syzbot

 sign-in | mailing list | source | docs
🐞 Open [1159] Subsystems 🐞 Fixed [4412] 🐞 Invalid [9928] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in jfs_flush_journal

Status: upstream: reported C repro on 2022/10/02 18:56
Subsystems: jfs (incorrect?)
Reported-by: syzbot+194bfe3476f96782c0b6@syzkaller.appspotmail.com
First crash: 178d, last: 15h10m

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: general protection fault in write_special_inodes (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in jfs_flush_journal 3 1d04h 10d 0/3 upstream: reported on 2023/03/20 13:13
linux-5.15 general protection fault in jfs_flush_journal 1 13d 13d 0/3 upstream: reported on 2023/03/16 22:18

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 PID: 5066 Comm: syz-executor184 Not tainted 6.3.0-rc2-syzkaller-00363-g478a351ce0d6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x99e/0xec0 fs/jfs/jfs_logmgr.c:1582
Code: b1 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a0 37 d9 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 4c 8b 74 24 38 74 08 48 89 df e8 7e 37 d9 fe 48 8b
RSP: 0018:ffffc90003d1fae0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 7afcf5cf5c48d200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003d1fc20 R08: ffffffff81b895aa R09: ffffc90003d1fa30
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88806d158460 R15: ffff888028c31838
FS:  000055555704b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffd2f0fd38 CR3: 0000000077b58000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 jfs_umount+0x170/0x3a0 fs/jfs/jfs_umount.c:58
 jfs_put_super+0x8a/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x134/0x340 fs/super.c:491
 kill_block_super+0x7e/0xe0 fs/super.c:1398
 deactivate_locked_super+0xa4/0x110 fs/super.c:331
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1177
 task_work_run+0x24a/0x300 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xd9/0x100 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x64/0x280 kernel/entry/common.c:296
 do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f67891049b7
Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd2f10478 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f67891049b7
RDX: 00007fffd2f1053a RSI: 000000000000000a RDI: 00007fffd2f10530
RBP: 00007fffd2f10530 R08: 00000000ffffffff R09: 00007fffd2f10310
R10: 000055555704c653 R11: 0000000000000206 R12: 00007fffd2f115f0
R13: 000055555704c5f0 R14: 00007fffd2f104a0 R15: 00007fffd2f11610
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x99e/0xec0 fs/jfs/jfs_logmgr.c:1582
Code: b1 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a0 37 d9 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 4c 8b 74 24 38 74 08 48 89 df e8 7e 37 d9 fe 48 8b
RSP: 0018:ffffc90003d1fae0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 7afcf5cf5c48d200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003d1fc20 R08: ffffffff81b895aa R09: ffffc90003d1fa30
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88806d158460 R15: ffff888028c31838
FS:  000055555704b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67890b0000 CR3: 0000000077b58000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	b1 fe                	mov    $0xfe,%cl
   2:	49 8d 5f f0          	lea    -0x10(%r15),%rbx
   6:	48 89 d8             	mov    %rbx,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 a0 37 d9 fe       	callq  0xfed937bc
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 83 c3 30          	add    $0x30,%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	4c 8b 74 24 38       	mov    0x38(%rsp),%r14
  34:	74 08                	je     0x3e
  36:	48 89 df             	mov    %rbx,%rdi
  39:	e8 7e 37 d9 fe       	callq  0xfed937bc
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (106):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-fs 2023/03/18 09:06 upstream 478a351ce0d6 7939252e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/17 17:54 upstream 6e50979a9c87 42660d9e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/02 10:34 upstream 88603b6dc419 ab32d508 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in jfs_flush_journal
ci2-upstream-fs 2022/10/23 10:01 upstream 4da34b7d175d c0b80a55 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] general protection fault in jfs_flush_journal
ci2-upstream-fs 2022/10/03 13:22 upstream a962b54e162c feb56351 .config strace log report syz C [disk image] [vmlinux] general protection fault in jfs_flush_journal
ci2-upstream-fs 2022/10/02 16:35 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2022/10/02 15:53 upstream b357fd1c2afc feb56351 .config strace log report syz C [disk image] [vmlinux] general protection fault in jfs_flush_journal
ci-upstream-gce-arm64 2023/02/14 23:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 1d6b4af7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2022/10/23 08:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 c0b80a55 .config console log report syz C [disk image] [vmlinux] [mounted in repro] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2022/10/02 23:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2022/10/02 22:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci2-upstream-fs 2023/03/29 09:53 upstream fcd476ea6a88 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/27 23:58 upstream 3a93e40326c8 47f3aaf1 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/27 13:58 upstream 197b6b60ae7b f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/25 22:51 upstream 65aca32efdcb fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/24 21:22 upstream 1e760fa3596e 9700afae .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/21 17:54 upstream 17214b70a159 8b4eb097 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/21 09:09 upstream 17214b70a159 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/21 05:14 upstream 7d31677bb7b1 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/21 00:20 upstream 7d31677bb7b1 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2023/03/20 22:17 upstream 7d31677bb7b1 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/20 19:41 upstream 7d31677bb7b1 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/20 13:13 upstream e8d018dd0257 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/18 21:29 upstream 534293368afa 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2023/03/18 11:20 upstream 478a351ce0d6 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/18 07:10 upstream 38e04b3e4240 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/15 23:24 upstream 9c1bec9c0b08 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/15 08:58 upstream 6015b1aca1a2 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/14 00:47 upstream eeac8ede1755 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/04 11:24 upstream 0a3f9a6b0265 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/21 20:24 upstream 9e58df973d22 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/19 23:37 upstream 925cf0457d7e bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/15 15:07 upstream e1c04510f521 6be0f1f5 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/14 13:30 upstream f6feea56f66d 93ae7e0a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/12 07:17 upstream d12aca5c0cee 93e26d60 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/11 20:10 upstream d12aca5c0cee 93e26d60 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/08 12:24 upstream 0983f6bf2bfc abbb67b7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/04 14:10 upstream 0136d86b7852 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/02/02 17:19 upstream 9f266ccaa2f5 16d19e30 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/30 17:02 upstream 6d796c50f84c b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/28 11:34 upstream 5af6ce704936 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2023/01/27 08:44 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/26 01:31 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/25 18:06 upstream 948ef7bb70c4 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/24 18:01 upstream 7bf70dbb1882 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2023/01/22 23:46 upstream 2241ab53cbb5 559a440a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/22 22:35 upstream 2475bf0250de cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/21 15:36 upstream f883675bf652 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/20 22:42 upstream edc00350d205 dd15ff29 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/19 07:26 upstream 7287904c8771 66fca3ae .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/15 20:57 upstream 7c6984405241 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/11 08:52 upstream 40c18f363a08 48bc529a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/09 16:21 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/01/06 18:41 upstream 1f5abbd77e2c 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in jfs_flush_journal
ci-upstream-kasan-gce-smack-root 2022/10/02 15:19 upstream b357fd1c2afc feb56351 .config console log report info [disk image] [vmlinux] general protection fault in jfs_flush_journal
ci2-upstream-fs 2023/03/19 02:50 upstream 534293368afa 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KASAN: slab-use-after-free Read in jfs_flush_journal
ci-upstream-gce-arm64 2023/03/29 23:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel paging request in jfs_flush_journal
ci-upstream-gce-arm64 2023/03/16 12:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel paging request in jfs_flush_journal
ci-upstream-gce-arm64 2023/02/17 11:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2023/02/03 15:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ca72d58361ee 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2023/01/23 07:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci edb2f0dc90f2 44388686 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2023/01/21 06:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci de8041bf6ca8 559a440a .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
ci-upstream-gce-arm64 2023/01/01 18:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in jfs_flush_journal
* Struck through repros no longer work on HEAD.