syzbot

lbmIODone: I/O error in JFS log
*** Log Format Error ! ***
lmLogInit: exit(-22)
lmLogOpen: exit(-22)
jfs_dirty_inode called on read-only volume
Is remount racy?
Unable to handle kernel paging request at virtual address dfff800000000008
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000008] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4018 Comm: syz-executor374 Not tainted 5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline]
pc : txBeginAnon+0xac/0x154 fs/jfs/jfs_txnmgr.c:465
lr : spin_lock include/linux/spinlock.h:363 [inline]
lr : txBeginAnon+0x78/0x154 fs/jfs/jfs_txnmgr.c:458
sp : ffff80001bfb7480
x29: ffff80001bfb7480 x28: ffff80001aee5e68 x27: ffff80001aee5000
x26: ffff80001aee5000 x25: 0000000000000008 x24: 0000000000000150
x23: dfff800000000000 x22: 0000000000000001 x21: 0000000000000000
x20: 0000000000000040 x19: ffff8000146bae00 x18: 0000000000000000
x17: ffff800016cde000 x16: ffff8000082d4dc8 x15: ffff8000167be4c0
x14: ffff0000c9f9dbc0 x13: dfff800000000000 x12: ffff7000037f6e74
x11: 1ffff000037f6e74 x10: 0000000000000004 x9 : fa8044f177bbfa00
x8 : fa8044f177bbfa00 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800016e15000 x4 : 0000000000000008 x3 : ffff8000082d4ee8
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 spin_lock include/linux/spinlock.h:363 [inline]
 txBeginAnon+0xac/0x154 fs/jfs/jfs_txnmgr.c:-1
 extAlloc+0xe4/0xdc4 fs/jfs/jfs_extent.c:81
 jfs_get_block+0x2bc/0x8ec fs/jfs/inode.c:258
 nobh_write_begin+0x2d8/0x9d4 fs/buffer.c:2650
 jfs_write_begin+0x58/0xa0 fs/jfs/inode.c:322
 generic_perform_write+0x204/0x480 mm/filemap.c:3785
 __generic_file_write_iter+0x23c/0x454 mm/filemap.c:3912
 generic_file_write_iter+0xb0/0x1b4 mm/filemap.c:3944
 call_write_iter include/linux/fs.h:2172 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x7c8/0xa2c fs/read_write.c:594
 ksys_write+0x120/0x210 fs/read_write.c:647
 __do_sys_write fs/read_write.c:659 [inline]
 __se_sys_write fs/read_write.c:656 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:656
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: aa1803e0 97ffff75 aa1303e0 95ea8965 (38776b28) 
---[ end trace 96a60d0c663416ed ]---
----------------
Code disassembly (best guess):
   0:	aa1803e0 	mov	x0, x24
   4:	97ffff75 	bl	0xfffffffffffffdd8
   8:	aa1303e0 	mov	x0, x19
   c:	95ea8965 	bl	0x7aa25a0
* 10:	38776b28 	ldrb	w8, [x25, x23] <-- trapping instruction