ci starts bisection 2023-01-29 19:25:08.413109163 +0000 UTC m=+605622.359171227
bisecting fixing commit since e2ca6ba6ba0152361aa4fcbf6067db71b2c7a770
building syzkaller on f6511626584e1f100818d9036909e0480ffd34c1
ensuring issue is reproducible on original commit e2ca6ba6ba0152361aa4fcbf6067db71b2c7a770

testing commit e2ca6ba6ba0152361aa4fcbf6067db71b2c7a770 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8db5a25c650b538a71e4de49639d0d7b6a24d507b481bc12c25ec2d0e56d4e01
run #0: crashed: KASAN: use-after-free Read in mi_find_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #2: crashed: KASAN: use-after-free Read in mi_find_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #5: crashed: KASAN: use-after-free Read in mi_find_attr
run #6: crashed: KASAN: use-after-free Read in mi_find_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #8: crashed: KASAN: use-after-free Read in mi_find_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #10: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #11: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #12: crashed: KASAN: use-after-free Read in mi_find_attr
run #13: crashed: KASAN: use-after-free Read in mi_find_attr
run #14: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #15: crashed: KASAN: use-after-free Read in mi_find_attr
run #16: crashed: KASAN: use-after-free Read in mi_find_attr
run #17: crashed: KASAN: use-after-free Read in mi_find_attr
run #18: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #19: crashed: KASAN: use-after-free Read in mi_find_attr
testing current HEAD 22b8077d0fcec86c6ed0e0fce9f7e7e5a4c2d56a
testing commit 22b8077d0fcec86c6ed0e0fce9f7e7e5a4c2d56a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 633d75f60f4d04f43faa271c714b5f064b5fa078bcc8820a2bed80f0378a722b
all runs: OK
# git bisect start 22b8077d0fcec86c6ed0e0fce9f7e7e5a4c2d56a e2ca6ba6ba0152361aa4fcbf6067db71b2c7a770
Bisecting: 3090 revisions left to test after this (roughly 12 steps)
[aa4800e31c547ed00681318335ca2298c4bca33a] Merge tag 'perf-tools-for-v6.2-1-2022-12-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit aa4800e31c547ed00681318335ca2298c4bca33a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 137092f58c2cbd1ecfc20c64576ec639ffe4d4d838a4585fad2a0a8ffcecca2d
run #0: crashed: KASAN: use-after-free Read in mi_find_attr
run #1: crashed: KASAN: use-after-free Read in mi_find_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #3: crashed: KASAN: use-after-free Read in mi_find_attr
run #4: crashed: KASAN: use-after-free Read in mi_find_attr
run #5: crashed: KASAN: use-after-free Read in mi_find_attr
run #6: crashed: KASAN: use-after-free Read in mi_find_attr
run #7: crashed: KASAN: use-after-free Read in mi_find_attr
run #8: crashed: KASAN: use-after-free Read in mi_find_attr
run #9: crashed: KASAN: use-after-free Read in mi_find_attr
# git bisect good aa4800e31c547ed00681318335ca2298c4bca33a
Bisecting: 1545 revisions left to test after this (roughly 11 steps)
[e3b862ed893bf030ebdd78ead99647374a2cfd47] Merge tag '9p-for-6.2-rc1' of https://github.com/martinetd/linux

testing commit e3b862ed893bf030ebdd78ead99647374a2cfd47 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a80d450351ed1bd518bbfb2ca41876137bc3b110cd2fe13480baacbfbc9dc383
all runs: OK
# git bisect bad e3b862ed893bf030ebdd78ead99647374a2cfd47
Bisecting: 772 revisions left to test after this (roughly 10 steps)
[0c0a0db87e1c159aa7a2a52bfbec0be604c65f86] perf tools: Add .DELETE_ON_ERROR special Makefile target to clean up partially updated files on error.

testing commit 0c0a0db87e1c159aa7a2a52bfbec0be604c65f86 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f0108df4af9acc96b5857018976917ad89a4417b319a9f40a6bbb12fc05919fd
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #3: crashed: KASAN: use-after-free Read in mi_find_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #6: crashed: KASAN: use-after-free Read in mi_find_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #8: crashed: KASAN: use-after-free Read in mi_find_attr
run #9: crashed: KASAN: use-after-free Read in mi_find_attr
# git bisect good 0c0a0db87e1c159aa7a2a52bfbec0be604c65f86
Bisecting: 382 revisions left to test after this (roughly 9 steps)
[9cf5b508bd260d5693d337bcf1f9b82b961b6137] Merge tag 'rproc-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux

testing commit 9cf5b508bd260d5693d337bcf1f9b82b961b6137 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8efc7f9fa1995df87a66d270d3680e5bf8f57e08cccb5dea0a1e648aaee4363a
run #0: crashed: KASAN: use-after-free Read in mi_find_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #2: crashed: KASAN: use-after-free Read in mi_find_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #4: crashed: KASAN: use-after-free Read in mi_find_attr
run #5: crashed: KASAN: use-after-free Read in mi_find_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #7: crashed: KASAN: use-after-free Read in mi_find_attr
run #8: crashed: KASAN: use-after-free Read in mi_find_attr
run #9: crashed: KASAN: use-after-free Read in mi_find_attr
# git bisect good 9cf5b508bd260d5693d337bcf1f9b82b961b6137
Bisecting: 191 revisions left to test after this (roughly 8 steps)
[af9b3fa15d6d99d948bcaca5a036ad2b292c8e8a] Merge tag 'trace-probes-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

testing commit af9b3fa15d6d99d948bcaca5a036ad2b292c8e8a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7d5908301766ca56f83a6c263972c642c040b118b5b194cb1ef1c9e661c61184
all runs: OK
# git bisect bad af9b3fa15d6d99d948bcaca5a036ad2b292c8e8a
Bisecting: 123 revisions left to test after this (roughly 7 steps)
[04065c12072b6124475c7c4f6ad7484475a2f66e] Merge tag 'fs.mount.propagation.fix.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

testing commit 04065c12072b6124475c7c4f6ad7484475a2f66e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 95d4a274f8f47f868574f87e946859e0a00c1b92fef2e0ec7828954dbb48d286
run #0: crashed: KASAN: use-after-free Read in mi_find_attr
run #1: crashed: KASAN: use-after-free Read in mi_find_attr
run #2: crashed: KASAN: use-after-free Read in mi_find_attr
run #3: crashed: KASAN: use-after-free Read in mi_find_attr
run #4: crashed: KASAN: use-after-free Read in mi_find_attr
run #5: crashed: KASAN: use-after-free Read in mi_find_attr
run #6: crashed: KASAN: use-after-free Read in mi_find_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #9: crashed: KASAN: use-after-free Read in mi_find_attr
# git bisect good 04065c12072b6124475c7c4f6ad7484475a2f66e
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[6022ec6ee2c3a16b26f218d7abb538afb839bd6d] Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3

testing commit 6022ec6ee2c3a16b26f218d7abb538afb839bd6d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 15fddefd598b04cd01509e962354333d4418f7e544e6ddc4dc9cdd1c8d27ab63
all runs: OK
# git bisect bad 6022ec6ee2c3a16b26f218d7abb538afb839bd6d
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[d683c67c5f50802b9b14ea29d89d66a25327e965] fs/ntfs3: Document windows_names mount option

testing commit d683c67c5f50802b9b14ea29d89d66a25327e965 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: dc2f4bb815199c3dae50ba9e8a0bd3460642a8d14d8b72bb3d1f49f41c84ee3e
all runs: OK
# git bisect bad d683c67c5f50802b9b14ea29d89d66a25327e965
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[0a4e7ce6bc03389d75bc62eb6de66cb5efc55839] fs/ntfs3: Fix junction point resolution

testing commit 0a4e7ce6bc03389d75bc62eb6de66cb5efc55839 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 029aaf5a9cdf668ce465dd71bfdd89a9b28fa1433260fc5f2e03fb2ee2639c46
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #1: crashed: KASAN: use-after-free Read in mi_find_attr
run #2: crashed: KASAN: use-after-free Read in mi_find_attr
run #3: crashed: KASAN: use-after-free Read in mi_find_attr
run #4: crashed: KASAN: use-after-free Read in mi_find_attr
run #5: crashed: KASAN: use-after-free Read in mi_find_attr
run #6: crashed: KASAN: use-after-free Read in mi_find_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
# git bisect good 0a4e7ce6bc03389d75bc62eb6de66cb5efc55839
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[0d6d7c61ffeedc782b651a080ad6543ad45314b6] fs/ntfs3: Don't use uni1 uninitialized in ntfs_d_compare()

testing commit 0d6d7c61ffeedc782b651a080ad6543ad45314b6 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 561f107d82e3a69247663dd695b8e63244f91d3542dfa92dac0188edee2faea9
all runs: OK
# git bisect bad 0d6d7c61ffeedc782b651a080ad6543ad45314b6
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[4d42ecda239cc13738d6fd84d098a32e67b368b9] fs/ntfs3: Validate buffer length while parsing index

testing commit 4d42ecda239cc13738d6fd84d098a32e67b368b9 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4430df7362568678e12c4a1677ee41ee854486c37b5febdfaff795afaf383600
all runs: OK
# git bisect bad 4d42ecda239cc13738d6fd84d098a32e67b368b9
Bisecting: 1 revision left to test after this (roughly 1 step)
[4f1dc7d9756e66f3f876839ea174df2e656b7f79] fs/ntfs3: Validate attribute name offset

testing commit 4f1dc7d9756e66f3f876839ea174df2e656b7f79 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f5aa381557ddf142593e3bc4837c7b0ca469ba41ac45c5075e8e2248489e85ed
all runs: OK
# git bisect bad 4f1dc7d9756e66f3f876839ea174df2e656b7f79
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c1ca8ef0262b25493631ecbd9cb8c9893e1481a1] fs/ntfs3: Add null pointer check for inode operations

testing commit c1ca8ef0262b25493631ecbd9cb8c9893e1481a1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4b517d8cfed9ba15a5dc53eb356194234a7b5d3e2b5569d3df77c2a078f2bd49
run #0: crashed: KASAN: use-after-free Read in mi_find_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #2: crashed: KASAN: use-after-free Read in mi_find_attr
run #3: crashed: KASAN: use-after-free Read in mi_find_attr
run #4: crashed: KASAN: use-after-free Read in mi_find_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #7: crashed: KASAN: use-after-free Read in mi_find_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_find_attr
# git bisect good c1ca8ef0262b25493631ecbd9cb8c9893e1481a1
4f1dc7d9756e66f3f876839ea174df2e656b7f79 is the first bad commit
commit 4f1dc7d9756e66f3f876839ea174df2e656b7f79
Author: Edward Lo <edward.lo@ambergroup.io>
Date:   Fri Sep 9 09:04:00 2022 +0800

    fs/ntfs3: Validate attribute name offset
    
    Although the attribute name length is checked before comparing it to
    some common names (e.g., $I30), the offset isn't. This adds a sanity
    check for the attribute name offset, guarantee the validity and prevent
    possible out-of-bound memory accesses.
    
    [  191.720056] BUG: unable to handle page fault for address: ffffebde00000008
    [  191.721060] #PF: supervisor read access in kernel mode
    [  191.721586] #PF: error_code(0x0000) - not-present page
    [  191.722079] PGD 0 P4D 0
    [  191.722571] Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
    [  191.723179] CPU: 0 PID: 244 Comm: mount Not tainted 6.0.0-rc4 #28
    [  191.723749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
    [  191.724832] RIP: 0010:kfree+0x56/0x3b0
    [  191.725870] Code: 80 48 01 d8 0f 82 65 03 00 00 48 c7 c2 00 00 00 80 48 2b 15 2c 06 dd 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 0a 069
    [  191.727375] RSP: 0018:ffff8880076f7878 EFLAGS: 00000286
    [  191.727897] RAX: ffffebde00000000 RBX: 0000000000000040 RCX: ffffffff8528d5b9
    [  191.728531] RDX: 0000777f80000000 RSI: ffffffff8522d49c RDI: 0000000000000040
    [  191.729183] RBP: ffff8880076f78a0 R08: 0000000000000000 R09: 0000000000000000
    [  191.729628] R10: ffff888008949fd8 R11: ffffed10011293fd R12: 0000000000000040
    [  191.730158] R13: ffff888008949f98 R14: ffff888008949ec0 R15: ffff888008949fb0
    [  191.730645] FS:  00007f3520cd7e40(0000) GS:ffff88805ba00000(0000) knlGS:0000000000000000
    [  191.731328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  191.731667] CR2: ffffebde00000008 CR3: 0000000009704000 CR4: 00000000000006f0
    [  191.732568] Call Trace:
    [  191.733231]  <TASK>
    [  191.733860]  kvfree+0x2c/0x40
    [  191.734632]  ni_clear+0x180/0x290
    [  191.735085]  ntfs_evict_inode+0x45/0x70
    [  191.735495]  evict+0x199/0x280
    [  191.735996]  iput.part.0+0x286/0x320
    [  191.736438]  iput+0x32/0x50
    [  191.736811]  iget_failed+0x23/0x30
    [  191.737270]  ntfs_iget5+0x337/0x1890
    [  191.737629]  ? ntfs_clear_mft_tail+0x20/0x260
    [  191.738201]  ? ntfs_get_block_bmap+0x70/0x70
    [  191.738482]  ? ntfs_objid_init+0xf6/0x140
    [  191.738779]  ? ntfs_reparse_init+0x140/0x140
    [  191.739266]  ntfs_fill_super+0x121b/0x1b50
    [  191.739623]  ? put_ntfs+0x1d0/0x1d0
    [  191.739984]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
    [  191.740466]  ? put_ntfs+0x1d0/0x1d0
    [  191.740787]  ? sb_set_blocksize+0x6a/0x80
    [  191.741272]  get_tree_bdev+0x232/0x370
    [  191.741829]  ? put_ntfs+0x1d0/0x1d0
    [  191.742669]  ntfs_fs_get_tree+0x15/0x20
    [  191.743132]  vfs_get_tree+0x4c/0x130
    [  191.743457]  path_mount+0x654/0xfe0
    [  191.743938]  ? putname+0x80/0xa0
    [  191.744271]  ? finish_automount+0x2e0/0x2e0
    [  191.744582]  ? putname+0x80/0xa0
    [  191.745053]  ? kmem_cache_free+0x1c4/0x440
    [  191.745403]  ? putname+0x80/0xa0
    [  191.745616]  do_mount+0xd6/0xf0
    [  191.745887]  ? path_mount+0xfe0/0xfe0
    [  191.746287]  ? __kasan_check_write+0x14/0x20
    [  191.746582]  __x64_sys_mount+0xca/0x110
    [  191.746850]  do_syscall_64+0x3b/0x90
    [  191.747122]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
    [  191.747517] RIP: 0033:0x7f351fee948a
    [  191.748332] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 008
    [  191.749341] RSP: 002b:00007ffd51cf3af8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
    [  191.749960] RAX: ffffffffffffffda RBX: 000055b903733060 RCX: 00007f351fee948a
    [  191.750589] RDX: 000055b903733260 RSI: 000055b9037332e0 RDI: 000055b90373bce0
    [  191.751115] RBP: 0000000000000000 R08: 000055b903733280 R09: 0000000000000020
    [  191.751537] R10: 00000000c0ed0000 R11: 0000000000000202 R12: 000055b90373bce0
    [  191.751946] R13: 000055b903733260 R14: 0000000000000000 R15: 00000000ffffffff
    [  191.752519]  </TASK>
    [  191.752782] Modules linked in:
    [  191.753785] CR2: ffffebde00000008
    [  191.754937] ---[ end trace 0000000000000000 ]---
    [  191.755429] RIP: 0010:kfree+0x56/0x3b0
    [  191.755725] Code: 80 48 01 d8 0f 82 65 03 00 00 48 c7 c2 00 00 00 80 48 2b 15 2c 06 dd 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 0a 069
    [  191.756744] RSP: 0018:ffff8880076f7878 EFLAGS: 00000286
    [  191.757218] RAX: ffffebde00000000 RBX: 0000000000000040 RCX: ffffffff8528d5b9
    [  191.757580] RDX: 0000777f80000000 RSI: ffffffff8522d49c RDI: 0000000000000040
    [  191.758016] RBP: ffff8880076f78a0 R08: 0000000000000000 R09: 0000000000000000
    [  191.758570] R10: ffff888008949fd8 R11: ffffed10011293fd R12: 0000000000000040
    [  191.758957] R13: ffff888008949f98 R14: ffff888008949ec0 R15: ffff888008949fb0
    [  191.759317] FS:  00007f3520cd7e40(0000) GS:ffff88805ba00000(0000) knlGS:0000000000000000
    [  191.759711] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  191.760118] CR2: ffffebde00000008 CR3: 0000000009704000 CR4: 00000000000006f0
    
    Signed-off-by: Edward Lo <edward.lo@ambergroup.io>
    Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

 fs/ntfs3/inode.c | 3 +++
 1 file changed, 3 insertions(+)

culprit signature: f5aa381557ddf142593e3bc4837c7b0ca469ba41ac45c5075e8e2248489e85ed
parent  signature: 4b517d8cfed9ba15a5dc53eb356194234a7b5d3e2b5569d3df77c2a078f2bd49
revisions tested: 15, total time: 3h51m42.620706662s (build: 2h15m55.564110688s, test: 1h33m18.387857894s)
first good commit: 4f1dc7d9756e66f3f876839ea174df2e656b7f79 fs/ntfs3: Validate attribute name offset
recipients (to): ["almaz.alexandrovich@paragon-software.com" "almaz.alexandrovich@paragon-software.com" "edward.lo@ambergroup.io" "ntfs3@lists.linux.dev"]
recipients (cc): ["linux-kernel@vger.kernel.org"]