* kernel BUG in txEnd
@ 2026-06-26 21:27 sanan.hasanou
0 siblings, 0 replies; only message in thread
From: sanan.hasanou @ 2026-06-26 21:27 UTC (permalink / raw)
To: shaggy, brauner, mjguzik, ssrane_b23, jfs-discussion,
linux-kernel
Cc: syzkaller, contact
Good day, dear maintainers,
We found a bug using a modified version of syzkaller.
Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1XWXrj7ZUAS3GWmqvnny_U_mcxR6_AZCL>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!
Best regards,
Sanan Hasanov
ERROR: (device loop2): xtTruncate: xt_getpage: xtree page corrupt
BUG at fs/jfs/jfs_txnmgr.c:529 assert(tblk->next == 0)
------------[ cut here ]------------
kernel BUG at fs/jfs/jfs_txnmgr.c:529!
Oops: invalid opcode: 0000 [#1] SMP KASAN
CPU: 0 UID: 0 PID: 18499 Comm: syz.2.778 Not tainted 7.0.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:txEnd+0x51f/0x530 fs/jfs/jfs_txnmgr.c:529
Code: e9 cc fe ff ff e8 91 9f 81 fe 48 c7 c7 60 5a 6a 8b 48 c7 c6 59 56 6a 8b ba 11 02 00 00 48 c7 c1 a0 5a 6a 8b e8 b2 b4 eb fd 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000c8c73a0 EFLAGS: 00010246
RAX: 0000000000000036 RBX: ffff888061f31800 RCX: b46f4a2b10298c00
RDX: ffffc9001059b000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc9000175fd72 R08: ffff88802bc24813 R09: 1ffff11005784902
R10: dffffc0000000000 R11: ffffed1005784903 R12: 1ffff920002ebfb3
R13: dffffc0000000000 R14: ffffc9000175fd98 R15: 00000000000000c8
FS: 00007faaee6ad6c0(0000) GS:ffff88809b068000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f954d146260 CR3: 00000000515a0000 CR4: 00000000000006f0
Call Trace:
<TASK>
jfs_truncate_nolock+0x2b6/0x340 fs/jfs/inode.c:399
jfs_truncate+0xce/0x140 fs/jfs/inode.c:420
jfs_direct_IO+0x1ef/0x220 fs/jfs/inode.c:350
generic_file_direct_write+0x1d5/0x3e0 mm/filemap.c:4248
__generic_file_write_iter+0xdb/0x180 mm/filemap.c:4417
generic_file_write_iter+0x117/0x540 mm/filemap.c:4457
iter_file_splice_write+0x9e0/0x1180 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0xfb/0x150 fs/splice.c:1159
splice_direct_to_actor+0x4df/0xb90 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x181/0x270 fs/splice.c:1228
do_sendfile+0x4bb/0x7b0 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64 fs/read_write.c:1419 [inline]
__x64_sys_sendfile64+0x1ab/0x200 fs/read_write.c:1419
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7faaed7a3b6d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faaee6ad018 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007faaeda16090 RCX: 00007faaed7a3b6d
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007faaed847c3e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020fffe85 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faaeda16128 R14: 00007faaeda16090 R15: 00007ffcc7e0ce60
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txEnd+0x51f/0x530 fs/jfs/jfs_txnmgr.c:529
Code: e9 cc fe ff ff e8 91 9f 81 fe 48 c7 c7 60 5a 6a 8b 48 c7 c6 59 56 6a 8b ba 11 02 00 00 48 c7 c1 a0 5a 6a 8b e8 b2 b4 eb fd 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000c8c73a0 EFLAGS: 00010246
RAX: 0000000000000036 RBX: ffff888061f31800 RCX: b46f4a2b10298c00
RDX: ffffc9001059b000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc9000175fd72 R08: ffff88802bc24813 R09: 1ffff11005784902
R10: dffffc0000000000 R11: ffffed1005784903 R12: 1ffff920002ebfb3
R13: dffffc0000000000 R14: ffffc9000175fd98 R15: 00000000000000c8
FS: 00007faaee6ad6c0(0000) GS:ffff88809b068000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f954d146260 CR3: 00000000515a0000 CR4: 00000000000006f0
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Oops: invalid opcode: 0000 [#1] SMP KASAN
CPU: 0 UID: 0 PID: 18499 Comm: syz.2.778 Not tainted 7.0.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:txEnd+0x51f/0x530
Code: e9 cc fe ff ff e8 91 9f 81 fe 48 c7 c7 60 5a 6a 8b 48 c7 c6 59 56 6a 8b ba 11 02 00 00 48 c7 c1 a0 5a 6a 8b e8 b2 b4 eb fd 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000c8c73a0 EFLAGS: 00010246
RAX: 0000000000000036 RBX: ffff888061f31800 RCX: b46f4a2b10298c00
RDX: ffffc9001059b000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc9000175fd72 R08: ffff88802bc24813 R09: 1ffff11005784902
R10: dffffc0000000000 R11: ffffed1005784903 R12: 1ffff920002ebfb3
R13: dffffc0000000000 R14: ffffc9000175fd98 R15: 00000000000000c8
FS: 00007faaee6ad6c0(0000) GS:ffff88809b068000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f954d146260 CR3: 00000000515a0000 CR4: 00000000000006f0
Call Trace:
<TASK>
jfs_truncate_nolock+0x2b6/0x340
jfs_truncate+0xce/0x140
jfs_direct_IO+0x1ef/0x220
generic_file_direct_write+0x1d5/0x3e0
__generic_file_write_iter+0xdb/0x180
generic_file_write_iter+0x117/0x540
iter_file_splice_write+0x9e0/0x1180
direct_splice_actor+0xfb/0x150
splice_direct_to_actor+0x4df/0xb90
do_splice_direct+0x181/0x270
do_sendfile+0x4bb/0x7b0
__x64_sys_sendfile64+0x1ab/0x200
do_syscall_64+0x160/0xfc0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7faaed7a3b6d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faaee6ad018 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007faaeda16090 RCX: 00007faaed7a3b6d
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007faaed847c3e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020fffe85 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faaeda16128 R14: 00007faaeda16090 R15: 00007ffcc7e0ce60
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txEnd+0x51f/0x530
Code: e9 cc fe ff ff e8 91 9f 81 fe 48 c7 c7 60 5a 6a 8b 48 c7 c6 59 56 6a 8b ba 11 02 00 00 48 c7 c1 a0 5a 6a 8b e8 b2 b4 eb fd 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000c8c73a0 EFLAGS: 00010246
RAX: 0000000000000036 RBX: ffff888061f31800 RCX: b46f4a2b10298c00
RDX: ffffc9001059b000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc9000175fd72 R08: ffff88802bc24813 R09: 1ffff11005784902
R10: dffffc0000000000 R11: ffffed1005784903 R12: 1ffff920002ebfb3
R13: dffffc0000000000 R14: ffffc9000175fd98 R15: 00000000000000c8
FS: 00007faaee6ad6c0(0000) GS:ffff88809b068000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f954d146260 CR3: 00000000515a0000 CR4: 00000000000006f0
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-26 21:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-26 21:27 kernel BUG in txEnd sanan.hasanou
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.