[syzbot] [jfs?] general protection fault in txCommit (2)
2 views
Skip to first unread message
syzbot
Nov 7, 2025, 2:29:25 AM (8 days ago) Nov 7
to jfs-dis...@lists.sourceforge.net, linux-...@vger.kernel.org, sha...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8bb886cb8f3a Merge tag 'edac_urgent_for_v6.18_rc5' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1207c114580000
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1033d012580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ea1bcd980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/393661e2054b/disk-8bb886cb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ba628b757c6a/vmlinux-8bb886cb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15255c2cc8ad/bzImage-8bb886cb.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5ffcac92a4cf/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=125bf932580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034fa[ 113.512606][ T5985] UFO tlock:0xffffc900034fa1b0
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 UID: 0 PID: 5985 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
Call Trace:
<TASK>
jfs_create+0x865/0xa80 fs/jfs/namei.c:156
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f575dbcf6c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff260cfb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f575de25fa0 RCX: 00007f575dbcf6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007f575dc51f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f575de25fa0 R14: 00007f575de25fa0 R15: 0000000000000002
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 3c 10 cmp $0x10,%al
2: 00 74 12 4c add %dh,0x4c(%rdx,%rdx,1)
6: 89 f7 mov %esi,%edi
8: e8 f2 cb e2 fe call 0xfee2cbff
d: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx
14: fc ff df
17: 4c 89 74 24 68 mov %r14,0x68(%rsp)
1c: 4d 8b 36 mov (%r14),%r14
1f: 4d 8d 7e 28 lea 0x28(%r14),%r15
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction
2e: 74 12 je 0x42
30: 4c 89 ff mov %r15,%rdi
33: e8 c7 cb e2 fe call 0xfee2cbff
38: 48 rex.W
39: ba 00 00 00 00 mov $0x0,%edx
3e: 00 fc add %bh,%ah
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8bb886cb8f3a Merge tag 'edac_urgent_for_v6.18_rc5' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1207c114580000
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1033d012580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ea1bcd980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/393661e2054b/disk-8bb886cb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ba628b757c6a/vmlinux-8bb886cb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15255c2cc8ad/bzImage-8bb886cb.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5ffcac92a4cf/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=125bf932580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034fa[ 113.512606][ T5985] UFO tlock:0xffffc900034fa1b0
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 UID: 0 PID: 5985 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
Call Trace:
<TASK>
jfs_create+0x865/0xa80 fs/jfs/namei.c:156
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f575dbcf6c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff260cfb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f575de25fa0 RCX: 00007f575dbcf6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007f575dc51f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f575de25fa0 R14: 00007f575de25fa0 R15: 0000000000000002
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txLog fs/jfs/jfs_txnmgr.c:1390 [inline]
RIP: 0010:txCommit+0xafb/0x5430 fs/jfs/jfs_txnmgr.c:1265
Code: 3c 10 00 74 12 4c 89 f7 e8 f2 cb e2 fe 48 ba 00 00 00 00 00 fc ff df 4c 89 74 24 68 4d 8b 36 4d 8d 7e 28 4c 89 f8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ff e8 c7 cb e2 fe 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003fc74e0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: 0000000000000948 RCX: 1ffff9200069fd48
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fc76b0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac5ef R12: 0000000000000002
R13: ffffc900034fa000 R14: 0000000000000000 R15: 0000000000000028
FS: 0000555570e52500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000038f28000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 3c 10 cmp $0x10,%al
2: 00 74 12 4c add %dh,0x4c(%rdx,%rdx,1)
6: 89 f7 mov %esi,%edi
8: e8 f2 cb e2 fe call 0xfee2cbff
d: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx
14: fc ff df
17: 4c 89 74 24 68 mov %r14,0x68(%rsp)
1c: 4d 8b 36 mov (%r14),%r14
1f: 4d 8d 7e 28 lea 0x28(%r14),%r15
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction
2e: 74 12 je 0x42
30: 4c 89 ff mov %r15,%rdi
33: e8 c7 cb e2 fe call 0xfee2cbff
38: 48 rex.W
39: ba 00 00 00 00 mov $0x0,%edx
3e: 00 fc add %bh,%ah
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 8, 2025, 3:32:22 AM (7 days ago) Nov 8
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [jfs?] general protection fault in txCommit (2)
Author: yun....@windriver.com
#syz test
diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index 7840a03e5bcb..a69bb5f25301 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -1073,7 +1073,7 @@ struct linelock *txLinelock(struct linelock * tlock)
TXN_UNLOCK();
/* initialize linelock */
- linelock = (struct linelock *) tlck;
+ linelock = (struct linelock *) tlck->lock;
linelock->next = 0;
linelock->flag = tlckLINELOCK;
linelock->maxcnt = TLOCKLONG;
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [jfs?] general protection fault in txCommit (2)
Author: yun....@windriver.com
#syz test
diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index 7840a03e5bcb..a69bb5f25301 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -1073,7 +1073,7 @@ struct linelock *txLinelock(struct linelock * tlock)
TXN_UNLOCK();
/* initialize linelock */
- linelock = (struct linelock *) tlck;
+ linelock = (struct linelock *) tlck->lock;
linelock->next = 0;
linelock->flag = tlckLINELOCK;
linelock->maxcnt = TLOCKLONG;
syzbot
Nov 8, 2025, 3:36:04 AM (7 days ago) Nov 8
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/jfs/jfs_txnmgr.c
Hunk #1 FAILED at 1073.
1 out of 1 hunk FAILED
Tested on:
commit: e811c33b Merge tag 'drm-fixes-2025-11-08' of https://g..
git tree: upstream
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/jfs/jfs_txnmgr.c
Hunk #1 FAILED at 1073.
1 out of 1 hunk FAILED
Tested on:
commit: e811c33b Merge tag 'drm-fixes-2025-11-08' of https://g..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=177f4412580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler:
syzbot
Nov 8, 2025, 11:15:45 AM (7 days ago) Nov 8
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [jfs?] general protection fault in txCommit (2)
Author: yun....@windriver.com
#syz test
________________________________________
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [jfs?] general protection fault in txCommit (2)
Author: yun....@windriver.com
#syz test
From: syzbot <syzbot+9489c9...@syzkaller.appspotmail.com>
Sent: Saturday, November 8, 2025 16:36
To: linux-...@vger.kernel.org; syzkall...@googlegroups.com; Zhou, Yun
Subject: Re: [syzbot] [jfs?] general protection fault in txCommit (2)
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/jfs/jfs_txnmgr.c
Hunk #1 FAILED at 1073.
1 out of 1 hunk FAILED
Tested on:
commit: e811c33b Merge tag 'drm-fixes-2025-11-08' of https://g..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=177f4412580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler:
syzbot
Nov 8, 2025, 11:46:04 AM (7 days ago) Nov 8
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034f91f8
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3700:8
index -1 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 6705 Comm: syz.0.55 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsertEntry+0x936/0x1430 fs/jfs/jfs_dtree.c:3700
dtInsert+0x931/0x5f40 fs/jfs/jfs_dtree.c:894
jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
RAX: ffffffffffffffda RBX: 00007f67e0905fa0 RCX: 00007f67e06af6c9
</TASK>
---[ end trace ]---
console output: https://syzkaller.appspot.com/x/log.txt?x=11cf0b42580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3700:8
index -1 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 6705 Comm: syz.0.55 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsertEntry+0x936/0x1430 fs/jfs/jfs_dtree.c:3700
dtInsert+0x931/0x5f40 fs/jfs/jfs_dtree.c:894
jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f67e06af6c9
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f67dfd16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f67e0905fa0 RCX: 00007f67e06af6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007f67e0731f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f67e0906038 R14: 00007f67e0905fa0 R15: 00007fff0aaff588
</TASK>
---[ end trace ]---
console output: https://syzkaller.appspot.com/x/log.txt?x=11cf0b42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=17eaaa92580000
syzbot
Nov 10, 2025, 6:24:24 AM (5 days ago) Nov 10
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
Nov 10, 2025, 7:12:03 AM (5 days ago) Nov 10
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034d11f8
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3707:8
index -1 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 6833 Comm: syz.0.56 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsertEntry+0x936/0x1430 fs/jfs/jfs_dtree.c:3707
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsert+0x931/0x6000 fs/jfs/jfs_dtree.c:894
jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc0cd3bf6c9
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0cca2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007fc0cd615fa0 RCX: 00007fc0cd3bf6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007fc0cd441f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc0cd616038 R14: 00007fc0cd615fa0 R15: 00007ffc096fa2d8
</TASK>
---[ end trace ]---
Tested on:
commit: e9a6fb0b Linux 6.18-rc5
---[ end trace ]---
Tested on:
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=108a1a92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=13df260a580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Nov 10, 2025, 7:33:08 AM (5 days ago) Nov 10
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
Nov 10, 2025, 8:07:05 AM (5 days ago) Nov 10
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
UFO tlock:0xffffc900034f9048
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in dtInsertEntry
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3707:8
index -1 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 6833 Comm: syz.0.58 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3707:8
index -1 is out of range for type 'struct dtslot[128]'
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsertEntry+0x936/0x1430 fs/jfs/jfs_dtree.c:3707
dtInsert+0x931/0x6000 fs/jfs/jfs_dtree.c:894
jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa2c965f6c9
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
dtInsertEntry+0x936/0x1430 fs/jfs/jfs_dtree.c:3707
dtInsert+0x931/0x6000 fs/jfs/jfs_dtree.c:894
jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
lookup_open fs/namei.c:3796 [inline]
open_last_lookups fs/namei.c:3895 [inline]
path_openat+0x1500/0x3840 fs/namei.c:4131
do_filp_open+0x1fa/0x410 fs/namei.c:4161
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_creat fs/open.c:1530 [inline]
__se_sys_creat fs/open.c:1524 [inline]
__x64_sys_creat+0x8f/0xc0 fs/open.c:1524
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa2c8cce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007fa2c98b5fa0 RCX: 00007fa2c965f6c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007fa2c96e1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa2c98b6038 R14: 00007fa2c98b5fa0 R15: 00007ffe646c1968
</TASK>
---[ end trace ]---
Tested on:
commit: e9a6fb0b Linux 6.18-rc5
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17265412580000
---[ end trace ]---
Tested on:
commit: e9a6fb0b Linux 6.18-rc5
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=11bbb084580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Nov 14, 2025, 8:48:03 AM (19 hours ago) Nov 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: test
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: yun....@windriver.com
#syz test
syzbot
Nov 14, 2025, 9:36:24 AM (18 hours ago) Nov 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
Nov 14, 2025, 9:51:03 AM (18 hours ago) Nov 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested on:
commit: 6da43bbe Merge tag 'vfio-v6.18-rc6' of https://github...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=126bb60a580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested on:
commit: 6da43bbe Merge tag 'vfio-v6.18-rc6' of https://github...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=126bb60a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=133db532580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: testing is done by a robot and is best-effort only.
syzbot
Nov 14, 2025, 10:15:04 AM (17 hours ago) Nov 14
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yun....@windriver.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested on:
commit: 6da43bbe Merge tag 'vfio-v6.18-rc6' of https://github...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1187bc12580000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested-by: syzbot+9489c9...@syzkaller.appspotmail.com
Tested on:
commit: 6da43bbe Merge tag 'vfio-v6.18-rc6' of https://github...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=13cbb60a580000
dashboard link: https://syzkaller.appspot.com/bug?extid=9489c9f9f3d437221ea2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Reply all
Reply to author
Forward
0 new messages