| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2024/09/15 | upstream (ToT) | d42f7708e27c | C | [report] BUG: spinlock bad magic in release_metapage |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2024/09/15 | upstream (ToT) | d42f7708e27c | C | [report] BUG: spinlock bad magic in release_metapage |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | BUG: unable to handle kernel paging request in take_dentry_name_snapshot reiserfs overlayfs | C | error | done | 30 | 165d | 657d | 0/28 | closed as dup on 2023/10/04 08:35 |
| upstream | BUG: spinlock bad magic in release_metapage jfs | C | inconclusive | 7 | 18h08m | 8d23h | 0/28 | upstream: reported C repro on 2024/09/10 08:16 |
BUG: spinlock bad magic on CPU#0, jfsCommit/239 lock: 0xffff0000e1c84168, .magic: ffff8000, .owner: @IΘα/0, .owner_cpu: 512 CPU: 0 PID: 239 Comm: jfsCommit Not tainted 5.15.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 spin_dump kernel/locking/spinlock_debug.c:69 [inline] spin_bug+0x124/0x240 kernel/locking/spinlock_debug.c:77 debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] do_raw_spin_lock+0x200/0x35c kernel/locking/spinlock_debug.c:114 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0xcc/0x14c kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:137 [inline] __wake_up+0xe8/0x1a0 kernel/sched/wait.c:157 unlock_metapage fs/jfs/jfs_metapage.c:37 [inline] release_metapage+0x17c/0x918 fs/jfs/jfs_metapage.c:737 xtTruncate+0xc90/0x2b10 jfs_free_zero_link+0x374/0x598 fs/jfs/namei.c:758 jfs_evict_inode+0x308/0x408 fs/jfs/inode.c:153 evict+0x418/0x894 fs/inode.c:622 iput_final fs/inode.c:1740 [inline] iput+0x744/0x824 fs/inode.c:1766 txUpdateMap+0x76c/0x914 fs/jfs/jfs_txnmgr.c:2401 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline] jfs_lazycommit+0x3b0/0xa40 fs/jfs/jfs_txnmgr.c:2766 kthread+0x37c/0x45c kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 ================================================================================ UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 index 1148 is out of range for type 'unsigned long[8]' CPU: 0 PID: 239 Comm: jfsCommit Not tainted 5.15.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0x108/0x15c lib/ubsan.c:282 decode_tail kernel/locking/qspinlock.c:130 [inline] queued_spin_lock_slowpath+0x854/0x938 kernel/locking/qspinlock.c:468 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x334/0x35c kernel/locking/spinlock_debug.c:115 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0xcc/0x14c kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:137 [inline] __wake_up+0xe8/0x1a0 kernel/sched/wait.c:157 unlock_metapage fs/jfs/jfs_metapage.c:37 [inline] release_metapage+0x17c/0x918 fs/jfs/jfs_metapage.c:737 xtTruncate+0xc90/0x2b10 jfs_free_zero_link+0x374/0x598 fs/jfs/namei.c:758 jfs_evict_inode+0x308/0x408 fs/jfs/inode.c:153 evict+0x418/0x894 fs/inode.c:622 iput_final fs/inode.c:1740 [inline] iput+0x744/0x824 fs/inode.c:1766 txUpdateMap+0x76c/0x914 fs/jfs/jfs_txnmgr.c:2401 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline] jfs_lazycommit+0x3b0/0xa40 fs/jfs/jfs_txnmgr.c:2766 kthread+0x37c/0x45c kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 ================================================================================ Unable to handle kernel paging request at virtual address ffff800014a26710 Mem abort info: ESR = 0x0000000096000047 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000047 CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ae2ee000 [ffff800014a26710] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fff9003, pte=0000000000000000 Internal error: Oops: 0000000096000047 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 239 Comm: jfsCommit Not tainted 5.15.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x36c/0x938 kernel/locking/qspinlock.c:471 lr : decode_tail kernel/locking/qspinlock.c:130 [inline] lr : queued_spin_lock_slowpath+0x854/0x938 kernel/locking/qspinlock.c:468 sp : ffff80001dfc7200 x29: ffff80001dfc72a0 x28: 1ffff00003bf8e4c x27: 0000000000000000 x26: dfff800000000000 x25: ffff700003bf8e44 x24: 0000000000040000 x23: ffff800014a26710 x22: ffff0001b41a1708 x21: ffff0001b41a1700 x20: ffff800014a26710 x19: ffff0000e1c84168 x18: 0000000000000002 x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff x14: ffff0000c71a1b40 x13: 0000000000000001 x12: ffff700002e22164 x11: 0000000000000001 x10: ffff800014a26700 x9 : 0000000000000001 x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001dfc68f8 x4 : ffff800014b9fae0 x3 : ffff80000819c844 x2 : 0000000000000001 x1 : 0000000000000004 x0 : ffff0001b41a1708 Call trace: queued_spin_lock_slowpath+0x36c/0x938 kernel/locking/qspinlock.c:474 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x334/0x35c kernel/locking/spinlock_debug.c:115 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0xcc/0x14c kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:137 [inline] __wake_up+0xe8/0x1a0 kernel/sched/wait.c:157 unlock_metapage fs/jfs/jfs_metapage.c:37 [inline] release_metapage+0x17c/0x918 fs/jfs/jfs_metapage.c:737 xtTruncate+0xc90/0x2b10 jfs_free_zero_link+0x374/0x598 fs/jfs/namei.c:758 jfs_evict_inode+0x308/0x408 fs/jfs/inode.c:153 evict+0x418/0x894 fs/inode.c:622 iput_final fs/inode.c:1740 [inline] iput+0x744/0x824 fs/inode.c:1766 txUpdateMap+0x76c/0x914 fs/jfs/jfs_txnmgr.c:2401 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline] jfs_lazycommit+0x3b0/0xa40 fs/jfs/jfs_txnmgr.c:2766 kthread+0x37c/0x45c kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 Code: aa1703e0 9417473e aa1603e0 52800081 (f90002f5) ---[ end trace 9daeef454817c160 ]--- ---------------- Code disassembly (best guess): 0: aa1703e0 mov x0, x23 4: 9417473e bl 0x5d1cfc 8: aa1603e0 mov x0, x22 c: 52800081 mov w1, #0x4 // #4 * 10: f90002f5 str x21, [x23] <-- trapping instruction
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/09/15 18:13 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2024/09/15 17:15 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2024/09/15 16:14 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2024/09/15 14:22 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2024/09/15 13:02 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2024/09/18 14:29 | linux-5.15.y | 3a5928702e71 | c673ca06 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 17:15 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 17:14 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 17:13 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 17:12 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 11:59 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage | ||
| 2024/09/15 11:42 | linux-5.15.y | 3a5928702e71 | 08d8a733 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | BUG: spinlock bad magic in release_metapage |