ci2 starts bisection 2023-02-05 13:17:37.75709005 +0000 UTC m=+84022.355412522 bisecting fixing commit since b7b275e60bcd5f89771e865a8239325f86d9927d building syzkaller on ca9683b89903c4b91d1ccce66646d0673bd160a6 ensuring issue is reproducible on original commit b7b275e60bcd5f89771e865a8239325f86d9927d testing commit b7b275e60bcd5f89771e865a8239325f86d9927d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f0fe98c47f5d812561a6944249fb9b2030a34d9a4e8567eff33d51edeccba37d all runs: crashed: general protection fault in ni_find_attr testing current HEAD 837c07cf68fec9cad455d5fc86aab5350cc06c53 testing commit 837c07cf68fec9cad455d5fc86aab5350cc06c53 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a699122967dd9b4859656c3ebf1be1a21774ae30cba888c316761a736dfca4ca all runs: OK # git bisect start 837c07cf68fec9cad455d5fc86aab5350cc06c53 b7b275e60bcd5f89771e865a8239325f86d9927d Bisecting: 8977 revisions left to test after this (roughly 13 steps) [1ca06f1c1acecbe02124f14a37cce347b8c1a90c] Merge tag 'xtensa-20221213' of https://github.com/jcmvbkbc/linux-xtensa testing commit 1ca06f1c1acecbe02124f14a37cce347b8c1a90c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c1598ec70aa441c216cb31514b897eec0d3aafcce6d99124c05ebe787743f98f all runs: crashed: general protection fault in ni_find_attr # git bisect good 1ca06f1c1acecbe02124f14a37cce347b8c1a90c Bisecting: 4471 revisions left to test after this (roughly 12 steps) [1a931707ad4a46e79d4ecfee56d8f6e8cc8d4f28] Merge remote-tracking branch 'torvalds/master' into perf/core testing commit 1a931707ad4a46e79d4ecfee56d8f6e8cc8d4f28 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9a45de12de28fd0eb1f45706d1ea0053ee82e355d8deb30c989593fb9cfb8fa all runs: crashed: general protection fault in ni_find_attr # git bisect good 1a931707ad4a46e79d4ecfee56d8f6e8cc8d4f28 Bisecting: 2243 revisions left to test after this (roughly 11 steps) [f2855eec19cadddad2900da3a009ee39df6116a7] Merge tag 'mailbox-v6.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration testing commit f2855eec19cadddad2900da3a009ee39df6116a7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c838b6c3cc01ac0bb30049a0dd1bf6f31d01074d22f76ee58515dec546f4670b all runs: crashed: general protection fault in ni_find_attr # git bisect good f2855eec19cadddad2900da3a009ee39df6116a7 Bisecting: 1121 revisions left to test after this (roughly 10 steps) [edb5b63e5673add742a860814a4f43ff213178ea] Merge tag 'wireless-2023-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless testing commit edb5b63e5673add742a860814a4f43ff213178ea gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 72d7df057854c052ee7f3f3c79a950adacc053349461c83dcd76f3721e65d271 all runs: OK # git bisect bad edb5b63e5673add742a860814a4f43ff213178ea Bisecting: 560 revisions left to test after this (roughly 9 steps) [5b129817aedb03d94fb960e7a34d0f5eaa20a2f2] Merge tag 'x86_urgent_for_v6.2_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 5b129817aedb03d94fb960e7a34d0f5eaa20a2f2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ac473f5a40376b2352430ae85d0a2b973e46fdaee90e532b16e1ba3e1a3f4d43 all runs: OK # git bisect bad 5b129817aedb03d94fb960e7a34d0f5eaa20a2f2 Bisecting: 272 revisions left to test after this (roughly 8 steps) [d1ac1a2b14264e98c24db6f8c2bd452e695c7238] Merge tag 'perf-tools-for-v6.2-2-2022-12-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit d1ac1a2b14264e98c24db6f8c2bd452e695c7238 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d28649ab97b7d2cb0bd9c6e1f74aaf484ce8941ff076536d74b99d986fb3447e all runs: OK # git bisect bad d1ac1a2b14264e98c24db6f8c2bd452e695c7238 Bisecting: 132 revisions left to test after this (roughly 7 steps) [6022ec6ee2c3a16b26f218d7abb538afb839bd6d] Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3 testing commit 6022ec6ee2c3a16b26f218d7abb538afb839bd6d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4d38535bda754d2498cca41938caeac08e1dec5d4495dd5bacdf8c08fca16558 all runs: OK # git bisect bad 6022ec6ee2c3a16b26f218d7abb538afb839bd6d Bisecting: 73 revisions left to test after this (roughly 6 steps) [5461e079009ae2732c833281c4b50dfb58d15ba5] Merge tag 'media/v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5461e079009ae2732c833281c4b50dfb58d15ba5 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dc000da5c566a6ebd93ca2f30ff5594b259e11bc9fcee7d8546a9f5bcd2eee0a all runs: crashed: general protection fault in ni_find_attr # git bisect good 5461e079009ae2732c833281c4b50dfb58d15ba5 Bisecting: 36 revisions left to test after this (roughly 5 steps) [0d19f3d71394b0b03b8775c958b3354fa2259609] fs/ntfs3: Add system.ntfs_attrib_be extended attribute testing commit 0d19f3d71394b0b03b8775c958b3354fa2259609 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 01650da85d4fc608228fedd6c77165129c3709053b02c73ada78ac8ee6542d52 all runs: OK # git bisect bad 0d19f3d71394b0b03b8775c958b3354fa2259609 Bisecting: 18 revisions left to test after this (roughly 4 steps) [e001e60869390686809663c02bceb1d3922548fb] fs/ntfs3: Harden against integer overflows testing commit e001e60869390686809663c02bceb1d3922548fb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ffe95375586e64cc4b8e381af701ecb198adb4a4f8facac628bc0f0a23040bec all runs: OK # git bisect bad e001e60869390686809663c02bceb1d3922548fb Bisecting: 8 revisions left to test after this (roughly 3 steps) [2681631c29739509eec59cc0b34e977bb04c6cf1] fs/ntfs3: Add null pointer check to attr_load_runs_vcn testing commit 2681631c29739509eec59cc0b34e977bb04c6cf1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 90d85bb3fedaa2b054c0600c417b2d251a3f89303149a85dfb8c5d37bda87346 all runs: OK # git bisect bad 2681631c29739509eec59cc0b34e977bb04c6cf1 Bisecting: 4 revisions left to test after this (roughly 2 steps) [a3a956c78efaa202b1d75190136671cf6e87bfbe] fs/ntfs3: Add option "nocase" testing commit a3a956c78efaa202b1d75190136671cf6e87bfbe gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 45bdd8ad617de33e846fef3fc778464923db1845074bc247adc5c9417e5ca39d all runs: crashed: general protection fault in ni_find_attr # git bisect good a3a956c78efaa202b1d75190136671cf6e87bfbe Bisecting: 2 revisions left to test after this (roughly 1 step) [0b66046266690454dc04e6307bcff4a5605b42a1] fs/ntfs3: Validate BOOT record_size testing commit 0b66046266690454dc04e6307bcff4a5605b42a1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7c4dd775b03d1b5f3f5b39b3eecdac44ea2526943a75202c2258420c95e703af all runs: crashed: general protection fault in ni_find_attr # git bisect good 0b66046266690454dc04e6307bcff4a5605b42a1 Bisecting: 0 revisions left to test after this (roughly 1 step) [6db620863f8528ed9a9aa5ad323b26554a17881d] fs/ntfs3: Validate data run offset testing commit 6db620863f8528ed9a9aa5ad323b26554a17881d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2024ddda40d2573ccc1f0929c48c410b005c361f55a3a774791df9d1a4c5cbb9 all runs: crashed: general protection fault in ni_find_attr # git bisect good 6db620863f8528ed9a9aa5ad323b26554a17881d 2681631c29739509eec59cc0b34e977bb04c6cf1 is the first bad commit commit 2681631c29739509eec59cc0b34e977bb04c6cf1 Author: Edward Lo Date: Sun Aug 7 01:05:18 2022 +0800 fs/ntfs3: Add null pointer check to attr_load_runs_vcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. [ 240.190827] BUG: kernel NULL pointer dereference, address: 0000000000000158 [ 240.191583] #PF: supervisor read access in kernel mode [ 240.191956] #PF: error_code(0x0000) - not-present page [ 240.192391] PGD 0 P4D 0 [ 240.192897] Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 240.193805] CPU: 0 PID: 242 Comm: mount Tainted: G B 5.19.0+ #17 [ 240.194477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 240.195152] RIP: 0010:ni_find_attr+0xae/0x300 [ 240.195679] Code: c8 48 c7 45 88 c0 4e 5e 86 c7 00 f1 f1 f1 f1 c7 40 04 00 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 e8 e2 d9f [ 240.196642] RSP: 0018:ffff88800812f690 EFLAGS: 00000286 [ 240.197019] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff85ef037a [ 240.197523] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff88e95f60 [ 240.197877] RBP: ffff88800812f738 R08: 0000000000000001 R09: fffffbfff11d2bed [ 240.198292] R10: ffffffff88e95f67 R11: fffffbfff11d2bec R12: 0000000000000000 [ 240.198647] R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000000 [ 240.199410] FS: 00007f233c33be40(0000) GS:ffff888058200000(0000) knlGS:0000000000000000 [ 240.199895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 240.200314] CR2: 0000000000000158 CR3: 0000000004d32000 CR4: 00000000000006f0 [ 240.200839] Call Trace: [ 240.201104] [ 240.201502] ? ni_load_mi+0x80/0x80 [ 240.202297] ? ___slab_alloc+0x465/0x830 [ 240.202614] attr_load_runs_vcn+0x8c/0x1a0 [ 240.202886] ? __kasan_slab_alloc+0x32/0x90 [ 240.203157] ? attr_data_write_resident+0x250/0x250 [ 240.203543] mi_read+0x133/0x2c0 [ 240.203785] mi_get+0x70/0x140 [ 240.204012] ni_load_mi_ex+0xfa/0x190 [ 240.204346] ? ni_std5+0x90/0x90 [ 240.204588] ? __kasan_kmalloc+0x88/0xb0 [ 240.204859] ni_enum_attr_ex+0xf1/0x1c0 [ 240.205107] ? ni_fname_type.part.0+0xd0/0xd0 [ 240.205600] ? ntfs_load_attr_list+0xbe/0x300 [ 240.205864] ? ntfs_cmp_names_cpu+0x125/0x180 [ 240.206157] ntfs_iget5+0x56c/0x1870 [ 240.206510] ? ntfs_get_block_bmap+0x70/0x70 [ 240.206776] ? __kasan_kmalloc+0x88/0xb0 [ 240.207030] ? set_blocksize+0x95/0x150 [ 240.207545] ntfs_fill_super+0xb8f/0x1e20 [ 240.207839] ? put_ntfs+0x1d0/0x1d0 [ 240.208069] ? vsprintf+0x20/0x20 [ 240.208467] ? mutex_unlock+0x81/0xd0 [ 240.208846] ? set_blocksize+0x95/0x150 [ 240.209221] get_tree_bdev+0x232/0x370 [ 240.209804] ? put_ntfs+0x1d0/0x1d0 [ 240.210519] ntfs_fs_get_tree+0x15/0x20 [ 240.210991] vfs_get_tree+0x4c/0x130 [ 240.211455] path_mount+0x645/0xfd0 [ 240.211806] ? putname+0x80/0xa0 [ 240.212112] ? finish_automount+0x2e0/0x2e0 [ 240.212559] ? kmem_cache_free+0x110/0x390 [ 240.212906] ? putname+0x80/0xa0 [ 240.213329] do_mount+0xd6/0xf0 [ 240.213829] ? path_mount+0xfd0/0xfd0 [ 240.214246] ? __kasan_check_write+0x14/0x20 [ 240.214774] __x64_sys_mount+0xca/0x110 [ 240.215080] do_syscall_64+0x3b/0x90 [ 240.215442] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.215811] RIP: 0033:0x7f233b4e948a [ 240.216104] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 008 [ 240.217615] RSP: 002b:00007fff02211ec8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 240.218718] RAX: ffffffffffffffda RBX: 0000561cdc35b060 RCX: 00007f233b4e948a [ 240.219556] RDX: 0000561cdc35b260 RSI: 0000561cdc35b2e0 RDI: 0000561cdc363af0 [ 240.219975] RBP: 0000000000000000 R08: 0000561cdc35b280 R09: 0000000000000020 [ 240.220403] R10: 00000000c0ed0000 R11: 0000000000000202 R12: 0000561cdc363af0 [ 240.220803] R13: 0000561cdc35b260 R14: 0000000000000000 R15: 00000000ffffffff [ 240.221256] [ 240.221567] Modules linked in: [ 240.222028] CR2: 0000000000000158 [ 240.223291] ---[ end trace 0000000000000000 ]--- [ 240.223669] RIP: 0010:ni_find_attr+0xae/0x300 [ 240.224058] Code: c8 48 c7 45 88 c0 4e 5e 86 c7 00 f1 f1 f1 f1 c7 40 04 00 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 e8 e2 d9f [ 240.225033] RSP: 0018:ffff88800812f690 EFLAGS: 00000286 [ 240.225968] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff85ef037a [ 240.226624] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff88e95f60 [ 240.227307] RBP: ffff88800812f738 R08: 0000000000000001 R09: fffffbfff11d2bed [ 240.227816] R10: ffffffff88e95f67 R11: fffffbfff11d2bec R12: 0000000000000000 [ 240.228330] R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000000 [ 240.228729] FS: 00007f233c33be40(0000) GS:ffff888058200000(0000) knlGS:0000000000000000 [ 240.229281] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 240.230298] CR2: 0000000000000158 CR3: 0000000004d32000 CR4: 00000000000006f0 Signed-off-by: Edward Lo Signed-off-by: Konstantin Komarov fs/ntfs3/attrib.c | 5 +++++ 1 file changed, 5 insertions(+) culprit signature: 90d85bb3fedaa2b054c0600c417b2d251a3f89303149a85dfb8c5d37bda87346 parent signature: 2024ddda40d2573ccc1f0929c48c410b005c361f55a3a774791df9d1a4c5cbb9 revisions tested: 16, total time: 6h28m14.491554834s (build: 4h37m28.137827289s, test: 1h37m12.565107216s) first good commit: 2681631c29739509eec59cc0b34e977bb04c6cf1 fs/ntfs3: Add null pointer check to attr_load_runs_vcn recipients (to): ["almaz.alexandrovich@paragon-software.com" "almaz.alexandrovich@paragon-software.com" "edward.lo@ambergroup.io" "ntfs3@lists.linux.dev"] recipients (cc): ["linux-kernel@vger.kernel.org"]