syzbot


general protection fault in jfs_flush_journal

Status: upstream: reported C repro on 2022/10/02 18:56
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+194bfe3476f96782c0b6@syzkaller.appspotmail.com
First crash: 422d, last: 3h08m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: general protection fault in write_special_inodes (log)
Repro: C syz .config
  
Discussions (6)
Title Replies (including bot) Last reply
[syzbot] Monthly jfs report (Nov 2023) 0 (1) 2023/11/03 10:22
[syzbot] Monthly jfs report (Aug 2023) 0 (1) 2023/08/30 09:54
[syzbot] Monthly jfs report (Jul 2023) 0 (1) 2023/07/30 13:16
[syzbot] Monthly jfs report (Jun 2023) 0 (1) 2023/06/29 09:14
[syzbot] Monthly jfs report 0 (1) 2023/03/27 11:07
[syzbot] general protection fault in jfs_flush_journal 0 (1) 2022/10/02 18:56
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in jfs_flush_journal origin:upstream C 35 17d 253d 0/3 upstream: reported C repro on 2023/03/20 13:13
linux-5.15 general protection fault in jfs_flush_journal 16 90d 257d 0/3 upstream: reported on 2023/03/16 22:18

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 PID: 5069 Comm: syz-executor449 Not tainted 6.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x812/0xec0 fs/jfs/jfs_logmgr.c:1573
Code: aa fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 1c 12 d4 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 ff 11 d4 fe 48 8b 3b e8 e7 32 aa
RSP: 0018:ffffc9000412fb00 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 5a75c38df3172600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000412fc28 R08: ffffffff81c1025a R09: 0000000000000000
R10: ffffc9000412fa50 R11: fffff52000825f4d R12: 1ffff92000825f6c
R13: dffffc0000000000 R14: ffff888141721800 R15: ffff888025497038
FS:  0000555555c4e380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555555c576f8 CR3: 000000007950b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 jfs_umount+0x170/0x3a0 fs/jfs/jfs_umount.c:58
 jfs_put_super+0x8a/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x13a/0x2c0 fs/super.c:696
 kill_block_super+0x44/0x90 fs/super.c:1667
 deactivate_locked_super+0xc1/0x130 fs/super.c:484
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256
 task_work_run+0x24a/0x300 kernel/task_work.c:180
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x64/0x280 kernel/entry/common.c:296
 do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f7e4257d4f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffc6f15f948 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7e4257d4f7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc6f15fa00
RBP: 00007ffc6f15fa00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6f160a60
R13: 0000555555c4f6c0 R14: 0000000000000001 R15: 431bde82d7b634db
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x812/0xec0 fs/jfs/jfs_logmgr.c:1573
Code: aa fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 1c 12 d4 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 ff 11 d4 fe 48 8b 3b e8 e7 32 aa
RSP: 0018:ffffc9000412fb00 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 5a75c38df3172600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000412fc28 R08: ffffffff81c1025a R09: 0000000000000000
R10: ffffc9000412fa50 R11: fffff52000825f4d R12: 1ffff92000825f6c
R13: dffffc0000000000 R14: ffff888141721800 R15: ffff888025497038
FS:  0000555555c4e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005579e00eeef8 CR3: 000000007950b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	aa                   	stos   %al,%es:(%rdi)
   1:	fe 49 8d             	decb   -0x73(%rcx)
   4:	5f                   	pop    %rdi
   5:	f0 48 89 d8          	lock mov %rbx,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 1c 12 d4 fe       	call   0xfed41238
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 83 c3 30          	add    $0x30,%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 ff 11 d4 fe       	call   0xfed41238
  39:	48 8b 3b             	mov    (%rbx),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	e7 32                	out    %eax,$0x32
  3f:	aa                   	stos   %al,%es:(%rdi)

Crashes (302):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/13 14:49 upstream b85ea95d0864 6d6dbf8a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/07/31 20:00 upstream 5d0c230f1de8 2a0d0f29 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/06/18 15:33 upstream 1b29d271614a f3921d4d .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/27 15:38 upstream 49572d536129 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/03/18 09:06 upstream 478a351ce0d6 7939252e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/01/17 17:54 upstream 6e50979a9c87 42660d9e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/01/02 10:34 upstream 88603b6dc419 ab32d508 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/23 10:01 upstream 4da34b7d175d c0b80a55 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/03 13:22 upstream a962b54e162c feb56351 .config strace log report syz C [disk image] [vmlinux] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 16:35 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 15:53 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/07/09 02:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 668cb1fa .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/07/08 11:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 668cb1fa .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/11 01:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d8b213732169 7086cdb9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/10 09:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d8b213732169 7086cdb9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/02/14 23:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 1d6b4af7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/23 08:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 c0b80a55 .config console log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/02 23:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/02 22:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2023/11/29 03:44 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/28 06:48 upstream df60cee26a2e 9fe51b7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/28 03:31 upstream 2cc14f52aeb7 7ec6c044 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/26 21:15 upstream d2da77f431ac 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/26 07:34 upstream 090472ed9c92 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/24 09:48 upstream f1a09972a45a 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/20 21:08 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/11/19 12:54 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/19 10:32 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/19 08:14 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/19 05:40 upstream 23dfa043f6d5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/18 05:25 upstream 791c8ab095f7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/17 18:32 upstream 6bc40e44f1dd cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/17 07:03 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/13 14:11 upstream b85ea95d0864 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/13 01:30 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/12 20:37 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/11 18:46 upstream 3ca112b71f35 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/11/11 15:17 upstream 3ca112b71f35 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/11 12:15 upstream 3ca112b71f35 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/10 22:58 upstream ac347a0655db d80eec66 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/08 23:48 upstream 305230142ae0 b93f63e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/08 17:47 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/11/08 11:09 upstream 305230142ae0 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/05 13:01 upstream 1c41041124bd 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/05 02:20 upstream aea6bf908d73 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/04 20:56 upstream 90b0c2b2edd1 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/11/04 17:09 upstream 90b0c2b2edd1 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/31 07:09 upstream 14ab6d425e80 b5729d82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/30 03:15 upstream 2af9b20dbb39 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/25 01:56 upstream d88520ad73b7 17e6d526 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/20 18:35 upstream c8045b4a33a5 361b23dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/19 11:16 upstream dd72f9c7e512 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/18 03:41 upstream 06dc10eae55b 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/10/14 19:14 upstream 70f8c6f8f880 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/14 10:06 upstream 727fb8376504 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/10/11 09:28 upstream 1c8b86a3799f 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/10/07 05:27 upstream 82714078aee4 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 15:19 upstream b357fd1c2afc feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/11/14 09:10 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in jfs_flush_journal
2023/06/17 20:36 upstream 1b29d271614a f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in jfs_flush_journal
2023/11/23 14:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/11/09 20:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/11/09 04:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/10/20 07:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78124b0c1d10 a42250d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/10/19 16:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78124b0c1d10 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/10/19 15:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78124b0c1d10 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/10/16 17:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c295ba49917a 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/10/13 21:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 249eb8f39efb 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/02/17 11:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
* Struck through repros no longer work on HEAD.