syzbot


BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty (2)

Status: moderation: reported on 2024/06/19 11:17
Subsystems: mm fs
[Documentation on labels]
Reported-by: syzbot+bb2bd9900b1a3b7d4c78@syzkaller.appspotmail.com
First crash: 34d, last: 5d00h
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty fs mm 8 775d 958d 0/27 auto-obsoleted due to no activity on 2022/10/03 06:14

Sample crash report:
ntfs3: loop2: Mark volume as dirty due to NTFS errors
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 7ab7f067 P4D 7ab7f067 PUD 2a663067 PMD 0 
Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 PID: 24250 Comm: syz.2.4139 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003697b28 EFLAGS: 00010246

RAX: 0000000000000000 RBX: ffff888061d9ce38 RCX: ffffc9000d421000
RDX: 1ffffffff16c8483 RSI: ffffea000181a040 RDI: ffff888061d9ce38
RBP: ffffffff8b642400 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffea000181a040
R13: ffffea000181a040 R14: ffffea000181a040 R15: ffff88802c264000
FS:  00007f65e18826c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000006e1d6000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 folio_mark_dirty+0xd1/0x150 mm/page-writeback.c:2882
 attr_make_nonresident+0x9b7/0xf70 fs/ntfs3/attrib.c:301
 attr_force_nonresident+0x1a8/0x200 fs/ntfs3/attrib.c:2586
 ntfs_fallocate+0x9f7/0x11c0 fs/ntfs3/file.c:584
 vfs_fallocate+0x4bb/0xfb0 fs/open.c:330
 ksys_fallocate fs/open.c:353 [inline]
 __do_sys_fallocate fs/open.c:361 [inline]
 __se_sys_fallocate fs/open.c:359 [inline]
 __x64_sys_fallocate+0xd5/0x140 fs/open.c:359
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f65e0b75bd9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f65e1882048 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f65e0d03f60 RCX: 00007f65e0b75bd9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f65e0be4e60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000280404 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f65e0d03f60 R15: 00007ffe4def4a88
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90003697b28 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888061d9ce38 RCX: ffffc9000d421000
RDX: 1ffffffff16c8483 RSI: ffffea000181a040 RDI: ffff888061d9ce38
RBP: ffffffff8b642400 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffea000181a040
R13: ffffea000181a040 R14: ffffea000181a040 R15: ffff88802c264000
FS:  00007f65e18826c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000006e1d6000 CR4: 0000000000350ef0

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/14 20:08 upstream 4d145e3f830b eaeb5c15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/07/14 20:08 upstream 4d145e3f830b eaeb5c15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/06/20 08:34 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/06/20 01:41 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/06/16 22:42 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/06/16 20:11 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
2024/06/15 11:06 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in folio_mark_dirty
* Struck through repros no longer work on HEAD.