syzbot


general protection fault in ntfs_set_inode

Status: upstream: reported on 2022/10/05 00:58
Reported-by: syzbot+f553b35c5f71737636f7@syzkaller.appspotmail.com
First crash: 91d, last: 60d

Sample crash report:
ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
general protection fault, probably for non-canonical address 0xdffffc000e5fc98a: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000072fe4c50-0x0000000072fe4c57]
CPU: 1 PID: 6295 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-06205-gffb39098bf87 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485
Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f
RSP: 0018:ffffc9000bd2f988 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc9000ba22000
RDX: 000000000e5fc98a RSI: ffffffff82a8af4d RDI: 0000000072fe4c50
RBP: 0000000072fe4c10 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520017a5f25 R11: 0000000000000000 R12: ffffc9000bd2fcd0
R13: ffffffff82a8af3f R14: 0000000000000000 R15: ffff888072fe4c38
FS:  00007fbffef9c700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555556f51708 CR3: 000000007dcc1000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 log_replay+0xf7f0/0xf7f0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485
Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f
RSP: 0018:ffffc9000bd2f988 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc9000ba22000
RDX: 000000000e5fc98a RSI: ffffffff82a8af4d RDI: 0000000072fe4c50
RBP: 0000000072fe4c10 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520017a5f25 R11: 0000000000000000 R12: ffffc9000bd2fcd0
R13: ffffffff82a8af3f R14: 0000000000000000 R15: ffff888072fe4c38
FS:  00007fbffef9c700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555556f51708 CR3: 000000007dcc1000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	14 02                	adc    $0x2,%al
   2:	48 89 d8             	mov    %rbx,%rax
   5:	83 e0 07             	and    $0x7,%eax
   8:	83 c0 03             	add    $0x3,%eax
   b:	38 d0                	cmp    %dl,%al
   d:	7c 04                	jl     0x13
   f:	84 d2                	test   %dl,%dl
  11:	75 26                	jne    0x39
  13:	48 8d 7d 40          	lea    0x40(%rbp),%rdi
  17:	8b 1b                	mov    (%rbx),%ebx
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 13                	jne    0x43
  30:	48 89 5d 40          	mov    %rbx,0x40(%rbp)
  34:	31 c0                	xor    %eax,%eax
  36:	5b                   	pop    %rbx
  37:	5d                   	pop    %rbp
  38:	c3                   	retq
  39:	48 89 df             	mov    %rbx,%rdi
  3c:	e8                   	.byte 0xe8
  3d:	bf                   	.byte 0xbf
  3e:	73 1f                	jae    0x5f

Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2022/10/07 09:16 upstream ffb39098bf87 8a212197 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream 2022/10/06 12:20 upstream 833477fce7a1 131b38ac .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/10/05 15:49 upstream 2bca25eaeba6 e0b72940 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/10/05 00:57 upstream 0326074ff465 267e3bb1 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/10/04 12:45 upstream f3dfe925f954 3fe4fea8 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/09/26 15:03 upstream f76349cf4145 d59ba983 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/09/06 10:10 upstream 53e99dcff61e 65aea2b9 .config log report info general protection fault in ntfs_set_inode
ci-qemu-upstream-386 2022/09/06 08:08 upstream 53e99dcff61e 9dcd38fc .config log report info general protection fault in ntfs_set_inode
* Struck through repros no longer work on HEAD.