syzbot


BUG: unable to handle kernel NULL pointer dereference in ni_write_inode

Status: upstream: reported C repro on 2022/09/23 16:16
Reported-by: syzbot+f45957555ed4a808cc7a@syzkaller.appspotmail.com
First crash: 71d, last: 8h22m

Cause bisection: failed (bisect log)
Patch testing requests:
Created Duration User Patch Repo Result
2022/10/29 11:23 18m abdun.nihaal@gmail.com patch upstream OK log
2022/09/25 06:07 18m abdun.nihaal@gmail.com patch upstream report log

Sample crash report:
loop0: detected capacity change from 0 to 264192
ntfs3: loop0: Failed to load $Extend.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000016
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010af56000
[0000000000000016] pgd=08000001090da003, p4d=08000001090da003, pud=08000001090ce003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3036 Comm: syz-executor206 Not tainted 6.0.0-rc6-syzkaller-17739-g16c9f284e746 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : is_rec_inuse fs/ntfs3/ntfs.h:313 [inline]
pc : ni_write_inode+0xac/0x798 fs/ntfs3/frecord.c:3232
lr : ni_write_inode+0xa0/0x798 fs/ntfs3/frecord.c:3226
sp : ffff8000126c3800
x29: ffff8000126c3860 x28: 0000000000000000 x27: ffff0000c8b02000
x26: ffff0000c7502320 x25: ffff0000c7502288 x24: 0000000000000000
x23: ffff80000cbec91c x22: ffff0000c8b03000 x21: ffff0000c8b02000
x20: 0000000000000001 x19: ffff0000c75024d8 x18: 00000000000000c0
x17: ffff80000dd1b198 x16: ffff80000db59158 x15: ffff0000c4b6b500
x14: 00000000000000b8 x13: 0000000000000000 x12: ffff0000c4b6b500
x11: ff80800008be1b60 x10: 0000000000000000 x9 : ffff0000c4b6b500
x8 : 0000000000000000 x7 : ffff800008be1b50 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 is_rec_inuse fs/ntfs3/ntfs.h:313 [inline]
 ni_write_inode+0xac/0x798 fs/ntfs3/frecord.c:3232
 ntfs_evict_inode+0x54/0x84 fs/ntfs3/inode.c:1744
 evict+0xec/0x334 fs/inode.c:665
 iput_final fs/inode.c:1748 [inline]
 iput+0x2c4/0x324 fs/inode.c:1774
 ntfs_new_inode+0x7c/0xe0 fs/ntfs3/fsntfs.c:1660
 ntfs_create_inode+0x20c/0xe78 fs/ntfs3/inode.c:1278
 ntfs_create+0x54/0x74 fs/ntfs3/namei.c:100
 lookup_open fs/namei.c:3413 [inline]
 open_last_lookups fs/namei.c:3481 [inline]
 path_openat+0x804/0x11c4 fs/namei.c:3688
 do_filp_open+0xdc/0x1b8 fs/namei.c:3718
 do_sys_openat2+0xb8/0x22c fs/open.c:1311
 do_sys_open fs/open.c:1327 [inline]
 __do_sys_openat fs/open.c:1343 [inline]
 __se_sys_openat fs/open.c:1338 [inline]
 __arm64_sys_openat+0xb0/0xe0 fs/open.c:1338
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190
Code: 97dafee4 340001b4 f9401328 2a1f03e0 (79402d14) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97dafee4 	bl	0xffffffffff6bfb90
   4:	340001b4 	cbz	w20, 0x38
   8:	f9401328 	ldr	x8, [x25, #32]
   c:	2a1f03e0 	mov	w0, wzr
* 10:	79402d14 	ldrh	w20, [x8, #22] <-- trapping instruction

Crashes (246):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-arm64 2022/09/23 08:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 16c9f284e746 0042f2b4 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-kasan-gce-root 2022/10/14 20:19 upstream 55be6084c8e0 4954e4b2 .config log report syz C general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/09/26 06:44 upstream f76349cf4145 0042f2b4 .config log report syz C general protection fault in ni_write_inode
ci2-upstream-fs 2022/09/26 01:25 upstream 105a36f3694e 0042f2b4 .config log report syz C general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/09/23 11:19 upstream bf682942cd26 0042f2b4 .config log report syz C general protection fault in ni_write_inode
ci2-upstream-fs 2022/09/23 09:22 upstream dc164f4fb00a 0042f2b4 .config log report syz C general protection fault in ni_write_inode
ci-upstream-linux-next-kasan-gce-root 2022/11/12 06:11 linux-next f8f60f322f06 3ead01ad .config log report syz C general protection fault in ni_write_inode
ci-upstream-linux-next-kasan-gce-root 2022/10/24 12:41 linux-next 4d48f589d294 23bf86af .config log report syz C general protection fault in ni_write_inode
ci-upstream-gce-arm64 2022/12/03 01:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e3cb714fb489 e080de16 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/12/01 19:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cdb931b58ff5 e080de16 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/30 23:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cdb931b58ff5 4c2a66e8 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/30 18:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cdb931b58ff5 4c2a66e8 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/28 16:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 247de55b .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/28 00:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/27 23:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/26 10:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/26 02:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/23 00:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 65762d97e6fa 9da37ae8 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/22 05:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a77d28d13789 1c576c23 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/21 02:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 5bb70014 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/20 09:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 5bb70014 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/19 07:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 5bb70014 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/18 08:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 4ba8ab94 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/17 13:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 3a127a31 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/16 07:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 3a127a31 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/16 06:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 3a127a31 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/11/13 18:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1621b6eaebf7 3ead01ad .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-gce-arm64 2022/09/22 18:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aa49f95768a9 0042f2b4 .config log report info BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ci-upstream-kasan-gce-root 2022/12/02 02:33 upstream ef4d3ea40565 e080de16 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/11/29 20:26 upstream ca57f02295f1 05dc7993 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/11/28 09:39 upstream bf82d38c91f8 74a66371 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/11/27 22:15 upstream faf68e3523c2 74a66371 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/26 14:00 upstream 08ad43d554ba f4470a7b .config log report info general protection fault in ni_write_inode
ci-qemu-upstream 2022/11/26 12:40 upstream 0b1dcc2cf55a f4470a7b .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-smack-root 2022/11/25 18:54 upstream 08ad43d554ba 74a66371 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-selinux-root 2022/11/25 17:52 upstream 08ad43d554ba 74a66371 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-selinux-root 2022/11/25 14:48 upstream 08ad43d554ba 74a66371 .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-root 2022/11/24 22:42 upstream c3eb11fbb826 62e26685 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/24 18:55 upstream 4312098baf37 ff68ff8f .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/24 12:35 upstream 4312098baf37 ff68ff8f .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-smack-root 2022/11/24 10:56 upstream 4312098baf37 12c66417 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/24 09:20 upstream 4312098baf37 ff68ff8f .config log report info general protection fault in ni_write_inode
ci-upstream-kasan-gce-smack-root 2022/11/24 07:26 upstream 4312098baf37 12c66417 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/23 15:20 upstream eb7081409f94 52fdf57a .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/23 13:47 upstream eb7081409f94 52fdf57a .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/23 10:35 upstream eb7081409f94 52fdf57a .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/23 05:25 upstream eb7081409f94 9da37ae8 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/23 03:47 upstream eb7081409f94 9da37ae8 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/22 11:40 upstream eb7081409f94 1c576c23 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/22 08:41 upstream eb7081409f94 1c576c23 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/22 06:49 upstream eb7081409f94 1c576c23 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/21 20:52 upstream eb7081409f94 1c576c23 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/19 01:06 upstream ab290eaddc4c 5bb70014 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/15 10:57 upstream e01d50cbd6ee 97de9cfc .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/15 01:47 upstream e01d50cbd6ee 97de9cfc .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/13 23:58 upstream af7a05689189 7ba4d859 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/13 11:08 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/13 10:00 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in ni_write_inode
ci2-upstream-fs 2022/11/13 05:14 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in ni_write_inode
ci-qemu-upstream-386 2022/12/03 06:55 upstream bdaa78c6aa86 e080de16 .config log report info general protection fault in ni_write_inode
ci-qemu-upstream-386 2022/11/27 10:18 upstream faf68e3523c2 f4470a7b .config log report info general protection fault in ni_write_inode
ci-upstream-linux-next-kasan-gce-root 2022/11/22 05:26 linux-next 15f3bff12cf6 1c576c23 .config log report info general protection fault in ni_write_inode
* Struck through repros no longer work on HEAD.