Hello,
syzbot found the following issue on:
HEAD commit: 2ddbd0f967b3 Linux 5.15.102
git tree: linux-5.15.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=14b86542c80000
kernel config:
https://syzkaller.appspot.com/x/.config?x=d6af46e4bd7d6a2f
dashboard link:
https://syzkaller.appspot.com/bug?extid=2ad6f72a408046e799bd
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/d46a989959b6/disk-2ddbd0f9.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/4d06a9b2ddaf/vmlinux-2ddbd0f9.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/0921009430c0/Image-2ddbd0f9.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+2ad6f7...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff800000000006
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000006] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4104 Comm: syz-executor.2 Not tainted 5.15.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
pc : lmLogSync+0x210/0x98c fs/jfs/jfs_logmgr.c:945
lr : write_special_inodes fs/jfs/jfs_logmgr.c:207 [inline]
lr : lmLogSync+0x1ec/0x98c fs/jfs/jfs_logmgr.c:945
sp : ffff80001cef7780
x29: ffff80001cef7850 x28: 1ffff00002937a9d x27: dfff800000000000
x26: fffffbffeff32b7c x25: ffff80001cef77a0 x24: 1fffe0001ae97806
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000000030
x20: ffff0000c8470238 x19: ffff0000da444800 x18: 0000000000000000
x17: ff80800008b5952c x16: ffff80000824ff34 x15: ffff800008b5952c
x14: 1ffff0000293806a x13: ffffffffffffffff x12: 0000000000000000
x11: ff808000086d0bc0 x10: 0000000000000000 x9 : ef0af81063f09b00
x8 : 0000000000000006 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000010
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
lmLogSync+0x210/0x98c fs/jfs/jfs_logmgr.c:945
jfs_syncpt+0x74/0x98 fs/jfs/jfs_logmgr.c:1049
jfs_sync_fs+0x8c/0xac fs/jfs/super.c:690
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x29c fs/super.c:448
kill_block_super+0x70/0xdc fs/super.c:1396
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:597
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 97bfd45f f94002a8 9100c115 d343fea8 (387b6908)
---[ end trace 3bfec0633089554c ]---
----------------
Code disassembly (best guess):
0: 97bfd45f bl 0xfffffffffeff517c
4: f94002a8 ldr x8, [x21]
8: 9100c115 add x21, x8, #0x30
c: d343fea8 lsr x8, x21, #3
* 10: 387b6908 ldrb w8, [x8, x27] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.