ci starts bisection 2023-07-19 05:55:02.770297936 +0000 UTC m=+61014.694108733 bisecting cause commit starting from 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 building syzkaller on 022df2bb9a105c303cf24c910b8e787cf642a3f3 ensuring issue is reproducible on original commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 462cbc0508c8f82dc50c426ee151115873c92df0042bc0fbc1c9cb85b4b53b15 run #0: crashed: general protection fault in attr_data_read_resident run #1: crashed: general protection fault in attr_data_read_resident run #2: crashed: general protection fault in attr_data_read_resident run #3: crashed: general protection fault in attr_data_read_resident run #4: crashed: general protection fault in attr_data_read_resident run #5: crashed: general protection fault in attr_data_read_resident run #6: crashed: general protection fault in attr_data_read_resident run #7: crashed: general protection fault in attr_data_read_resident run #8: crashed: general protection fault in attr_data_read_resident run #9: crashed: general protection fault in attr_data_read_resident run #10: crashed: general protection fault in attr_data_read_resident run #11: crashed: general protection fault in attr_data_read_resident run #12: crashed: general protection fault in attr_data_read_resident run #13: crashed: general protection fault in attr_data_read_resident run #14: crashed: general protection fault in attr_data_read_resident run #15: crashed: general protection fault in attr_data_read_resident run #16: crashed: general protection fault in attr_data_read_resident run #17: crashed: general protection fault in attr_data_read_resident run #18: crashed: general protection fault in attr_data_read_resident run #19: crashed: general protection fault in attr_data_read_resident run #20: crashed: general protection fault in attr_data_read_resident run #21: crashed: general protection fault in attr_data_read_resident run #22: crashed: general protection fault in attr_data_read_resident run #23: crashed: general protection fault in attr_data_read_resident run #24: crashed: general protection fault in attr_data_read_resident run #25: crashed: general protection fault in attr_data_read_resident run #26: crashed: general protection fault in attr_data_read_resident run #27: crashed: general protection fault in attr_data_read_resident run #28: crashed: general protection fault in attr_data_read_resident run #29: crashed: general protection fault in attr_data_read_resident run #30: crashed: general protection fault in attr_data_read_resident run #31: crashed: general protection fault in attr_data_read_resident run #32: crashed: general protection fault in attr_data_read_resident run #33: crashed: general protection fault in attr_data_read_resident run #34: crashed: general protection fault in attr_data_read_resident run #35: crashed: general protection fault in attr_data_read_resident run #36: crashed: general protection fault in attr_data_read_resident run #37: crashed: general protection fault in attr_data_read_resident run #38: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor401533267" "root@10.128.15.228:./syz-executor401533267"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.15.228, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.15.228 [10.128.15.228] port 22. debug1: connect to address 10.128.15.228 port 22: Connection timed out ssh: connect to host 10.128.15.228 port 22: Connection timed out scp: Connection closed representative crash: general protection fault in attr_data_read_resident, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eab1f23a1644d92a41d2dede3a01dc5a5335cd03b8ee0c5d2f91b9ce33a40333 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3883 full=7652 leaves diff=1997 split chunks (needed=false): <1997> split chunk #0 of len 1997 into 5 parts testing without sub-chunk 1/5 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 42eea274a45c14400b1c8a9fd4737e873ddfd95acb73d177315726dac1f6c685 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 48c752ad1aa98771bfd2c41d44b20f73fc4732eaa912d8cc46e81255e0824400 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 36ff58063fbbe4cf9d552d11ec7dda9f421c9e4619865ab29c2a3fcf1029d30f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 17a0a249e7b8e9395e19c78b7d6679a0e18572cf3644ff8698bb741cbbf8da88 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 testing commit 74f1456c4a5f3d7da4102ecae5c20370f89c6ed1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c71d78a9447f56711fbf6344f379d1f898e5adffe0a288e552ac377cf4cd0bf6 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] the chunk can be dropped minimized to 400 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 CFG80211 CMA DAX DLM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IP_SCTP L2TP LIBNVDIMM MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_4 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_842_COMPRESS PSTORE_COMPRESS PSTORE_DEFLATE_COMPRESS PSTORE_DEFLATE_COMPRESS_DEFAULT PSTORE_LZ4HC_COMPRESS PSTORE_LZ4_COMPRESS PSTORE_LZO_COMPRESS PSTORE_ZSTD_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_SINGLE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN ZONE_DEVICE] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6aee353c6886839cf3cc15251b9aa9c63d2d5beb1876433f680a331624887423 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6da8b93bf35e2f4151a190369b9cfc8fe305e9cdf3b5a05ea75e047c19f1e459 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cefe0253b64c4460fd9adb2d174f8abbe8ac54a31fe1c253089dcf43a4577ef8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c96821067923cf1bedd94a343a7c566b37793bebe03f2a6cc0a793b04198bd3f all runs: OK false negative chance: 0.000 # git bisect start c9c3395d5e3dcc6daee66c6908354d47bf98cb0c 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 9429 revisions left to test after this (roughly 13 steps) [1ca06f1c1acecbe02124f14a37cce347b8c1a90c] Merge tag 'xtensa-20221213' of https://github.com/jcmvbkbc/linux-xtensa testing commit 1ca06f1c1acecbe02124f14a37cce347b8c1a90c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 43b0ae9276449f9c28e9f1b3352820170fc80f114327c0c21139325bcac64019 all runs: OK false negative chance: 0.000 # git bisect good 1ca06f1c1acecbe02124f14a37cce347b8c1a90c Bisecting: 4752 revisions left to test after this (roughly 12 steps) [b83a7080d30032cf70832bc2bb04cc342e203b88] Merge tag 'staging-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit b83a7080d30032cf70832bc2bb04cc342e203b88 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 69c2c67d1d34daf6aa00325337d4d899b2eb8e50e731e2aff90b7f70d3e90409 all runs: OK false negative chance: 0.000 # git bisect good b83a7080d30032cf70832bc2bb04cc342e203b88 Bisecting: 2380 revisions left to test after this (roughly 11 steps) [06d65a6f640118430b894273914aa8d62d2cf637] Merge tag 'mips_6.2_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 06d65a6f640118430b894273914aa8d62d2cf637 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2435f65b14e81e3372823a8b46bb3a7a895bffac832dd5f84235b637f6c58131 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] # git bisect bad 06d65a6f640118430b894273914aa8d62d2cf637 Bisecting: 1268 revisions left to test after this (roughly 10 steps) [a6e3e6f138058ff184d8ef5064a033b3f5fee8f8] Merge tag 'mm-nonmm-stable-2022-12-17-20-32' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit a6e3e6f138058ff184d8ef5064a033b3f5fee8f8 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1218e815025616db134a4e9a99c0043b02c24d95f62cf3c6c691762fe419e908 all runs: OK false negative chance: 0.000 # git bisect good a6e3e6f138058ff184d8ef5064a033b3f5fee8f8 Bisecting: 634 revisions left to test after this (roughly 9 steps) [3c202d14a9d73fb63c3dccb18feac5618c21e1c4] prandom: remove prandom_u32_max() testing commit 3c202d14a9d73fb63c3dccb18feac5618c21e1c4 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 52da76bf484f54fae40aea3dfec52f5281dc8c6914de472823c8f89bf25c134c all runs: OK false negative chance: 0.000 # git bisect good 3c202d14a9d73fb63c3dccb18feac5618c21e1c4 Bisecting: 314 revisions left to test after this (roughly 8 steps) [f2855eec19cadddad2900da3a009ee39df6116a7] Merge tag 'mailbox-v6.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration testing commit f2855eec19cadddad2900da3a009ee39df6116a7 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 81452a077bcafaa7dd8e650c1f28eeb4b7220facfcc020d0f72cb20897ce2cc3 all runs: OK false negative chance: 0.000 # git bisect good f2855eec19cadddad2900da3a009ee39df6116a7 Bisecting: 159 revisions left to test after this (roughly 7 steps) [6022ec6ee2c3a16b26f218d7abb538afb839bd6d] Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3 testing commit 6022ec6ee2c3a16b26f218d7abb538afb839bd6d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 62a47f97b9c9c5864bcaaa8f0ec1bb4a8bbf62eded360365743f51638495b582 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] # git bisect bad 6022ec6ee2c3a16b26f218d7abb538afb839bd6d Bisecting: 73 revisions left to test after this (roughly 6 steps) [5461e079009ae2732c833281c4b50dfb58d15ba5] Merge tag 'media/v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5461e079009ae2732c833281c4b50dfb58d15ba5 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ead4996704e055bb06fd57aeb201c69adfb96eb4c8cf088b8e34cf8f2ee3d2bf all runs: OK false negative chance: 0.000 # git bisect good 5461e079009ae2732c833281c4b50dfb58d15ba5 Bisecting: 36 revisions left to test after this (roughly 5 steps) [0d19f3d71394b0b03b8775c958b3354fa2259609] fs/ntfs3: Add system.ntfs_attrib_be extended attribute testing commit 0d19f3d71394b0b03b8775c958b3354fa2259609 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b95de2b6353405a321e0ea3bdc2710031b5529ccee54ec2ef93c9739ef67af7d all runs: OK false negative chance: 0.000 # git bisect good 0d19f3d71394b0b03b8775c958b3354fa2259609 Bisecting: 18 revisions left to test after this (roughly 4 steps) [6f80ed14d76c730f7943777ba259cd32870e6433] fs/ntfs3: Correct ntfs_check_for_free_space testing commit 6f80ed14d76c730f7943777ba259cd32870e6433 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d83a05d36bfef95cb87d2ea795787d199a3410c3b4766ca0dd5ff5358444ba9c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] # git bisect bad 6f80ed14d76c730f7943777ba259cd32870e6433 Bisecting: 8 revisions left to test after this (roughly 3 steps) [3929042111de8cb283489ef4ea184103e3443536] fs/ntfs3: Remove unused functions testing commit 3929042111de8cb283489ef4ea184103e3443536 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fb6ae49b6d913394a51189ff1c76ee87edfa042af9e24e4e4a03ca3405d3bffd all runs: OK false negative chance: 0.000 # git bisect good 3929042111de8cb283489ef4ea184103e3443536 Bisecting: 4 revisions left to test after this (roughly 2 steps) [07f4aa9dd245661414a2db0574bed9bc5736ccfd] fs/ntfs3: Fix wrong indentations testing commit 07f4aa9dd245661414a2db0574bed9bc5736ccfd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 85553c2187a33e9839550e2e91d741b275225792ef4934f4b194bbf00bef8b0a all runs: OK false negative chance: 0.000 # git bisect good 07f4aa9dd245661414a2db0574bed9bc5736ccfd Bisecting: 2 revisions left to test after this (roughly 1 step) [ad26a9c84510af7252e582e811de970433a9758f] fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate testing commit ad26a9c84510af7252e582e811de970433a9758f gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d0d180d4a8c746dab0cc813c6ca458e88251f90d4ba23e6e7ba3eafc05e99f88 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident representative crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident, types: [UNKNOWN] # git bisect bad ad26a9c84510af7252e582e811de970433a9758f Bisecting: 0 revisions left to test after this (roughly 0 steps) [2b108260ea2c9ec07651aea4911d7e2e6ab560f7] fs/ntfs3: atomic_open implementation testing commit 2b108260ea2c9ec07651aea4911d7e2e6ab560f7 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b4bbd166172bd88fb1c1e30934c5080b5c23073004e2ae194f16e1d7a1e0275d all runs: OK false negative chance: 0.000 # git bisect good 2b108260ea2c9ec07651aea4911d7e2e6ab560f7 ad26a9c84510af7252e582e811de970433a9758f is the first bad commit commit ad26a9c84510af7252e582e811de970433a9758f Author: Konstantin Komarov Date: Fri Oct 7 20:08:06 2022 +0300 fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate There were 2 problems: - in some cases we lost dirty flag; - cluster allocation can be called even when it wasn't needed. Fixes xfstest generic/465 Signed-off-by: Konstantin Komarov fs/ntfs3/attrib.c | 25 +++++++++++-------------- fs/ntfs3/file.c | 30 ++++++++++++++++++------------ fs/ntfs3/index.c | 9 +++++++++ fs/ntfs3/inode.c | 17 +++++------------ 4 files changed, 43 insertions(+), 38 deletions(-) accumulated error probability: 0.00 culprit signature: d0d180d4a8c746dab0cc813c6ca458e88251f90d4ba23e6e7ba3eafc05e99f88 parent signature: b4bbd166172bd88fb1c1e30934c5080b5c23073004e2ae194f16e1d7a1e0275d revisions tested: 25, total time: 5h43m15.781834282s (build: 3h9m24.700274456s, test: 2h26m54.091752195s) first bad commit: ad26a9c84510af7252e582e811de970433a9758f fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate recipients (to): ["almaz.alexandrovich@paragon-software.com"] recipients (cc): [] crash: BUG: unable to handle kernel NULL pointer dereference in attr_data_read_resident loop0: detected capacity change from 0 to 4096 ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 11157d067 P4D 11157d067 PUD 1113ce067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 1997 Comm: syz-executor.0 Not tainted 6.0.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 RIP: 0010:attr_data_read_resident+0x41/0x310 fs/ntfs3/attrib.c:1192 Code: 41 54 49 89 f4 31 f6 55 53 6a 00 6a 00 e8 a7 af 00 00 5a 48 85 c0 59 0f 84 c5 02 00 00 80 78 08 00 48 89 c3 0f 85 e8 00 00 00 <4d> 8b 74 24 20 8b 40 10 49 c1 e6 0c 49 39 c6 48 89 c5 0f 83 ae 00 RSP: 0018:ffffc900027efd20 EFLAGS: 00010246 RAX: ffff888107ac1108 RBX: ffff888107ac1108 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000270 RBP: ffff88810c580770 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900027efd58 R11: 0000000000000001 R12: 0000000000000000 R13: ffff8881087d0000 R14: ffff8881087d0000 R15: 000000000000000c FS: 00007ff75a8ac6c0(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 00000001115a2000 CR4: 0000000000350ee0 Call Trace: ntfs_get_block_vbo+0x1c7/0x560 fs/ntfs3/inode.c:556 generic_block_bmap+0x4e/0x80 fs/buffer.c:2660 bmap+0x21/0x30 fs/inode.c:1799 ioctl_fibmap fs/ioctl.c:77 [inline] file_ioctl fs/ioctl.c:327 [inline] do_vfs_ioctl+0x88f/0x8f0 fs/ioctl.c:849 __do_sys_ioctl fs/ioctl.c:868 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x64/0xc0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff759a7cb29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff75a8ac0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff759b9bf80 RCX: 00007ff759a7cb29 RDX: 0000000020000100 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 00007ff759ac847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007ff759b9bf80 R15: 00007fff1d566d18 Modules linked in: CR2: 0000000000000020 ---[ end trace 0000000000000000 ]--- RIP: 0010:attr_data_read_resident+0x41/0x310 fs/ntfs3/attrib.c:1192 Code: 41 54 49 89 f4 31 f6 55 53 6a 00 6a 00 e8 a7 af 00 00 5a 48 85 c0 59 0f 84 c5 02 00 00 80 78 08 00 48 89 c3 0f 85 e8 00 00 00 <4d> 8b 74 24 20 8b 40 10 49 c1 e6 0c 49 39 c6 48 89 c5 0f 83 ae 00 RSP: 0018:ffffc900027efd20 EFLAGS: 00010246 RAX: ffff888107ac1108 RBX: ffff888107ac1108 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000270 RBP: ffff88810c580770 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900027efd58 R11: 0000000000000001 R12: 0000000000000000 R13: ffff8881087d0000 R14: ffff8881087d0000 R15: 000000000000000c FS: 00007ff75a8ac6c0(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 00000001115a2000 CR4: 0000000000350ee0 ---------------- Code disassembly (best guess): 0: 41 54 push %r12 2: 49 89 f4 mov %rsi,%r12 5: 31 f6 xor %esi,%esi 7: 55 push %rbp 8: 53 push %rbx 9: 6a 00 push $0x0 b: 6a 00 push $0x0 d: e8 a7 af 00 00 call 0xafb9 12: 5a pop %rdx 13: 48 85 c0 test %rax,%rax 16: 59 pop %rcx 17: 0f 84 c5 02 00 00 je 0x2e2 1d: 80 78 08 00 cmpb $0x0,0x8(%rax) 21: 48 89 c3 mov %rax,%rbx 24: 0f 85 e8 00 00 00 jne 0x112 * 2a: 4d 8b 74 24 20 mov 0x20(%r12),%r14 <-- trapping instruction 2f: 8b 40 10 mov 0x10(%rax),%eax 32: 49 c1 e6 0c shl $0xc,%r14 36: 49 39 c6 cmp %rax,%r14 39: 48 89 c5 mov %rax,%rbp 3c: 0f .byte 0xf 3d: 83 .byte 0x83 3e: ae scas %es:(%rdi),%al