* BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) @ 2020-04-14 6:11 syzbot 2020-04-15 4:35 ` Theodore Y. Ts'o ` (3 more replies) 0 siblings, 4 replies; 9+ messages in thread From: syzbot @ 2020-04-14 6:11 UTC (permalink / raw) To: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs, tytso Hello, syzbot found the following crash on: HEAD commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew) git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13507b43e00000 kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944 dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1620c007e00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=117f975de00000 The bug was bisected to: commit 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 Author: Dan Williams <dan.j.williams@intel.com> Date: Thu Dec 21 20:25:11 2017 +0000 ext4, dax: introduce ext4_dax_aops bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11046b5de00000 final crash: https://syzkaller.appspot.com/x/report.txt?x=13046b5de00000 console output: https://syzkaller.appspot.com/x/log.txt?x=15046b5de00000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+bca9799bf129256190da@syzkaller.appspotmail.com Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops") BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 86de7067 P4D 86de7067 PUD 8eb7e067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8522 Comm: syz-executor124 Not tainted 5.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90004707a38 EFLAGS: 00010246 RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300 RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0 R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18 FS: 00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000086de6000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302 ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270 ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642 call_write_iter include/linux/fs.h:1907 [inline] new_sync_write+0x4a2/0x700 fs/read_write.c:484 __vfs_write+0xc9/0x100 fs/read_write.c:497 vfs_write+0x268/0x5d0 fs/read_write.c:559 ksys_write+0x12d/0x250 fs/read_write.c:612 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x44ecf9 Code: bd ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff4c6fcbce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000006e79e8 RCX: 000000000044ecf9 RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00000000006e79e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e79ec R13: 00007ffce52c26cf R14: 00007ff4c6fcc9c0 R15: 0000000000000000 Modules linked in: CR2: 0000000000000000 ---[ end trace a03cde52885aaa2a ]--- RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90004707a38 EFLAGS: 00010246 RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300 RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0 R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18 FS: 00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff4c6f89db8 CR3: 0000000086de6000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot @ 2020-04-15 4:35 ` Theodore Y. Ts'o 2020-04-15 4:55 ` syzbot 2020-06-10 21:10 ` Theodore Y. Ts'o ` (2 subsequent siblings) 3 siblings, 1 reply; 9+ messages in thread From: Theodore Y. Ts'o @ 2020-04-15 4:35 UTC (permalink / raw) To: syzbot Cc: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94 diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9728e7b0e84f..e44fee317965 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1728,6 +1728,7 @@ static int clear_qf_name(struct super_block *sb, int qtype) #define MOPT_NO_EXT3 0x0200 #define MOPT_EXT4_ONLY (MOPT_NO_EXT2 | MOPT_NO_EXT3) #define MOPT_STRING 0x0400 +#define MOPT_NO_REMOUNT 0x0800 static const struct mount_opts { int token; @@ -1777,7 +1778,7 @@ static const struct mount_opts { {Opt_min_batch_time, 0, MOPT_GTE0}, {Opt_inode_readahead_blks, 0, MOPT_GTE0}, {Opt_init_itable, 0, MOPT_GTE0}, - {Opt_dax, EXT4_MOUNT_DAX, MOPT_SET}, + {Opt_dax, EXT4_MOUNT_DAX, MOPT_SET | MOPT_NO_REMOUNT}, {Opt_stripe, 0, MOPT_GTE0}, {Opt_resuid, 0, MOPT_GTE0}, {Opt_resgid, 0, MOPT_GTE0}, @@ -1819,7 +1820,7 @@ static const struct mount_opts { {Opt_jqfmt_vfsv1, QFMT_VFS_V1, MOPT_QFMT}, {Opt_max_dir_size_kb, 0, MOPT_GTE0}, {Opt_test_dummy_encryption, 0, MOPT_GTE0}, - {Opt_nombcache, EXT4_MOUNT_NO_MBCACHE, MOPT_SET}, + {Opt_nombcache, EXT4_MOUNT_NO_MBCACHE, MOPT_SET | MOPT_NO_REMOUNT}, {Opt_err, 0, 0} }; @@ -1917,6 +1918,12 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token, "Mount option \"%s\" incompatible with ext3", opt); return -1; } + if ((m->flags & MOPT_NO_REMOUNT) && is_remount) { + ext4_msg(sb, KERN_ERR, + "Mount option \"%s\" not supported when remounting", + opt); + return -1; + } if (args->from && !(m->flags & MOPT_STRING) && match_int(args, &arg)) return -1; @@ -5429,18 +5436,6 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) } } - if ((sbi->s_mount_opt ^ old_opts.s_mount_opt) & EXT4_MOUNT_NO_MBCACHE) { - ext4_msg(sb, KERN_ERR, "can't enable nombcache during remount"); - err = -EINVAL; - goto restore_opts; - } - - if ((sbi->s_mount_opt ^ old_opts.s_mount_opt) & EXT4_MOUNT_DAX) { - ext4_msg(sb, KERN_WARNING, "warning: refusing change of " - "dax flag with busy inodes while remounting"); - sbi->s_mount_opt ^= EXT4_MOUNT_DAX; - } - if (sbi->s_mount_flags & EXT4_MF_FS_ABORTED) ext4_abort(sb, EXT4_ERR_ESHUTDOWN, "Abort forced by user"); ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-04-15 4:35 ` Theodore Y. Ts'o @ 2020-04-15 4:55 ` syzbot 0 siblings, 0 replies; 9+ messages in thread From: syzbot @ 2020-04-15 4:55 UTC (permalink / raw) To: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs, tytso Hello, syzbot has tested the proposed patch and the reproducer did not trigger crash: Reported-and-tested-by: syzbot+bca9799bf129256190da@syzkaller.appspotmail.com Tested on: commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew) git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944 dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da compiler: gcc (GCC) 9.0.0 20181231 (experimental) patch: https://syzkaller.appspot.com/x/patch.diff?x=15524a00100000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot 2020-04-15 4:35 ` Theodore Y. Ts'o @ 2020-06-10 21:10 ` Theodore Y. Ts'o 2020-06-10 21:16 ` syzbot 2020-06-10 21:41 ` Theodore Y. Ts'o 2020-06-10 22:07 ` Theodore Y. Ts'o 3 siblings, 1 reply; 9+ messages in thread From: Theodore Y. Ts'o @ 2020-06-10 21:10 UTC (permalink / raw) To: syzbot Cc: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-06-10 21:10 ` Theodore Y. Ts'o @ 2020-06-10 21:16 ` syzbot 0 siblings, 0 replies; 9+ messages in thread From: syzbot @ 2020-06-10 21:16 UTC (permalink / raw) To: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs, tytso Hello, syzbot tried to test the proposed patch but build/boot failed: syzkaller build failed: failed to run ["make" "target"]: exit status 2 GOOS=linux GOARCH=amd64 go install ./syz-fuzzer # github.com/google/syzkaller/sys/netbsd/gen sys/netbsd/gen/amd64.go:41:58: undefined: Field sys/netbsd/gen/amd64.go:44:10: undefined: Ref sys/netbsd/gen/amd64.go:45:59: undefined: Ref sys/netbsd/gen/amd64.go:46:70: undefined: Field sys/netbsd/gen/amd64.go:49:66: undefined: Field sys/netbsd/gen/amd64.go:54:60: undefined: Field sys/netbsd/gen/amd64.go:58:66: undefined: Field sys/netbsd/gen/amd64.go:62:68: undefined: Field sys/netbsd/gen/amd64.go:68:62: undefined: Field sys/netbsd/gen/amd64.go:72:59: undefined: Ref sys/netbsd/gen/amd64.go:72:59: too many errors # github.com/google/syzkaller/sys/akaros/gen sys/akaros/gen/amd64.go:23:63: undefined: Field sys/akaros/gen/amd64.go:26:69: undefined: Field sys/akaros/gen/amd64.go:29:56: undefined: Field sys/akaros/gen/amd64.go:34:52: undefined: Field sys/akaros/gen/amd64.go:39:67: undefined: Field sys/akaros/gen/amd64.go:43:54: undefined: Field sys/akaros/gen/amd64.go:48:54: undefined: Field sys/akaros/gen/amd64.go:51:64: undefined: Field sys/akaros/gen/amd64.go:56:51: undefined: Field sys/akaros/gen/amd64.go:62:56: undefined: Field sys/akaros/gen/amd64.go:62:56: too many errors # github.com/google/syzkaller/sys/openbsd/gen sys/openbsd/gen/amd64.go:49:55: undefined: Field sys/openbsd/gen/amd64.go:53:10: undefined: Ref sys/openbsd/gen/amd64.go:54:60: undefined: Field sys/openbsd/gen/amd64.go:58:10: undefined: Ref sys/openbsd/gen/amd64.go:59:61: undefined: Field sys/openbsd/gen/amd64.go:63:10: undefined: Ref sys/openbsd/gen/amd64.go:64:60: undefined: Field sys/openbsd/gen/amd64.go:68:10: undefined: Ref sys/openbsd/gen/amd64.go:69:51: undefined: Field sys/openbsd/gen/amd64.go:72:52: undefined: Field sys/openbsd/gen/amd64.go:72:52: too many errors # github.com/google/syzkaller/sys/test/gen sys/test/gen/32_fork_shmem.go:29:55: unknown field 'Attrs' in struct literal of type prog.Syscall sys/test/gen/32_fork_shmem.go:30:45: unknown field 'Attrs' in struct literal of type prog.Syscall sys/test/gen/32_fork_shmem.go:31:50: undefined: Ref sys/test/gen/32_fork_shmem.go:31:60: unknown field 'Attrs' in struct literal of type prog.Syscall sys/test/gen/32_fork_shmem.go:32:53: undefined: Field sys/test/gen/32_fork_shmem.go:34:5: unknown field 'Attrs' in struct literal of type prog.Syscall sys/test/gen/32_fork_shmem.go:35:66: undefined: Ref sys/test/gen/32_fork_shmem.go:36:53: undefined: Field sys/test/gen/32_fork_shmem.go:39:62: undefined: Field sys/test/gen/32_fork_shmem.go:42:48: undefined: Field sys/test/gen/32_fork_shmem.go:42:48: too many errors # github.com/google/syzkaller/sys/freebsd/gen sys/freebsd/gen/386.go:49:76: undefined: Field sys/freebsd/gen/386.go:54:60: undefined: Field sys/freebsd/gen/386.go:58:68: undefined: Field sys/freebsd/gen/386.go:65:67: undefined: Field sys/freebsd/gen/386.go:71:68: undefined: Field sys/freebsd/gen/386.go:77:67: undefined: Field sys/freebsd/gen/386.go:83:67: undefined: Field sys/freebsd/gen/386.go:89:68: undefined: Field sys/freebsd/gen/386.go:95:69: undefined: Field sys/freebsd/gen/386.go:101:85: undefined: Field sys/freebsd/gen/386.go:101:85: too many errors # github.com/google/syzkaller/sys/windows/gen sys/windows/gen/amd64.go:23:51: undefined: Field sys/windows/gen/amd64.go:26:53: undefined: Field sys/windows/gen/amd64.go:29:59: undefined: Field sys/windows/gen/amd64.go:32:75: undefined: Field sys/windows/gen/amd64.go:35:51: undefined: Field sys/windows/gen/amd64.go:45:57: undefined: Field sys/windows/gen/amd64.go:55:85: undefined: Field sys/windows/gen/amd64.go:66:69: undefined: Field sys/windows/gen/amd64.go:77:97: undefined: Field sys/windows/gen/amd64.go:88:89: undefined: Field sys/windows/gen/amd64.go:88:89: too many errors # github.com/google/syzkaller/sys/fuchsia/gen sys/fuchsia/gen/amd64.go:96:45: undefined: Field sys/fuchsia/gen/amd64.go:99:45: undefined: Field sys/fuchsia/gen/amd64.go:103:45: undefined: Field sys/fuchsia/gen/amd64.go:108:45: undefined: Field sys/fuchsia/gen/amd64.go:111:45: undefined: Field sys/fuchsia/gen/amd64.go:114:10: undefined: Ref sys/fuchsia/gen/amd64.go:115:41: undefined: Field sys/fuchsia/gen/amd64.go:117:10: undefined: Ref sys/fuchsia/gen/amd64.go:118:43: undefined: Field sys/fuchsia/gen/amd64.go:121:10: undefined: Ref sys/fuchsia/gen/amd64.go:121:10: too many errors # github.com/google/syzkaller/sys/linux/gen sys/linux/gen/386.go:296:58: undefined: Field sys/linux/gen/386.go:301:10: undefined: Ref sys/linux/gen/386.go:302:62: undefined: Field sys/linux/gen/386.go:307:10: undefined: Ref sys/linux/gen/386.go:308:63: undefined: Field sys/linux/gen/386.go:313:10: undefined: Ref sys/linux/gen/386.go:314:67: undefined: Field sys/linux/gen/386.go:319:10: undefined: Ref sys/linux/gen/386.go:320:63: undefined: Field sys/linux/gen/386.go:325:10: undefined: Ref sys/linux/gen/386.go:325:10: too many errors Makefile:113: recipe for target 'target' failed make: *** [target] Error 2 go env (err=<nil>) GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/syzkaller/.cache/go-build" GOENV="/syzkaller/.config/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/syzkaller/jobs/linux/gopath" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/syzkaller/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build521465815=/tmp/go-build -gno-record-gcc-switches" git status (err=<nil>) HEAD detached at a8c6a3f8 Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git restore <file>..." to discard changes in working directory) modified: sys/akaros/gen/amd64.go modified: sys/freebsd/gen/386.go modified: sys/freebsd/gen/amd64.go modified: sys/fuchsia/gen/amd64.go modified: sys/fuchsia/gen/arm64.go modified: sys/linux/gen/386.go modified: sys/linux/gen/amd64.go modified: sys/linux/gen/arm.go modified: sys/linux/gen/arm64.go modified: sys/linux/gen/mips64le.go modified: sys/linux/gen/ppc64le.go modified: sys/netbsd/gen/amd64.go modified: sys/openbsd/gen/amd64.go modified: sys/test/gen/32_fork_shmem.go modified: sys/test/gen/32_shmem.go modified: sys/test/gen/64.go modified: sys/test/gen/64_fork.go modified: sys/trusty/gen/arm.go modified: sys/windows/gen/amd64.go Untracked files: (use "git add <file>..." to include in what will be committed) .descriptions no changes added to commit (use "git add" and/or "git commit -a") Tested on: commit: [unknown git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94 dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da compiler: gcc (GCC) 9.0.0 20181231 (experimental) ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot 2020-04-15 4:35 ` Theodore Y. Ts'o 2020-06-10 21:10 ` Theodore Y. Ts'o @ 2020-06-10 21:41 ` Theodore Y. Ts'o 2020-06-10 21:56 ` syzbot 2020-06-10 22:07 ` Theodore Y. Ts'o 3 siblings, 1 reply; 9+ messages in thread From: Theodore Y. Ts'o @ 2020-06-10 21:41 UTC (permalink / raw) To: syzbot Cc: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-06-10 21:41 ` Theodore Y. Ts'o @ 2020-06-10 21:56 ` syzbot 0 siblings, 0 replies; 9+ messages in thread From: syzbot @ 2020-06-10 21:56 UTC (permalink / raw) To: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs, tytso Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD a3819067 P4D a3819067 PUD a2ea0067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9214 Comm: syz-executor.1 Not tainted 5.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246 RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80 RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0 R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18 FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000000904f1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302 ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270 ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642 call_write_iter include/linux/fs.h:1907 [inline] new_sync_write+0x4a2/0x700 fs/read_write.c:484 __vfs_write+0xc9/0x100 fs/read_write.c:497 vfs_write+0x268/0x5d0 fs/read_write.c:559 ksys_write+0x12d/0x250 fs/read_write.c:612 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c889 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f310f3f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f310f3f36d4 RCX: 000000000045c889 RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cdc R14: 00000000004cf042 R15: 000000000076bfac Modules linked in: CR2: 0000000000000000 ---[ end trace ff42a65b331528ba ]--- RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246 RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80 RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0 R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18 FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000076c061 CR3: 00000000904f1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Tested on: commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew) git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git console output: https://syzkaller.appspot.com/x/log.txt?x=158b23ca100000 kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944 dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da compiler: gcc (GCC) 9.0.0 20181231 (experimental) ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot ` (2 preceding siblings ...) 2020-06-10 21:41 ` Theodore Y. Ts'o @ 2020-06-10 22:07 ` Theodore Y. Ts'o 2020-06-11 0:25 ` syzbot 3 siblings, 1 reply; 9+ messages in thread From: Theodore Y. Ts'o @ 2020-06-10 22:07 UTC (permalink / raw) To: syzbot Cc: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git 5749fe5af3db176659978718ddaecebb450cdb6b ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) 2020-06-10 22:07 ` Theodore Y. Ts'o @ 2020-06-11 0:25 ` syzbot 0 siblings, 0 replies; 9+ messages in thread From: syzbot @ 2020-06-11 0:25 UTC (permalink / raw) To: adilger.kernel, akpm, dan.j.williams, jack, linux-ext4, linux-kernel, linux-mm, syzkaller-bugs, tytso Hello, syzbot has tested the proposed patch and the reproducer did not trigger crash: Reported-and-tested-by: syzbot+bca9799bf129256190da@syzkaller.appspotmail.com Tested on: commit: 5749fe5a ext4: avoid race conditions when remounting with .. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git kernel config: https://syzkaller.appspot.com/x/.config?x=175fcaead7a60c3f dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da compiler: gcc (GCC) 9.0.0 20181231 (experimental) Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-06-11 0:25 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot 2020-04-15 4:35 ` Theodore Y. Ts'o 2020-04-15 4:55 ` syzbot 2020-06-10 21:10 ` Theodore Y. Ts'o 2020-06-10 21:16 ` syzbot 2020-06-10 21:41 ` Theodore Y. Ts'o 2020-06-10 21:56 ` syzbot 2020-06-10 22:07 ` Theodore Y. Ts'o 2020-06-11 0:25 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).