BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+bca9799bf129256190da@syzkaller.appspotmail.com>
To: adilger.kernel@dilger.ca, akpm@linux-foundation.org,
	dan.j.williams@intel.com, jack@suse.cz,
	linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, syzkaller-bugs@googlegroups.com,
	tytso@mit.edu
Subject: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2)
Date: Mon, 13 Apr 2020 23:11:13 -0700	[thread overview]
Message-ID: <00000000000016a67305a33a11f7@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    5b8b9d0c Merge branch 'akpm' (patches from Andrew)
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13507b43e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944
dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1620c007e00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=117f975de00000

The bug was bisected to:

commit 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086
Author: Dan Williams <dan.j.williams@intel.com>
Date:   Thu Dec 21 20:25:11 2017 +0000

    ext4, dax: introduce ext4_dax_aops

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11046b5de00000
final crash:    https://syzkaller.appspot.com/x/report.txt?x=13046b5de00000
console output: https://syzkaller.appspot.com/x/log.txt?x=15046b5de00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+bca9799bf129256190da@syzkaller.appspotmail.com
Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops")

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 86de7067 P4D 86de7067 PUD 8eb7e067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8522 Comm: syz-executor124 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90004707a38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300
RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0
R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18
FS:  00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000086de6000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302
 ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270
 ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642
 call_write_iter include/linux/fs.h:1907 [inline]
 new_sync_write+0x4a2/0x700 fs/read_write.c:484
 __vfs_write+0xc9/0x100 fs/read_write.c:497
 vfs_write+0x268/0x5d0 fs/read_write.c:559
 ksys_write+0x12d/0x250 fs/read_write.c:612
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x44ecf9
Code: bd ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b ca fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff4c6fcbce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006e79e8 RCX: 000000000044ecf9
RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006e79e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e79ec
R13: 00007ffce52c26cf R14: 00007ff4c6fcc9c0 R15: 0000000000000000
Modules linked in:
CR2: 0000000000000000
---[ end trace a03cde52885aaa2a ]---
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90004707a38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300
RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0
R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18
FS:  00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff4c6f89db8 CR3: 0000000086de6000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2020-04-14  6:11 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-14  6:11 syzbot [this message]
2020-04-15  4:35 ` BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) Theodore Y. Ts'o
2020-04-15  4:55   ` syzbot
2020-06-10 21:10 ` Theodore Y. Ts'o
2020-06-10 21:16   ` syzbot
2020-06-10 21:41 ` Theodore Y. Ts'o
2020-06-10 21:56   ` syzbot
2020-06-10 22:07 ` Theodore Y. Ts'o
2020-06-11  0:25   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=00000000000016a67305a33a11f7@google.com \
    --to=syzbot+bca9799bf129256190da@syzkaller.appspotmail.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=akpm@linux-foundation.org \
    --cc=dan.j.williams@intel.com \
    --cc=jack@suse.cz \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.