[v6.1] BUG: unable to handle kernel NULL pointer dereference in hdr_find_e
3 views
Skip to first unread message
syzbot
Mar 22, 2023, 1:26:44 AM3/22/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1680f616c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=28c36fe4d02f8c88
dashboard link: https://syzkaller.appspot.com/bug?extid=7e4fb438ff50c7144804
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/610a00ba4375/disk-7eaef76f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/57c1310f9a30/vmlinux-7eaef76f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/81999f717d3b/bzImage-7eaef76f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e4fb4...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 4096
ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 77d2f067 P4D 77d2f067 PUD 25d0f067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24079 Comm: syz-executor.4 Not tainted 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90016057598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888072c20288 RSI: 0000000000000000 RDI: ffffffff8b1e5460
RBP: ffffc900160577d0 R08: ffff88803d5ba000 R09: ffffc90016057640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888072c20278 R15: 0000000000000000
FS: 00007f8961ab5700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001cc86000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1074
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x4162/0x4500 fs/ntfs3/super.c:1243
get_tree_bdev+0x3fe/0x620 fs/super.c:1337
vfs_get_tree+0x88/0x270 fs/super.c:1544
do_new_mount+0x28b/0xad0 fs/namespace.c:3040
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8960c8d62a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8961ab4f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000001f202 RCX: 00007f8960c8d62a
RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007f8961ab4fe0
RBP: 00007f8961ab5020 R08: 00007f8961ab5020 R09: 0000000000004018
R10: 0000000000004018 R11: 0000000000000202 R12: 0000000020000080
R13: 00000000200000c0 R14: 00007f8961ab4fe0 R15: 0000000020000040
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90016057598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888072c20288 RSI: 0000000000000000 RDI: ffffffff8b1e5460
RBP: ffffc900160577d0 R08: ffff88803d5ba000 R09: ffffc90016057640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888072c20278 R15: 0000000000000000
FS: 00007f8961ab5700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001cc86000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1680f616c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=28c36fe4d02f8c88
dashboard link: https://syzkaller.appspot.com/bug?extid=7e4fb438ff50c7144804
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/610a00ba4375/disk-7eaef76f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/57c1310f9a30/vmlinux-7eaef76f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/81999f717d3b/bzImage-7eaef76f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e4fb4...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 4096
ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 77d2f067 P4D 77d2f067 PUD 25d0f067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24079 Comm: syz-executor.4 Not tainted 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90016057598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888072c20288 RSI: 0000000000000000 RDI: ffffffff8b1e5460
RBP: ffffc900160577d0 R08: ffff88803d5ba000 R09: ffffc90016057640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888072c20278 R15: 0000000000000000
FS: 00007f8961ab5700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001cc86000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1074
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x4162/0x4500 fs/ntfs3/super.c:1243
get_tree_bdev+0x3fe/0x620 fs/super.c:1337
vfs_get_tree+0x88/0x270 fs/super.c:1544
do_new_mount+0x28b/0xad0 fs/namespace.c:3040
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8960c8d62a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8961ab4f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000001f202 RCX: 00007f8960c8d62a
RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007f8961ab4fe0
RBP: 00007f8961ab5020 R08: 00007f8961ab5020 R09: 0000000000004018
R10: 0000000000004018 R11: 0000000000000202 R12: 0000000020000080
R13: 00000000200000c0 R14: 00007f8961ab4fe0 R15: 0000000020000040
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90016057598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888072c20288 RSI: 0000000000000000 RDI: ffffffff8b1e5460
RBP: ffffc900160577d0 R08: ffff88803d5ba000 R09: ffffc90016057640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888072c20278 R15: 0000000000000000
FS: 00007f8961ab5700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001cc86000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 22, 2023, 3:14:44 AM3/22/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8020ae3c051d Linux 5.15.103
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1405f416c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=d4215fb4040f8f8d
dashboard link: https://syzkaller.appspot.com/bug?extid=1380620f8290560156eb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/857e17de0f0a/disk-8020ae3c.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/9efc49fcd441/vmlinux-8020ae3c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f14c38b6bfa7/bzImage-8020ae3c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
loop5: detected capacity change from 0 to 4096
ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512)
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 72338067 P4D 72338067 PUD 1a7ea067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4859 Comm: syz-executor.5 Not tainted 5.15.103-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RIP: 0010:0x0
RSP: 0018:ffffc90003c4f598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff88803c19e288 RSI: 0000000000000000 RDI: ffffffff8abacc00
RBP: ffffc90003c4f7d0 R08: ffff88803dd14000 R09: ffffc90003c4f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff88803c19e278 R15: 0000000000000000
FS: 00007f6b836c2700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000016b98000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1077
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x40b9/0x4450 fs/ntfs3/super.c:1238
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
get_tree_bdev+0x3fe/0x620 fs/super.c:1294
vfs_get_tree+0x88/0x270 fs/super.c:1499
do_new_mount+0x28b/0xad0 fs/namespace.c:2994
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
RIP: 0033:0x7f6b8515162a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6b836c1f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000001f202 RCX: 00007f6b8515162a
RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007f6b836c1fe0
RBP: 00007f6b836c2020 R08: 00007f6b836c2020 R09: 0000000000004018
R10: 0000000000004018 R11: 0000000000000202 R12: 0000000020000080
R13: 00000000200000c0 R14: 00007f6b836c1fe0 R15: 0000000020000040
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 70e7668a4718882c ]---
Modules linked in:
CR2: 0000000000000000
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90003c4f598 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff88803c19e288 RSI: 0000000000000000 RDI: ffffffff8abacc00
RBP: ffffc90003c4f7d0 R08: ffff88803dd14000 R09: ffffc90003c4f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff88803c19e278 R15: 0000000000000000
FS: 00007f6b836c2700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000016b98000 CR4: 00000000003506e0
syzbot
Mar 22, 2023, 6:14:46 AM3/22/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8020ae3c051d Linux 5.15.103
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10a0ac29c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e3f16ac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/857e17de0f0a/disk-8020ae3c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9efc49fcd441/vmlinux-8020ae3c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f14c38b6bfa7/bzImage-8020ae3c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/4976e798b44b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+138062...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
RBP: ffffc90002d6f7d0 R08: ffff888076924000 R09: ffffc90002d6f640
FS: 00005555561ac300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcddaebb18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00005555561ac2c0 RCX: 00007fc136898d2a
RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007ffcddaebb60
RBP: 0000000000000000 R08: 00007ffcddaebba0 R09: 0000000000000000
R10: 0000000000004018 R11: 0000000000000286 R12: 0000000000000004
R13: 00007ffcddaebba0 R14: 0000000000000003 R15: 00007ffcddaebb60
RBP: ffffc90002d6f7d0 R08: ffff888076924000 R09: ffffc90002d6f640
FS: 00005555561ac300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
HEAD commit: 8020ae3c051d Linux 5.15.103
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=d4215fb4040f8f8d
dashboard link: https://syzkaller.appspot.com/bug?extid=1380620f8290560156eb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1692081cc80000
dashboard link: https://syzkaller.appspot.com/bug?extid=1380620f8290560156eb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e3f16ac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/857e17de0f0a/disk-8020ae3c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9efc49fcd441/vmlinux-8020ae3c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f14c38b6bfa7/bzImage-8020ae3c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+138062...@syzkaller.appspotmail.com
ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1d393067 P4D 1d393067 PUD 723c3067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3673 Comm: syz-executor253 Not tainted 5.15.103-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90002d6f598 EFLAGS: 00010246
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888076870288 RSI: 0000000000000000 RDI: ffffffff8abacc00
RBP: ffffc90002d6f7d0 R08: ffff888076924000 R09: ffffc90002d6f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888076870278 R15: 0000000000000000
FS: 00005555561ac300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000723c9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1077
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x40b9/0x4450 fs/ntfs3/super.c:1238
get_tree_bdev+0x3fe/0x620 fs/super.c:1294
vfs_get_tree+0x88/0x270 fs/super.c:1499
do_new_mount+0x28b/0xad0 fs/namespace.c:2994
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fc136898d2a
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1077
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x40b9/0x4450 fs/ntfs3/super.c:1238
get_tree_bdev+0x3fe/0x620 fs/super.c:1294
vfs_get_tree+0x88/0x270 fs/super.c:1499
do_new_mount+0x28b/0xad0 fs/namespace.c:2994
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcddaebb18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00005555561ac2c0 RCX: 00007fc136898d2a
RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007ffcddaebb60
RBP: 0000000000000000 R08: 00007ffcddaebba0 R09: 0000000000000000
R10: 0000000000004018 R11: 0000000000000286 R12: 0000000000000004
R13: 00007ffcddaebba0 R14: 0000000000000003 R15: 00007ffcddaebb60
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0cdc7ed0fd67e5cb ]---
Modules linked in:
CR2: 0000000000000000
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90002d6f598 EFLAGS: 00010246
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888076870288 RSI: 0000000000000000 RDI: ffffffff8abacc00
RBP: ffffc90002d6f7d0 R08: ffff888076924000 R09: ffffc90002d6f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888076870278 R15: 0000000000000000
FS: 00005555561ac300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000723c9000 CR4: 00000000003506f0
syzbot
Apr 1, 2023, 4:01:54 PM4/1/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162664edc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a782518325cb082
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b63d1c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f6cdeb0f8946/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc5e0da6e9ab/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e31f151a6a5/bzImage-3b29299e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d34641821f22/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e4fb4...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
RBP: ffffc90003e8f7d0 R08: ffff888075112000 R09: ffffc90003e8f640
FS: 0000555555e85300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
vfs_get_tree+0x88/0x270 fs/super.c:1553
Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd09238668 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000555555e852c0 RCX: 00007fe60ffc2d3a
RDX: 000000002001f700 RSI: 0000000020000180 RDI: 00007ffd092386b0
RBP: 0000000000000000 R08: 00007ffd092386f0 R09: 0000000000000000
R10: 0000000000000013 R11: 0000000000000286 R12: 0000000000000004
R13: 00007ffd092386f0 R14: 0000000000000003 R15: 00007ffd092386b0
RBP: ffffc90003e8f7d0 R08: ffff888075112000 R09: ffffc90003e8f640
FS: 0000555555e85300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162664edc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a782518325cb082
dashboard link: https://syzkaller.appspot.com/bug?extid=7e4fb438ff50c7144804
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144408c9c80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b63d1c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f6cdeb0f8946/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc5e0da6e9ab/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e31f151a6a5/bzImage-3b29299e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d34641821f22/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e4fb4...@syzkaller.appspotmail.com
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 794b7067 P4D 794b7067 PUD 76fea067 PMD 0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3731 Comm: syz-executor143 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003e8f598 EFLAGS: 00010246
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888020283278 RSI: 0000000000000000 RDI: ffffffff8b1e2160
RBP: ffffc90003e8f7d0 R08: ffff888075112000 R09: ffffc90003e8f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888020283268 R15: 0000000000000000
FS: 0000555555e85300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000079655000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1074
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x4162/0x4500 fs/ntfs3/super.c:1243
get_tree_bdev+0x3fe/0x620 fs/super.c:1346
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hdr_find_e+0x2f6/0x570 fs/ntfs3/index.c:708
indx_find+0x313/0xb00 fs/ntfs3/index.c:1074
dir_search_u+0x1b3/0x390 fs/ntfs3/dir.c:254
ntfs_extend_init+0x191/0x530 fs/ntfs3/fsntfs.c:214
ntfs_fill_super+0x4162/0x4500 fs/ntfs3/super.c:1243
vfs_get_tree+0x88/0x270 fs/super.c:1553
do_new_mount+0x28b/0xad0 fs/namespace.c:3040
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fe60ffc2d3a
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd09238668 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000555555e852c0 RCX: 00007fe60ffc2d3a
RDX: 000000002001f700 RSI: 0000000020000180 RDI: 00007ffd092386b0
RBP: 0000000000000000 R08: 00007ffd092386f0 R09: 0000000000000000
R10: 0000000000000013 R11: 0000000000000286 R12: 0000000000000004
R13: 00007ffd092386f0 R14: 0000000000000003 R15: 00007ffd092386b0
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003e8f598 EFLAGS: 00010246
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888020283278 RSI: 0000000000000000 RDI: ffffffff8b1e2160
RBP: ffffc90003e8f7d0 R08: ffff888075112000 R09: ffffc90003e8f640
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000138
R13: dffffc0000000000 R14: ffff888020283268 R15: 0000000000000000
FS: 0000555555e85300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000079655000 CR4: 00000000003506e0
syzbot
Jul 30, 2023, 3:21:32 PM7/30/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 333feb7ba84f69f9b423422417aaac54fd9e7c84
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Mon Oct 10 10:15:33 2022 +0000
fs/ntfs3: Check fields while reading
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17378955a80000
start commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6f83fab0469f5de7
dashboard link: https://syzkaller.appspot.com/bug?extid=1380620f8290560156eb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a85eb9c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a40cedc80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs/ntfs3: Check fields while reading
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 333feb7ba84f69f9b423422417aaac54fd9e7c84
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Mon Oct 10 10:15:33 2022 +0000
fs/ntfs3: Check fields while reading
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17378955a80000
start commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6f83fab0469f5de7
dashboard link: https://syzkaller.appspot.com/bug?extid=1380620f8290560156eb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a85eb9c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a40cedc80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs/ntfs3: Check fields while reading
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Sep 7, 2023, 12:37:43 AM9/7/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 000a9a72efa4a9df289bab9c9e8ba1639c72e0d6
Author: Konstantin Komarov <almaz.ale...@paragon-software.com>
Date: Mon Oct 10 10:15:33 2022 +0000
fs/ntfs3: Check fields while reading
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1635caa4680000
Date: Mon Oct 10 10:15:33 2022 +0000
fs/ntfs3: Check fields while reading
start commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=4a782518325cb082
dashboard link: https://syzkaller.appspot.com/bug?extid=7e4fb438ff50c7144804
dashboard link: https://syzkaller.appspot.com/bug?extid=7e4fb438ff50c7144804
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144408c9c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b63d1c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b63d1c80000
Reply all
Reply to author
Forward
0 new messages