BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2)

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew)
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13507b43e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944
dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1620c007e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=117f975de00000

The bug was bisected to:

commit 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086
Author: Dan Williams <dan.j.w...@intel.com>
Date: Thu Dec 21 20:25:11 2017 +0000

ext4, dax: introduce ext4_dax_aops

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11046b5de00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=13046b5de00000
console output: https://syzkaller.appspot.com/x/log.txt?x=15046b5de00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+bca979...@syzkaller.appspotmail.com
Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops")

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 86de7067 P4D 86de7067 PUD 8eb7e067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8522 Comm: syz-executor124 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90004707a38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300
RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0
R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18
FS: 00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000086de6000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302
ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270
ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642
call_write_iter include/linux/fs.h:1907 [inline]
new_sync_write+0x4a2/0x700 fs/read_write.c:484
__vfs_write+0xc9/0x100 fs/read_write.c:497
vfs_write+0x268/0x5d0 fs/read_write.c:559
ksys_write+0x12d/0x250 fs/read_write.c:612
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x44ecf9
Code: bd ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b ca fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff4c6fcbce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006e79e8 RCX: 000000000044ecf9
RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006e79e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e79ec
R13: 00007ffce52c26cf R14: 00007ff4c6fcc9c0 R15: 0000000000000000
Modules linked in:
CR2: 0000000000000000
---[ end trace a03cde52885aaa2a ]---
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffffc90004707a38 EFLAGS: 00010246
RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff8880880c68e0 RDI: ffff888098a0c300
RBP: ffff8880880c68e0 R08: 0000000000000000 R09: ffffc90004707ac0
R10: ffff88808ddee607 R11: ffffed1011bbdcc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004707d18
FS: 00007ff4c6fcc700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff4c6f89db8 CR3: 0000000086de6000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

[Theodore Y. Ts'o]

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 9728e7b0e84f..e44fee317965 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1728,6 +1728,7 @@ static int clear_qf_name(struct super_block *sb, int qtype)
#define MOPT_NO_EXT3 0x0200
#define MOPT_EXT4_ONLY (MOPT_NO_EXT2 | MOPT_NO_EXT3)
#define MOPT_STRING 0x0400
+#define MOPT_NO_REMOUNT 0x0800

static const struct mount_opts {
int token;
@@ -1777,7 +1778,7 @@ static const struct mount_opts {
{Opt_min_batch_time, 0, MOPT_GTE0},
{Opt_inode_readahead_blks, 0, MOPT_GTE0},
{Opt_init_itable, 0, MOPT_GTE0},
- {Opt_dax, EXT4_MOUNT_DAX, MOPT_SET},
+ {Opt_dax, EXT4_MOUNT_DAX, MOPT_SET | MOPT_NO_REMOUNT},
{Opt_stripe, 0, MOPT_GTE0},
{Opt_resuid, 0, MOPT_GTE0},
{Opt_resgid, 0, MOPT_GTE0},
@@ -1819,7 +1820,7 @@ static const struct mount_opts {
{Opt_jqfmt_vfsv1, QFMT_VFS_V1, MOPT_QFMT},
{Opt_max_dir_size_kb, 0, MOPT_GTE0},
{Opt_test_dummy_encryption, 0, MOPT_GTE0},
- {Opt_nombcache, EXT4_MOUNT_NO_MBCACHE, MOPT_SET},
+ {Opt_nombcache, EXT4_MOUNT_NO_MBCACHE, MOPT_SET | MOPT_NO_REMOUNT},
{Opt_err, 0, 0}
};

@@ -1917,6 +1918,12 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
"Mount option \"%s\" incompatible with ext3", opt);
return -1;
}
+ if ((m->flags & MOPT_NO_REMOUNT) && is_remount) {
+ ext4_msg(sb, KERN_ERR,
+ "Mount option \"%s\" not supported when remounting",
+ opt);
+ return -1;
+ }

if (args->from && !(m->flags & MOPT_STRING) && match_int(args, &arg))
return -1;
@@ -5429,18 +5436,6 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data)
}
}

- if ((sbi->s_mount_opt ^ old_opts.s_mount_opt) & EXT4_MOUNT_NO_MBCACHE) {
- ext4_msg(sb, KERN_ERR, "can't enable nombcache during remount");
- err = -EINVAL;
- goto restore_opts;
- }
-
- if ((sbi->s_mount_opt ^ old_opts.s_mount_opt) & EXT4_MOUNT_DAX) {
- ext4_msg(sb, KERN_WARNING, "warning: refusing change of "
- "dax flag with busy inodes while remounting");
- sbi->s_mount_opt ^= EXT4_MOUNT_DAX;
- }
-
if (sbi->s_mount_flags & EXT4_MF_FS_ABORTED)
ext4_abort(sb, EXT4_ERR_ESHUTDOWN, "Abort forced by user");

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger crash:

Reported-and-tested-by: syzbot+bca979...@syzkaller.appspotmail.com

Tested on:

commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew)

git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944
dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

patch: https://syzkaller.appspot.com/x/patch.diff?x=15524a00100000

Note: testing is done by a robot and is best-effort only.

[Theodore Y. Ts'o]

[syzbot]

Hello,

syzbot tried to test the proposed patch but build/boot failed:

syzkaller build failed: failed to run ["make" "target"]: exit status 2
GOOS=linux GOARCH=amd64 go install ./syz-fuzzer
# github.com/google/syzkaller/sys/netbsd/gen
sys/netbsd/gen/amd64.go:41:58: undefined: Field
sys/netbsd/gen/amd64.go:44:10: undefined: Ref
sys/netbsd/gen/amd64.go:45:59: undefined: Ref
sys/netbsd/gen/amd64.go:46:70: undefined: Field
sys/netbsd/gen/amd64.go:49:66: undefined: Field
sys/netbsd/gen/amd64.go:54:60: undefined: Field
sys/netbsd/gen/amd64.go:58:66: undefined: Field
sys/netbsd/gen/amd64.go:62:68: undefined: Field
sys/netbsd/gen/amd64.go:68:62: undefined: Field
sys/netbsd/gen/amd64.go:72:59: undefined: Ref
sys/netbsd/gen/amd64.go:72:59: too many errors
# github.com/google/syzkaller/sys/akaros/gen
sys/akaros/gen/amd64.go:23:63: undefined: Field
sys/akaros/gen/amd64.go:26:69: undefined: Field
sys/akaros/gen/amd64.go:29:56: undefined: Field
sys/akaros/gen/amd64.go:34:52: undefined: Field
sys/akaros/gen/amd64.go:39:67: undefined: Field
sys/akaros/gen/amd64.go:43:54: undefined: Field
sys/akaros/gen/amd64.go:48:54: undefined: Field
sys/akaros/gen/amd64.go:51:64: undefined: Field
sys/akaros/gen/amd64.go:56:51: undefined: Field
sys/akaros/gen/amd64.go:62:56: undefined: Field
sys/akaros/gen/amd64.go:62:56: too many errors
# github.com/google/syzkaller/sys/openbsd/gen
sys/openbsd/gen/amd64.go:49:55: undefined: Field
sys/openbsd/gen/amd64.go:53:10: undefined: Ref
sys/openbsd/gen/amd64.go:54:60: undefined: Field
sys/openbsd/gen/amd64.go:58:10: undefined: Ref
sys/openbsd/gen/amd64.go:59:61: undefined: Field
sys/openbsd/gen/amd64.go:63:10: undefined: Ref
sys/openbsd/gen/amd64.go:64:60: undefined: Field
sys/openbsd/gen/amd64.go:68:10: undefined: Ref
sys/openbsd/gen/amd64.go:69:51: undefined: Field
sys/openbsd/gen/amd64.go:72:52: undefined: Field
sys/openbsd/gen/amd64.go:72:52: too many errors
# github.com/google/syzkaller/sys/test/gen
sys/test/gen/32_fork_shmem.go:29:55: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:30:45: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:31:50: undefined: Ref
sys/test/gen/32_fork_shmem.go:31:60: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:32:53: undefined: Field
sys/test/gen/32_fork_shmem.go:34:5: unknown field 'Attrs' in struct literal of type prog.Syscall
sys/test/gen/32_fork_shmem.go:35:66: undefined: Ref
sys/test/gen/32_fork_shmem.go:36:53: undefined: Field
sys/test/gen/32_fork_shmem.go:39:62: undefined: Field
sys/test/gen/32_fork_shmem.go:42:48: undefined: Field
sys/test/gen/32_fork_shmem.go:42:48: too many errors
# github.com/google/syzkaller/sys/freebsd/gen
sys/freebsd/gen/386.go:49:76: undefined: Field
sys/freebsd/gen/386.go:54:60: undefined: Field
sys/freebsd/gen/386.go:58:68: undefined: Field
sys/freebsd/gen/386.go:65:67: undefined: Field
sys/freebsd/gen/386.go:71:68: undefined: Field
sys/freebsd/gen/386.go:77:67: undefined: Field
sys/freebsd/gen/386.go:83:67: undefined: Field
sys/freebsd/gen/386.go:89:68: undefined: Field
sys/freebsd/gen/386.go:95:69: undefined: Field
sys/freebsd/gen/386.go:101:85: undefined: Field
sys/freebsd/gen/386.go:101:85: too many errors
# github.com/google/syzkaller/sys/windows/gen
sys/windows/gen/amd64.go:23:51: undefined: Field
sys/windows/gen/amd64.go:26:53: undefined: Field
sys/windows/gen/amd64.go:29:59: undefined: Field
sys/windows/gen/amd64.go:32:75: undefined: Field
sys/windows/gen/amd64.go:35:51: undefined: Field
sys/windows/gen/amd64.go:45:57: undefined: Field
sys/windows/gen/amd64.go:55:85: undefined: Field
sys/windows/gen/amd64.go:66:69: undefined: Field
sys/windows/gen/amd64.go:77:97: undefined: Field
sys/windows/gen/amd64.go:88:89: undefined: Field
sys/windows/gen/amd64.go:88:89: too many errors
# github.com/google/syzkaller/sys/fuchsia/gen
sys/fuchsia/gen/amd64.go:96:45: undefined: Field
sys/fuchsia/gen/amd64.go:99:45: undefined: Field
sys/fuchsia/gen/amd64.go:103:45: undefined: Field
sys/fuchsia/gen/amd64.go:108:45: undefined: Field
sys/fuchsia/gen/amd64.go:111:45: undefined: Field
sys/fuchsia/gen/amd64.go:114:10: undefined: Ref
sys/fuchsia/gen/amd64.go:115:41: undefined: Field
sys/fuchsia/gen/amd64.go:117:10: undefined: Ref
sys/fuchsia/gen/amd64.go:118:43: undefined: Field
sys/fuchsia/gen/amd64.go:121:10: undefined: Ref
sys/fuchsia/gen/amd64.go:121:10: too many errors
# github.com/google/syzkaller/sys/linux/gen
sys/linux/gen/386.go:296:58: undefined: Field
sys/linux/gen/386.go:301:10: undefined: Ref
sys/linux/gen/386.go:302:62: undefined: Field
sys/linux/gen/386.go:307:10: undefined: Ref
sys/linux/gen/386.go:308:63: undefined: Field
sys/linux/gen/386.go:313:10: undefined: Ref
sys/linux/gen/386.go:314:67: undefined: Field
sys/linux/gen/386.go:319:10: undefined: Ref
sys/linux/gen/386.go:320:63: undefined: Field
sys/linux/gen/386.go:325:10: undefined: Ref
sys/linux/gen/386.go:325:10: too many errors
Makefile:113: recipe for target 'target' failed
make: *** [target] Error 2

go env (err=<nil>)
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/syzkaller/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/syzkaller/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build521465815=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at a8c6a3f8
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: sys/akaros/gen/amd64.go
modified: sys/freebsd/gen/386.go
modified: sys/freebsd/gen/amd64.go
modified: sys/fuchsia/gen/amd64.go
modified: sys/fuchsia/gen/arm64.go
modified: sys/linux/gen/386.go
modified: sys/linux/gen/amd64.go
modified: sys/linux/gen/arm.go
modified: sys/linux/gen/arm64.go
modified: sys/linux/gen/mips64le.go
modified: sys/linux/gen/ppc64le.go
modified: sys/netbsd/gen/amd64.go
modified: sys/openbsd/gen/amd64.go
modified: sys/test/gen/32_fork_shmem.go
modified: sys/test/gen/32_shmem.go
modified: sys/test/gen/64.go
modified: sys/test/gen/64_fork.go
modified: sys/trusty/gen/arm.go
modified: sys/windows/gen/amd64.go

Untracked files:
(use "git add <file>..." to include in what will be committed)
.descriptions

no changes added to commit (use "git add" and/or "git commit -a")



Tested on:

commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94

[Theodore Y. Ts'o]

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git 5b8b9d0c6d0e0f1993c6c56deaf9646942c49d94

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer still triggered crash:
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page

PGD a3819067 P4D a3819067 PUD a2ea0067 PMD 0

Oops: 0010 [#1] PREEMPT SMP KASAN

CPU: 1 PID: 9214 Comm: syz-executor.1 Not tainted 5.6.0-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Bad RIP value.

RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246

RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001

RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80
RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0
R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18
FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: ffffffffffffffd6 CR3: 00000000904f1000 CR4: 00000000001406e0

DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
generic_perform_write+0x20a/0x4e0 mm/filemap.c:3302
ext4_buffered_write_iter+0x1f7/0x450 fs/ext4/file.c:270
ext4_file_write_iter+0x1ec/0x13f0 fs/ext4/file.c:642
call_write_iter include/linux/fs.h:1907 [inline]
new_sync_write+0x4a2/0x700 fs/read_write.c:484
__vfs_write+0xc9/0x100 fs/read_write.c:497
vfs_write+0x268/0x5d0 fs/read_write.c:559
ksys_write+0x12d/0x250 fs/read_write.c:612
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3

RIP: 0033:0x45c889
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f310f3f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f310f3f36d4 RCX: 000000000045c889

RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003

RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000cdc R14: 00000000004cf042 R15: 000000000076bfac

Modules linked in:
CR2: 0000000000000000

---[ end trace ff42a65b331528ba ]---

RIP: 0010:0x0
Code: Bad RIP value.

RSP: 0018:ffffc90006d1fa38 EFLAGS: 00010246

RAX: ffffffff883cb0a0 RBX: 0000000000000000 RCX: 0000000000000001

RDX: 0000000000000000 RSI: ffff888082b89a60 RDI: ffff88808a414a80
RBP: ffff888082b89a60 R08: 0000000000000000 R09: ffffc90006d1fac0
R10: ffff888072cd6607 R11: ffffed100e59acc0 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006d1fd18
FS: 00007f310f3f3700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000000076c061 CR3: 00000000904f1000 CR4: 00000000001406e0

DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Tested on:

commit: 5b8b9d0c Merge branch 'akpm' (patches from Andrew)

git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git
console output: https://syzkaller.appspot.com/x/log.txt?x=158b23ca100000
kernel config: https://syzkaller.appspot.com/x/.config?x=23c5a352e32a1944

[Theodore Y. Ts'o]

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git 5749fe5af3db176659978718ddaecebb450cdb6b

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger crash:

Reported-and-tested-by: syzbot+bca979...@syzkaller.appspotmail.com

Tested on:

commit: 5749fe5a ext4: avoid race conditions when remounting with ..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git
kernel config: https://syzkaller.appspot.com/x/.config?x=175fcaead7a60c3f

dashboard link: https://syzkaller.appspot.com/bug?extid=bca9799bf129256190da
compiler: gcc (GCC) 9.0.0 20181231 (experimental)