syzbot


general protection fault in jfs_flush_journal

Status: upstream: reported C repro on 2022/10/02 18:56
Labels: jfs (incorrect?)
Reported-by: syzbot+194bfe3476f96782c0b6@syzkaller.appspotmail.com
First crash: 239d, last: 2d17h

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: general protection fault in write_special_inodes (log)
Repro: C syz .config
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly jfs report 0 (1) 2023/03/27 11:07
[syzbot] general protection fault in jfs_flush_journal 0 (1) 2022/10/02 18:56
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in jfs_flush_journal 7 4d03h 70d 0/3 upstream: reported on 2023/03/20 13:13
linux-5.15 general protection fault in jfs_flush_journal 3 27d 74d 0/3 upstream: reported on 2023/03/16 22:18

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 PID: 5007 Comm: syz-executor184 Not tainted 6.4.0-rc3-syzkaller-00278-g49572d536129 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x815/0xec0 fs/jfs/jfs_logmgr.c:1573
Code: b0 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d9 ad d8 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 bc ad d8 fe 48 8b 3b e8 74 42 b0
RSP: 0018:ffffc90003aefae0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 30eb283e5c676200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefc20 R08: ffffffff81bae30a R09: 0000000000000000
R10: ffffc90003aefa30 R11: dffffc0000000001 R12: 1ffff9200075df68
R13: dffffc0000000000 R14: ffff88807e435000 R15: ffff8880770f3a38
FS:  00005555560dc300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555560e5628 CR3: 0000000072c49000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 jfs_umount+0x170/0x3a0 fs/jfs/jfs_umount.c:58
 jfs_put_super+0x8a/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x134/0x340 fs/super.c:500
 kill_block_super+0x84/0xf0 fs/super.c:1407
 deactivate_locked_super+0xa4/0x110 fs/super.c:331
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1177
 task_work_run+0x24a/0x300 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xd9/0x100 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x64/0x280 kernel/entry/common.c:297
 do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f961fc6dea7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe8a12c058 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f961fc6dea7
RDX: 00007ffe8a12c11a RSI: 000000000000000a RDI: 00007ffe8a12c110
RBP: 00007ffe8a12c110 R08: 00000000ffffffff R09: 00007ffe8a12bef0
R10: 00005555560dd653 R11: 0000000000000202 R12: 00007ffe8a12d180
R13: 00005555560dd5f0 R14: 00007ffe8a12c080 R15: 000000000000003a
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x815/0xec0 fs/jfs/jfs_logmgr.c:1573
Code: b0 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d9 ad d8 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 bc ad d8 fe 48 8b 3b e8 74 42 b0
RSP: 0018:ffffc90003aefae0 EFLAGS: 00010206

RAX: 0000000000000006 RBX: 0000000000000030 RCX: 30eb283e5c676200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefc20 R08: ffffffff81bae30a R09: 0000000000000000
R10: ffffc90003aefa30 R11: dffffc0000000001 R12: 1ffff9200075df68
R13: dffffc0000000000 R14: ffff88807e435000 R15: ffff8880770f3a38
FS:  00005555560dc300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9617efd000 CR3: 0000000072c49000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	b0 fe                	mov    $0xfe,%al
   2:	49 8d 5f f0          	lea    -0x10(%r15),%rbx
   6:	48 89 d8             	mov    %rbx,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 d9 ad d8 fe       	callq  0xfed8adf5
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 83 c3 30          	add    $0x30,%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 bc ad d8 fe       	callq  0xfed8adf5
  39:	48 8b 3b             	mov    (%rbx),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	74 42                	je     0x81
  3f:	b0                   	.byte 0xb0

Crashes (165):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/27 15:38 upstream 49572d536129 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/03/18 09:06 upstream 478a351ce0d6 7939252e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/01/17 17:54 upstream 6e50979a9c87 42660d9e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/01/02 10:34 upstream 88603b6dc419 ab32d508 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/23 10:01 upstream 4da34b7d175d c0b80a55 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/03 13:22 upstream a962b54e162c feb56351 .config strace log report syz C [disk image] [vmlinux] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 16:35 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 15:53 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/02/14 23:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 1d6b4af7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/23 08:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 c0b80a55 .config console log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/02 23:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2022/10/02 22:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
2023/05/23 13:48 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/23 04:04 upstream 421ca22e3138 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/22 03:09 upstream e2065b8c1b01 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/16 07:09 upstream f1fcbaa18b28 71b00cfb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/05/16 04:06 upstream f1fcbaa18b28 71b00cfb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/16 01:42 upstream f1fcbaa18b28 71b00cfb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/15 04:56 upstream f1fcbaa18b28 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/14 17:14 upstream bb7c241fae62 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/05/14 13:00 upstream bb7c241fae62 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/13 15:32 upstream 9a48d6046722 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/12 15:10 upstream cc3c44c9fda2 ecca8a24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/11 05:46 upstream d295b66a7b66 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/10 18:52 upstream 16a8829130ca 14b12a99 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/10 10:56 upstream 16a8829130ca 14b12a99 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/09 18:06 upstream ba0ad6ed89fd 30aa2a7e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/07 23:41 upstream ac9a78681b92 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/05/07 19:44 upstream 17784de648be 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/05 21:11 upstream 7163a2111f6c de870ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/05/03 17:07 upstream 348551ddaf31 b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/28 13:53 upstream 91ec4b0d11fe 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/28 06:18 upstream 91ec4b0d11fe 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/27 19:35 upstream 6e98b09da931 6f3d6fa7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/26 00:18 upstream 173ea743bf7a 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/25 08:20 upstream 1a0beef98b58 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/23 08:06 upstream 622322f53c6d 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/23 06:15 upstream 2caeeb9d4a1b 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/22 20:56 upstream 2caeeb9d4a1b 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/22 17:47 upstream 2caeeb9d4a1b 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/22 07:50 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/21 02:27 upstream 6a66fdd29ea1 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/21 00:44 upstream 6a66fdd29ea1 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/20 09:55 upstream cb0856346a60 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/19 08:25 upstream af67688dca57 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/19 03:58 upstream af67688dca57 d931e9f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/18 08:51 upstream 6a8f57ae2eb0 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/14 12:51 upstream 44149752e998 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/13 03:35 upstream 0bcc40255504 82d5e53e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2023/04/12 15:57 upstream e62252bc55b6 1a1596b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in jfs_flush_journal
2022/10/02 15:19 upstream b357fd1c2afc feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root general protection fault in jfs_flush_journal
2023/05/19 15:17 upstream 2d1bcbc6cd70 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in jfs_flush_journal
2023/05/17 15:20 upstream f1fcbaa18b28 eaac4681 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in jfs_flush_journal
2023/04/24 09:46 upstream 457391b03803 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in jfs_flush_journal
2023/05/26 04:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/05/19 18:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/05/07 14:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/28 21:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/19 06:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/17 17:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf c6ec7083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/07 23:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a f7ba566d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/07 09:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a f7ba566d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/02/17 11:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
* Struck through repros no longer work on HEAD.