217422 – ntfs3: NULL pointer dereference with ntfs_lookup with linux-6.3.2-rc2

Bug 217422 - ntfs3: NULL pointer dereference with ntfs_lookup with linux-6.3.2-rc2

Summary: ntfs3: NULL pointer dereference with ntfs_lookup with linux-6.3.2-rc2

Status:	RESOLVED PATCH_ALREADY_AVAILABLE

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P3 normal
Assignee:	fs_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-09 12:52 UTC by rudi
Modified:	2023-05-20 12:28 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	6.3.2-rc2
Subsystem:
Regression:	Yes
Bisected commit-id:	bf11fd528a97

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description rudi 2023-05-09 12:52:32 UTC

[ 9471.878611] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 9471.879864] #PF: supervisor read access in kernel mode
[ 9471.881177] #PF: error_code(0x0000) - not-present page
[ 9471.882447] PGD 0 P4D 0 
[ 9471.883680] Oops: 0000 [#1] SMP NOPTI
[ 9471.884932] CPU: 15 PID: 81926 Comm: .NET ThreadPool Tainted: P     U     O       6.3.2-rc2 #1
[ 9471.886494] Hardware name: Intel(R) Client Systems NUC12WSKi7/NUC12WSBi7, BIOS WSADL357.0085.2022.0718.1739 07/18/2022
[ 9471.887641] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
[ 9471.888795] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
[ 9471.890042] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
[ 9471.891291] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000010e7c3
[ 9471.892555] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI: 00000000000324f0
[ 9471.893824] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09: ffff90e24187e702
[ 9471.895081] R10: 0000000000000788 R11: 000000000000000a R12: ffff90e2c0caa000
[ 9471.896343] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15: ffff90e2dee4af90
[ 9471.897615] FS:  00007f1f627fc6c0(0000) GS:ffff90e9779c0000(0000) knlGS:0000000000000000
[ 9471.898907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9471.900198] CR2: 0000000000000020 CR3: 000000015b37c001 CR4: 0000000000f70ea0
[ 9471.901503] PKRU: 55555554
[ 9471.902803] Call Trace:
[ 9471.904099]  <TASK>
[ 9471.905381]  __lookup_slow+0x81/0x130
[ 9471.906676]  walk_component+0x10b/0x180
[ 9471.907966]  path_lookupat+0x6a/0x1a0
[ 9471.909247]  filename_lookup+0xd0/0x190
[ 9471.910533]  ? schedule+0x59/0xa0
[ 9471.911813]  ? futex_wait_queue+0x69/0xa0
[ 9471.913095]  ? kmem_cache_alloc+0x47/0x3c0
[ 9471.914376]  vfs_statx+0x84/0x150
[ 9471.915649]  ? getname_flags+0x54/0x1d0
[ 9471.916926]  vfs_fstatat+0x5c/0x80
[ 9471.918196]  __do_sys_newlstat+0x37/0x70
[ 9471.919472]  ? do_futex+0x12e/0x1a0
[ 9471.920758]  ? __x64_sys_futex+0x112/0x1d0
[ 9471.922033]  ? trace_hardirqs_off.part.0+0x20/0x70
[ 9471.923319]  ? trace_hardirqs_on+0x2f/0x80
[ 9471.924598]  __x64_sys_newlstat+0x1a/0x20
[ 9471.925897]  do_syscall_64+0x3c/0x90
[ 9471.927639]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 9471.928951] RIP: 0033:0x7f206b4db184
[ 9471.930235] Code: 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 f7 48 89 d6 83 f8 01 77 2b b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 04 c3 0f 1f 00 48 8b 15 61 cc 0b 00 f7 d8 64
[ 9471.931627] RSP: 002b:00007f1f627fa378 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 9471.933021] RAX: ffffffffffffffda RBX: 00007f1fbe6ad248 RCX: 00007f206b4db184
[ 9471.934435] RDX: 00007f1f627fa380 RSI: 00007f1f627fa380 RDI: 00007f1f627fa4f0
[ 9471.935850] RBP: 00007f1f627fa4d0 R08: 00007f1f627fa600 R09: 000000000000002e
[ 9471.937263] R10: 00007f1ff1ba15e8 R11: 0000000000000246 R12: 00007f1fbc018408
[ 9471.938683] R13: 00007f1f627fa4f0 R14: 00007f1fbe6ad248 R15: 000000000000002e
[ 9471.940106]  </TASK>
[ 9471.941523] Modules linked in: rfcomm veth 8021q xt_nat xt_tcpudp xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype iptable_filter ip_tables x_tables br_netfilter bridge stp llc overlay ntfs3 exfat bnep btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc iwlmvm mac80211 libarc4 snd_hda_codec_hdmi iwlwifi wl(PO) snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel mei_pxp mei_hdcp x86_pkg_temp_thermal snd_hda_codec cfg80211 intel_powerclamp snd_hwdep intel_rapl_msr tpm_tis mei_me snd_hda_core idma64 tpm_tis_core intel_rapl_common mei snd_intel_dspcfg rfkill tpm_crb tpm rng_core pkcs8_key_parser fuse dmi_sysfs
[ 9471.948020] CR2: 0000000000000020
[ 9471.949674] ---[ end trace 0000000000000000 ]---
[ 9471.949674] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 9471.951352] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
[ 9471.953035] #PF: supervisor read access in kernel mode
[ 9471.954720] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
[ 9471.956410] #PF: error_code(0x0000) - not-present page
[ 9471.958201] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
[ 9471.959982] PGD 0 P4D 0 
[ 9471.961783] 
[ 9471.961783] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000010e7c3
[ 9471.963554] 
[ 9471.965305] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI: 00000000000324f0
[ 9471.967092] Oops: 0000 [#2] SMP NOPTI
[ 9471.969251] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09: ffff90e24187e702
[ 9471.971054] CPU: 13 PID: 81947 Comm: .NET ThreadPool Tainted: P     UD    O       6.3.2-rc2 #1
[ 9471.972824] R10: 0000000000000788 R11: 000000000000000a R12: ffff90e2c0caa000
[ 9471.974610] Hardware name: Intel(R) Client Systems NUC12WSKi7/NUC12WSBi7, BIOS WSADL357.0085.2022.0718.1739 07/18/2022
[ 9471.976406] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15: ffff90e2dee4af90
[ 9471.978206] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
[ 9471.980039] FS:  00007f1f627fc6c0(0000) GS:ffff90e9779c0000(0000) knlGS:0000000000000000
[ 9471.981887] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
[ 9471.983737] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9471.985576] RSP: 0018:ffff949c8ff7fbb8 EFLAGS: 00010207
[ 9471.987490] CR2: 0000000000000020 CR3: 000000015b37c001 CR4: 0000000000f70ea0
[ 9471.989339] 
[ 9471.991159] PKRU: 55555554
[ 9471.991160] note: .NET ThreadPool[81926] exited with irqs disabled
[ 9471.992978] RAX: ffff90e24ac6d001 RBX: 0000000000000000 RCX: 00000000000eea5f
[ 9472.000239] RDX: 00000000000eea5e RSI: ffffcb8fc0000000 RDI: 00000000000324f0
[ 9472.002036] RBP: ffff949c8ff7fbd8 R08: ffff90e24ac69002 R09: ffff90e3b570a5ea
[ 9472.003843] R10: ffff90e25c340000 R11: 000000000000000a R12: ffff90e24ac69000
[ 9472.005628] R13: ffff90e4fbeb2fc0 R14: ffff90e2dee4e488 R15: ffff90e2dee4e560
[ 9472.007414] FS:  00007f1f01ffb6c0(0000) GS:ffff90e977940000(0000) knlGS:0000000000000000
[ 9472.009218] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9472.011496] CR2: 0000000000000020 CR3: 000000015b37c006 CR4: 0000000000f70ea0
[ 9472.013344] PKRU: 55555554
[ 9472.015171] Call Trace:
[ 9472.016999]  <TASK>
[ 9472.018813]  __lookup_slow+0x81/0x130
[ 9472.020639]  walk_component+0x10b/0x180
[ 9472.022454]  path_lookupat+0x6a/0x1a0
[ 9472.024289]  filename_lookup+0xd0/0x190
[ 9472.026106]  ? sched_clock+0xd/0x20
[ 9472.027930]  ? sched_clock_cpu+0x14/0x190
[ 9472.029753]  ? __smp_call_single_queue+0x40/0x50
[ 9472.031576]  ? ttwu_queue_wakelist+0xfd/0x100
[ 9472.033403]  ? kmem_cache_alloc+0x47/0x3c0
[ 9472.035232]  vfs_statx+0x84/0x150
[ 9472.037056]  ? getname_flags+0x54/0x1d0
[ 9472.038876]  vfs_fstatat+0x5c/0x80
[ 9472.040699]  __do_sys_newlstat+0x37/0x70
[ 9472.042515]  ? do_futex+0x12e/0x1a0
[ 9472.044332]  ? __x64_sys_futex+0x112/0x1d0
[ 9472.046146]  ? switch_fpu_return+0x55/0xd0
[ 9472.047912]  ? trace_hardirqs_off.part.0+0x20/0x70
[ 9472.049636]  ? trace_hardirqs_on+0x2f/0x80
[ 9472.051409]  __x64_sys_newlstat+0x1a/0x20
[ 9472.053491]  do_syscall_64+0x3c/0x90
[ 9472.055213]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 9472.056940] RIP: 0033:0x7f206b4db184
[ 9472.058658] Code: 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 f7 48 89 d6 83 f8 01 77 2b b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 04 c3 0f 1f 00 48 8b 15 61 cc 0b 00 f7 d8 64
[ 9472.060473] RSP: 002b:00007f1f01ff9378 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 9472.062212] RAX: ffffffffffffffda RBX: 00007f1fbe689478 RCX: 00007f206b4db184
[ 9472.063898] RDX: 00007f1f01ff9380 RSI: 00007f1f01ff9380 RDI: 00007f1f01ff94f0
[ 9472.065522] RBP: 00007f1f01ff94d0 R08: 00007f1f01ff9600 R09: 0000000000000035
[ 9472.067094] R10: 00007f1ff1ba15e8 R11: 0000000000000246 R12: 00007f1fbc018408
[ 9472.068665] R13: 00007f1f01ff94f0 R14: 00007f1fbe689478 R15: 0000000000000035
[ 9472.070238]  </TASK>
[ 9472.071799] Modules linked in: rfcomm veth 8021q xt_nat xt_tcpudp xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype iptable_filter ip_tables x_tables br_netfilter bridge stp llc overlay ntfs3 exfat bnep btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc iwlmvm mac80211 libarc4 snd_hda_codec_hdmi iwlwifi wl(PO) snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel mei_pxp mei_hdcp x86_pkg_temp_thermal snd_hda_codec cfg80211 intel_powerclamp snd_hwdep intel_rapl_msr tpm_tis mei_me snd_hda_core idma64 tpm_tis_core intel_rapl_common mei snd_intel_dspcfg rfkill tpm_crb tpm rng_core pkcs8_key_parser fuse dmi_sysfs
[ 9472.078669] CR2: 0000000000000020
[ 9472.080365] ---[ end trace 0000000000000000 ]---
….
[ 9476.855987] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
[ 9476.857799] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
[ 9476.859687] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
[ 9476.861557] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000010e7c3
[ 9476.863433] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI: 00000000000324f0
[ 9476.865302] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09: ffff90e24187e702
[ 9476.867160] R10: 0000000000000788 R11: 000000000000000a R12: ffff90e2c0caa000
[ 9476.869017] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15: ffff90e2dee4af90
[ 9476.870864] FS:  00007f1f617fa6c0(0000) GS:ffff90e977900000(0000) knlGS:0000000000000000
[ 9476.872702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9476.874529] CR2: 0000000000000020 CR3: 000000015b37c003 CR4: 0000000000f70ea0
[ 9476.876353] PKRU: 55555554
[ 9476.878161] note: .NET ThreadPool[81927] exited with irqs disabled

Comment 1 Bagas Sanjaya 2023-05-11 08:11:43 UTC

(In reply to rudi from comment #0)
> [ 9471.878611] BUG: kernel NULL pointer dereference, address:
> 0000000000000020
> [ 9471.879864] #PF: supervisor read access in kernel mode
> [ 9471.881177] #PF: error_code(0x0000) - not-present page
> [ 9471.882447] PGD 0 P4D 0 
> [ 9471.883680] Oops: 0000 [#1] SMP NOPTI
> [ 9471.884932] CPU: 15 PID: 81926 Comm: .NET ThreadPool Tainted: P     U    
> O       6.3.2-rc2 #1
> [ 9471.886494] Hardware name: Intel(R) Client Systems NUC12WSKi7/NUC12WSBi7,
> BIOS WSADL357.0085.2022.0718.1739 07/18/2022
> [ 9471.887641] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
> [ 9471.888795] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8
> 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48>
> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
> [ 9471.890042] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
> [ 9471.891291] RAX: 0000000000000001 RBX: 0000000000000000 RCX:
> 000000000010e7c3
> [ 9471.892555] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI:
> 00000000000324f0
> [ 9471.893824] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09:
> ffff90e24187e702
> [ 9471.895081] R10: 0000000000000788 R11: 000000000000000a R12:
> ffff90e2c0caa000
> [ 9471.896343] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15:
> ffff90e2dee4af90
> [ 9471.897615] FS:  00007f1f627fc6c0(0000) GS:ffff90e9779c0000(0000)
> knlGS:0000000000000000
> [ 9471.898907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 9471.900198] CR2: 0000000000000020 CR3: 000000015b37c001 CR4:
> 0000000000f70ea0
> [ 9471.901503] PKRU: 55555554
> [ 9471.902803] Call Trace:
> [ 9471.904099]  <TASK>
> [ 9471.905381]  __lookup_slow+0x81/0x130
> [ 9471.906676]  walk_component+0x10b/0x180
> [ 9471.907966]  path_lookupat+0x6a/0x1a0
> [ 9471.909247]  filename_lookup+0xd0/0x190
> [ 9471.910533]  ? schedule+0x59/0xa0
> [ 9471.911813]  ? futex_wait_queue+0x69/0xa0
> [ 9471.913095]  ? kmem_cache_alloc+0x47/0x3c0
> [ 9471.914376]  vfs_statx+0x84/0x150
> [ 9471.915649]  ? getname_flags+0x54/0x1d0
> [ 9471.916926]  vfs_fstatat+0x5c/0x80
> [ 9471.918196]  __do_sys_newlstat+0x37/0x70
> [ 9471.919472]  ? do_futex+0x12e/0x1a0
> [ 9471.920758]  ? __x64_sys_futex+0x112/0x1d0
> [ 9471.922033]  ? trace_hardirqs_off.part.0+0x20/0x70
> [ 9471.923319]  ? trace_hardirqs_on+0x2f/0x80
> [ 9471.924598]  __x64_sys_newlstat+0x1a/0x20
> [ 9471.925897]  do_syscall_64+0x3c/0x90
> [ 9471.927639]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
> [ 9471.928951] RIP: 0033:0x7f206b4db184
> [ 9471.930235] Code: 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00
> 0f 1f 40 00 89 f8 48 89 f7 48 89 d6 83 f8 01 77 2b b8 06 00 00 00 0f 05 <48>
> 3d 00 f0 ff ff 77 04 c3 0f 1f 00 48 8b 15 61 cc 0b 00 f7 d8 64
> [ 9471.931627] RSP: 002b:00007f1f627fa378 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000006
> [ 9471.933021] RAX: ffffffffffffffda RBX: 00007f1fbe6ad248 RCX:
> 00007f206b4db184
> [ 9471.934435] RDX: 00007f1f627fa380 RSI: 00007f1f627fa380 RDI:
> 00007f1f627fa4f0
> [ 9471.935850] RBP: 00007f1f627fa4d0 R08: 00007f1f627fa600 R09:
> 000000000000002e
> [ 9471.937263] R10: 00007f1ff1ba15e8 R11: 0000000000000246 R12:
> 00007f1fbc018408
> [ 9471.938683] R13: 00007f1f627fa4f0 R14: 00007f1fbe6ad248 R15:
> 000000000000002e
> [ 9471.940106]  </TASK>
> [ 9471.941523] Modules linked in: rfcomm veth 8021q xt_nat xt_tcpudp
> xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat
> nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype iptable_filter
> ip_tables x_tables br_netfilter bridge stp llc overlay ntfs3 exfat bnep
> btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc iwlmvm mac80211
> libarc4 snd_hda_codec_hdmi iwlwifi wl(PO) snd_hda_codec_realtek
> snd_hda_codec_generic ledtrig_audio snd_hda_intel mei_pxp mei_hdcp
> x86_pkg_temp_thermal snd_hda_codec cfg80211 intel_powerclamp snd_hwdep
> intel_rapl_msr tpm_tis mei_me snd_hda_core idma64 tpm_tis_core
> intel_rapl_common mei snd_intel_dspcfg rfkill tpm_crb tpm rng_core
> pkcs8_key_parser fuse dmi_sysfs
> [ 9471.948020] CR2: 0000000000000020
> [ 9471.949674] ---[ end trace 0000000000000000 ]---
> [ 9471.949674] BUG: kernel NULL pointer dereference, address:
> 0000000000000020
> [ 9471.951352] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
> [ 9471.953035] #PF: supervisor read access in kernel mode
> [ 9471.954720] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8
> 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48>
> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
> [ 9471.956410] #PF: error_code(0x0000) - not-present page
> [ 9471.958201] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
> [ 9471.959982] PGD 0 P4D 0 
> [ 9471.961783] 
> [ 9471.961783] RAX: 0000000000000001 RBX: 0000000000000000 RCX:
> 000000000010e7c3
> [ 9471.963554] 
> [ 9471.965305] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI:
> 00000000000324f0
> [ 9471.967092] Oops: 0000 [#2] SMP NOPTI
> [ 9471.969251] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09:
> ffff90e24187e702
> [ 9471.971054] CPU: 13 PID: 81947 Comm: .NET ThreadPool Tainted: P     UD   
> O       6.3.2-rc2 #1
> [ 9471.972824] R10: 0000000000000788 R11: 000000000000000a R12:
> ffff90e2c0caa000
> [ 9471.974610] Hardware name: Intel(R) Client Systems NUC12WSKi7/NUC12WSBi7,
> BIOS WSADL357.0085.2022.0718.1739 07/18/2022
> [ 9471.976406] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15:
> ffff90e2dee4af90
> [ 9471.978206] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
> [ 9471.980039] FS:  00007f1f627fc6c0(0000) GS:ffff90e9779c0000(0000)
> knlGS:0000000000000000
> [ 9471.981887] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8
> 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48>
> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
> [ 9471.983737] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 9471.985576] RSP: 0018:ffff949c8ff7fbb8 EFLAGS: 00010207
> [ 9471.987490] CR2: 0000000000000020 CR3: 000000015b37c001 CR4:
> 0000000000f70ea0
> [ 9471.989339] 
> [ 9471.991159] PKRU: 55555554
> [ 9471.991160] note: .NET ThreadPool[81926] exited with irqs disabled
> [ 9471.992978] RAX: ffff90e24ac6d001 RBX: 0000000000000000 RCX:
> 00000000000eea5f
> [ 9472.000239] RDX: 00000000000eea5e RSI: ffffcb8fc0000000 RDI:
> 00000000000324f0
> [ 9472.002036] RBP: ffff949c8ff7fbd8 R08: ffff90e24ac69002 R09:
> ffff90e3b570a5ea
> [ 9472.003843] R10: ffff90e25c340000 R11: 000000000000000a R12:
> ffff90e24ac69000
> [ 9472.005628] R13: ffff90e4fbeb2fc0 R14: ffff90e2dee4e488 R15:
> ffff90e2dee4e560
> [ 9472.007414] FS:  00007f1f01ffb6c0(0000) GS:ffff90e977940000(0000)
> knlGS:0000000000000000
> [ 9472.009218] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 9472.011496] CR2: 0000000000000020 CR3: 000000015b37c006 CR4:
> 0000000000f70ea0
> [ 9472.013344] PKRU: 55555554
> [ 9472.015171] Call Trace:
> [ 9472.016999]  <TASK>
> [ 9472.018813]  __lookup_slow+0x81/0x130
> [ 9472.020639]  walk_component+0x10b/0x180
> [ 9472.022454]  path_lookupat+0x6a/0x1a0
> [ 9472.024289]  filename_lookup+0xd0/0x190
> [ 9472.026106]  ? sched_clock+0xd/0x20
> [ 9472.027930]  ? sched_clock_cpu+0x14/0x190
> [ 9472.029753]  ? __smp_call_single_queue+0x40/0x50
> [ 9472.031576]  ? ttwu_queue_wakelist+0xfd/0x100
> [ 9472.033403]  ? kmem_cache_alloc+0x47/0x3c0
> [ 9472.035232]  vfs_statx+0x84/0x150
> [ 9472.037056]  ? getname_flags+0x54/0x1d0
> [ 9472.038876]  vfs_fstatat+0x5c/0x80
> [ 9472.040699]  __do_sys_newlstat+0x37/0x70
> [ 9472.042515]  ? do_futex+0x12e/0x1a0
> [ 9472.044332]  ? __x64_sys_futex+0x112/0x1d0
> [ 9472.046146]  ? switch_fpu_return+0x55/0xd0
> [ 9472.047912]  ? trace_hardirqs_off.part.0+0x20/0x70
> [ 9472.049636]  ? trace_hardirqs_on+0x2f/0x80
> [ 9472.051409]  __x64_sys_newlstat+0x1a/0x20
> [ 9472.053491]  do_syscall_64+0x3c/0x90
> [ 9472.055213]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
> [ 9472.056940] RIP: 0033:0x7f206b4db184
> [ 9472.058658] Code: 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00
> 0f 1f 40 00 89 f8 48 89 f7 48 89 d6 83 f8 01 77 2b b8 06 00 00 00 0f 05 <48>
> 3d 00 f0 ff ff 77 04 c3 0f 1f 00 48 8b 15 61 cc 0b 00 f7 d8 64
> [ 9472.060473] RSP: 002b:00007f1f01ff9378 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000006
> [ 9472.062212] RAX: ffffffffffffffda RBX: 00007f1fbe689478 RCX:
> 00007f206b4db184
> [ 9472.063898] RDX: 00007f1f01ff9380 RSI: 00007f1f01ff9380 RDI:
> 00007f1f01ff94f0
> [ 9472.065522] RBP: 00007f1f01ff94d0 R08: 00007f1f01ff9600 R09:
> 0000000000000035
> [ 9472.067094] R10: 00007f1ff1ba15e8 R11: 0000000000000246 R12:
> 00007f1fbc018408
> [ 9472.068665] R13: 00007f1f01ff94f0 R14: 00007f1fbe689478 R15:
> 0000000000000035
> [ 9472.070238]  </TASK>
> [ 9472.071799] Modules linked in: rfcomm veth 8021q xt_nat xt_tcpudp
> xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat
> nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype iptable_filter
> ip_tables x_tables br_netfilter bridge stp llc overlay ntfs3 exfat bnep
> btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic ecc iwlmvm mac80211
> libarc4 snd_hda_codec_hdmi iwlwifi wl(PO) snd_hda_codec_realtek
> snd_hda_codec_generic ledtrig_audio snd_hda_intel mei_pxp mei_hdcp
> x86_pkg_temp_thermal snd_hda_codec cfg80211 intel_powerclamp snd_hwdep
> intel_rapl_msr tpm_tis mei_me snd_hda_core idma64 tpm_tis_core
> intel_rapl_common mei snd_intel_dspcfg rfkill tpm_crb tpm rng_core
> pkcs8_key_parser fuse dmi_sysfs
> [ 9472.078669] CR2: 0000000000000020
> [ 9472.080365] ---[ end trace 0000000000000000 ]---
> ….
> [ 9476.855987] RIP: 0010:ntfs_lookup+0x76/0xe0 [ntfs3]
> [ 9476.857799] Code: 00 00 00 49 89 c4 e8 d9 33 fe ff 85 c0 79 3a 48 63 d8
> 48 8b 3d 2b 61 6d cb 4c 89 e6 e8 83 b0 cc c1 48 81 fb 00 f0 ff ff 77 07 <48>
> 83 7b 20 00 74 41 4c 89 ee 48 89 df e8 e8 95 d1 c1 5b 41 5c 41
> [ 9476.859687] RSP: 0018:ffff949ca06d7bb8 EFLAGS: 00010207
> [ 9476.861557] RAX: 0000000000000001 RBX: 0000000000000000 RCX:
> 000000000010e7c3
> [ 9476.863433] RDX: 000000000010e7c2 RSI: ffffcb8fc0000000 RDI:
> 00000000000324f0
> [ 9476.865302] RBP: ffff949ca06d7bd8 R08: ffff90e24896b000 R09:
> ffff90e24187e702
> [ 9476.867160] R10: 0000000000000788 R11: 000000000000000a R12:
> ffff90e2c0caa000
> [ 9476.869017] R13: ffff90e4fbf9e780 R14: ffff90e2dee4aeb8 R15:
> ffff90e2dee4af90
> [ 9476.870864] FS:  00007f1f617fa6c0(0000) GS:ffff90e977900000(0000)
> knlGS:0000000000000000
> [ 9476.872702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 9476.874529] CR2: 0000000000000020 CR3: 000000015b37c003 CR4:
> 0000000000f70ea0
> [ 9476.876353] PKRU: 55555554
> [ 9476.878161] note: .NET ThreadPool[81927] exited with irqs disabled

Thanks for the report. However, many bits are missing, in particular reproducer and last known good version.

Comment 2 rudi 2023-05-11 08:34:57 UTC

(In reply to Bagas Sanjaya from comment #1)
> (In reply to rudi from comment #0)
..
> 
> Thanks for the report. However, many bits are missing, in particular
> reproducer and last known good version.

Hi Bagas,

Been working with the stable mail list - last couple of days.

This is the offending commit.
bf11fd528a97 fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()

The error is triggerable in both 6.1.28-rc2 and 6.3.2-rc2. It has not been seen before, nor does it seem to trigger in 6.4-rc1.

Full mail trail at: https://lore.kernel.org/lkml/CAG9oJskf0fE7LiumdzD4QW8dTmGpmVyXBSyiKu_xP+s72Rw44A@mail.gmail.com/

Comment 3 rudi 2023-05-20 12:28:43 UTC

Bug was introduced in:
ZhangPeng <zhangpeng362@huawei.com>
    fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() 
Fixed with:
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
    fs/ntfs3: Refactoring of various minor issues

Fixes are included in 6.3.3

Note You need to log in before you can comment on or make changes to this bug.