[v6.1] BUG: unable to handle kernel NULL pointer dereference in ntfs_sparse_cluster
0 views
Skip to first unread message
syzbot
Mar 15, 2023, 4:23:56 PM3/15/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6449a0ba6843 Linux 6.1.19
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14a747ccc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9ed8b3ec03e8c126
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0ad616da3180/disk-6449a0ba.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/42677a30acb3/vmlinux-6449a0ba.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2e21fe35d03d/bzImage-6449a0ba.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e5d0...@syzkaller.appspotmail.com
ntfs3: loop2: Mark volume as dirty due to NTFS errors
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 28a5f067 P4D 28a5f067 PUD 702f7067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10553 Comm: syz-executor.2 Not tainted 6.1.19-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900055dfcc8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea0001283380 RCX: dffffc0000000000
RDX: ffffc9000b0c1000 RSI: ffffea0001283380 RDI: ffff888070f38478
RBP: 0000000000000000 R08: ffffffff81b9f6e6 R09: fffff94000250671
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 00007f52922d3700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001dc7b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x718/0xa20 fs/ntfs3/file.c:335
ntfs_fallocate+0xa70/0x1020 fs/ntfs3/file.c:727
vfs_fallocate+0x547/0x6b0 fs/open.c:323
ksys_fallocate fs/open.c:346 [inline]
__do_sys_fallocate fs/open.c:354 [inline]
__se_sys_fallocate fs/open.c:352 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:352
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f529148c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f52922d3168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f52915abf80 RCX: 00007f529148c0f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f52914e7b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0f9317cf R14: 00007f52922d3300 R15: 0000000000022000
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900055dfcc8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea0001283380 RCX: dffffc0000000000
RDX: ffffc9000b0c1000 RSI: ffffea0001283380 RDI: ffff888070f38478
RBP: 0000000000000000 R08: ffffffff81b9f6e6 R09: fffff94000250671
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 00007f52922d3700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001dc7b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 6449a0ba6843 Linux 6.1.19
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14a747ccc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9ed8b3ec03e8c126
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0ad616da3180/disk-6449a0ba.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/42677a30acb3/vmlinux-6449a0ba.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2e21fe35d03d/bzImage-6449a0ba.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e5d0...@syzkaller.appspotmail.com
ntfs3: loop2: Mark volume as dirty due to NTFS errors
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 28a5f067 P4D 28a5f067 PUD 702f7067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10553 Comm: syz-executor.2 Not tainted 6.1.19-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900055dfcc8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea0001283380 RCX: dffffc0000000000
RDX: ffffc9000b0c1000 RSI: ffffea0001283380 RDI: ffff888070f38478
RBP: 0000000000000000 R08: ffffffff81b9f6e6 R09: fffff94000250671
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 00007f52922d3700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001dc7b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x718/0xa20 fs/ntfs3/file.c:335
ntfs_fallocate+0xa70/0x1020 fs/ntfs3/file.c:727
vfs_fallocate+0x547/0x6b0 fs/open.c:323
ksys_fallocate fs/open.c:346 [inline]
__do_sys_fallocate fs/open.c:354 [inline]
__se_sys_fallocate fs/open.c:352 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:352
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f529148c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f52922d3168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f52915abf80 RCX: 00007f529148c0f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f52914e7b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0f9317cf R14: 00007f52922d3300 R15: 0000000000022000
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900055dfcc8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffea0001283380 RCX: dffffc0000000000
RDX: ffffc9000b0c1000 RSI: ffffea0001283380 RDI: ffff888070f38478
RBP: 0000000000000000 R08: ffffffff81b9f6e6 R09: fffff94000250671
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 00007f52922d3700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001dc7b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 15, 2023, 4:30:46 PM3/15/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2ddbd0f967b3 Linux 5.15.102
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=165184aac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=fec083380faceb1e
dashboard link: https://syzkaller.appspot.com/bug?extid=7bdfe1182e4c50d2a21d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/156d2aa91f3c/disk-2ddbd0f9.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/f0e97f5be5fb/vmlinux-2ddbd0f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/20d0a55a041d/bzImage-2ddbd0f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
loop4: detected capacity change from 0 to 4096
ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512)
ntfs3: loop4: Mark volume as dirty due to NTFS errors
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1aec2067 P4D 1aec2067 PUD 7998e067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4907 Comm: syz-executor.4 Not tainted 5.15.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RIP: 0010:0x0
RSP: 0018:ffffc90005a8fcc8 EFLAGS: 00010282
RAX: 1ffffffff1575e17 RBX: ffffea0000e1c6c0 RCX: ffffffff8abaf0b8
RDX: ffffc9000b552000 RSI: 00000000000047fc RDI: ffffea0000e1c6c0
RBP: dffffc0000000000 R08: ffffffff81ab0959 R09: fffff940001c38d9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffffea0000e1c6c0 R14: 0000000000000000 R15: ffffffffffffffff
FS: 00007fb4bb1ec700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000007ef4b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x76e/0xbb0 fs/ntfs3/file.c:337
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_fallocate+0x7da/0xee0 fs/ntfs3/file.c:706
vfs_fallocate+0x54a/0x6b0 fs/open.c:308
ksys_fallocate fs/open.c:331 [inline]
__do_sys_fallocate fs/open.c:339 [inline]
__se_sys_fallocate fs/open.c:337 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:337
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
RIP: 0033:0x7fb4bcc7a0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb4bb1ec168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fb4bcd99f80 RCX: 00007fb4bcc7a0f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007fb4bccd5b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe39d669ff R14: 00007fb4bb1ec300 R15: 0000000000022000
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 1f3369a80435d89b ]---
Modules linked in:
CR2: 0000000000000000
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90005a8fcc8 EFLAGS: 00010282
RAX: 1ffffffff1575e17 RBX: ffffea0000e1c6c0 RCX: ffffffff8abaf0b8
RDX: ffffc9000b552000 RSI: 00000000000047fc RDI: ffffea0000e1c6c0
RBP: dffffc0000000000 R08: ffffffff81ab0959 R09: fffff940001c38d9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffffea0000e1c6c0 R14: 0000000000000000 R15: ffffffffffffffff
FS: 00007fb4bb1ec700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000007ef4b000 CR4: 00000000003506f0
syzbot
May 7, 2023, 12:27:56 AM5/7/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16371098280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d75fd2280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc04f54c047f/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6b4ba4cb1191/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d927dc3f9670/bzImage-8a7f2a5c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cdd42be91db9/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bdfe1...@syzkaller.appspotmail.com
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RAX: 1ffffffff15759b7 RBX: ffffea0001c15fc0 RCX: ffffffff8abacdb8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001c15fc0
RBP: dffffc0000000000 R08: ffffffff81aa61c9 R09: fffff94000382bf9
FS: 0000555556c66300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffef116a358 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa41aa908c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007fa41aa50160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000008000 R11: 0000000000000246 R12: 00007fa41aa501f0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
RAX: 1ffffffff15759b7 RBX: ffffea0001c15fc0 RCX: ffffffff8abacdb8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001c15fc0
RBP: dffffc0000000000 R08: ffffffff81aa61c9 R09: fffff94000382bf9
FS: 0000555556c66300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16371098280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
dashboard link: https://syzkaller.appspot.com/bug?extid=7bdfe1182e4c50d2a21d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11dd7eca280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d75fd2280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc04f54c047f/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6b4ba4cb1191/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d927dc3f9670/bzImage-8a7f2a5c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cdd42be91db9/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bdfe1...@syzkaller.appspotmail.com
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1f967067 P4D 1f967067 PUD 7e32b067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3499 Comm: syz-executor290 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90002d6fcc8 EFLAGS: 00010282
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RAX: 1ffffffff15759b7 RBX: ffffea0001c15fc0 RCX: ffffffff8abacdb8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001c15fc0
RBP: dffffc0000000000 R08: ffffffff81aa61c9 R09: fffff94000382bf9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffffea0001c15fc0 R14: 0000000000000000 R15: ffffffffffffffff
FS: 0000555556c66300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000007a150000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x76e/0xbb0 fs/ntfs3/file.c:337
ntfs_fallocate+0x7da/0xee0 fs/ntfs3/file.c:706
vfs_fallocate+0x54a/0x6b0 fs/open.c:308
ksys_fallocate fs/open.c:331 [inline]
__do_sys_fallocate fs/open.c:339 [inline]
__se_sys_fallocate fs/open.c:337 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:337
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa41aa908c9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x76e/0xbb0 fs/ntfs3/file.c:337
ntfs_fallocate+0x7da/0xee0 fs/ntfs3/file.c:706
vfs_fallocate+0x54a/0x6b0 fs/open.c:308
ksys_fallocate fs/open.c:331 [inline]
__do_sys_fallocate fs/open.c:339 [inline]
__se_sys_fallocate fs/open.c:337 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:337
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffef116a358 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa41aa908c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007fa41aa50160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000008000 R11: 0000000000000246 R12: 00007fa41aa501f0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 2ad3d8627e567677 ]---
Modules linked in:
CR2: 0000000000000000
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90002d6fcc8 EFLAGS: 00010282
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RAX: 1ffffffff15759b7 RBX: ffffea0001c15fc0 RCX: ffffffff8abacdb8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001c15fc0
RBP: dffffc0000000000 R08: ffffffff81aa61c9 R09: fffff94000382bf9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffffea0001c15fc0 R14: 0000000000000000 R15: ffffffffffffffff
FS: 0000555556c66300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000007a150000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
If you want syzbot to run the reproducer, reply with:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 7, 2023, 1:43:55 AM5/7/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1065d718280000
kernel config: https://syzkaller.appspot.com/x/.config?x=47d3bbfdb3b1ddd2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1288cd6a280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/658765c915fa/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d69e8a1aff2d/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0317a9546209/bzImage-ca48fc16.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/722dbfdb9da8/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e5d0...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RAX: 0000000000000000 RBX: ffffea0001c25c40 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffea0001c25c40 RDI: ffff88806fc58478
RBP: 0000000000000000 R08: ffffffff81b94e76 R09: fffff94000384b89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8479d178 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5941f738c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f5941f33160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000008000 R11: 0000000000000246 R12: 00007f5941f331f0
RAX: 0000000000000000 RBX: ffffea0001c25c40 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffea0001c25c40 RDI: ffff88806fc58478
RBP: 0000000000000000 R08: ffffffff81b94e76 R09: fffff94000384b89
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1065d718280000
kernel config: https://syzkaller.appspot.com/x/.config?x=47d3bbfdb3b1ddd2
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12110f18280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1288cd6a280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/658765c915fa/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d69e8a1aff2d/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0317a9546209/bzImage-ca48fc16.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/722dbfdb9da8/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e5d0...@syzkaller.appspotmail.com
ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 70f5d067 P4D 70f5d067 PUD 220d5067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3542 Comm: syz-executor320 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003aafcc8 EFLAGS: 00010282
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: ffffea0001c25c40 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffea0001c25c40 RDI: ffff88806fc58478
RBP: 0000000000000000 R08: ffffffff81b94e76 R09: fffff94000384b89
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 0000555555b23300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000002336e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x718/0xa20 fs/ntfs3/file.c:335
ntfs_fallocate+0xa70/0x1020 fs/ntfs3/file.c:727
vfs_fallocate+0x547/0x6b0 fs/open.c:323
ksys_fallocate fs/open.c:346 [inline]
__do_sys_fallocate fs/open.c:354 [inline]
__se_sys_fallocate fs/open.c:352 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:352
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5941f738c9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ntfs_sparse_cluster+0x718/0xa20 fs/ntfs3/file.c:335
ntfs_fallocate+0xa70/0x1020 fs/ntfs3/file.c:727
vfs_fallocate+0x547/0x6b0 fs/open.c:323
ksys_fallocate fs/open.c:346 [inline]
__do_sys_fallocate fs/open.c:354 [inline]
__se_sys_fallocate fs/open.c:352 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:352
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8479d178 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5941f738c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f5941f33160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000008000 R11: 0000000000000246 R12: 00007f5941f331f0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003aafcc8 EFLAGS: 00010282
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: ffffea0001c25c40 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffea0001c25c40 RDI: ffff88806fc58478
RBP: 0000000000000000 R08: ffffffff81b94e76 R09: fffff94000384b89
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
FS: 0000555555b23300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
R13: 0000000000000000 R14: 0000000000001000 R15: ffffffffffffffff
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000002336e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
syzbot
Sep 10, 2023, 7:07:35 PM9/10/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
git tree: upstream
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Fri Oct 7 11:02:36 2022 +0000
fs/ntfs3: Change new sparse cluster processing
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1574dfec680000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
git tree: upstream
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Fri Oct 7 11:02:36 2022 +0000
fs/ntfs3: Change new sparse cluster processing
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1574dfec680000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
dashboard link: https://syzkaller.appspot.com/bug?extid=7bdfe1182e4c50d2a21d
dashboard link: https://syzkaller.appspot.com/bug?extid=7bdfe1182e4c50d2a21d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11dd7eca280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d75fd2280000
Please keep in mind that other backports might be required as well.
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d75fd2280000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Oct 12, 2023, 3:37:36 PM10/12/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
git tree: upstream
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Fri Oct 7 11:02:36 2022 +0000
fs/ntfs3: Change new sparse cluster processing
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=164f884d680000
commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
git tree: upstream
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Fri Oct 7 11:02:36 2022 +0000
fs/ntfs3: Change new sparse cluster processing
kernel config: https://syzkaller.appspot.com/x/.config?x=47d3bbfdb3b1ddd2
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e5d0948a1837ed1bb0
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12110f18280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1288cd6a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1288cd6a280000
Reply all
Reply to author
Forward
0 new messages