From: syzbot <syzbot+b974bd41515f770c608b@syzkaller.appspotmail.com>
To: duttaditya18@gmail.com, jfs-discussion@lists.sourceforge.net,
linux-kernel@vger.kernel.org, shaggy@kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [jfs?] UBSAN: array-index-out-of-bounds in add_missing_indices
Date: Sat, 22 Mar 2025 06:36:01 -0700 [thread overview]
Message-ID: <67debcc1.050a0220.31a16b.003c.GAE@google.com> (raw)
In-Reply-To: <20250322130257.227256-1-duttaditya18@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in lmLogSync
Unable to handle kernel paging request at virtual address dfff800000000006
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000006] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 UID: 0 PID: 102 Comm: jfsCommit Not tainted 6.14.0-rc7-syzkaller-ga2392f333575-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : write_special_inodes fs/jfs/jfs_logmgr.c:207 [inline]
pc : lmLogSync+0xec/0x978 fs/jfs/jfs_logmgr.c:935
lr : lmLogSync+0xa4/0x978 fs/jfs/jfs_logmgr.c:934
sp : ffff80009ba17aa0
x29: ffff80009ba17b70 x28: ffff80009b359000 x27: dfff800000000000
x26: dfff800000000000 x25: ffff80009ba17ac0 x24: 1ffff0001202ba48
x23: 0000000000000002 x22: 0000000000000006 x21: 0000000000000030
x20: ffff0000edad3838 x19: ffff0000e80de000 x18: 1fffe000366f8886
x17: ffff80008fb6d000 x16: ffff80008b74b408 x15: ffff700013742f60
x14: 1ffff00013742f5d x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff700013742f60 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000006 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000004 x3 : 0000000000000010
x2 : 0000000000000004 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
write_special_inodes fs/jfs/jfs_logmgr.c:207 [inline] (P)
lmLogSync+0xec/0x978 fs/jfs/jfs_logmgr.c:935 (P)
jfs_syncpt+0x74/0x98 fs/jfs/jfs_logmgr.c:1041
txEnd+0x2ec/0x558 fs/jfs/jfs_txnmgr.c:549
txLazyCommit fs/jfs/jfs_txnmgr.c:2684 [inline]
jfs_lazycommit+0x4e0/0x9a8 fs/jfs/jfs_txnmgr.c:2733
kthread+0x65c/0x7b0 kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Code: 97bd83a8 f94002a8 9100c115 d343fea8 (387b6908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 97bd83a8 bl 0xfffffffffef60ea0
4: f94002a8 ldr x8, [x21]
8: 9100c115 add x21, x8, #0x30
c: d343fea8 lsr x8, x21, #3
* 10: 387b6908 ldrb w8, [x8, x27] <-- trapping instruction
Tested on:
commit: a2392f33 drm/panthor: Clean up FW version information ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=12ae95e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5f4c5deae8cc60fe
dashboard link: https://syzkaller.appspot.com/bug?extid=b974bd41515f770c608b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=11c7043f980000
next prev parent reply other threads:[~2025-03-22 13:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 15:40 [syzbot] [jfs?] UBSAN: array-index-out-of-bounds in add_missing_indices syzbot
2025-01-21 20:20 ` syzbot
2025-03-22 9:37 ` Aditya Dutt
2025-03-22 10:04 ` syzbot
2025-03-22 12:22 ` Aditya Dutt
2025-03-22 12:44 ` syzbot
2025-03-22 13:02 ` Aditya Dutt
2025-03-22 13:36 ` syzbot [this message]
2025-04-15 17:47 ` [syzbot] Test if it's still reproducible syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-04-15 17:48 Aditya Dutt
2025-04-15 22:23 ` [syzbot] [jfs?] UBSAN: array-index-out-of-bounds in add_missing_indices syzbot
[not found] <20250415174725.369628-1-duttaditya18@gmail.com>
2025-04-15 22:07 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67debcc1.050a0220.31a16b.003c.GAE@google.com \
--to=syzbot+b974bd41515f770c608b@syzkaller.appspotmail.com \
--cc=duttaditya18@gmail.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shaggy@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.