syzbot


general protection fault in txEnd

Status: upstream: reported C repro on 2022/12/23 23:37
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+1d096d31de6a0491b55e@syzkaller.appspotmail.com
First crash: 347d, last: 6h59m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] [fat?] general protection fault in txEnd 1 (2) 2023/03/30 10:03
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in txEnd jfs fat C 1 273d 340d 0/1 upstream: reported C repro on 2022/12/27 07:15
Last patch testing requests (8)
Created Duration User Patch Repo Result
2023/12/02 04:14 16m retest repro upstream report log
2023/11/14 05:47 13m retest repro upstream report log
2023/10/31 04:48 17m retest repro upstream report log
2023/09/05 01:13 15m retest repro upstream report log
2023/08/21 21:25 51m retest repro linux-next report log
2023/08/21 21:25 24m retest repro upstream report log
2023/08/21 21:25 25m retest repro upstream report log
2023/08/21 21:25 27m retest repro linux-next report log
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2023/06/22 04:33 56m bisect fix upstream job log (0) log
2023/05/21 20:24 24m bisect fix upstream job log (0) log
2023/04/21 04:00 52m bisect fix upstream job log (0) log
2023/03/21 23:15 26m bisect fix upstream job log (0) log

Sample crash report:
read_mapping_page failed!
ERROR: (device loop0): txCommit: 
general protection fault, probably for non-canonical address 0xdffffc0000000029: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f]
CPU: 0 PID: 5056 Comm: syz-executor822 Not tainted 6.7.0-rc1-syzkaller-00139-g6bc40e44f1dd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:txEnd+0x1e5/0x560 fs/jfs/jfs_txnmgr.c:539
Code: 00 84 c0 0f 85 d4 02 00 00 66 41 89 1e 41 0f b7 c5 89 05 3e 7a 5b 0f 4c 8b 74 24 08 49 8d 9e 4c 01 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 c3 02 00 00 8b 2b 8d 75 ff 89 33 31 ff
RSP: 0018:ffffc900042779b0 EFLAGS: 00010203
RAX: 0000000000000029 RBX: 000000000000014c RCX: ffff88801a2d0000
RDX: ffff88801a2d0000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff920004d0227 R08: ffffffff83159bd7 R09: 1ffffffff21ba875
R10: dffffc0000000000 R11: fffffbfff21ba876 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000110
FS:  00007f24febe96c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24febe9d58 CR3: 000000001abff000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 add_missing_indices fs/jfs/jfs_dtree.c:2658 [inline]
 jfs_readdir+0x28ba/0x4630 fs/jfs/jfs_dtree.c:3004
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:67
 iterate_dir+0x1cd/0x540 fs/readdir.c:106
 __do_sys_getdents fs/readdir.c:322 [inline]
 __se_sys_getdents+0x1ef/0x4c0 fs/readdir.c:307
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f24fec4dc59
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f24febe9218 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffffda RBX: 00007f24fecdb6d8 RCX: 00007f24fec4dc59
RDX: 0000000000001000 RSI: 0000000020006600 RDI: 0000000000000005
RBP: 00007f24fecdb6d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f24feca8110
R13: 0030656c69662f2e R14: 00007fffe9624a40 R15: 6573726168636f69
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txEnd+0x1e5/0x560 fs/jfs/jfs_txnmgr.c:539
Code: 00 84 c0 0f 85 d4 02 00 00 66 41 89 1e 41 0f b7 c5 89 05 3e 7a 5b 0f 4c 8b 74 24 08 49 8d 9e 4c 01 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 c3 02 00 00 8b 2b 8d 75 ff 89 33 31 ff
RSP: 0018:ffffc900042779b0 EFLAGS: 00010203
RAX: 0000000000000029 RBX: 000000000000014c RCX: ffff88801a2d0000
RDX: ffff88801a2d0000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff920004d0227 R08: ffffffff83159bd7 R09: 1ffffffff21ba875
R10: dffffc0000000000 R11: fffffbfff21ba876 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000110
FS:  00007f24febe96c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24febe9d58 CR3: 000000001abff000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	00 84 c0 0f 85 d4 02 	add    %al,0x2d4850f(%rax,%rax,8)
   7:	00 00                	add    %al,(%rax)
   9:	66 41 89 1e          	mov    %bx,(%r14)
   d:	41 0f b7 c5          	movzwl %r13w,%eax
  11:	89 05 3e 7a 5b 0f    	mov    %eax,0xf5b7a3e(%rip)        # 0xf5b7a55
  17:	4c 8b 74 24 08       	mov    0x8(%rsp),%r14
  1c:	49 8d 9e 4c 01 00 00 	lea    0x14c(%r14),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 c3 02 00 00    	jne    0x2fa
  37:	8b 2b                	mov    (%rbx),%ebp
  39:	8d 75 ff             	lea    -0x1(%rbp),%esi
  3c:	89 33                	mov    %esi,(%rbx)
  3e:	31 ff                	xor    %edi,%edi

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/18 04:08 upstream 6bc40e44f1dd cb976f63 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in txEnd
2023/01/27 16:47 upstream 7c46948a6e9c 9dfcf09c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in txEnd
2022/12/19 23:27 upstream aeba12b26c79 c52b2efb .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in txEnd
2023/07/30 06:52 upstream 12214540ad87 92476829 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root general protection fault in txEnd
2023/08/01 10:14 linux-next a73466257270 2a0d0f29 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in txEnd
2023/02/19 21:53 linux-next c068f40300a0 bcdf85f8 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in txEnd
2023/11/18 03:41 upstream 6bc40e44f1dd cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in txEnd
2023/09/22 16:07 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in txEnd
2023/07/04 03:18 upstream a901a3568fd2 6e553898 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in txEnd
2023/10/05 04:49 upstream ba7d997a2a29 b7d7ff54 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in txEnd
* Struck through repros no longer work on HEAD.