From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABE96C05027 for ; Mon, 23 Jan 2023 07:36:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0572A6B0072; Mon, 23 Jan 2023 02:36:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 005DE6B0073; Mon, 23 Jan 2023 02:36:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E374E8E0001; Mon, 23 Jan 2023 02:36:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D60536B0072 for ; Mon, 23 Jan 2023 02:36:16 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 9AB95140334 for ; Mon, 23 Jan 2023 07:36:16 +0000 (UTC) X-FDA: 80385255552.07.107863F Received: from verein.lst.de (verein.lst.de [213.95.11.211]) by imf20.hostedemail.com (Postfix) with ESMTP id AC7F31C0003 for ; Mon, 23 Jan 2023 07:36:14 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=none; dmarc=none; spf=none (imf20.hostedemail.com: domain of hch@lst.de has no SPF policy when checking 213.95.11.211) smtp.mailfrom=hch@lst.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674459375; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BIbDnagTuLdSM4/Ksc3vb/YimwvOdea1ogprG/s7oT8=; b=ZosG/5sn1y+9wXBZk+UDKim0c7MEQPmyh1NqvkzQt1HJxP4oMAjDKd7t/xAjlIIepIaUww k7Rw8rD01XBM/GDs/+Zei3NgftL9BjueUqSqTN0f/1fbyFjn8D3wmBUyNmatPBlyzR3Q+j 0mwpY0Z7bNAApSuCRjVis5Mj9uyY3xA= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=none; dmarc=none; spf=none (imf20.hostedemail.com: domain of hch@lst.de has no SPF policy when checking 213.95.11.211) smtp.mailfrom=hch@lst.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674459375; a=rsa-sha256; cv=none; b=jp3V++6ICx1iP70vng0NDD0e6tc2MpYlX4J+USLqJLHH0ZyYxjokOb58OT+rgnGe3pTRPr EehcU7PqThYB5HD5LyLjDjUX/8hv/tns6iVcaTe6DQ7cx+Q+llXe4RYIXrmz04cRiOXcpG AE4ps3b0HqiPezpz+F6HOKdN+zZoqqc= Received: by verein.lst.de (Postfix, from userid 2407) id 2C2A968BEB; Mon, 23 Jan 2023 08:36:10 +0100 (CET) Date: Mon, 23 Jan 2023 08:36:09 +0100 From: Christoph Hellwig To: syzbot Cc: akpm@linux-foundation.org, hch@lst.de, jack@suse.com, jack@suse.cz, linkinjeon@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, willy@infradead.org Subject: Re: [syzbot] [udf?] BUG: unable to handle kernel NULL pointer dereference in __writepage Message-ID: <20230123073609.GA31134@lst.de> References: <0000000000003198a505f0076823@google.com> <0000000000009cfc1705f2a07641@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0000000000009cfc1705f2a07641@google.com> User-Agent: Mutt/1.5.17 (2007-11-01) X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: AC7F31C0003 X-Stat-Signature: qogduyi37zkdso4737xyj4hyhi9teoyj X-HE-Tag: 1674459374-465405 X-HE-Meta: U2FsdGVkX1/fhjo7gxq4VyNZrxt0pzl6swYqBtM8roOa6m6HEo+FKssn766Yv94Rq9B0lrs9j9rUMZcCWacbeEDieYQpmzAa+xQP2q0thD4VH9zB1CvMpZS4kIxH3wP/Oq3LPt/hJ/Kh8eXHmzEtSzBVjnRRxjalcBi++8aWyVbZVVnvNIrqJ+NsUISu+nPej0e3zaHcrGWOGWX0GzpjaIrqQXwDxLaVQQNPKCOMqDxl4RERK6r0vBNR9q9tMLkh0CuHOqzMMhJghWXVI/bXwTIv/TcdTl+JPtOAxlhIDyh7JBEJ1GB2J6hnxll+UT1ERfDiSGv3FJimsnO0u5vDQD72OoaCzC9M09t2susQ60d77S4Q5NbkfYxxMyM2OX3hbVIuKR9DUKZpNLEcc5TvfjapkzE70qAf9kfuzxYc8LGhikmdXNbsnC2clsJivJWPJHci2oVIX23+MSjneA17o8x9OW5iE8Ke4bDoa2/32JvJAos+ntKGANbPq/c3UmmaMVVVnE8TBZ/Thfq6vWrdZF/w6wxq9E6M2TNeNQV+QKlIeltSdP1LvS4+YGLMQXCFxBSFxeCXADfy/ueYAmy1khciLyIq3uDS02UK2SgsnZgb2ChE4jtfJVGhYswbCDYSJd5TJfZ+UcL0OnO+C+Pi5wpfrZb52vSe5SERFOt4ugJ0BVrO8Bvfp2zg33BcBIquNRGdAFETED3qMRBlNSS08Rlx2DLUvuUBSMKyWQP5BXoCEloASmWV0xBuiMdDhGU3HJsWD/T9vpHkbi10kFwKNbs8t3TbLLQnxI37YrIeHvrJMJh6rxw/DhCiWl2X2o3VaSxCba/Xej05Td+ZXK8PVQ1cNtVtg+yeWnEnDx8lUx9Oq26ZGP8vqqCL9wlznINngLzUIxKnIU51iLYZiEHbonL1O6y9eMUXgUCo9uEjDDT+kOKMHxNUzh378LtDzA05D+3IuNLZ/HlCVcw4PeX mbcQ686b eMyPBZde/MAySSepnktGjRoK1r1omdggqbgSOFv8ZFPYZf2NotUVkoAIX7wP0L/yG+TxwfoEZZbuy6E4i4Rn5gNVNYcNtO2OVasKncB9EfPOUg7KePOhFXZaHTBoJbNBRZnp2tuzXvcYMk8hDjLo7bJmOlg5p54xe+fazge177aX+nb4AAwrpod23+1JPAgrImUEzsI1lMOPlNqPphVBf5L//GlNWjv8tbSqunl91syf105z5nr51cwQjV8C/aG4OnyDk X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: I looked into this and got really confused. We should never end up in generic_writepages if ->writepages is set, which this patch obviously does. Then I took a closer look at udf, and it seems to switch a_aops around at run time, and it seems like we're hitting just that case, and the patch just seems to narrow down that window. I suspect the right fix is to remove this runtime switching of aops, and just do conditionals inside the methods.