[v5.15] linux-5.15.y test error: Internal error in sys_mount
3 views
Skip to first unread message
syzbot
Aug 28, 2025, 4:08:48 PM8/28/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 01879f56bdde Linux 5.15.190
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=111ebef0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5f873230d9f36f85
dashboard link: https://syzkaller.appspot.com/bug?extid=0f7e9581a8ceed4f72fa
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b756138f6e4d/disk-01879f56.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/14a500f1d350/vmlinux-01879f56.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1bdcadb8a80/Image-01879f56.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f7e95...@syzkaller.appspotmail.com
cgroup: Unknown subsys name 'net'
Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4032 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc)
pc : copy_mount_options fs/namespace.c:3246 [inline]
pc : __do_sys_mount fs/namespace.c:3571 [inline]
pc : __se_sys_mount fs/namespace.c:3553 [inline]
pc : __arm64_sys_mount+0x2f8/0x5e4 fs/namespace.c:3553
lr : copy_mount_options fs/namespace.c:3246 [inline]
lr : __do_sys_mount fs/namespace.c:3571 [inline]
lr : __se_sys_mount fs/namespace.c:3553 [inline]
lr : __arm64_sys_mount+0x2d4/0x5e4 fs/namespace.c:3553
sp : ffff80001bea7c80
x29: ffff80001bea7d20 x28: 00000000fffffff2 x27: 0000ffffdf848000
x26: ffff0000c1123680 x25: 0000000000000000 x24: 0000ffffdf847091
x23: ffff0000de0ac000 x22: 0000000000000f6f x21: dfff800000000000
x20: 00000000ffffff6f x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000089655e8 x15: 0000ffffdf847091
x14: 3832312e30312034 x13: 1ffff0000283006b x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000ffffffffffff x9 : 0000ffffdf848000
x8 : 0000ffffdf848000 x7 : ffff80000875120c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
copy_mount_options fs/namespace.c:3246 [inline]
__do_sys_mount fs/namespace.c:3571 [inline]
__se_sys_mount fs/namespace.c:3553 [inline]
__arm64_sys_mount+0x2f8/0x5e4 fs/namespace.c:3553
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503229f 2a1903fc 2a1903e0 38400933 (2a1c03e1)
---[ end trace 4f2a1fc4c727190b ]---
----------------
Code disassembly (best guess):
0: d503229f csdb
4: 2a1903fc mov w28, w25
8: 2a1903e0 mov w0, w25
c: 38400933 ldtrb w19, [x9]
* 10: 2a1c03e1 mov w1, w28 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 01879f56bdde Linux 5.15.190
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=111ebef0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5f873230d9f36f85
dashboard link: https://syzkaller.appspot.com/bug?extid=0f7e9581a8ceed4f72fa
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b756138f6e4d/disk-01879f56.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/14a500f1d350/vmlinux-01879f56.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1bdcadb8a80/Image-01879f56.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f7e95...@syzkaller.appspotmail.com
cgroup: Unknown subsys name 'net'
Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4032 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc)
pc : copy_mount_options fs/namespace.c:3246 [inline]
pc : __do_sys_mount fs/namespace.c:3571 [inline]
pc : __se_sys_mount fs/namespace.c:3553 [inline]
pc : __arm64_sys_mount+0x2f8/0x5e4 fs/namespace.c:3553
lr : copy_mount_options fs/namespace.c:3246 [inline]
lr : __do_sys_mount fs/namespace.c:3571 [inline]
lr : __se_sys_mount fs/namespace.c:3553 [inline]
lr : __arm64_sys_mount+0x2d4/0x5e4 fs/namespace.c:3553
sp : ffff80001bea7c80
x29: ffff80001bea7d20 x28: 00000000fffffff2 x27: 0000ffffdf848000
x26: ffff0000c1123680 x25: 0000000000000000 x24: 0000ffffdf847091
x23: ffff0000de0ac000 x22: 0000000000000f6f x21: dfff800000000000
x20: 00000000ffffff6f x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000089655e8 x15: 0000ffffdf847091
x14: 3832312e30312034 x13: 1ffff0000283006b x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000ffffffffffff x9 : 0000ffffdf848000
x8 : 0000ffffdf848000 x7 : ffff80000875120c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
copy_mount_options fs/namespace.c:3246 [inline]
__do_sys_mount fs/namespace.c:3571 [inline]
__se_sys_mount fs/namespace.c:3553 [inline]
__arm64_sys_mount+0x2f8/0x5e4 fs/namespace.c:3553
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503229f 2a1903fc 2a1903e0 38400933 (2a1c03e1)
---[ end trace 4f2a1fc4c727190b ]---
----------------
Code disassembly (best guess):
0: d503229f csdb
4: 2a1903fc mov w28, w25
8: 2a1903e0 mov w0, w25
c: 38400933 ldtrb w19, [x9]
* 10: 2a1c03e1 mov w1, w28 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages