whether the revision contains the guilty commit revision 4aa6747d935281df8a1888feeb6e22e0097d0b86 crashed and is reachable testing commit 0d2f804b9f5424d1970403d7bfcf1f22b7853e25 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c16a82b76aefe5657982c4b3669ba67054286080e464047d9205580c92d1d0ad all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good 0d2f804b9f5424d1970403d7bfcf1f22b7853e25 Bisecting: 0 revisions left to test after this (roughly 1 step) [5d67a4ff3dfe19aceb185d4c3912796e2d0ac4e1] fs/ntfs3: Update inode->i_size after success write into compressed file determine whether the revision contains the guilty commit revision e1c1bdaa387976cb577769a58abce5ef3e2bc88d crashed and is reachable testing commit 5d67a4ff3dfe19aceb185d4c3912796e2d0ac4e1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b63d63cddf8ce4b996327911673324ea03d60dfedd89fc06ed5d59b82c1e3aff all runs: crashed: KASAN: slab-out-of-bounds Read in ntfs_listxattr representative crash: KASAN: slab-out-of-bounds Read in ntfs_listxattr, types: [KASAN] # git bisect good 5d67a4ff3dfe19aceb185d4c3912796e2d0ac4e1 6ed6cdbe88334ca3430c5aee7754dc4597498dfb is the first bad commit commit 6ed6cdbe88334ca3430c5aee7754dc4597498dfb Author: Edward Adam Davis Date: Sat Dec 30 17:00:03 2023 +0800 fs/ntfs3: Fix oob in ntfs_listxattr [ Upstream commit 731ab1f9828800df871c5a7ab9ffe965317d3f15 ] The length of name cannot exceed the space occupied by ea. Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis Signed-off-by: Konstantin Komarov Signed-off-by: Sasha Levin fs/ntfs3/xattr.c | 3 +++ 1 file changed, 3 insertions(+) accumulated error probability: 0.00 culprit signature: 758326e3364b7d72672c2affe40bcd30ca56fc349caa546d99497636a248df85 parent signature: b63d63cddf8ce4b996327911673324ea03d60dfedd89fc06ed5d59b82c1e3aff revisions tested: 19, total time: 4h2m10.404653225s (build: 1h27m47.078648805s, test: 2h22m59.780099753s) first good commit: 6ed6cdbe88334ca3430c5aee7754dc4597498dfb fs/ntfs3: Fix oob in ntfs_listxattr recipients (to): ["almaz.alexandrovich@paragon-software.com" "eadavis@qq.com" "sashal@kernel.org" "syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com"] recipients (cc): []