WARNING: kmalloc bug in ntfs_load_attr_list

Status: upstream: reported C repro on 2024/04/18 16:36
Bug presence: origin:lts-only
[Documentation on labels]
First crash: 58d, last: 24d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: WARNING: kmalloc bug in ntfs_load_attr_list (log)
Repro: C syz .config
Bug presence (2)
Date Name Commit Repro Result
2024/04/18 linux-6.1.y (ToT) 6741e066ec76 C [report] WARNING: kmalloc bug in ntfs_load_attr_list
2024/04/18 upstream (ToT) 2668e3ae2ef3 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: kmalloc bug in ntfs_load_attr_list ntfs3 C done inconclusive 4 123d 176d 0/27 auto-obsoleted due to no activity on 2024/05/25 15:42
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/05/30 17:29 12m fix candidate upstream error job log (0)
2024/05/22 08:30 1h24m bisect fix linux-6.1.y job log (0) log

Sample crash report:
loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4229 at mm/util.c:596 kvmalloc_node+0x1dc/0x1e4
Modules linked in:
CPU: 0 PID: 4229 Comm: syz-executor285 Not tainted 6.1.87-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80401005 (Nzcv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : kvmalloc_node+0x1dc/0x1e4
lr : kvmalloc_node+0x1d8/0x1e4 mm/util.c:596
sp : ffff80001dfb73d0
x29: ffff80001dfb73e0 x28: ffff0000d8398000 x27: dfff800000000000
x26: 1fffe0001c50b30b x25: 0000000000000018 x24: 0000000000000000
x23: 0000000000000000 x22: ffff800009662114 x21: 0000000100000000
x20: 00000000ffffffff x19: 0000000000000cc0 x18: 1fffe0003686af76
x17: ffff80001584d000 x16: ffff80001215c9dc x15: 0000000000000000
x14: 000000000000000c x13: ffff0000d55cd340 x12: 0000000000000005
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000087eec04
x8 : ffff0000d55cd340 x7 : 0000000000000000 x6 : 0000000000000040
x5 : 00000000ffffffff x4 : 0000000000012cc0 x3 : 0000000100000000
x2 : 0000000100000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 kvmalloc include/linux/slab.h:709 [inline]
 ntfs_load_attr_list+0xe8/0x430 fs/ntfs3/attrlist.c:56
 ntfs_read_mft fs/ntfs3/inode.c:180 [inline]
 ntfs_iget5+0xcd4/0x2be8 fs/ntfs3/inode.c:524
 ntfs_loadlog_and_replay+0x148/0x448 fs/ntfs3/fsntfs.c:272
 ntfs_fill_super+0x1a18/0x3458 fs/ntfs3/super.c:1018
 get_tree_bdev+0x360/0x54c fs/super.c:1355
 ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359
 vfs_get_tree+0x90/0x274 fs/super.c:1562
 do_new_mount+0x278/0x8fc fs/namespace.c:3051
 path_mount+0x590/0xe5c fs/namespace.c:3381
 do_mount fs/namespace.c:3394 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 25992
hardirqs last  enabled at (25991): [<ffff80001223c6dc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (25991): [<ffff80001223c6dc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (25992): [<ffff800012158694>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (25126): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (25126): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (24271): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/18 16:35 linux-6.1.y 6741e066ec76 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING: kmalloc bug in ntfs_load_attr_list
* Struck through repros no longer work on HEAD.