syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG in balance_leaf

Status: upstream: reported C repro on 2023/01/08 11:53
Subsystems: reiserfs
[Documentation on labels]
Reported-by: syzbot+932fbe523481da287543@syzkaller.appspotmail.com
First crash: 466d, last: 436d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in balance_leaf reiserfs C error done 16 119d 470d 26/26 fixed on 2024/01/30 15:47
linux-4.19 kernel BUG in balance_leaf reiserfs C error 1 461d 461d 0/1 upstream: reported C repro on 2023/01/13 23:48
linux-6.1 kernel BUG in balance_leaf 4 361d 372d 0/3 auto-obsoleted due to no activity on 2023/08/21 17:28
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2023/02/07 18:25 25m bisect fix linux-4.14.y job log (0) log

Sample crash report:
REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
REISERFS panic (device loop4): vs-12195 balance_leaf: CFR not initialized
REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop1): using ordered data mode
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
reiserfs: using flush barriers
REISERFS (device loop5): using ordered data mode
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
REISERFS (device loop2): using ordered data mode
Modules linked in:
CPU: 1 PID: 8415 Comm: syz-executor266 Not tainted 4.14.302-syzkaller #0
reiserfs: using flush barriers
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
task: ffff8880a0c8c180 task.stack: ffff888091690000
RIP: 0010:__reiserfs_panic.cold+0x37/0x8a fs/reiserfs/prints.c:390
RSP: 0018:ffff888091696f48 EFLAGS: 00010297
reiserfs: using flush barriers
RAX: ffff8880a0c8c180 RBX: ffff8880a42ea480 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff878bd020 RDI: ffffed10122d2ddf
RBP: ffff888091696ff8 R08: 0000000000000049 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8796cbe0
R13: ffffffff8796cde0 R14: ffffffff87974280 R15: ffff8880916972c8
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
FS:  00007fe023716700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
REISERFS (device loop2): checking transaction log (loop2)
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
REISERFS (device loop2): Using r5 hash to sort names
CR2: 00007fe01b400000 CR3: 000000009f693000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
 balance_leaf+0x9b9b/0xba30 fs/reiserfs/do_balan.c:1450
REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
 do_balance+0x282/0x630 fs/reiserfs/do_balan.c:1899
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
 reiserfs_insert_item+0x95b/0xc70 fs/reiserfs/stree.c:2271
REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
 reiserfs_new_inode+0xd52/0x2150 fs/reiserfs/inode.c:2063
REISERFS (device loop3): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
 reiserfs_create+0x2eb/0x6b0 fs/reiserfs/namei.c:667
REISERFS (device loop3): Using r5 hash to sort names
 lookup_open+0x77a/0x1750 fs/namei.c:3241
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
 do_last fs/namei.c:3334 [inline]
 path_openat+0xe08/0x2970 fs/namei.c:3571
 do_filp_open+0x179/0x3c0 fs/namei.c:3605
 do_sys_open+0x296/0x410 fs/open.c:1081
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fe02376a9b9
RSP: 002b:00007fe0237162f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fe0237f07a0 RCX: 00007fe02376a9b9
RDX: 0000000000000241 RSI: 0000000020000000 RDI: 00000000ffffff9c
RBP: 00007fe0237bd390 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe0237bd298
R13: 0030656c69662f2e R14: 7366726573696572 R15: 00007fe0237f07a8
Code: 42 97 87 74 6d e8 16 65 50 fa 4c 89 e9 4c 89 f2 4c 89 e6 49 c7 c0 c0 f8 f3 8b 48 c7 c7 40 44 97 87 e8 84 43 fe ff e8 f5 64 50 fa <0f> 0b e8 ee 64 50 fa 4d 85 e4 49 c7 c6 80 42 97 87 75 0a 49 c7 
RIP: __reiserfs_panic.cold+0x37/0x8a fs/reiserfs/prints.c:390 RSP: ffff888091696f48
---[ end trace cb4c768c6e59f912 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/08 11:52 linux-4.14.y c4215ee4771b 1dac8c7a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-4-14 kernel BUG in balance_leaf
* Struck through repros no longer work on HEAD.