syzbot


KASAN: null-ptr-deref Write in bdi_put

Status: fixed on 2021/03/10 01:48
Reported-by: syzbot+aded2f2ab94d81727898@syzkaller.appspotmail.com
Fix commit: 2d2f6f1b4799 block: pre-initialize struct block_device in bdev_alloc_inode
First crash: 1467d, last: 1432d
Cause bisection: introduced by (bisect log) :
commit 4d004099a668c41522242aa146a38cc4eb59cb1e
Author: Peter Zijlstra <peterz@infradead.org>
Date: Fri Oct 2 09:04:21 2020 +0000

  lockdep: Fix lockdep recursion

Crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 2d2f6f1b4799428d160c021dd652bc3e3593945e
Author: Christoph Hellwig <hch@lst.de>
Date: Thu Jan 7 18:36:40 2021 +0000

  block: pre-initialize struct block_device in bdev_alloc_inode

  
Discussions (1)
Title Replies (including bot) Last reply
KASAN: null-ptr-deref Write in bdi_put 1 (3) 2021/03/01 14:35
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2021/03/01 09:36 3h18m bisect fix upstream OK (1) job log
2021/02/11 05:29 0m bisect fix upstream error job log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: null-ptr-deref in atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline]
BUG: KASAN: null-ptr-deref in __refcount_sub_and_test include/linux/refcount.h:272 [inline]
BUG: KASAN: null-ptr-deref in __refcount_dec_and_test include/linux/refcount.h:315 [inline]
BUG: KASAN: null-ptr-deref in refcount_dec_and_test include/linux/refcount.h:333 [inline]
BUG: KASAN: null-ptr-deref in kref_put include/linux/kref.h:64 [inline]
BUG: KASAN: null-ptr-deref in bdi_put+0x22/0xa0 mm/backing-dev.c:901
Write of size 4 at addr 0000000000000040 by task syz-executor685/8471

CPU: 1 PID: 8471 Comm: syz-executor685 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 __kasan_report mm/kasan/report.c:400 [inline]
 kasan_report.cold+0x5f/0xd5 mm/kasan/report.c:413
 check_memory_region_inline mm/kasan/generic.c:179 [inline]
 check_memory_region+0x13d/0x180 mm/kasan/generic.c:185
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline]
 __refcount_sub_and_test include/linux/refcount.h:272 [inline]
 __refcount_dec_and_test include/linux/refcount.h:315 [inline]
 refcount_dec_and_test include/linux/refcount.h:333 [inline]
 kref_put include/linux/kref.h:64 [inline]
 bdi_put+0x22/0xa0 mm/backing-dev.c:901
 bdev_evict_inode+0x262/0x460 fs/block_dev.c:808
 evict+0x2ed/0x6b0 fs/inode.c:577
 iput_final fs/inode.c:1653 [inline]
 iput.part.0+0x57e/0x810 fs/inode.c:1679
 iput+0x58/0x70 fs/inode.c:1669
 dentry_unlink_inode+0x2b1/0x3d0 fs/dcache.c:374
 __dentry_kill+0x3c0/0x640 fs/dcache.c:579
 dentry_kill fs/dcache.c:705 [inline]
 dput+0x725/0xbc0 fs/dcache.c:885
 do_one_tree fs/dcache.c:1632 [inline]
 shrink_dcache_for_umount+0x11f/0x330 fs/dcache.c:1646
 generic_shutdown_super+0x68/0x370 fs/super.c:447
 kill_anon_super+0x36/0x60 fs/super.c:1055
 deactivate_locked_super+0x94/0x160 fs/super.c:335
 deactivate_super+0xad/0xd0 fs/super.c:366
 put_fs_context+0xaa/0x650 fs/fs_context.c:442
 fscontext_release+0x4c/0x60 fs/fsopen.c:73
 __fput+0x283/0x920 fs/file_table.c:280
 task_work_run+0xdd/0x190 kernel/task_work.c:140
 exit_task_work include/linux/task_work.h:30 [inline]
 do_exit+0xc5c/0x2ae0 kernel/exit.c:825
 do_group_exit+0x125/0x310 kernel/exit.c:922
 __do_sys_exit_group kernel/exit.c:933 [inline]
 __se_sys_exit_group kernel/exit.c:931 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x43ee78
Code: Unable to access opcode bytes at RIP 0x43ee4e.
RSP: 002b:00007fff8a4cc5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ee78
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004be688 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
==================================================================

Crashes (601):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/07 20:11 upstream 71c061d24438 c104d4a3 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2021/01/07 02:05 upstream 9f1abbe97c08 c104d4a3 .config console log report syz C ci-upstream-kasan-gce-root
2021/01/05 20:45 upstream 36bbbd0e234d a0234d98 .config console log report syz C ci-upstream-kasan-gce-root
2021/01/05 09:30 upstream 36bbbd0e234d 2a28ff1f .config console log report syz C ci-upstream-kasan-gce-selinux-root
2021/01/04 07:06 upstream e71ba9452f0b 79264ae3 .config console log report syz C ci-upstream-kasan-gce-root
2021/01/02 06:47 upstream eda809aef534 79264ae3 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/12/30 08:03 upstream 139711f033f6 0fa352f2 .config console log report syz C ci-upstream-kasan-gce-root
2020/12/30 00:01 upstream dea8dcf2a9fa 80910769 .config console log report syz C ci-upstream-kasan-gce-root
2020/12/25 19:46 upstream 71c5f03154ac b982b3ea .config console log report syz C ci-upstream-kasan-gce-selinux-root
2021/01/11 01:28 linux-next 1c925d2030af 2c1f2513 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/01/07 14:14 linux-next 2d3811a4fb23 c104d4a3 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/01/04 00:52 linux-next d7a03a44a5e9 79264ae3 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/01/02 01:49 linux-next d7a03a44a5e9 79264ae3 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/30 12:24 linux-next d7a03a44a5e9 0fa352f2 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/29 09:33 linux-next d7a03a44a5e9 8259d56c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/21 10:21 linux-next 4c6ed015c2a5 04201c06 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/15 02:58 linux-next 14240d4c5b25 97183ed7 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/14 07:32 linux-next 14240d4c5b25 b22a7ec3 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/08 04:35 linux-next 15ac8fdb7440 51a9082e .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/01/11 10:26 upstream 0653161f0fac 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/11 07:08 upstream 0653161f0fac 2c1f2513 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/11 04:05 upstream 0653161f0fac 2c1f2513 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/11 02:30 upstream 0653161f0fac 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/10 20:53 upstream 2ff90100ace8 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/10 14:13 upstream 2ff90100ace8 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/10 04:56 upstream 996e435fd401 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/10 01:13 upstream 996e435fd401 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/09 22:53 upstream 996e435fd401 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/09 22:04 upstream 996e435fd401 2c1f2513 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/09 19:50 upstream 996e435fd401 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/09 17:43 upstream 996e435fd401 a6c52263 .config console log report info ci-qemu-upstream
2021/01/09 02:23 upstream 6279d812eab6 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/09 01:05 upstream 6279d812eab6 c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/08 19:19 upstream f5e6c330254a c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/08 11:25 upstream f5e6c330254a c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/08 09:13 upstream f5e6c330254a c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/08 07:30 upstream f5e6c330254a c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/08 06:04 upstream f5e6c330254a c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/07 19:43 upstream 71c061d24438 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/07 19:42 upstream 71c061d24438 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/07 16:22 upstream 71c061d24438 c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/07 15:14 upstream 71c061d24438 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/07 06:21 upstream 9f1abbe97c08 c104d4a3 .config console log report info ci-upstream-kasan-gce-root
2021/01/07 00:47 upstream 9f1abbe97c08 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/06 23:43 upstream 9f1abbe97c08 c104d4a3 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/06 07:57 upstream 6207214a70bf b1c228e1 .config console log report info ci-upstream-kasan-gce-root
2020/12/31 23:11 upstream f6e1ea196492 79264ae3 .config console log report info ci-qemu-upstream-386
2021/01/12 05:29 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/12 04:11 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/12 03:10 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 22:06 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 19:23 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 11:28 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/10 23:09 linux-next 1c925d2030af 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/10 03:38 linux-next 1c925d2030af 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/10 02:37 linux-next 1c925d2030af 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/09 13:28 linux-next 1c925d2030af a6c52263 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/08 22:28 linux-next 1c925d2030af c104d4a3 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/07 23:30 linux-next 2d3811a4fb23 c104d4a3 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/07 03:44 linux-next 7e4525a4232f c104d4a3 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/06 22:10 linux-next 7e4525a4232f c104d4a3 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/06 18:00 linux-next 7e4525a4232f c104d4a3 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/06 10:42 linux-next 7e4525a4232f b1c228e1 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/06 08:59 linux-next 7e4525a4232f b1c228e1 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/07 12:39 linux-next 15ac8fdb7440 1190297f .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.