syzbot

 sign-in | mailing list | source | docs
🐞 Open [1641]
Subsystems
🐞 Fixed [6108]
🐞 Invalid [15307]
Missing Backports [171]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in metapage_write_folio

Status: upstream: reported C repro on 2024/10/08 18:13
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+d7ffeb5538fe5c793f74@syzkaller.appspotmail.com
First crash: 174d, last: 1d03h
Cause bisection: introduced by (bisect log) :
commit 35474d52c6056976e675e9130d755cdb749ded5a
Author: Matthew Wilcox (Oracle) <willy@infradead.org>
Date: Wed Apr 17 17:56:46 2024 +0000

  jfs: Convert metapage_writepage to metapage_write_folio

Crash: BUG: unable to handle kernel NULL pointer dereference in metapage_write_folio (log)
Repro: syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] general protection fault in metapage_write_folio 0 (1) 2024/10/08 18:13
Last patch testing requests (10)
Created Duration User Patch Repo Result
2025/03/27 03:06 21m retest repro upstream report log
2025/03/27 03:06 16m retest repro upstream report log
2025/03/13 04:19 17m retest repro linux-next error
2025/03/13 04:19 14m retest repro linux-next error
2025/03/13 04:19 10m retest repro linux-next error
2025/02/27 02:24 13m retest repro upstream report log
2025/01/15 23:59 53m retest repro upstream report log
2025/01/15 23:59 15m retest repro upstream report log
2024/12/24 00:20 18m retest repro linux-next report log
2024/12/24 00:20 16m retest repro linux-next report log

Sample crash report:
syz-executor288: attempt to access beyond end of device
loop0: rw=1, sector=4680032, nr_sectors = 8 limit=32768
metapage_write_end_io: I/O error
ERROR: (device loop0): release_metapage: metapage_write_one() failed
ERROR: (device loop0): remounting filesystem as read-only
blkno = 8ed2c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 UID: 0 PID: 5828 Comm: syz-executor288 Not tainted 6.13.0-syzkaller-09793-g69b8923f5003 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:metapage_write_folio+0xab/0xf20 fs/jfs/jfs_metapage.c:346
Code: 5f 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 17 bd d2 fe 4c 8d b4 24 b0 00 00 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 f6 bc d2 fe 48 8b 03 48 89 44 24
RSP: 0018:ffffc90003f471a0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88807c383c00
RDX: 0000000000000000 RSI: ffffc90003f47300 RDI: ffffea0000d43280
RBP: ffffc90003f472b0 R08: ffffea0000d432b7 R09: 1ffffd40001a8656
R10: dffffc0000000000 R11: fffff940001a8657 R12: 1ffff920007e8e40
R13: dffffc0000000000 R14: ffffc90003f47250 R15: ffffea0000d43280
FS:  00007f0b6b16b6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0b63bff000 CR3: 0000000027e0e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 metapage_write_one+0x292/0x4b0 fs/jfs/jfs_metapage.c:710
 force_metapage+0x1ae/0x370 fs/jfs/jfs_metapage.c:732
 txForce fs/jfs/jfs_txnmgr.c:2215 [inline]
 txCommit+0x6250/0x6b90 fs/jfs/jfs_txnmgr.c:1315
 duplicateIXtree+0x33f/0x550 fs/jfs/jfs_imap.c:3019
 diNewIAG fs/jfs/jfs_imap.c:2597 [inline]
 diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
 diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669
 diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590
 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56
 jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225
 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4313
 do_mkdirat+0x264/0x3a0 fs/namei.c:4336
 __do_sys_mkdir fs/namei.c:4356 [inline]
 __se_sys_mkdir fs/namei.c:4354 [inline]
 __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0b6b1b4b19
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0b6b16b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007f0b6b2426c8 RCX: 00007f0b6b1b4b19
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000200003c0
RBP: 00007f0b6b2426c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b6b20f194
R13: 00007f0b6b20f090 R14: 00007f0b6b2090c0 R15: 0031656c69662f2e
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:metapage_write_folio+0xab/0xf20 fs/jfs/jfs_metapage.c:346
Code: 5f 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 17 bd d2 fe 4c 8d b4 24 b0 00 00 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 f6 bc d2 fe 48 8b 03 48 89 44 24
RSP: 0018:ffffc90003f471a0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88807c383c00
RDX: 0000000000000000 RSI: ffffc90003f47300 RDI: ffffea0000d43280
RBP: ffffc90003f472b0 R08: ffffea0000d432b7 R09: 1ffffd40001a8656
R10: dffffc0000000000 R11: fffff940001a8657 R12: 1ffff920007e8e40
R13: dffffc0000000000 R14: ffffc90003f47250 R15: ffffea0000d43280
FS:  00007f0b6b16b6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0b6b208618 CR3: 0000000027e0e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	5f                   	pop    %rdi
   1:	18 48 89             	sbb    %cl,-0x77(%rax)
   4:	d8 48 c1             	fmuls  -0x3f(%rax)
   7:	e8 03 42 80 3c       	call   0x3c80420f
   c:	28 00                	sub    %al,(%rax)
   e:	74 08                	je     0x18
  10:	48 89 df             	mov    %rbx,%rdi
  13:	e8 17 bd d2 fe       	call   0xfed2bd2f
  18:	4c 8d b4 24 b0 00 00 	lea    0xb0(%rsp),%r14
  1f:	00
  20:	48 8b 1b             	mov    (%rbx),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 f6 bc d2 fe       	call   0xfed2bd2f
  39:	48 8b 03             	mov    (%rbx),%rax
  3c:	48                   	rex.W
  3d:	89                   	.byte 0x89
  3e:	44                   	rex.R
  3f:	24                   	.byte 0x24

Crashes (44):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/03 03:53 upstream 69b8923f5003 568559e4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/06 06:10 linux-next c02d24a5af66 d7906eff .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] [mounted in repro #3] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/23 13:18 upstream c2ee9f594da8 15fa2979 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/05 19:42 upstream 27cc6fdf7201 d7906eff .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/06 04:46 linux-next c02d24a5af66 d7906eff .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 03:06 linux-next c02d24a5af66 d7906eff .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] [mounted in repro #3] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2025/02/12 09:58 upstream 09fbf3d50205 f2baddf5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2025/02/03 02:57 upstream 69b8923f5003 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2025/02/03 02:55 upstream 69b8923f5003 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/12/29 14:25 upstream 059dd502b263 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/12/29 05:18 upstream 059dd502b263 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 17:48 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 17:18 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 09:46 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 02:29 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 00:20 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 00:20 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 00:19 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 00:18 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/11/16 00:18 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/06 09:17 upstream fc20a3e57247 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/06 07:21 upstream fc20a3e57247 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in metapage_write_folio
2024/10/05 19:12 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/05 19:04 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2024/10/04 18:03 upstream 0c559323bbaa d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in metapage_write_folio
2025/01/27 00:01 upstream c2da8b3f914f 9fbd772e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in metapage_write_folio
2025/01/01 07:00 upstream ccb98ccef0e5 d3ccff63 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in metapage_write_folio
2024/12/10 00:02 upstream 7cb1b4663150 deb72877 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in metapage_write_folio
2024/11/30 05:22 upstream 2ba9f676d0a2 68914665 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in metapage_write_folio
2024/10/05 01:24 upstream 0c559323bbaa d7906eff .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in metapage_write_folio
2024/10/10 21:43 linux-next 0cca97bf2364 8fbfc0c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/09 20:14 linux-next 33ce24234fca 0278d004 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 08:36 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 08:13 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 07:29 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 06:27 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 06:27 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 01:53 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 01:48 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 01:48 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 01:48 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
2024/10/06 01:47 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in metapage_write_folio
* Struck through repros no longer work on HEAD.