[v6.1] kernel BUG in reiserfs_rename
0 views
Skip to first unread message
syzbot
Sep 29, 2023, 8:23:30 AM9/29/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d23900f974e0 Linux 6.1.55
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16c87a8a680000
kernel config: https://syzkaller.appspot.com/x/.config?x=80bffc3e8348e7d0
dashboard link: https://syzkaller.appspot.com/bug?extid=a89eaa265d749c0ffb2e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=129a5026680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f170b2680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec2a023897cd/disk-d23900f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a6b93762f8e3/vmlinux-d23900f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/53cb53f4417c/Image-d23900f9.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/42950cf08dc0/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a89eaa...@syzkaller.appspotmail.com
REISERFS (device loop5): Remounting filesystem read-only
REISERFS panic (device loop5): vs-7050 reiserfs_rename: new entry is found, new inode == 0
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 5482 Comm: syz-executor227 Not tainted 6.1.55-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001ee57140
x29: ffff80001ee57200 x28: ffff80001ee574c0 x27: ffff80001ee577d0
x26: ffff0000e2210858 x25: ffff0000e2210830 x24: ffff80001ee571c0
x23: ffff80001ee57180 x22: ffff80001237ce60 x21: ffff0000d89f0000
x20: ffff80001237ce40 x19: ffff800014ff2735 x18: 1fffe000368adf76
x17: ffff8000158ad000 x16: ffff80001211ccf4 x15: ffff0001b456fbbc
x14: 1ffff00002b160b0 x13: dfff800000000000 x12: 0000000000000001
x11: ff808000083456f8 x10: 0000000000000000 x9 : c41c279a4e83cf00
x8 : c41c279a4e83cf00 x7 : ffff80000827cb3c x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aa80ecc
x2 : ffff0001b456fcd0 x1 : 0000000100000000 x0 : 000000000000005a
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
reiserfs_rename+0x19d8/0x1c88 fs/reiserfs/namei.c:1427
vfs_rename+0x8b8/0xd04 fs/namei.c:4785
do_renameat2+0x980/0x1040 fs/namei.c:4935
__do_sys_renameat fs/namei.c:4975 [inline]
__se_sys_renameat fs/namei.c:4972 [inline]
__arm64_sys_renameat+0xc8/0xe4 fs/namei.c:4972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: d0086765 912180a5 aa1303e4 95c68c3f (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d23900f974e0 Linux 6.1.55
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16c87a8a680000
kernel config: https://syzkaller.appspot.com/x/.config?x=80bffc3e8348e7d0
dashboard link: https://syzkaller.appspot.com/bug?extid=a89eaa265d749c0ffb2e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=129a5026680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f170b2680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec2a023897cd/disk-d23900f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a6b93762f8e3/vmlinux-d23900f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/53cb53f4417c/Image-d23900f9.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/42950cf08dc0/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a89eaa...@syzkaller.appspotmail.com
REISERFS (device loop5): Remounting filesystem read-only
REISERFS panic (device loop5): vs-7050 reiserfs_rename: new entry is found, new inode == 0
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 5482 Comm: syz-executor227 Not tainted 6.1.55-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
lr : __reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
sp : ffff80001ee57140
x29: ffff80001ee57200 x28: ffff80001ee574c0 x27: ffff80001ee577d0
x26: ffff0000e2210858 x25: ffff0000e2210830 x24: ffff80001ee571c0
x23: ffff80001ee57180 x22: ffff80001237ce60 x21: ffff0000d89f0000
x20: ffff80001237ce40 x19: ffff800014ff2735 x18: 1fffe000368adf76
x17: ffff8000158ad000 x16: ffff80001211ccf4 x15: ffff0001b456fbbc
x14: 1ffff00002b160b0 x13: dfff800000000000 x12: 0000000000000001
x11: ff808000083456f8 x10: 0000000000000000 x9 : c41c279a4e83cf00
x8 : c41c279a4e83cf00 x7 : ffff80000827cb3c x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aa80ecc
x2 : ffff0001b456fcd0 x1 : 0000000100000000 x0 : 000000000000005a
Call trace:
__reiserfs_panic+0x150/0x154 fs/reiserfs/prints.c:384
reiserfs_rename+0x19d8/0x1c88 fs/reiserfs/namei.c:1427
vfs_rename+0x8b8/0xd04 fs/namei.c:4785
do_renameat2+0x980/0x1040 fs/namei.c:4935
__do_sys_renameat fs/namei.c:4975 [inline]
__se_sys_renameat fs/namei.c:4972 [inline]
__arm64_sys_renameat+0xc8/0xe4 fs/namei.c:4972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: d0086765 912180a5 aa1303e4 95c68c3f (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages