[v5.15] kernel BUG in do_journal_release
0 views
Skip to first unread message
syzbot
Apr 16, 2023, 9:56:42 AM4/16/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4fdad925aa1a Linux 5.15.107
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11c10760280000
kernel config: https://syzkaller.appspot.com/x/.config?x=d9bc1b227ee6c412
dashboard link: https://syzkaller.appspot.com/bug?extid=1f89fb1e4759f8777b9e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6a7f3b0f6a27/disk-4fdad925.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/db34418039b7/vmlinux-4fdad925.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4e96525a950a/bzImage-4fdad925.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1f89fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1913!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3639 Comm: syz-executor.2 Not tainted 5.15.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
RIP: 0010:do_journal_release+0x4c1/0x4d0 fs/reiserfs/journal.c:1913
Code: fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fd ff ff 48 89 df e8 3e 3f b9 ff e9 23 fd ff ff e8 f4 34 07 08 e8 4f e8 6f ff <0f> 0b e8 48 e8 6f ff 0f 0b 66 0f 1f 44 00 00 41 57 41 56 53 49 89
RSP: 0018:ffffc90002ecfb60 EFLAGS: 00010293
RAX: ffffffff820fd261 RBX: 0000000000000000 RCX: ffff88807b828000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002ecfc58 R08: ffffffff820fcefd R09: ffffc90002ecfba0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88806aafc000 R14: 1ffff920005d9f70 R15: 1ffff1100d55f8cf
FS: 0000555555d15400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001140 CR3: 0000000076ba6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
journal_release+0x1b/0x30 fs/reiserfs/journal.c:1968
reiserfs_put_super+0x237/0x4b0 fs/reiserfs/super.c:616
generic_shutdown_super+0x136/0x2c0 fs/super.c:475
kill_block_super+0x7a/0xe0 fs/super.c:1405
deactivate_locked_super+0xa0/0x110 fs/super.c:335
cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
task_work_run+0x129/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f6f57f085d7
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffea1af6be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6f57f085d7
RDX: 00007ffea1af6cbc RSI: 000000000000000a RDI: 00007ffea1af6cb0
RBP: 00007ffea1af6cb0 R08: 00000000ffffffff R09: 00007ffea1af6a80
R10: 0000555555d168b3 R11: 0000000000000246 R12: 00007f6f57f61cdc
R13: 00007ffea1af7d70 R14: 0000555555d16810 R15: 00007ffea1af7db0
</TASK>
Modules linked in:
---[ end trace d79c534eb503b52d ]---
RIP: 0010:do_journal_release+0x4c1/0x4d0 fs/reiserfs/journal.c:1913
Code: fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fd ff ff 48 89 df e8 3e 3f b9 ff e9 23 fd ff ff e8 f4 34 07 08 e8 4f e8 6f ff <0f> 0b e8 48 e8 6f ff 0f 0b 66 0f 1f 44 00 00 41 57 41 56 53 49 89
RSP: 0018:ffffc90002ecfb60 EFLAGS: 00010293
RAX: ffffffff820fd261 RBX: 0000000000000000 RCX: ffff88807b828000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002ecfc58 R08: ffffffff820fcefd R09: ffffc90002ecfba0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88806aafc000 R14: 1ffff920005d9f70 R15: 1ffff1100d55f8cf
FS: 0000555555d15400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd62a5a2cc CR3: 0000000076ba6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 4fdad925aa1a Linux 5.15.107
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11c10760280000
kernel config: https://syzkaller.appspot.com/x/.config?x=d9bc1b227ee6c412
dashboard link: https://syzkaller.appspot.com/bug?extid=1f89fb1e4759f8777b9e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6a7f3b0f6a27/disk-4fdad925.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/db34418039b7/vmlinux-4fdad925.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4e96525a950a/bzImage-4fdad925.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1f89fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1913!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3639 Comm: syz-executor.2 Not tainted 5.15.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
RIP: 0010:do_journal_release+0x4c1/0x4d0 fs/reiserfs/journal.c:1913
Code: fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fd ff ff 48 89 df e8 3e 3f b9 ff e9 23 fd ff ff e8 f4 34 07 08 e8 4f e8 6f ff <0f> 0b e8 48 e8 6f ff 0f 0b 66 0f 1f 44 00 00 41 57 41 56 53 49 89
RSP: 0018:ffffc90002ecfb60 EFLAGS: 00010293
RAX: ffffffff820fd261 RBX: 0000000000000000 RCX: ffff88807b828000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002ecfc58 R08: ffffffff820fcefd R09: ffffc90002ecfba0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88806aafc000 R14: 1ffff920005d9f70 R15: 1ffff1100d55f8cf
FS: 0000555555d15400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001140 CR3: 0000000076ba6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
journal_release+0x1b/0x30 fs/reiserfs/journal.c:1968
reiserfs_put_super+0x237/0x4b0 fs/reiserfs/super.c:616
generic_shutdown_super+0x136/0x2c0 fs/super.c:475
kill_block_super+0x7a/0xe0 fs/super.c:1405
deactivate_locked_super+0xa0/0x110 fs/super.c:335
cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
task_work_run+0x129/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f6f57f085d7
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffea1af6be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6f57f085d7
RDX: 00007ffea1af6cbc RSI: 000000000000000a RDI: 00007ffea1af6cb0
RBP: 00007ffea1af6cb0 R08: 00000000ffffffff R09: 00007ffea1af6a80
R10: 0000555555d168b3 R11: 0000000000000246 R12: 00007f6f57f61cdc
R13: 00007ffea1af7d70 R14: 0000555555d16810 R15: 00007ffea1af7db0
</TASK>
Modules linked in:
---[ end trace d79c534eb503b52d ]---
RIP: 0010:do_journal_release+0x4c1/0x4d0 fs/reiserfs/journal.c:1913
Code: fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fd ff ff 48 89 df e8 3e 3f b9 ff e9 23 fd ff ff e8 f4 34 07 08 e8 4f e8 6f ff <0f> 0b e8 48 e8 6f ff 0f 0b 66 0f 1f 44 00 00 41 57 41 56 53 49 89
RSP: 0018:ffffc90002ecfb60 EFLAGS: 00010293
RAX: ffffffff820fd261 RBX: 0000000000000000 RCX: ffff88807b828000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002ecfc58 R08: ffffffff820fcefd R09: ffffc90002ecfba0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff88806aafc000 R14: 1ffff920005d9f70 R15: 1ffff1100d55f8cf
FS: 0000555555d15400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd62a5a2cc CR3: 0000000076ba6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 27, 2023, 12:10:50 PM5/27/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1221fdd5280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10477d1e280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143f1a25280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/ea0f96f5680a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1f89fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1913!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4006 Comm: syz-executor165 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
lr : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
sp : ffff80001cbb76e0
x29: ffff80001cbb7780 x28: 1ffff0000291ba9d x27: 1fffe0001b04b8cf
x26: dfff800000000000 x25: ffff700003976edc x24: ffff800020e39000
x23: 0000000000000000 x22: ffff80001cbb7840 x21: ffff80001cbb7700
x20: ffff0000d825c678 x19: ffff0000d825c000 x18: 1ffff000041c7205
x17: ff808000086d644c x16: ffff8000088c7d88 x15: ffff8000086d644c
x14: 1ffff0000291c06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800008cdf2bc x10: 0000000000000000 x9 : ffff800008cdf2bc
x8 : ffff0000d5621b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000030
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
journal_release+0x2c/0x40 fs/reiserfs/journal.c:1968
reiserfs_put_super+0x204/0x444 fs/reiserfs/super.c:616
generic_shutdown_super+0x130/0x29c fs/super.c:475
kill_block_super+0x70/0xdc fs/super.c:1405
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:597
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97efa1a7 17ffff58 95c92d75 97df8f91 (d4210000)
---[ end trace a4f7e21ebcac76f7 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1221fdd5280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
dashboard link: https://syzkaller.appspot.com/bug?extid=1f89fb1e4759f8777b9e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10477d1e280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143f1a25280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/ea0f96f5680a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1f89fb...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1913!
Modules linked in:
CPU: 0 PID: 4006 Comm: syz-executor165 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
lr : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
sp : ffff80001cbb76e0
x29: ffff80001cbb7780 x28: 1ffff0000291ba9d x27: 1fffe0001b04b8cf
x26: dfff800000000000 x25: ffff700003976edc x24: ffff800020e39000
x23: 0000000000000000 x22: ffff80001cbb7840 x21: ffff80001cbb7700
x20: ffff0000d825c678 x19: ffff0000d825c000 x18: 1ffff000041c7205
x17: ff808000086d644c x16: ffff8000088c7d88 x15: ffff8000086d644c
x14: 1ffff0000291c06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800008cdf2bc x10: 0000000000000000 x9 : ffff800008cdf2bc
x8 : ffff0000d5621b40 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000030
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1913
journal_release+0x2c/0x40 fs/reiserfs/journal.c:1968
reiserfs_put_super+0x204/0x444 fs/reiserfs/super.c:616
generic_shutdown_super+0x130/0x29c fs/super.c:475
kill_block_super+0x70/0xdc fs/super.c:1405
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:597
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97efa1a7 17ffff58 95c92d75 97df8f91 (d4210000)
---[ end trace a4f7e21ebcac76f7 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 27, 2023, 1:26:50 PM5/27/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a343b0dd87b4 Linux 6.1.30
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=148f0d36280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8ec86bd749598dca
dashboard link: https://syzkaller.appspot.com/bug?extid=6246353b693e49209e6a
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10277d1e280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/aebc00d6f042/disk-a343b0dd.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ff0321ebb5a/vmlinux-a343b0dd.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c928974a56d6/Image-a343b0dd.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/3989466f2eef/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+624635...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1916!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4240 Comm: syz-executor394 Not tainted 6.1.30-syzkaller #0
lr : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1916
sp : ffff80001da57660
x29: ffff80001da57700 x28: 1ffff00002ab5aa9 x27: 1fffe000185ed8cf
x26: dfff800000000000 x25: ffff700003b4aecc x24: ffff80001ec5e000
x23: 0000000000000000 x22: ffff80001da577c0 x21: ffff80001da57680
x20: ffff0000c2f6c678 x19: ffff0000c2f6c000 x18: 1ffff00003d8bc05
x17: ffff8000155ad000 x16: ffff80001204ac00 x15: 0000000000000000
x14: 1ffff00002ab60b0 x13: dfff800000000000 x12: 0000000000000007
x11: ff80800008da43f0 x10: 0000000000000000 x9 : ffff800008da43f0
x8 : ffff0000d8309bc0 x7 : 0000000000000000 x6 : 0000000000000000
journal_release+0x2c/0x40 fs/reiserfs/journal.c:1971
reiserfs_put_super+0x204/0x444 fs/reiserfs/super.c:616
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2144/0x3470 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 97ef22ff 17ffff58 95c61394 97dd57e6 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a343b0dd87b4 Linux 6.1.30
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=148f0d36280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8ec86bd749598dca
dashboard link: https://syzkaller.appspot.com/bug?extid=6246353b693e49209e6a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1321b31e280000
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10277d1e280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/aebc00d6f042/disk-a343b0dd.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7ff0321ebb5a/vmlinux-a343b0dd.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c928974a56d6/Image-a343b0dd.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/3989466f2eef/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:1916!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4240 Comm: syz-executor394 Not tainted 6.1.30-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1916
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
lr : do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1916
sp : ffff80001da57660
x29: ffff80001da57700 x28: 1ffff00002ab5aa9 x27: 1fffe000185ed8cf
x26: dfff800000000000 x25: ffff700003b4aecc x24: ffff80001ec5e000
x23: 0000000000000000 x22: ffff80001da577c0 x21: ffff80001da57680
x20: ffff0000c2f6c678 x19: ffff0000c2f6c000 x18: 1ffff00003d8bc05
x17: ffff8000155ad000 x16: ffff80001204ac00 x15: 0000000000000000
x14: 1ffff00002ab60b0 x13: dfff800000000000 x12: 0000000000000007
x11: ff80800008da43f0 x10: 0000000000000000 x9 : ffff800008da43f0
x8 : ffff0000d8309bc0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000030
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
do_journal_release+0x448/0x454 fs/reiserfs/journal.c:1916
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
journal_release+0x2c/0x40 fs/reiserfs/journal.c:1971
reiserfs_put_super+0x204/0x444 fs/reiserfs/super.c:616
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1450
reiserfs_kill_sb+0x134/0x14c fs/reiserfs/super.c:570
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2144/0x3470 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 97ef22ff 17ffff58 95c61394 97dd57e6 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages