Kernel: debian package linux-source-4.14, build with UBSAN enable Log, no repro: libceph: get_reply osd2 tid 54 data 4097 > preallocated 0, skipping ================================================================== ================================================================================ UBSAN: Undefined behaviour in /root/linux-source-4.14/mm/page-writeback.c:2565:9 member access within null pointer of type 'const struct address_space_operations' CPU: 3 PID: 1050 Comm: syz-executor0 Not tainted 4.14.17 #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xcc/0x12a lib/dump_stack.c:53 ubsan_epilogue+0xe/0x81 lib/ubsan.c:164 handle_null_ptr_deref lib/ubsan.c:281 [inline] __ubsan_handle_type_mismatch+0x165/0x42c lib/ubsan.c:323 set_page_dirty+0x2df/0x370 mm/page-writeback.c:2565 set_page_dirty_lock+0x70/0xc0 mm/page-writeback.c:2607 ceph_put_page_vector+0x12e/0x200 [libceph] ceph_direct_read_write+0x165c/0x2090 [ceph] ceph_read_iter+0xcec/0x16f0 [ceph] call_read_iter include/linux/fs.h:1767 [inline] generic_file_splice_read+0x2aa/0x740 fs/splice.c:307 do_splice_to+0x112/0x190 fs/splice.c:881 do_splice fs/splice.c:1175 [inline] SYSC_splice fs/splice.c:1404 [inline] SyS_splice+0xf53/0x13d0 fs/splice.c:1384 system_call_fast_compare_end+0x12/0x75 RIP: 0033:0x453e09 RSP: 002b:00007fecfacb8c68 EFLAGS: 00000246 ================================================================================ kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN PTI Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: iptable_security iptable_raw iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter nfc llc2 netrom pppoe pppox af_key xfrm_algo ipx p8023 p8022 psnap llc can ax25 af_alg vhost_vsock vmw_vsock_virtio_transport_common vsock vhost_net tun vhost tap hci_vhci bluetooth drbg ansi_cprng ecdh_generic rfkill ppp_generic slhc loop cuse fuse cbc ceph libceph libcrc32c fscache bochs_drm ttm drm_kms_helper sg joydev drm evdev serio_raw pcspkr button parport_pc ppdev lp parport ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb crypto_simd cryptd glue_helper aes_x86_64 sr_mod cdrom sd_mod ata_generic ata_piix libata psmouse e1000 scsi_mod i2c_piix4 floppy CPU: 3 PID: 1050 Comm: syz-executor0 Not tainted 4.14.17 #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 task: ffff8800249ea080 task.stack: ffff8800216f0000 RIP: 0010:set_page_dirty+0xb0/0x370 mm/page-writeback.c:2565 RSP: 0018:ffff8800216f77b0 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88002201c340 RCX: 0000000000000000 RDX: 0000000000000003 RSI: 0000000000000202 RDI: 0000000000000018 RBP: ffff88002201c360 R08: 0000000000000001 R09: ffffffff858b4f1c R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88002201c360 R14: 830000890000041a R15: ffff88002201cf80 FS: 00007fecfacb9700(0000) GS:ffff88007c700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f73c7e7a4b8 CR3: 0000000076d8a000 CR4: 00000000000006e0 Call Trace: set_page_dirty_lock+0x70/0xc0 mm/page-writeback.c:2607 ceph_put_page_vector+0x12e/0x200 [libceph] ceph_direct_read_write+0x165c/0x2090 [ceph] ceph_read_iter+0xcec/0x16f0 [ceph] call_read_iter include/linux/fs.h:1767 [inline] generic_file_splice_read+0x2aa/0x740 fs/splice.c:307 do_splice_to+0x112/0x190 fs/splice.c:881 do_splice fs/splice.c:1175 [inline] SYSC_splice fs/splice.c:1404 [inline] SyS_splice+0xf53/0x13d0 fs/splice.c:1384 system_call_fast_compare_end+0x12/0x75 RIP: 0033:0x453e09 RSP: 002b:00007fecfacb8c68 EFLAGS: 00000246 Code: 00 0f 85 58 02 00 00 4d 8b 64 24 70 4d 85 e4 0f 84 37 02 00 00 49 8d 7c 24 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0d 02 00 00 4d 85 ed 4d 8b 64 24 18 0f 84 ec RIP: set_page_dirty+0xb0/0x370 mm/page-writeback.c:2565 RSP: ffff8800216f77b0 ---[ end trace 7ef925dd3fda8332 ]---
