general protection fault in txCommit

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	UBSAN: array-index-out-of-bounds in txCommit jfs	C	error	done	396	314d	696d	25/27	fixed on 2024/01/08 11:23
linux-5.15	UBSAN: array-index-out-of-bounds in txCommit				1	502d	502d	0/3	auto-obsoleted due to no activity on 2023/08/23 09:03
linux-6.1	UBSAN: array-index-out-of-bounds in txCommit				1	434d	434d	0/3	auto-obsoleted due to no activity on 2023/10/14 03:47
linux-5.15	UBSAN: array-index-out-of-bounds in txCommit (2) origin:lts-only	C		unreliable	14	83d	303d	0/3	upstream: reported C repro on 2023/11/14 02:25
linux-6.1	UBSAN: array-index-out-of-bounds in txCommit (2) origin:lts-only	C		done	16	83d	312d	0/3	upstream: reported C repro on 2023/11/05 09:28

loop0: detected capacity change from 0 to 32768 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 UID: 0 PID: 6349 Comm: syz.0.126 Not tainted 6.11.0-rc3-syzkaller-00013-g6b0f8db921ab #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:xtLog fs/jfs/jfs_txnmgr.c:1685 [inline] RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1396 [inline] RIP: 0010:txCommit+0x1de1/0x6b80 fs/jfs/jfs_txnmgr.c:1264 Code: 49 8d 85 60 fe ff ff 66 44 89 b4 24 e0 01 00 00 4c 8b 74 24 30 48 8b 7c 24 08 48 89 44 24 50 48 8d 58 12 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 af 27 00 00 0f b7 03 48 89 84 24 98 00 RSP: 0018:ffffc9000340f560 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000012 RCX: 0000000000040000 RDX: ffffc900092a9000 RSI: 000000000001ee8d RDI: ffffc900028321fe RBP: ffffc9000340f7d0 R08: ffffffff83258685 R09: ffffffff83258588 R10: 0000000000000005 R11: ffff88801a7e1e00 R12: dffffc0000000000 R13: ffff888011e6e060 R14: ffffc900028321f8 R15: ffffc90002832000 FS: 00007f0fa7a236c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0fa7a02d58 CR3: 000000002dfe6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> duplicateIXtree+0x33f/0x550 fs/jfs/jfs_imap.c:3019 diNewIAG fs/jfs/jfs_imap.c:2597 [inline] diAllocExt fs/jfs/jfs_imap.c:1905 [inline] diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1590 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4210 do_mkdirat+0x264/0x3a0 fs/namei.c:4233 __do_sys_mkdir fs/namei.c:4253 [inline] __se_sys_mkdir fs/namei.c:4251 [inline] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4251 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0fa6b799f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0fa7a23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007f0fa6d15f80 RCX: 00007f0fa6b799f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000640 RBP: 00007f0fa6be78ee R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f0fa6d15f80 R15: 00007ffe40328ff8 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:xtLog fs/jfs/jfs_txnmgr.c:1685 [inline] RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1396 [inline] RIP: 0010:txCommit+0x1de1/0x6b80 fs/jfs/jfs_txnmgr.c:1264 Code: 49 8d 85 60 fe ff ff 66 44 89 b4 24 e0 01 00 00 4c 8b 74 24 30 48 8b 7c 24 08 48 89 44 24 50 48 8d 58 12 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 af 27 00 00 0f b7 03 48 89 84 24 98 00 RSP: 0018:ffffc9000340f560 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000012 RCX: 0000000000040000 RDX: ffffc900092a9000 RSI: 000000000001ee8d RDI: ffffc900028321fe RBP: ffffc9000340f7d0 R08: ffffffff83258685 R09: ffffffff83258588 R10: 0000000000000005 R11: ffff88801a7e1e00 R12: dffffc0000000000 R13: ffff888011e6e060 R14: ffffc900028321f8 R15: ffffc90002832000 FS: 00007f0fa7a236c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7464cc2723 CR3: 000000002dfe6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 49 8d 85 60 fe ff ff lea -0x1a0(%r13),%rax 7: 66 44 89 b4 24 e0 01 mov %r14w,0x1e0(%rsp) e: 00 00 10: 4c 8b 74 24 30 mov 0x30(%rsp),%r14 15: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi 1a: 48 89 44 24 50 mov %rax,0x50(%rsp) 1f: 48 8d 58 12 lea 0x12(%rax),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 af 27 00 00 jne 0x27e6 37: 0f b7 03 movzwl (%rbx),%eax 3a: 48 rex.W 3b: 89 .byte 0x89 3c: 84 24 98 test %ah,(%rax,%rbx,4)

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/08/14 17:03	upstream	6b0f8db921ab	e6b88e20	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	general protection fault in txCommit

Crashes (1):

Assets (help?)