[v6.1] kernel BUG in do_journal_end
2 views
Skip to first unread message
syzbot
Apr 5, 2023, 4:02:42 AM4/5/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10b19d69c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=ab3d06e305d316217708
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ab3d06...@syzkaller.appspotmail.com
REISERFS panic (device loop2): journal-2332 do_journal_end: Trying to log block 531, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4364 Comm: syz-executor.2 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001dbe73c0
x29: ffff80001dbe7480 x28: 1ffff00006946009 x27: ffff000128ea4678
x26: 0000000000000213 x25: ffff00013399004a x24: ffff80001dbe7440
x23: ffff80001dbe7400 x22: ffff800012336180 x21: ffff000128ea4000
x20: ffff800012336160 x19: ffff800014cc3243 x18: 0000000000000150
x17: ffff80019f104000 x16: ffff8000120d9934 x15: 0000000000000000
x14: 1ffff00002ab00b0 x13: dfff800000000000 x12: 0000000000000001
x11: ff80800008343f10 x10: 0000000000000000 x9 : f9470d6871a48500
x8 : f9470d6871a48500 x7 : ffff80000827b520 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aa673ec
x2 : ffff0001b45d5cd0 x1 : 0000000100000000 x0 : 0000000000000069
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
do_journal_end+0x3a50/0x3c6c fs/reiserfs/journal.c:4151
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3537
reiserfs_sync_fs+0xd4/0x150 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x328 fs/super.c:474
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2144/0x3470 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 90084de5 911d00a5 aa1303e4 95c6ced8 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10b19d69c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=ab3d06e305d316217708
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ab3d06...@syzkaller.appspotmail.com
REISERFS panic (device loop2): journal-2332 do_journal_end: Trying to log block 531, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4364 Comm: syz-executor.2 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001dbe73c0
x29: ffff80001dbe7480 x28: 1ffff00006946009 x27: ffff000128ea4678
x26: 0000000000000213 x25: ffff00013399004a x24: ffff80001dbe7440
x23: ffff80001dbe7400 x22: ffff800012336180 x21: ffff000128ea4000
x20: ffff800012336160 x19: ffff800014cc3243 x18: 0000000000000150
x17: ffff80019f104000 x16: ffff8000120d9934 x15: 0000000000000000
x14: 1ffff00002ab00b0 x13: dfff800000000000 x12: 0000000000000001
x11: ff80800008343f10 x10: 0000000000000000 x9 : f9470d6871a48500
x8 : f9470d6871a48500 x7 : ffff80000827b520 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aa673ec
x2 : ffff0001b45d5cd0 x1 : 0000000100000000 x0 : 0000000000000069
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
do_journal_end+0x3a50/0x3c6c fs/reiserfs/journal.c:4151
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3537
reiserfs_sync_fs+0xd4/0x150 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x328 fs/super.c:474
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2144/0x3470 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 90084de5 911d00a5 aa1303e4 95c6ced8 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 5, 2023, 1:11:44 PM4/5/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d86dfc4d95cd Linux 5.15.106
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1119f6d9c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=dca379fe384dda80
dashboard link: https://syzkaller.appspot.com/bug?extid=3613ace77ebf88fb2c83
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c159eb4fcae/disk-d86dfc4d.raw.xz
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/5f50187f87c7/vmlinux-d86dfc4d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f787f3f09c09/bzImage-d86dfc4d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
REISERFS panic (device loop1): journal-003 check_journal_end: j_start (260) is too high
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
kernel BUG at fs/reiserfs/prints.c:390!
CPU: 0 PID: 18264 Comm: syz-executor.1 Not tainted 5.15.106-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
RIP: 0010:__reiserfs_panic+0x13a/0x140 fs/reiserfs/prints.c:390
Code: c7 c1 80 17 9b 8a 48 0f 44 c8 48 0f 44 d8 48 c7 c7 40 18 9b 8a 4c 89 fe 48 89 da 4d 89 f0 49 c7 c1 a0 43 4d 91 e8 af 1f 09 08 <0f> 0b 0f 1f 40 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4
RSP: 0018:ffffc9000590f540 EFLAGS: 00010246
RAX: 0000000000000057 RBX: ffffffff8a9b6520 RCX: cbe440508a177100
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc9000590f640 R08: ffffffff816612ec R09: ffffed10173467a0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8a9b6540
R13: ffffc9000590f560 R14: ffffffff8c15a269 R15: ffff888077ba86a8
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2dc803d058 CR3: 00000000227ea000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_journal_end fs/reiserfs/journal.c:3713 [inline]
do_journal_end+0x45b2/0x4650 fs/reiserfs/journal.c:4038
reiserfs_sync_fs+0xca/0x140 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x220 fs/sync.c:56
generic_shutdown_super+0x6e/0x2c0 fs/super.c:448
kill_block_super+0x7a/0xe0 fs/super.c:1405
deactivate_locked_super+0xa0/0x110 fs/super.c:335
cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
task_work_run+0x129/0x1a0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x6a3/0x2480 kernel/exit.c:872
do_group_exit+0x144/0x310 kernel/exit.c:994
get_signal+0xc66/0x14e0 kernel/signal.c:2889
arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:865
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
ret_from_fork+0x15/0x30 arch/x86/entry/entry_64.S:291
RIP: 0033:0x7efd79648169
Code: Unable to access opcode bytes at RIP 0x7efd7964813f.
RSP: 002b:00007efd77bba118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: 0000000000000000 RBX: 00007efd79767f80 RCX: 00007efd79648169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007efd796a3ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdbb332cef R14: 00007efd77bba300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 80ce0ed61deb582f ]---
RIP: 0010:__reiserfs_panic+0x13a/0x140 fs/reiserfs/prints.c:390
Code: c7 c1 80 17 9b 8a 48 0f 44 c8 48 0f 44 d8 48 c7 c7 40 18 9b 8a 4c 89 fe 48 89 da 4d 89 f0 49 c7 c1 a0 43 4d 91 e8 af 1f 09 08 <0f> 0b 0f 1f 40 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4
RSP: 0018:ffffc9000590f540 EFLAGS: 00010246
RAX: 0000000000000057 RBX: ffffffff8a9b6520 RCX: cbe440508a177100
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc9000590f640 R08: ffffffff816612ec R09: ffffed10173467a0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8a9b6540
R13: ffffc9000590f560 R14: ffffffff8c15a269 R15: ffff888077ba86a8
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2dc803d058 CR3: 00000000227ea000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
syzbot
May 22, 2023, 8:26:51 AM5/22/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13a1b5ee280000
kernel config: https://syzkaller.appspot.com/x/.config?x=508f7a387ef8f82b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1586d65a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176fc7d6280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a8ab2bd416bb/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c358e3d58bb2/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c82319bbaeb8/Image-9d6bde85.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/4d57066948eb/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3613ac...@syzkaller.appspotmail.com
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 531, which is a log block
Modules linked in:
CPU: 1 PID: 3967 Comm: syz-executor274 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
x29: ffff80001afd7650 x28: ffff0000c959e678 x27: 0000000000000001
x26: 0000000000000213 x25: 1ffff00003451809 x24: ffff80001afd7600
x23: ffff80001afd75c0 x22: ffff800011b8db60 x21: ffff0000c959e000
x20: ffff800011b8db40 x19: ffff80001401cc9d x18: 0000000000000001
x17: ff80800008335ea8 x16: ffff80001194786c x15: ffff800008335ea8
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832d950 x10: 0000000000000000 x9 : 46127c5bf9a5af00
x8 : 46127c5bf9a5af00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001afd6cf8 x4 : ffff8000149afce0 x3 : ffff80000a952400
x2 : ffff0001b481ed10 x1 : 0000000100000000 x0 : 0000000000000069
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3533
kill_block_super+0x70/0xdc fs/super.c:1405
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x688/0x2134 kernel/exit.c:872
do_group_exit+0x110/0x268 kernel/exit.c:994
__do_sys_exit_group kernel/exit.c:1005 [inline]
__se_sys_exit_group kernel/exit.c:1003 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1003
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f007c165 912800a5 aa1303e4 95c9b605 (d4210000)
---[ end trace 3b0b08f564e84e41 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13a1b5ee280000
kernel config: https://syzkaller.appspot.com/x/.config?x=508f7a387ef8f82b
dashboard link: https://syzkaller.appspot.com/bug?extid=3613ace77ebf88fb2c83
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1586d65a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176fc7d6280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a8ab2bd416bb/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c358e3d58bb2/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c82319bbaeb8/Image-9d6bde85.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/4d57066948eb/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3613ac...@syzkaller.appspotmail.com
REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 531, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
kernel BUG at fs/reiserfs/prints.c:390!
Modules linked in:
CPU: 1 PID: 3967 Comm: syz-executor274 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001afd7580
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
x29: ffff80001afd7650 x28: ffff0000c959e678 x27: 0000000000000001
x26: 0000000000000213 x25: 1ffff00003451809 x24: ffff80001afd7600
x23: ffff80001afd75c0 x22: ffff800011b8db60 x21: ffff0000c959e000
x20: ffff800011b8db40 x19: ffff80001401cc9d x18: 0000000000000001
x17: ff80800008335ea8 x16: ffff80001194786c x15: ffff800008335ea8
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832d950 x10: 0000000000000000 x9 : 46127c5bf9a5af00
x8 : 46127c5bf9a5af00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001afd6cf8 x4 : ffff8000149afce0 x3 : ffff80000a952400
x2 : ffff0001b481ed10 x1 : 0000000100000000 x0 : 0000000000000069
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
do_journal_end+0x39b0/0x3c50 fs/reiserfs/journal.c:4147
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3533
reiserfs_sync_fs+0xd4/0x150 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x29c fs/super.c:448
sync_filesystem+0xe8/0x218 fs/sync.c:56
kill_block_super+0x70/0xdc fs/super.c:1405
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x688/0x2134 kernel/exit.c:872
do_group_exit+0x110/0x268 kernel/exit.c:994
__do_sys_exit_group kernel/exit.c:1005 [inline]
__se_sys_exit_group kernel/exit.c:1003 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1003
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f007c165 912800a5 aa1303e4 95c9b605 (d4210000)
---[ end trace 3b0b08f564e84e41 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 22, 2023, 8:44:49 AM5/22/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10daa786280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15e51d91280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/53e4da6b145c/disk-fa74641f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/adeb1a2cfa86/vmlinux-fa74641f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c976f1155d08/Image-fa74641f.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/ef4ed0f4c534/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ab3d06...@syzkaller.appspotmail.com
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
x29: ffff80001dac7560 x28: 1ffff00003b2d609 x27: ffff0000d7a40678
x26: 0000000000000213 x25: ffff0000e041704a x24: ffff80001dac7520
x23: ffff80001dac74e0 x22: ffff800012356680 x21: ffff0000d7a40000
x20: ffff800012356660 x19: ffff800014ce6753 x18: ffff80001dac6a00
x17: 69797254203a646e x16: ffff80001203a900 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800008346658 x10: 0000000000000000 x9 : 1f163c643857dc00
x8 : 1f163c643857dc00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dac6db8 x4 : ffff800015682b20 x3 : ffff80000834f4d4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000069
do_exit+0x554/0x1a88 kernel/exit.c:869
do_group_exit+0x194/0x22c kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1028
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
HEAD commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10daa786280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
dashboard link: https://syzkaller.appspot.com/bug?extid=ab3d06e305d316217708
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124c0e86280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15e51d91280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/53e4da6b145c/disk-fa74641f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/adeb1a2cfa86/vmlinux-fa74641f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c976f1155d08/Image-fa74641f.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/ef4ed0f4c534/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ab3d06...@syzkaller.appspotmail.com
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 531, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4218 Comm: syz-executor412 Not tainted 6.1.29-syzkaller #0
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001dac74a0
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
x29: ffff80001dac7560 x28: 1ffff00003b2d609 x27: ffff0000d7a40678
x26: 0000000000000213 x25: ffff0000e041704a x24: ffff80001dac7520
x23: ffff80001dac74e0 x22: ffff800012356680 x21: ffff0000d7a40000
x20: ffff800012356660 x19: ffff800014ce6753 x18: ffff80001dac6a00
x17: 69797254203a646e x16: ffff80001203a900 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800008346658 x10: 0000000000000000 x9 : 1f163c643857dc00
x8 : 1f163c643857dc00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dac6db8 x4 : ffff800015682b20 x3 : ffff80000834f4d4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000069
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
do_journal_end+0x3a50/0x3c6c fs/reiserfs/journal.c:4151
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3537
reiserfs_sync_fs+0xd4/0x150 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x328 fs/super.c:474
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
do_journal_end+0x3a50/0x3c6c fs/reiserfs/journal.c:4151
journal_end_sync+0x164/0x1d0 fs/reiserfs/journal.c:3537
reiserfs_sync_fs+0xd4/0x150 fs/reiserfs/super.c:78
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x328 fs/super.c:474
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
do_exit+0x554/0x1a88 kernel/exit.c:869
do_group_exit+0x194/0x22c kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1028
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: b0084ea5 912200a5 aa1303e4 95c6836b (d4210000)
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---[ end trace 0000000000000000 ]---
---
---
Reply all
Reply to author
Forward
0 new messages