syzbot


general protection fault in jfs_flush_journal

Status: upstream: reported on 2023/03/16 22:18
Reported-by: syzbot+c708d902646b38b761e8@syzkaller.appspotmail.com
First crash: 378d, last: 10h51m
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in jfs_flush_journal jfs C inconclusive 405 13h49m 543d 0/26 upstream: reported C repro on 2022/10/02 18:56
linux-6.1 general protection fault in jfs_flush_journal origin:upstream C 42 2d21h 375d 0/3 upstream: reported C repro on 2023/03/20 13:13

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 PID: 3556 Comm: syz-executor.4 Not tainted 5.15.129-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x80d/0xec0 fs/jfs/jfs_logmgr.c:1581
Code: c3 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 31 30 e6 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 14 30 e6 fe 48 8b 3b e8 cc fc c3
RSP: 0018:ffffc9000306fbc0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 4764cf840c2a6a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000306fcf0 R08: ffffffff81a78666 R09: ffffc9000306fb28
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200060df84
R13: dffffc0000000000 R14: ffff88801d4ca000 R15: ffff888037299838
FS:  0000555556486480(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffbf7eefac5 CR3: 0000000037234000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 jfs_umount+0xf4/0x370 fs/jfs/jfs_umount.c:58
 jfs_put_super+0x86/0x180 fs/jfs/super.c:194
 generic_shutdown_super+0x136/0x2c0 fs/super.c:475
 kill_block_super+0x7a/0xe0 fs/super.c:1414
 deactivate_locked_super+0xa0/0x110 fs/super.c:335
 cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
 task_work_run+0x129/0x1a0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fcbf25cfe17
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe1566b968 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcbf25cfe17
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe1566ba20
RBP: 00007ffe1566ba20 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe1566cae0
R13: 00007fcbf26193b9 R14: 000000000005d2e4 R15: 0000000000000002
 </TASK>
Modules linked in:
---[ end trace dba434c3d8cc9883 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x80d/0xec0 fs/jfs/jfs_logmgr.c:1581
Code: c3 fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 31 30 e6 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 14 30 e6 fe 48 8b 3b e8 cc fc c3
RSP: 0018:ffffc9000306fbc0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 4764cf840c2a6a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000306fcf0 R08: ffffffff81a78666 R09: ffffc9000306fb28
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200060df84
R13: dffffc0000000000 R14: ffff88801d4ca000 R15: ffff888037299838
FS:  0000555556486480(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffbf63edc98 CR3: 0000000037234000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	c3                   	ret
   1:	fe 49 8d             	decb   -0x73(%rcx)
   4:	5f                   	pop    %rdi
   5:	f0 48 89 d8          	lock mov %rbx,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 31 30 e6 fe       	call   0xfee6304d
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 83 c3 30          	add    $0x30,%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 14 30 e6 fe       	call   0xfee6304d
  39:	48 8b 3b             	mov    (%rbx),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	cc                   	int3
  3e:	fc                   	cld
  3f:	c3                   	ret

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/30 23:23 linux-5.15.y 9e43368a3393 84803932 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in jfs_flush_journal
2023/07/14 07:12 linux-5.15.y d54cfc420586 d624500f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in jfs_flush_journal
2023/06/18 09:56 linux-5.15.y 471e639e59d1 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in jfs_flush_journal
2023/03/16 22:18 linux-5.15.y 2ddbd0f967b3 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in jfs_flush_journal
2024/03/29 04:47 linux-5.15.y 9465fef4ae35 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2024/02/19 14:54 linux-5.15.y 6139f2a02fe0 3af7dd65 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/12/03 08:16 linux-5.15.y 9b91d36ba301 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/08/24 05:15 linux-5.15.y f6f7927ac664 4d7ae7ab .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/07/17 13:52 linux-5.15.y d54cfc420586 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/07/07 05:34 linux-5.15.y d54cfc420586 22ae5830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/07/06 01:06 linux-5.15.y d54cfc420586 ba5dba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/29 14:02 linux-5.15.y 4af60700a60c 134ddc02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/19 17:52 linux-5.15.y 471e639e59d1 d521bc56 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/18 10:05 linux-5.15.y 471e639e59d1 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/15 15:30 linux-5.15.y 471e639e59d1 90d4044e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/06/02 00:42 linux-5.15.y 0ab06468cbd1 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/05/31 21:38 linux-5.15.y 0ab06468cbd1 babc4389 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/05/02 23:19 linux-5.15.y 8a7f2a5c5aa1 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
2023/04/09 06:26 linux-5.15.y d86dfc4d95cd 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in jfs_flush_journal
* Struck through repros no longer work on HEAD.