From: syzbot <syzbot+bca9799bf129256190da@syzkaller.appspotmail.com>
To: adilger.kernel@dilger.ca, akpm@linux-foundation.org,
dan.j.williams@intel.com, jack@suse.cz,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, syzkaller-bugs@googlegroups.com,
tytso@mit.edu
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2)
Date: Wed, 10 Jun 2020 14:56:03 -0700 [thread overview]
Message-ID: <0000000000000c06da05a7c1e93d@google.com> (raw)
In-Reply-To: <20200610214107.GK1347934@mit.edu>
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD a3819067 P4D a3819067 PUD a2ea0067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9214 Comm: syz-executor.1 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80
RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0
R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18
FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000904f1000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302
ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270
ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642
call_write_iter include/linux/fs.h:1907 [inline]
new_sync_write+0x4a2/0x700 fs/read_write.c:484
__vfs_write+0xc9/0x100 fs/read_write.c:497
vfs_write+0x268/0x5d0 fs/read_write.c:559
ksys_write+0x12d/0x250 fs/read_write.c:612
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c889
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f310f3f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f310f3f36d4 RCX: 000000000045c889
RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cdc R14: 00000000004cf042 R15: 000000000076bfac
Modules linked in:
CR2: 0000000000000000
---[ end trace ff42a65b331528ba ]---
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80
RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0
R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18
FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000076c061 CR3: 00000000904f1000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew)
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git
console output: https://syzkaller.appspot.com/x/log.txt?x=158b23ca100000
kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944
dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
next prev parent reply other threads:[~2020-06-10 21:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-14 6:11 BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) syzbot
2020-04-15 4:35 ` Theodore Y. Ts'o
2020-04-15 4:55 ` syzbot
2020-06-10 21:10 ` Theodore Y. Ts'o
2020-06-10 21:16 ` syzbot
2020-06-10 21:41 ` Theodore Y. Ts'o
2020-06-10 21:56 ` syzbot [this message]
2020-06-10 22:07 ` Theodore Y. Ts'o
2020-06-11 0:25 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000000c06da05a7c1e93d@google.com \
--to=syzbot+bca9799bf129256190da@syzkaller.appspotmail.com \
--cc=adilger.kernel@dilger.ca \
--cc=akpm@linux-foundation.org \
--cc=dan.j.williams@intel.com \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.