WARNING in reiserfs_kill_sb
4 views
Skip to first unread message
syzbot
Aug 29, 2019, 4:52:06 PM8/29/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1116405c600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
dashboard link: https://syzkaller.appspot.com/bug?extid=996a978b69c2473b4253
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+996a97...@syzkaller.appspotmail.com
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node_trace+0x280/0x770 mm/slab.c:3659
------------[ cut here ]------------
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3696
WARNING: CPU: 0 PID: 26673 at fs/super.c:1163 kill_block_super+0xc9/0xf0
fs/super.c:1163
Kernel panic - not syncing: panic_on_warn set ...
__kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:137
__alloc_skb+0xcf/0x500 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:980 [inline]
kobject_uevent_env+0x781/0xc23 lib/kobject_uevent.c:479
kobject_uevent+0x20/0x26 lib/kobject_uevent.c:553
loop_set_fd drivers/block/loop.c:938 [inline]
lo_ioctl+0x11e7/0x1ce0 drivers/block/loop.c:1407
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x96b/0x1860 block/ioctl.c:594
block_ioctl+0xde/0x120 fs/block_dev.c:1881
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4596e7
RSP: 002b:00007f833213da88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004596e7
RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000004c8aed R14: 00000000004dfa30 R15: 0000000000000003
CPU: 0 PID: 26673 Comm: syz-executor.2 Not tainted 4.14.141 #37
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
REISERFS warning (device loop4): super-6508 reiserfs_parse_options: bad
value 0x0002ca0000000000 for -ocommit
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:kill_block_super+0xc9/0xf0 fs/super.c:1163
RSP: 0018:ffff88809a58fb70 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90007651000
RDX: 0000000000040000 RSI: ffffffff818dec19 RDI: ffff88808824dc60
RBP: ffff88809a58fb88 R08: ffff888062016100 R09: 0000000000000001
R10: 0000000000000000 R11: ffff888062016100 R12: ffff888075712b00
kobject: 'loop0' (ffff8880632faae0): kobject_uevent_env
R13: ffff88808824d8c0 R14: ffff888075712b00 R15: dffffc0000000000
reiserfs_kill_sb+0x17c/0x1e0 fs/reiserfs/super.c:570
kobject: 'loop0' (ffff8880632faae0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
deactivate_locked_super+0x74/0xe0 fs/super.c:319
sget_userns+0x9d9/0xc30 fs/super.c:537
sget+0xd6/0x120 fs/super.c:572
mount_bdev+0xd5/0x370 fs/super.c:1107
get_super_block+0x35/0x40 fs/reiserfs/super.c:2605
mount_fs+0x97/0x2a1 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c2ca
RSP: 002b:00007f40b0163a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f40b0163b40 RCX: 000000000045c2ca
RDX: 00007f40b0163ae0 RSI: 00000000200005c0 RDI: 00007f40b0163b00
RBP: 0000000000000000 R08: 00007f40b0163b40 R09: 00007f40b0163ae0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
R13: 00000000004c8aed R14: 00000000004dfa30 R15: 0000000000000003
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1116405c600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
dashboard link: https://syzkaller.appspot.com/bug?extid=996a978b69c2473b4253
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+996a97...@syzkaller.appspotmail.com
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node_trace+0x280/0x770 mm/slab.c:3659
------------[ cut here ]------------
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3696
WARNING: CPU: 0 PID: 26673 at fs/super.c:1163 kill_block_super+0xc9/0xf0
fs/super.c:1163
Kernel panic - not syncing: panic_on_warn set ...
__kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:137
__alloc_skb+0xcf/0x500 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:980 [inline]
kobject_uevent_env+0x781/0xc23 lib/kobject_uevent.c:479
kobject_uevent+0x20/0x26 lib/kobject_uevent.c:553
loop_set_fd drivers/block/loop.c:938 [inline]
lo_ioctl+0x11e7/0x1ce0 drivers/block/loop.c:1407
__blkdev_driver_ioctl block/ioctl.c:297 [inline]
blkdev_ioctl+0x96b/0x1860 block/ioctl.c:594
block_ioctl+0xde/0x120 fs/block_dev.c:1881
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4596e7
RSP: 002b:00007f833213da88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004596e7
RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000004c8aed R14: 00000000004dfa30 R15: 0000000000000003
CPU: 0 PID: 26673 Comm: syz-executor.2 Not tainted 4.14.141 #37
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
REISERFS warning (device loop4): super-6508 reiserfs_parse_options: bad
value 0x0002ca0000000000 for -ocommit
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:kill_block_super+0xc9/0xf0 fs/super.c:1163
RSP: 0018:ffff88809a58fb70 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90007651000
RDX: 0000000000040000 RSI: ffffffff818dec19 RDI: ffff88808824dc60
RBP: ffff88809a58fb88 R08: ffff888062016100 R09: 0000000000000001
R10: 0000000000000000 R11: ffff888062016100 R12: ffff888075712b00
kobject: 'loop0' (ffff8880632faae0): kobject_uevent_env
R13: ffff88808824d8c0 R14: ffff888075712b00 R15: dffffc0000000000
reiserfs_kill_sb+0x17c/0x1e0 fs/reiserfs/super.c:570
kobject: 'loop0' (ffff8880632faae0): fill_kobj_path: path
= '/devices/virtual/block/loop0'
deactivate_locked_super+0x74/0xe0 fs/super.c:319
sget_userns+0x9d9/0xc30 fs/super.c:537
sget+0xd6/0x120 fs/super.c:572
mount_bdev+0xd5/0x370 fs/super.c:1107
get_super_block+0x35/0x40 fs/reiserfs/super.c:2605
mount_fs+0x97/0x2a1 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c2ca
RSP: 002b:00007f40b0163a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f40b0163b40 RCX: 000000000045c2ca
RDX: 00007f40b0163ae0 RSI: 00000000200005c0 RDI: 00007f40b0163b00
RBP: 0000000000000000 R08: 00007f40b0163b40 R09: 00007f40b0163ae0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
R13: 00000000004c8aed R14: 00000000004dfa30 R15: 0000000000000003
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 1, 2020, 5:27:10 AM4/1/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages