ci2 starts bisection 2023-06-18 20:57:20.832882603 +0000 UTC m=+256864.025679351
bisecting fixing commit since ca48fc16c49388400eddd6c6614593ebf7c7726a
building syzkaller on 0fbd49f48637cff2f7cf1ab0150e2c4ce8d97527
ensuring issue is reproducible on original commit ca48fc16c49388400eddd6c6614593ebf7c7726a

testing commit ca48fc16c49388400eddd6c6614593ebf7c7726a gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b027f29c280bc5a762e7c3c0fb491ae19f6703e7babe8af91010f3388ebb1346
all runs: crashed: WARNING in __virt_to_phys
testing current HEAD ca87e77a2ef8b298aa9f69658d5898e72ee450fe
testing commit ca87e77a2ef8b298aa9f69658d5898e72ee450fe gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: df77e5b12e5f3d91e34f57a48813b0ef78f3dc67d595f253473996ec7e4a4ba0
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect start ca87e77a2ef8b298aa9f69658d5898e72ee450fe ca48fc16c49388400eddd6c6614593ebf7c7726a
Bisecting: 829 revisions left to test after this (roughly 10 steps)
[dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3] ext4: fix WARNING in mb_find_extent

testing commit dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9ecdfc633d8d68711c83d8fe9d89ff3a5231b4645fa48e9e1f6c9db0b8ad7aad
all runs: crashed: WARNING in __virt_to_phys
# git bisect good dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3
Bisecting: 414 revisions left to test after this (roughly 9 steps)
[47b4f741a3f6ecf61912e9447cf47f95c750d3ae] platform/mellanox: mlxbf-pmc: fix sscanf() error checking

testing commit 47b4f741a3f6ecf61912e9447cf47f95c750d3ae gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 305690ac89ef863a426f5cb7a7daaea11ae630bdf49c45a4c20d71048348dfbd
all runs: crashed: WARNING in __virt_to_phys
# git bisect good 47b4f741a3f6ecf61912e9447cf47f95c750d3ae
Bisecting: 207 revisions left to test after this (roughly 8 steps)
[ab0c2dffe80f2ec63b3c43f2930f7a6b536d687b] iio: dac: mcp4725: Fix i2c_master_send() return value handling

testing commit ab0c2dffe80f2ec63b3c43f2930f7a6b536d687b gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b915fff196b8513b93f412378237f1e926b1d9a6efdee475cf52e0a0d77ec900
all runs: crashed: WARNING in __virt_to_phys
# git bisect good ab0c2dffe80f2ec63b3c43f2930f7a6b536d687b
Bisecting: 103 revisions left to test after this (roughly 7 steps)
[4dd40fec5bf2ea0b247611eea2c831d16919a85c] wifi: mac80211: mlme: fix non-inheritence element

testing commit 4dd40fec5bf2ea0b247611eea2c831d16919a85c gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 692c239a0b2990fa02e659ad3b7611585c8a981dee53bf0bef75a15a9b65725e
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect bad 4dd40fec5bf2ea0b247611eea2c831d16919a85c
Bisecting: 51 revisions left to test after this (roughly 6 steps)
[97211945ef6800d89050401ea97ddc9c0ed912df] serial: cpm_uart: Fix a COMPILE_TEST dependency

testing commit 97211945ef6800d89050401ea97ddc9c0ed912df gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1a5f12b815e7015a7b356f40a30ee5e196fc8fc8415531afbcc8bcab3f294740
all runs: crashed: WARNING in __virt_to_phys
# git bisect good 97211945ef6800d89050401ea97ddc9c0ed912df
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[097acf0aa622bf10714a9134e2bfc508cd37ac03] net: sfp: fix state loss when updating state_hw_mask

testing commit 097acf0aa622bf10714a9134e2bfc508cd37ac03 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d45c2098201df2f9b51f05f527a533654c1f2f473752aff4c657a22d5794cb71
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect bad 097acf0aa622bf10714a9134e2bfc508cd37ac03
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[77ee4f8c02b803b77cc7cf19c7000d7e7de4e849] regmap: Account for register length when chunking

testing commit 77ee4f8c02b803b77cc7cf19c7000d7e7de4e849 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: da6c9fcb57b0ac317bbf0e11751a0a5a45c72b7f6e4192282dc37e34ab11fcfd
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect bad 77ee4f8c02b803b77cc7cf19c7000d7e7de4e849
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[8072ea6743749b129e9cbd3a62a1b1b5fa6bf5b7] ksmbd: fix credit count leakage

testing commit 8072ea6743749b129e9cbd3a62a1b1b5fa6bf5b7 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d5b8c5523ba6996e58525c1aeb47b203e79bfd8733b85699ba9279263d387f4b
all runs: crashed: WARNING in __virt_to_phys
# git bisect good 8072ea6743749b129e9cbd3a62a1b1b5fa6bf5b7
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[522a9417f64908b5d4938fac3d0f831e65e4f933] ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate

testing commit 522a9417f64908b5d4938fac3d0f831e65e4f933 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 57944db8a7d9aa37fa83b4e39fd3f8934ed4d238ce4e20df6f5035d3d3f7412b
all runs: crashed: WARNING in __virt_to_phys
# git bisect good 522a9417f64908b5d4938fac3d0f831e65e4f933
Bisecting: 1 revision left to test after this (roughly 1 step)
[0b28edf227e30e05ac1069613302b2d561229907] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()

testing commit 0b28edf227e30e05ac1069613302b2d561229907 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1303531a5c28ec7625685ea996ff0d315ca9049ee24c2af51b2ee2c7b881cbd5
all runs: crashed: WARNING in __virt_to_phys
# git bisect good 0b28edf227e30e05ac1069613302b2d561229907
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a8eaa9a06addbd9cb0238cb1c729921ecbb6504c] fs/ntfs3: Validate MFT flags before replaying logs

testing commit a8eaa9a06addbd9cb0238cb1c729921ecbb6504c gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 605b48c7cf87b3d60b47988ba129c3a4cb29260ccb8a7e03e2940227e24237db
all runs: OK
too many neither good nor bad results, skipping this commit
# git bisect bad a8eaa9a06addbd9cb0238cb1c729921ecbb6504c
a8eaa9a06addbd9cb0238cb1c729921ecbb6504c is the first bad commit
commit a8eaa9a06addbd9cb0238cb1c729921ecbb6504c
Author: Edward Lo <edward.lo@ambergroup.io>
Date:   Sat Nov 5 23:39:44 2022 +0800

    fs/ntfs3: Validate MFT flags before replaying logs
    
    commit 98bea253aa28ad8be2ce565a9ca21beb4a9419e5 upstream.
    
    Log load and replay is part of the metadata handle flow during mount
    operation. The $MFT record will be loaded and used while replaying logs.
    However, a malformed $MFT record, say, has RECORD_FLAG_DIR flag set and
    contains an ATTR_ROOT attribute will misguide kernel to treat it as a
    directory, and try to free the allocated resources when the
    corresponding inode is freed, which will cause an invalid kfree because
    the memory hasn't actually been allocated.
    
    [  101.368647] BUG: KASAN: invalid-free in kvfree+0x2c/0x40
    [  101.369457]
    [  101.369986] CPU: 0 PID: 198 Comm: mount Not tainted 6.0.0-rc7+ #5
    [  101.370529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
    [  101.371362] Call Trace:
    [  101.371795]  <TASK>
    [  101.372157]  dump_stack_lvl+0x49/0x63
    [  101.372658]  print_report.cold+0xf5/0x689
    [  101.373022]  ? ni_write_inode+0x754/0xd90
    [  101.373378]  ? kvfree+0x2c/0x40
    [  101.373698]  kasan_report_invalid_free+0x77/0xf0
    [  101.374058]  ? kvfree+0x2c/0x40
    [  101.374352]  ? kvfree+0x2c/0x40
    [  101.374668]  __kasan_slab_free+0x189/0x1b0
    [  101.374992]  ? kvfree+0x2c/0x40
    [  101.375271]  kfree+0x168/0x3b0
    [  101.375717]  kvfree+0x2c/0x40
    [  101.376002]  indx_clear+0x26/0x60
    [  101.376316]  ni_clear+0xc5/0x290
    [  101.376661]  ntfs_evict_inode+0x45/0x70
    [  101.377001]  evict+0x199/0x280
    [  101.377432]  iput.part.0+0x286/0x320
    [  101.377819]  iput+0x32/0x50
    [  101.378166]  ntfs_loadlog_and_replay+0x143/0x320
    [  101.378656]  ? ntfs_bio_fill_1+0x510/0x510
    [  101.378968]  ? iput.part.0+0x286/0x320
    [  101.379367]  ntfs_fill_super+0xecb/0x1ba0
    [  101.379729]  ? put_ntfs+0x1d0/0x1d0
    [  101.380046]  ? vsprintf+0x20/0x20
    [  101.380542]  ? mutex_unlock+0x81/0xd0
    [  101.380914]  ? set_blocksize+0x95/0x150
    [  101.381597]  get_tree_bdev+0x232/0x370
    [  101.382254]  ? put_ntfs+0x1d0/0x1d0
    [  101.382699]  ntfs_fs_get_tree+0x15/0x20
    [  101.383094]  vfs_get_tree+0x4c/0x130
    [  101.383675]  path_mount+0x654/0xfe0
    [  101.384203]  ? putname+0x80/0xa0
    [  101.384540]  ? finish_automount+0x2e0/0x2e0
    [  101.384943]  ? putname+0x80/0xa0
    [  101.385362]  ? kmem_cache_free+0x1c4/0x440
    [  101.385968]  ? putname+0x80/0xa0
    [  101.386666]  do_mount+0xd6/0xf0
    [  101.387228]  ? path_mount+0xfe0/0xfe0
    [  101.387585]  ? __kasan_check_write+0x14/0x20
    [  101.387979]  __x64_sys_mount+0xca/0x110
    [  101.388436]  do_syscall_64+0x3b/0x90
    [  101.388757]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
    [  101.389289] RIP: 0033:0x7fa0f70e948a
    [  101.390048] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 008
    [  101.391297] RSP: 002b:00007ffc24fdecc8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
    [  101.391988] RAX: ffffffffffffffda RBX: 000055932c183060 RCX: 00007fa0f70e948a
    [  101.392494] RDX: 000055932c183260 RSI: 000055932c1832e0 RDI: 000055932c18bce0
    [  101.393053] RBP: 0000000000000000 R08: 000055932c183280 R09: 0000000000000020
    [  101.393577] R10: 00000000c0ed0000 R11: 0000000000000202 R12: 000055932c18bce0
    [  101.394044] R13: 000055932c183260 R14: 0000000000000000 R15: 00000000ffffffff
    [  101.394747]  </TASK>
    [  101.395402]
    [  101.396047] Allocated by task 198:
    [  101.396724]  kasan_save_stack+0x26/0x50
    [  101.397400]  __kasan_slab_alloc+0x6d/0x90
    [  101.397974]  kmem_cache_alloc_lru+0x192/0x5a0
    [  101.398524]  ntfs_alloc_inode+0x23/0x70
    [  101.399137]  alloc_inode+0x3b/0xf0
    [  101.399534]  iget5_locked+0x54/0xa0
    [  101.400026]  ntfs_iget5+0xaf/0x1780
    [  101.400414]  ntfs_loadlog_and_replay+0xe5/0x320
    [  101.400883]  ntfs_fill_super+0xecb/0x1ba0
    [  101.401313]  get_tree_bdev+0x232/0x370
    [  101.401774]  ntfs_fs_get_tree+0x15/0x20
    [  101.402224]  vfs_get_tree+0x4c/0x130
    [  101.402673]  path_mount+0x654/0xfe0
    [  101.403160]  do_mount+0xd6/0xf0
    [  101.403537]  __x64_sys_mount+0xca/0x110
    [  101.404058]  do_syscall_64+0x3b/0x90
    [  101.404333]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
    [  101.404816]
    [  101.405067] The buggy address belongs to the object at ffff888008cc9ea0
    [  101.405067]  which belongs to the cache ntfs_inode_cache of size 992
    [  101.406171] The buggy address is located 232 bytes inside of
    [  101.406171]  992-byte region [ffff888008cc9ea0, ffff888008cca280)
    [  101.406995]
    [  101.408559] The buggy address belongs to the physical page:
    [  101.409320] page:00000000dccf19dd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cc8
    [  101.410654] head:00000000dccf19dd order:2 compound_mapcount:0 compound_pincount:0
    [  101.411533] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
    [  101.412665] raw: 000fffffc0010200 0000000000000000 dead000000000122 ffff888003695140
    [  101.413209] raw: 0000000000000000 00000000800e000e 00000001ffffffff 0000000000000000
    [  101.413799] page dumped because: kasan: bad access detected
    [  101.414213]
    [  101.414427] Memory state around the buggy address:
    [  101.414991]  ffff888008cc9e80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
    [  101.415785]  ffff888008cc9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [  101.416933] >ffff888008cc9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [  101.417857]                       ^
    [  101.418566]  ffff888008cca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [  101.419704]  ffff888008cca080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
    Signed-off-by: Edward Lo <edward.lo@ambergroup.io>
    Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
    Cc: Luiz Capitulino <luizcap@amazon.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ntfs3/inode.c | 6 ++++++
 1 file changed, 6 insertions(+)

culprit signature: 605b48c7cf87b3d60b47988ba129c3a4cb29260ccb8a7e03e2940227e24237db
parent  signature: 1303531a5c28ec7625685ea996ff0d315ca9049ee24c2af51b2ee2c7b881cbd5
revisions tested: 13, total time: 6h36m43.273732093s (build: 5h24m50.651632609s, test: 1h8m26.137932644s)
first good commit: a8eaa9a06addbd9cb0238cb1c729921ecbb6504c fs/ntfs3: Validate MFT flags before replaying logs
recipients (to): ["almaz.alexandrovich@paragon-software.com" "edward.lo@ambergroup.io" "gregkh@linuxfoundation.org"]
recipients (cc): []