kernel BUG at fs/reiserfs/journal.c:LINE!

kernel BUG at fs/reiserfs/journal.c:LINE!
Status: upstream: reported syz repro on 2018/03/31 15:55
Reported-by: syzbot+6820505ae5978f4f8f2f@syzkaller.appspotmail.com
First crash: 452d, last: 431d

Bisection: the bug happens on the oldest tested release (bisect log)
Tree: upstream
Crash: no output from test machine (log)
Repro: syz .config

Sample crash report:

REISERFS (device loop7): using 3.5.x disk format
REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop3): checking transaction log (loop3)
------------[ cut here ]------------
kernel BUG at fs/reiserfs/journal.c:3640!
REISERFS (device loop0): using ordered data mode
invalid opcode: 0000 [#1] SMP KASAN
reiserfs: using flush barriers
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4674 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_journal_end fs/reiserfs/journal.c:3640 [inline]
RIP: 0010:do_journal_end+0x39ae/0x4ce0 fs/reiserfs/journal.c:4037
RSP: 0018:ffff8801aafbf1a0 EFLAGS: 00010293
RAX: ffff8801aaf0c100 RBX: ffffc9000273d000 RCX: ffffffff81e6637e
REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8801aafbfa04
RBP: ffff8801aafbf758 R08: ffffffff81e76040 R09: 0000000000000004
R10: ffff8801aafbf168 R11: 0000000000000004 R12: 0000000000000000
R13: ffffc9000273d058 R14: ffffc9000273d048 R15: ffff8801aafbfa10
FS:  00007f3bb0f9f700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000625208 CR3: 00000001a9148006 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
init_special_inode: bogus i_mode (0) for inode loop4:2
REISERFS warning (device loop4): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore
 journal_end+0x239/0x2d0 fs/reiserfs/journal.c:3409
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
 reiserfs_fill_super+0x2a66/0x33a0 fs/reiserfs/super.c:2168
init_special_inode: bogus i_mode (0) for inode loop3:2
 mount_bdev+0x2b7/0x370 fs/super.c:1119
REISERFS warning (device loop3): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore
 get_super_block+0x34/0x40 fs/reiserfs/super.c:2605
 mount_fs+0x66/0x2d0 fs/super.c:1222
 vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037
REISERFS (device loop1): using ordered data mode
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0xea4/0x2bb0 fs/namespace.c:2842
reiserfs: using flush barriers
 SYSC_mount fs/namespace.c:3058 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3035
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4578aa
RSP: 002b:00007f3bb0f9ebb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004578aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f3bb0f9ec00
RBP: 0000000000000007 R08: 0000000020011500 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 000000000000066d R14: 00000000006fbad8 R15: 0000000000000001
Code: e8 c8 fe fe ff e9 b9 f9 ff ff e8 de 01 8b ff 0f 0b e8 d7 01 8b ff 0f 0b e8 d0 01 8b ff 0f 0b e8 c9 01 8b ff 0f 0b e8 c2 01 8b ff <0f> 0b 4c 8d a5 98 fc ff ff e8 b4 01 8b ff 48 8d bb d0 01 00 00 
RIP: check_journal_end fs/reiserfs/journal.c:3640 [inline] RSP: ffff8801aafbf1a0
RIP: do_journal_end+0x39ae/0x4ce0 fs/reiserfs/journal.c:4037 RSP: ffff8801aafbf1a0
---[ end trace 85601a98bc340fd3 ]---

All crashes (8):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Maintainers
ci-upstream-kasan-gce-root	2018/03/30 20:38	upstream	9dd23268	8fbce0e4	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, linux-kernel@vger.kernel.org, mingo@kernel.org, reiserfs-devel@vger.kernel.org
ci-upstream-kasan-gce-root	2018/04/20 14:06	upstream	87ef1202	cc402841	.config	log	report	syz	akpm@linux-foundation.org, colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, jeffm@suse.com, linux-kernel@vger.kernel.org, mingo@kernel.org, reiserfs-devel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-root	2018/04/19 14:28	upstream	87ef1202	3642839c	.config	log	report	syz	akpm@linux-foundation.org, colin.king@canonical.com, dhowells@redhat.com, jack@suse.cz, jeffm@suse.com, kstewart@linuxfoundation.org, linux-kernel@vger.kernel.org, mingo@kernel.org, reiserfs-devel@vger.kernel.org
ci-upstream-kasan-gce-root	2018/04/03 11:58	upstream	642e7fd2	676bd07e	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, linux-kernel@vger.kernel.org, mingo@kernel.org, reiserfs-devel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-root	2018/04/03 04:53	upstream	86bbbeba	676bd07e	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, linux-kernel@vger.kernel.org, mingo@kernel.org, pombredanne@nexb.com, reiserfs-devel@vger.kernel.org
ci-upstream-kasan-gce-root	2018/04/02 22:45	upstream	86bbbeba	676bd07e	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, kstewart@linuxfoundation.org, linux-kernel@vger.kernel.org, mingo@kernel.org, pombredanne@nexb.com, reiserfs-devel@vger.kernel.org
ci-upstream-kasan-gce-root	2018/04/02 20:40	upstream	86bbbeba	676bd07e	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, linux-kernel@vger.kernel.org, mingo@kernel.org, pombredanne@nexb.com, reiserfs-devel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-root	2018/04/01 21:29	upstream	10b84dad	dc889257	.config	log	report	syz	colin.king@canonical.com, dhowells@redhat.com, gregkh@linuxfoundation.org, jack@suse.cz, linux-kernel@vger.kernel.org, mingo@kernel.org, reiserfs-devel@vger.kernel.org, tglx@linutronix.de