kernel BUG at fs/reiserfs/prints.c:LINE!
10 views
Skip to first unread message
syzbot
Oct 5, 2020, 3:49:17 PM10/5/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b09c3451 Linux 4.19.149
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=170e804f900000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7c6dfb55644e8fd
dashboard link: https://syzkaller.appspot.com/bug?extid=2074595117326f7b9e5a
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b000e7900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15d7b78f900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+207459...@syzkaller.appspotmail.com
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 6500 Comm: syz-executor804 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__reiserfs_panic.cold+0x37/0x99 fs/reiserfs/prints.c:390
Code: 1a 88 74 79 e8 df 97 88 ff 4c 89 e9 4c 89 f2 4c 89 e6 49 c7 c0 c0 2b 39 8d 48 c7 c7 60 ae 1a 88 e8 72 13 72 ff e8 be 97 88 ff <0f> 0b 48 c7 c7 80 17 9f 89 e8 20 e3 cc 01 e8 ab 97 88 ff 4d 85 e4
RSP: 0018:ffff888089377a60 EFLAGS: 00010293
RAX: ffff88808ba18280 RBX: ffff8880a452e200 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81e93aa2 RDI: ffffed101126ef3e
RBP: ffff888089377b30 R08: 000000000000006a R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff881b1720
R13: ffffffff881b2000 R14: ffffffff881aaca0 R15: 000000000000201a
FS: 0000000000d1c880(0000) GS:ffff8880ae300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557becf6c198 CR3: 000000008f437000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_journal_end+0x3ef1/0x48c0 fs/reiserfs/journal.c:4149
reiserfs_sync_fs+0xf8/0x120 fs/reiserfs/super.c:78
__sync_filesystem fs/sync.c:39 [inline]
sync_filesystem+0x105/0x250 fs/sync.c:64
generic_shutdown_super+0x70/0x370 fs/super.c:442
kill_block_super+0x97/0xf0 fs/super.c:1185
deactivate_locked_super+0x8c/0x100 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1da/0x300 fs/namespace.c:1098
task_work_run+0x141/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448177
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff5c6b2098 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007fff5c6b3210 RCX: 0000000000448177
RDX: 0000000000400bb0 RSI: 0000000000000002 RDI: 00007fff5c6b2140
RBP: 000000000001a6ae R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000206 R12: 00007fff5c6b31b0
R13: 0000000000d1d880 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 621bfb9ad307c468 ]---
RIP: 0010:__reiserfs_panic.cold+0x37/0x99 fs/reiserfs/prints.c:390
Code: 1a 88 74 79 e8 df 97 88 ff 4c 89 e9 4c 89 f2 4c 89 e6 49 c7 c0 c0 2b 39 8d 48 c7 c7 60 ae 1a 88 e8 72 13 72 ff e8 be 97 88 ff <0f> 0b 48 c7 c7 80 17 9f 89 e8 20 e3 cc 01 e8 ab 97 88 ff 4d 85 e4
RSP: 0018:ffff888089377a60 EFLAGS: 00010293
RAX: ffff88808ba18280 RBX: ffff8880a452e200 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81e93aa2 RDI: ffffed101126ef3e
RBP: ffff888089377b30 R08: 000000000000006a R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff881b1720
R13: ffffffff881b2000 R14: ffffffff881aaca0 R15: 000000000000201a
FS: 0000000000d1c880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564511ef8970 CR3: 000000008f437000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: b09c3451 Linux 4.19.149
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=170e804f900000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7c6dfb55644e8fd
dashboard link: https://syzkaller.appspot.com/bug?extid=2074595117326f7b9e5a
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b000e7900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15d7b78f900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+207459...@syzkaller.appspotmail.com
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 6500 Comm: syz-executor804 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__reiserfs_panic.cold+0x37/0x99 fs/reiserfs/prints.c:390
Code: 1a 88 74 79 e8 df 97 88 ff 4c 89 e9 4c 89 f2 4c 89 e6 49 c7 c0 c0 2b 39 8d 48 c7 c7 60 ae 1a 88 e8 72 13 72 ff e8 be 97 88 ff <0f> 0b 48 c7 c7 80 17 9f 89 e8 20 e3 cc 01 e8 ab 97 88 ff 4d 85 e4
RSP: 0018:ffff888089377a60 EFLAGS: 00010293
RAX: ffff88808ba18280 RBX: ffff8880a452e200 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81e93aa2 RDI: ffffed101126ef3e
RBP: ffff888089377b30 R08: 000000000000006a R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff881b1720
R13: ffffffff881b2000 R14: ffffffff881aaca0 R15: 000000000000201a
FS: 0000000000d1c880(0000) GS:ffff8880ae300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557becf6c198 CR3: 000000008f437000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_journal_end+0x3ef1/0x48c0 fs/reiserfs/journal.c:4149
reiserfs_sync_fs+0xf8/0x120 fs/reiserfs/super.c:78
__sync_filesystem fs/sync.c:39 [inline]
sync_filesystem+0x105/0x250 fs/sync.c:64
generic_shutdown_super+0x70/0x370 fs/super.c:442
kill_block_super+0x97/0xf0 fs/super.c:1185
deactivate_locked_super+0x8c/0x100 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1da/0x300 fs/namespace.c:1098
task_work_run+0x141/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448177
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff5c6b2098 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007fff5c6b3210 RCX: 0000000000448177
RDX: 0000000000400bb0 RSI: 0000000000000002 RDI: 00007fff5c6b2140
RBP: 000000000001a6ae R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000206 R12: 00007fff5c6b31b0
R13: 0000000000d1d880 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 621bfb9ad307c468 ]---
RIP: 0010:__reiserfs_panic.cold+0x37/0x99 fs/reiserfs/prints.c:390
Code: 1a 88 74 79 e8 df 97 88 ff 4c 89 e9 4c 89 f2 4c 89 e6 49 c7 c0 c0 2b 39 8d 48 c7 c7 60 ae 1a 88 e8 72 13 72 ff e8 be 97 88 ff <0f> 0b 48 c7 c7 80 17 9f 89 e8 20 e3 cc 01 e8 ab 97 88 ff 4d 85 e4
RSP: 0018:ffff888089377a60 EFLAGS: 00010293
RAX: ffff88808ba18280 RBX: ffff8880a452e200 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81e93aa2 RDI: ffffed101126ef3e
RBP: ffff888089377b30 R08: 000000000000006a R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff881b1720
R13: ffffffff881b2000 R14: ffffffff881aaca0 R15: 000000000000201a
FS: 0000000000d1c880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564511ef8970 CR3: 000000008f437000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Feb 20, 2021, 8:39:07 AM2/20/21
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit b8590c82b3ccf9fb4d9f0b0b097be10736869333
Author: Rustam Kovhaev <rkov...@gmail.com>
Date: Sun Nov 1 14:09:58 2020 +0000
reiserfs: add check for an invalid ih_entry_count
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17bc2c12d00000
start commit: 31acccdc Linux 4.19.157
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=1f604e014c43fe09
dashboard link: https://syzkaller.appspot.com/bug?extid=2074595117326f7b9e5a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1651a2a1500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1213399a500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: reiserfs: add check for an invalid ih_entry_count
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit b8590c82b3ccf9fb4d9f0b0b097be10736869333
Author: Rustam Kovhaev <rkov...@gmail.com>
Date: Sun Nov 1 14:09:58 2020 +0000
reiserfs: add check for an invalid ih_entry_count
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17bc2c12d00000
start commit: 31acccdc Linux 4.19.157
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=1f604e014c43fe09
dashboard link: https://syzkaller.appspot.com/bug?extid=2074595117326f7b9e5a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1651a2a1500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1213399a500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: reiserfs: add check for an invalid ih_entry_count
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages