syzbot


KASAN: null-ptr-deref Write in get_block

Status: fixed on 2020/09/16 22:51
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+4a88b2b9dc280f47baf4@syzkaller.appspotmail.com
Fix commit: da27e0a0e5f6 fs/minix: check return value of sb_getblk()
First crash: 1560d, last: 1443d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: C syz .config
  
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.4 000/149] 4.4.233-rc1 review 163 (163) 2020/10/31 20:04
[PATCH 4.9 000/212] 4.9.233-rc1 review 220 (220) 2020/08/21 09:40
[PATCH 4.19 000/168] 4.19.140-rc1 review 183 (183) 2020/08/21 08:05
[PATCH 4.14 000/228] 4.14.194-rc1 review 234 (234) 2020/08/21 06:59
[PATCH 5.8 000/464] 5.8.2-rc1 review 475 (475) 2020/08/19 06:11
[PATCH 5.4 000/270] 5.4.59-rc1 review 275 (275) 2020/08/18 22:37
[PATCH 5.7 000/393] 5.7.16-rc1 review 398 (398) 2020/08/18 22:36
[patch 098/165] fs/minix: check return value of sb_getblk() 1 (1) 2020/08/12 01:35
[PATCH 0/6] fs/minix: fix syzbot bugs and set s_maxbytes 10 (10) 2020/07/07 20:34
[PATCH] minix: Fix NULL dereference in alloc_branch() 1 (1) 2020/03/23 12:57
KASAN: null-ptr-deref Write in get_block 3 (4) 2020/03/23 12:18
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 KASAN: null-ptr-deref Write in get_block origin:upstream missing-backport C done 4 326d 371d 3/3 fixed on 2023/10/02 12:03
upstream KASAN: null-ptr-deref Write in get_block (2) fs C error 11 365d 399d 23/27 fixed on 2023/09/28 17:51
linux-5.15 KASAN: null-ptr-deref Write in get_block origin:upstream missing-backport C done 2 328d 373d 3/3 fixed on 2023/10/03 00:08

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in test_and_set_bit_lock include/asm-generic/bitops/instrumented-lock.h:55 [inline]
BUG: KASAN: null-ptr-deref in trylock_buffer include/linux/buffer_head.h:359 [inline]
BUG: KASAN: null-ptr-deref in lock_buffer include/linux/buffer_head.h:365 [inline]
BUG: KASAN: null-ptr-deref in alloc_branch fs/minix/itree_common.c:88 [inline]
BUG: KASAN: null-ptr-deref in get_block+0x635/0x1380 fs/minix/itree_common.c:191
Write of size 8 at addr 0000000000000000 by task syz-executor593/9547

CPU: 0 PID: 9547 Comm: syz-executor593 Not tainted 5.7.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 __kasan_report mm/kasan/report.c:517 [inline]
 kasan_report.cold+0x5/0x37 mm/kasan/report.c:530
 check_memory_region_inline mm/kasan/generic.c:186 [inline]
 check_memory_region+0x141/0x190 mm/kasan/generic.c:192
 test_and_set_bit_lock include/asm-generic/bitops/instrumented-lock.h:55 [inline]
 trylock_buffer include/linux/buffer_head.h:359 [inline]
 lock_buffer include/linux/buffer_head.h:365 [inline]
 alloc_branch fs/minix/itree_common.c:88 [inline]
 get_block+0x635/0x1380 fs/minix/itree_common.c:191
 minix_get_block+0xe5/0x110 fs/minix/inode.c:376
 __block_write_begin_int+0x490/0x1b20 fs/buffer.c:2012
 __block_write_begin fs/buffer.c:2062 [inline]
 block_write_begin+0x58/0x2e0 fs/buffer.c:2121
 minix_write_begin+0x35/0xe0 fs/minix/inode.c:412
 generic_perform_write+0x20a/0x4e0 mm/filemap.c:3299
 __generic_file_write_iter+0x24c/0x610 mm/filemap.c:3428
 generic_file_write_iter+0x3f3/0x630 mm/filemap.c:3460
 call_write_iter include/linux/fs.h:1917 [inline]
 new_sync_write+0x426/0x650 fs/read_write.c:484
 __vfs_write+0xc9/0x100 fs/read_write.c:497
 vfs_write+0x268/0x5d0 fs/read_write.c:559
 ksys_write+0x12d/0x250 fs/read_write.c:612
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x43e919
Code: bd 91 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 91 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fcaef905ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006c3c48 RCX: 000000000043e919
RDX: 000000000000fdef RSI: 00000000200002c0 RDI: 0000000000000008
RBP: 00000000006c3c40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006c3c4c
R13: 00007ffea77dfeef R14: 00007fcaef8e6000 R15: 0000000000000003
==================================================================

Crashes (101):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/19 11:29 upstream 435faf5c218a bc258b50 .config console log report syz C ci-qemu-upstream
2020/05/15 11:54 upstream 1ae7efb38854 2d572622 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/04/11 19:08 upstream 5b8b9d0c6d0e a8c6a3f8 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/04/11 10:08 upstream ab6f762f0f53 a8c6a3f8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/04/11 09:41 upstream ab6f762f0f53 a8c6a3f8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/04/11 09:07 upstream ab6f762f0f53 a8c6a3f8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/03/17 10:35 upstream fb33c6510d55 749688d2 .config console log report syz C ci-upstream-kasan-gce-root
2020/04/14 16:55 linux-next f19bb13a0eaf 3f3c5574 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/04/14 16:28 linux-next f19bb13a0eaf 3f3c5574 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/04/14 15:50 linux-next f19bb13a0eaf 3f3c5574 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/06/24 23:08 upstream 435faf5c218a 41694dbf .config console log report syz ci-qemu-upstream
2020/04/09 22:58 upstream 5d30bcacd91a a8c6a3f8 .config console log report syz ci-upstream-kasan-gce-root
2020/07/12 18:46 upstream 0aea6d5c5be3 115e1930 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/11 21:43 upstream a581387e415b 18d18b59 .config console log report ci-upstream-kasan-gce-root
2020/07/10 19:28 upstream 42f82040ee66 edf162e8 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/09 23:26 upstream 0bddd227f3dc bc238812 .config console log report ci-upstream-kasan-gce-selinux-root
2020/07/08 04:09 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/07 21:06 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/04 20:50 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/03 00:43 upstream cd77006e01b3 bed10395 .config console log report ci-upstream-kasan-gce-selinux-root
2020/07/02 10:51 upstream cd77006e01b3 bed10395 .config console log report ci-upstream-kasan-gce-root
2020/07/02 07:43 upstream cd77006e01b3 bed10395 .config console log report ci-upstream-kasan-gce-root
2020/06/30 12:10 upstream 4e99b32169e8 a2cdad9d .config console log report ci-upstream-kasan-gce-root
2020/06/28 23:56 upstream 4e99b32169e8 a2cdad9d .config console log report ci-upstream-kasan-gce-smack-root
2020/06/28 18:42 upstream 4e99b32169e8 a2cdad9d .config console log report ci-upstream-kasan-gce-smack-root
2020/06/27 19:11 upstream 1590a2e1c681 ffec44b5 .config console log report ci-upstream-kasan-gce-root
2020/06/27 14:29 upstream 1590a2e1c681 ffec44b5 .config console log report ci-upstream-kasan-gce-root
2020/06/26 13:45 upstream 4a21185cda0f aea82c00 .config console log report ci-upstream-kasan-gce-smack-root
2020/06/25 08:43 upstream 7ae77150d94d 54566aff .config console log report ci-upstream-kasan-gce-smack-root
2020/06/24 21:30 upstream 7ae77150d94d 54566aff .config console log report ci-upstream-kasan-gce-root
2020/06/24 01:34 upstream 7ae77150d94d 54566aff .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/20 05:24 upstream 7ae77150d94d 81abc331 .config console log report ci-upstream-kasan-gce-smack-root
2020/06/17 20:26 upstream 7ae77150d94d b9f3810b .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/17 10:23 upstream 7ae77150d94d b9f3810b .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/17 00:20 upstream 7ae77150d94d 559fbe2d .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/16 22:49 upstream 7ae77150d94d 559fbe2d .config console log report ci-upstream-kasan-gce-smack-root
2020/06/15 04:22 upstream 7ae77150d94d 2a22c77a .config console log report ci-upstream-kasan-gce-root
2020/06/14 17:59 upstream 7ae77150d94d 2a22c77a .config console log report ci-upstream-kasan-gce-root
2020/06/14 14:59 upstream 7ae77150d94d 2a22c77a .config console log report ci-upstream-kasan-gce-smack-root
2020/06/12 14:26 upstream 7ae77150d94d 58802067 .config console log report ci-upstream-kasan-gce-root
2020/06/10 14:52 upstream 7ae77150d94d 860c4de9 .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/09 06:03 upstream 7ae77150d94d 0d60b78a .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/06 14:46 upstream 7ae77150d94d e6b89e4e .config console log report ci-upstream-kasan-gce-smack-root
2020/06/06 13:53 upstream 7ae77150d94d e6b89e4e .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/06 03:10 upstream 7ae77150d94d f243c88f .config console log report ci-upstream-kasan-gce-selinux-root
2020/06/04 16:49 upstream cb8e59cc8720 b0d1c0d5 .config console log report ci-upstream-kasan-gce-smack-root
2020/06/01 05:10 upstream bdc48fa11e46 a0331e89 .config console log report ci-upstream-kasan-gce-smack-root
2020/05/23 16:41 upstream 444565650a5f 9682898d .config console log report ci-upstream-kasan-gce-root
2020/05/21 10:17 upstream b85051e755b0 c61086ab .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/17 10:07 upstream fb33c6510d55 749688d2 .config console log report ci-upstream-kasan-gce-root
2020/04/16 02:29 upstream 00086336a8d9 3f3c5574 .config console log report ci-qemu-upstream-386
2020/07/05 06:00 linux-next 9e50b94b3eb0 51095195 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/07/04 16:39 linux-next 9e50b94b3eb0 51095195 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/30 15:31 linux-next 36e3135df4d4 a2cdad9d .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/05 17:54 linux-next e7b08814b16b 2420d1bc .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/01 18:57 linux-next e7b08814b16b a0331e89 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/29 00:30 linux-next ff387fc20c69 0d951763 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/19 07:48 linux-next ac935d227366 684d3606 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.