UBSAN: Undefined behaviour in /root/linux-source-4.14/mm/page-writeback.c:LINE

To: syzkaller@googlegroups.com
Cc: debian-kernel@lists.debian.org
Subject: UBSAN: Undefined behaviour in /root/linux-source-4.14/mm/page-writeback.c:LINE
From: Kaipeng Zeng <kaipeng94@gmail.com>
Date: Tue, 3 Apr 2018 11:06:50 +0800
Message-id: <[🔎] CAHk8Zdv98Hb5N+zxHPS=g3ENL5yDfAovZhuJGwEPx0NYUo3WWg@mail.gmail.com>

Kernel: debian package linux-source-4.14, build with UBSAN enable
Log, no repro:
libceph: get_reply osd2 tid 54 data 4097 > preallocated 0, skipping
==================================================================
================================================================================
UBSAN: Undefined behaviour in /root/linux-source-4.14/mm/page-writeback.c:2565:9
member access within null pointer of type 'const struct
address_space_operations'
CPU: 3 PID: 1050 Comm: syz-executor0 Not tainted 4.14.17 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xcc/0x12a lib/dump_stack.c:53
 ubsan_epilogue+0xe/0x81 lib/ubsan.c:164
 handle_null_ptr_deref lib/ubsan.c:281 [inline]
 __ubsan_handle_type_mismatch+0x165/0x42c lib/ubsan.c:323
 set_page_dirty+0x2df/0x370 mm/page-writeback.c:2565
 set_page_dirty_lock+0x70/0xc0 mm/page-writeback.c:2607
 ceph_put_page_vector+0x12e/0x200 [libceph]
 ceph_direct_read_write+0x165c/0x2090 [ceph]
 ceph_read_iter+0xcec/0x16f0 [ceph]
 call_read_iter include/linux/fs.h:1767 [inline]
 generic_file_splice_read+0x2aa/0x740 fs/splice.c:307
 do_splice_to+0x112/0x190 fs/splice.c:881
 do_splice fs/splice.c:1175 [inline]
 SYSC_splice fs/splice.c:1404 [inline]
 SyS_splice+0xf53/0x13d0 fs/splice.c:1384
 system_call_fast_compare_end+0x12/0x75
RIP: 0033:0x453e09
RSP: 002b:00007fecfacb8c68 EFLAGS: 00000246
================================================================================
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in: iptable_security iptable_raw iptable_mangle
iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat
nf_conntrack iptable_filter nfc llc2 netrom pppoe pppox af_key
xfrm_algo ipx p8023 p8022 psnap llc can ax25 af_alg vhost_vsock
vmw_vsock_virtio_transport_common vsock vhost_net tun vhost tap
hci_vhci bluetooth drbg ansi_cprng ecdh_generic rfkill ppp_generic
slhc loop cuse fuse cbc ceph libceph libcrc32c fscache bochs_drm ttm
drm_kms_helper sg joydev drm evdev serio_raw pcspkr button parport_pc
ppdev lp parport ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2
crc32c_generic fscrypto ecb crypto_simd cryptd glue_helper aes_x86_64
sr_mod cdrom sd_mod ata_generic ata_piix libata psmouse e1000 scsi_mod
i2c_piix4 floppy
CPU: 3 PID: 1050 Comm: syz-executor0 Not tainted 4.14.17 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
task: ffff8800249ea080 task.stack: ffff8800216f0000
RIP: 0010:set_page_dirty+0xb0/0x370 mm/page-writeback.c:2565
RSP: 0018:ffff8800216f77b0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff88002201c340 RCX: 0000000000000000
RDX: 0000000000000003 RSI: 0000000000000202 RDI: 0000000000000018
RBP: ffff88002201c360 R08: 0000000000000001 R09: ffffffff858b4f1c
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88002201c360 R14: 830000890000041a R15: ffff88002201cf80
FS:  00007fecfacb9700(0000) GS:ffff88007c700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f73c7e7a4b8 CR3: 0000000076d8a000 CR4: 00000000000006e0
Call Trace:
 set_page_dirty_lock+0x70/0xc0 mm/page-writeback.c:2607
 ceph_put_page_vector+0x12e/0x200 [libceph]
 ceph_direct_read_write+0x165c/0x2090 [ceph]
 ceph_read_iter+0xcec/0x16f0 [ceph]
 call_read_iter include/linux/fs.h:1767 [inline]
 generic_file_splice_read+0x2aa/0x740 fs/splice.c:307
 do_splice_to+0x112/0x190 fs/splice.c:881
 do_splice fs/splice.c:1175 [inline]
 SYSC_splice fs/splice.c:1404 [inline]
 SyS_splice+0xf53/0x13d0 fs/splice.c:1384
 system_call_fast_compare_end+0x12/0x75
RIP: 0033:0x453e09
RSP: 002b:00007fecfacb8c68 EFLAGS: 00000246
Code: 00 0f 85 58 02 00 00 4d 8b 64 24 70 4d 85 e4 0f 84 37 02 00 00
49 8d 7c 24 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80>
3c 02 00 0f 85 0d 02 00 00 4d 85 ed 4d 8b 64 24 18 0f 84 ec
RIP: set_page_dirty+0xb0/0x370 mm/page-writeback.c:2565 RSP: ffff8800216f77b0
---[ end trace 7ef925dd3fda8332 ]---

Reply to:

Prev by Date: UBSAN: Undefined behaviour in /root/linux-source-4.14/drivers/vhost/vhost.c:LINE
Next by Date: Re: UBSAN: Undefined behaviour in /root/linux-source-4.14/drivers/vhost/vhost.c:LINE
Previous by thread: Re: UBSAN: Undefined behaviour in /root/linux-source-4.14/drivers/vhost/vhost.c:LINE
Next by thread: Bug#894731: linux-image-4.15.0-2-amd64: Setting drm.edid_firmware or drm_kms_firmware.edid_firmware has no effect
Index(es):
- Date
- Thread