syzbot

 sign-in | mailing list | source | docs
🐞 Open [680]
🐞 Fixed [61]
🐞 Invalid [687]
Missing Backports [70]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in txBeginAnon

Status: upstream: reported C repro on 2025/01/04 14:54
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+7f1ee65449b27b007e6b@syzkaller.appspotmail.com
First crash: 4d17h, last: 4d15h
Bug presence (1)
Date Name Commit Repro Result
2025/01/05 upstream (ToT) ab75170520d4 C [report] BUG: unable to handle kernel paging request in txBeginAnon
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in txBeginAnon jfs C inconclusive 39 7d11h 229d 0/28 upstream: reported C repro on 2024/05/24 21:06
linux-6.1 BUG: unable to handle kernel paging request in txBeginAnon origin:upstream C 4 25d 25d 0/3 upstream: reported C repro on 2024/12/14 17:41

Sample crash report:
lmLogOpen: exit(-22)
jfs_dirty_inode called on read-only volume
Is remount racy?
jfs_dirty_inode called on read-only volume
Is remount racy?
Unable to handle kernel paging request at virtual address dfff800000000008
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000008] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4022 Comm: syz-executor327 Not tainted 5.15.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline]
pc : txBeginAnon+0xac/0x154 fs/jfs/jfs_txnmgr.c:465
lr : spin_lock include/linux/spinlock.h:363 [inline]
lr : txBeginAnon+0x78/0x154 fs/jfs/jfs_txnmgr.c:458
sp : ffff80001d2273e0
x29: ffff80001d2273e0 x28: ffff80001b926e68 x27: ffff80001b926000
x26: ffff80001b926000 x25: 0000000000000008 x24: 0000000000000150
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000000000040 x19: ffff8000150e0200 x18: ffff80001d2270c0
x17: 0000000000000000 x16: ffff800008305354 x15: 000000000000bdcf
x14: 00000000139e56df x13: dfff800000000000 x12: ffff700003a44e60
x11: 1ffff00003a44e60 x10: 0000000000000004 x9 : b53804a77802ab00
x8 : b53804a77802ab00 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800017855c80 x4 : 0000000000000008 x3 : ffff800008305484
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 txBeginAnon+0xac/0x154
 extAlloc+0xe0/0xe68 fs/jfs/jfs_extent.c:81
 jfs_get_block+0x34c/0xbfc fs/jfs/inode.c:258
 nobh_write_begin+0x2d8/0xa28 fs/buffer.c:2650
 jfs_write_begin+0x58/0xa0 fs/jfs/inode.c:322
 generic_perform_write+0x24c/0x520 mm/filemap.c:3785
 __generic_file_write_iter+0x230/0x454 mm/filemap.c:3912
 generic_file_write_iter+0xb4/0x1b8 mm/filemap.c:3944
 call_write_iter include/linux/fs.h:2174 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x884/0xb44 fs/read_write.c:594
 ksys_write+0x15c/0x26c fs/read_write.c:647
 __do_sys_write fs/read_write.c:659 [inline]
 __se_sys_write fs/read_write.c:656 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:656
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: aa1803e0 97ffff65 aa1303e0 95964225 (38776b28) 
---[ end trace 43737bcadc6ca607 ]---
----------------
Code disassembly (best guess):
   0:	aa1803e0 	mov	x0, x24
   4:	97ffff65 	bl	0xfffffffffffffd98
   8:	aa1303e0 	mov	x0, x19
   c:	95964225 	bl	0x65908a0
* 10:	38776b28 	ldrb	w8, [x25, x23] <-- trapping instruction

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/04 17:17 linux-5.15.y 91786f140358 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in txBeginAnon
2025/01/04 16:24 linux-5.15.y 91786f140358 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in txBeginAnon
2025/01/04 15:34 linux-5.15.y 91786f140358 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in txBeginAnon
2025/01/04 14:53 linux-5.15.y 91786f140358 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in txBeginAnon
* Struck through repros no longer work on HEAD.