syzbot


BUG: unable to handle kernel paging request in cleanup_bitmap_list
Status: upstream: reported C repro on 2018/04/01 17:01
Reported-by: syzbot+008ac33be9dec51e0ca3@syzkaller.appspotmail.com
First crash: 1515d, last: 503d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: no output from test machine (log)
Repro: C syz .config

Fix bisection: failed (bisect log)

Sample crash report:
REISERFS warning (device loop5): sh-2022 reiserfs_fill_super: unable to initialize journal space
REISERFS warning (device loop3): sh-2022 reiserfs_fill_super: unable to initialize journal space
REISERFS warning (device loop2): sh-2022 reiserfs_fill_super: unable to initialize journal space
REISERFS warning (device loop0): sh-458 journal_init_dev: cannot init journal device 'unknown-block(0,2048)': -6
REISERFS warning (device loop0): sh-462 journal_init: unable to initialize journal device
BUG: unable to handle kernel paging request at ffffc90004c9f000
PGD 1da946067 P4D 1da946067 PUD 1da947067 PMD 1baab9067 PTE 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 5261 Comm: syz-executor668 Not tainted 4.17.0-rc6+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:cleanup_bitmap_list.isra.6.part.7+0x31a/0x6f0 fs/reiserfs/journal.c:233
RSP: 0018:ffff8801b412f0a8 EFLAGS: 00010246
RAX: 1ffff92000993e00 RBX: dffffc0000000000 RCX: ffffffff81fb578b
RDX: 0000000000000000 RSI: ffffffff81fb5799 RDI: ffffc90004c9c2b0
RBP: ffff8801b412f188 R08: ffff8801c7c46440 R09: ffffed003b5e46d2
R10: ffffed003b5e46d2 R11: ffff8801daf23693 R12: ffffc90004c9f000
R13: 0000000000000200 R14: ffff8801b4ad8940 R15: ffff8801b4fa4b00
FS:  0000000001f5a880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90004c9f000 CR3: 00000001cacd2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 cleanup_bitmap_list fs/reiserfs/journal.c:229 [inline]
 free_list_bitmaps+0x6e/0x100 fs/reiserfs/journal.c:251
 free_journal_ram+0x148/0x5e0 fs/reiserfs/journal.c:1894
REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal
 journal_init+0x538/0x6a20 fs/reiserfs/journal.c:2901
REISERFS (device loop7): using ordered data mode
reiserfs: using flush barriers
REISERFS warning (device loop7): sh-458 journal_init_dev: cannot init journal device 'unknown-block(0,2048)': -6
REISERFS warning (device loop7): sh-462 journal_init: unable to initialize journal device
REISERFS warning (device loop7): sh-2022 reiserfs_fill_super: unable to initialize journal space
REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop6): using ordered data mode
reiserfs: using flush barriers
 reiserfs_fill_super+0xd59/0x3900 fs/reiserfs/super.c:2034
REISERFS warning (device loop6): sh-458 journal_init_dev: cannot init journal device 'unknown-block(0,2048)': -6
REISERFS warning (device loop6): sh-462 journal_init: unable to initialize journal device
REISERFS warning (device loop6): sh-2022 reiserfs_fill_super: unable to initialize journal space
REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
 mount_bdev+0x30c/0x3e0 fs/super.c:1174
 get_super_block+0x34/0x40 fs/reiserfs/super.c:2605
 mount_fs+0xae/0x328 fs/super.c:1277
 vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
REISERFS (device loop1): using ordered data mode
 vfs_kern_mount fs/namespace.c:1027 [inline]
 do_new_mount fs/namespace.c:2518 [inline]
 do_mount+0x564/0x3070 fs/namespace.c:2848
reiserfs: using flush barriers
REISERFS warning (device loop1): sh-458 journal_init_dev: cannot init journal device 'unknown-block(0,2048)': -6
REISERFS warning (device loop1): sh-462 journal_init: unable to initialize journal device
REISERFS warning (device loop1): sh-2022 reiserfs_fill_super: unable to initialize journal space
 ksys_mount+0x12d/0x140 fs/namespace.c:3064
 __do_sys_mount fs/namespace.c:3078 [inline]
 __se_sys_mount fs/namespace.c:3075 [inline]
 __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using ordered data mode
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44730a
RSP: 002b:00007ffff6a1e058 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 000000000044730a
reiserfs: using flush barriers
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffff6a1e0b0
RBP: 0000000000000003 R08: 0000000020013900 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
REISERFS warning (device loop5): sh-458 journal_init_dev: cannot init journal device 'unknown-block(0,2048)': -6
R13: 00000000004021f0 R14: 0000000000000000 R15: 0000000000000000
Code: 8b bd 70 ff ff ff 49 63 c5 48 
REISERFS warning (device loop5): sh-462 journal_init: unable to initialize journal device
c1 e0 03 4c 8b 27 
REISERFS warning (device loop5): sh-2022 reiserfs_fill_super: unable to initialize journal space
48 89 85 68 ff ff ff 49 01 c4 4c 89 e0 48 c1 e8 03 80 3c 18 00 0f 85 62 02 00 00 <4d> 8b 24 24 4d 85 e4 0f 84 df fe ff ff e8 54 e9 7d ff 49 8d 7e 
RIP: cleanup_bitmap_list.isra.6.part.7+0x31a/0x6f0 fs/reiserfs/journal.c:233 RSP: ffff8801b412f0a8
CR2: ffffc90004c9f000
---[ end trace eda93a4edf857582 ]---

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2018/05/25 23:33 upstream 62d18ecfa641 f48c20b8 .config log report syz C
ci-upstream-kasan-gce-root 2018/04/04 00:01 upstream f2d285669aae 676bd07e .config log report syz C
ci-upstream-kasan-gce-root 2018/04/03 00:46 upstream 86bbbebac193 676bd07e .config log report syz
ci-upstream-kasan-gce-root 2018/04/01 07:28 upstream 10b84daddbec 0174c6c8 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/06/26 02:26 upstream 249155c20f9b 0a8d1a96 .config log report