syzbot


general protection fault in lmLogSync (2)

Status: upstream: reported C repro on 2022/09/29 20:40
Reported-by: syzbot+e14b1036481911ae4d77@syzkaller.appspotmail.com
First crash: 58d, last: 6h01m

Cause bisection: failed (bisect log)
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in lmLogSync 1 232d 221d 0/24 auto-closed as invalid on 2022/08/06 08:08

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 PID: 3637 Comm: syz-executor288 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:lmLogSync+0x227/0xb00 fs/jfs/jfs_logmgr.c:937
Code: ae fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 57 20 d7 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 3a 20 d7 fe 48 8b 3b e8 d2 f9 ae
RSP: 0018:ffffc90003d8fa60 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: aa46bf18d8d22600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003d8fb68 R08: ffffffff81b68393 R09: ffffc90003d8f9b0
R10: fffff520007b1f39 R11: 1ffff920007b1f36 R12: dffffc0000000000
R13: ffff888072d73800 R14: 0000000000000000 R15: ffff888028b6aa38
FS:  00005555572a7300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555572b0628 CR3: 0000000075823000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 jfs_syncpt+0x79/0x90 fs/jfs/jfs_logmgr.c:1041
 jfs_sync_fs+0x86/0xa0 fs/jfs/super.c:685
 sync_filesystem+0xe8/0x220 fs/sync.c:56
 generic_shutdown_super+0x6b/0x310 fs/super.c:474
 kill_block_super+0x79/0xd0 fs/super.c:1428
 deactivate_locked_super+0xa7/0xf0 fs/super.c:332
 cleanup_mnt+0x494/0x520 fs/namespace.c:1186
 task_work_run+0x243/0x300 kernel/task_work.c:179
 ptrace_notify+0x29a/0x340 kernel/signal.c:2354
 ptrace_report_syscall include/linux/ptrace.h:420 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
 syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:251
 syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:278
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:296
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6929f1adc7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcb5715f18 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6929f1adc7
RDX: 00007ffcb5715fd9 RSI: 000000000000000a RDI: 00007ffcb5715fd0
RBP: 00007ffcb5715fd0 R08: 00000000ffffffff R09: 00007ffcb5715db0
R10: 00005555572a8653 R11: 0000000000000206 R12: 00007ffcb5717040
R13: 00005555572a85f0 R14: 00007ffcb5715f40 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:lmLogSync+0x227/0xb00 fs/jfs/jfs_logmgr.c:937
Code: ae fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 57 20 d7 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 3a 20 d7 fe 48 8b 3b e8 d2 f9 ae
RSP: 0018:ffffc90003d8fa60 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: aa46bf18d8d22600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003d8fb68 R08: ffffffff81b68393 R09: ffffc90003d8f9b0
R10: fffff520007b1f39 R11: 1ffff920007b1f36 R12: dffffc0000000000
R13: ffff888072d73800 R14: 0000000000000000 R15: ffff888028b6aa38
FS:  00005555572a7300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555572b0628 CR3: 0000000075823000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	ae                   	scas   %es:(%rdi),%al
   1:	fe 49 8d             	decb   -0x73(%rcx)
   4:	5f                   	pop    %rdi
   5:	f0 48 89 d8          	lock mov %rbx,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  12:	74 08                	je     0x1c
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 57 20 d7 fe       	callq  0xfed72073
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 83 c3 30          	add    $0x30,%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 3a 20 d7 fe       	callq  0xfed72073
  39:	48 8b 3b             	mov    (%rbx),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	d2 f9                	sar    %cl,%cl
  3f:	ae                   	scas   %es:(%rdi),%al

Crashes (107):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-fs 2022/11/26 20:53 upstream 644e9524388a f4470a7b .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/11/23 00:52 upstream eb7081409f94 9da37ae8 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/11/19 02:51 upstream ab290eaddc4c 5bb70014 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/11/15 16:46 upstream e01d50cbd6ee 97de9cfc .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/10/12 06:20 upstream 493ffd6605b2 02b6492e .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/10/09 10:30 upstream a6afa4199d3d aea5da89 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/10/05 08:19 upstream 0326074ff465 267e3bb1 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/10/01 09:07 upstream 70575e77839f feb56351 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/09/30 20:15 upstream 70575e77839f feb56351 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/09/30 15:54 upstream 987a926c1d8a 45fd7169 .config log report syz C general protection fault in lmLogSync
ci2-upstream-fs 2022/09/29 15:02 upstream c3e0e1e23c70 45fd7169 .config log report syz C general protection fault in lmLogSync
ci-upstream-gce-arm64 2022/11/19 16:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 5bb70014 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/11/15 19:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9e4ce762f0e7 97de9cfc .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/10/12 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 16a9c9e0 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/10/08 15:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 aea5da89 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/10/04 08:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/10/02 14:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/09/30 21:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/09/29 22:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df 1d385642 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/09/29 22:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df 1d385642 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/09/29 21:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df 1d385642 .config log report syz C BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci2-upstream-fs 2022/11/26 16:35 upstream 644e9524388a f4470a7b .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/23 17:29 upstream eb7081409f94 52fdf57a .config log report info general protection fault in lmLogSync
ci-upstream-kasan-gce-smack-root 2022/11/23 10:30 upstream eb7081409f94 75740b3f .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/22 23:40 upstream eb7081409f94 9da37ae8 .config log report info general protection fault in lmLogSync
ci-upstream-kasan-gce-smack-root 2022/11/22 21:38 upstream eb7081409f94 9da37ae8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/22 05:32 upstream eb7081409f94 1c576c23 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/22 00:21 upstream eb7081409f94 1c576c23 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/21 04:43 upstream eb7081409f94 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/20 15:05 upstream 77c51ba552a1 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/20 11:08 upstream fe24a97cf254 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/20 06:47 upstream fe24a97cf254 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/20 04:11 upstream fe24a97cf254 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/19 18:52 upstream fe24a97cf254 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/19 10:22 upstream ab290eaddc4c 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/19 01:51 upstream ab290eaddc4c 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/18 20:06 upstream 84368d882b96 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/18 17:08 upstream 84368d882b96 5bb70014 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/17 21:03 upstream 81ac25651a62 4ba8ab94 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/17 15:58 upstream cc675d22e422 4ba8ab94 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/17 08:32 upstream cc675d22e422 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/17 06:50 upstream cc675d22e422 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/16 17:37 upstream 59d0d52c30d4 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/16 16:35 upstream 81e7cfa3a9eb 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/16 02:09 upstream 81e7cfa3a9eb 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/15 22:41 upstream 81e7cfa3a9eb 3a127a31 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/15 04:35 upstream e01d50cbd6ee 97de9cfc .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/14 13:50 upstream 094226ad94f4 943f4cb8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/14 03:43 upstream af7a05689189 7ba4d859 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/13 17:16 upstream af7a05689189 7ba4d859 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/13 13:18 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/13 04:50 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/13 03:09 upstream fef7fd48922d f42ee5d8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/12 10:37 upstream 8f2975c2bb4c f42ee5d8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/12 07:33 upstream eb037f16f7e8 f42ee5d8 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/10 10:48 upstream f67dd6ce0723 b2488a87 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/10 08:58 upstream f67dd6ce0723 b2488a87 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/10 03:02 upstream f67dd6ce0723 b2488a87 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/09 17:53 upstream f141df371335 bebca8b7 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/08 14:12 upstream 59f2f4b8a757 060f945e .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/07 01:02 upstream 089d1c31224e 6d752409 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/05 07:30 upstream 64c3dd0b98f5 6d752409 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/04 15:09 upstream ee6050c8af96 6d752409 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/11/03 09:13 upstream b229b6ca5abb 7a2ebf95 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/09/29 14:18 upstream c3e0e1e23c70 45fd7169 .config log report info general protection fault in lmLogSync
ci2-upstream-fs 2022/10/02 12:29 upstream b357fd1c2afc feb56351 .config log report info KASAN: use-after-free Read in lmLogSync
ci-upstream-gce-arm64 2022/11/23 05:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 65762d97e6fa 9da37ae8 .config log report info BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/11/14 02:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1621b6eaebf7 3ead01ad .config log report info BUG: unable to handle kernel NULL pointer dereference in lmLogSync
ci-upstream-gce-arm64 2022/11/12 14:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1621b6eaebf7 3ead01ad .config log report info BUG: unable to handle kernel NULL pointer dereference in lmLogSync
* Struck through repros no longer work on HEAD.