bisecting fixing commit since b09c34517e1ac4018e3bb75ed5c8610a8a1f486b
building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463
testing commit b09c34517e1ac4018e3bb75ed5c8610a8a1f486b with gcc (GCC) 8.1.0
kernel signature: ac1aa74521cf2290d47e677916b8e33080855c7f5aa507b484bf3be41fc6de29
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
testing current HEAD f5d8eef067acee3fda37137f4a08c0d3f6427a8e
testing commit f5d8eef067acee3fda37137f4a08c0d3f6427a8e with gcc (GCC) 8.1.0
kernel signature: d5df8b686f82f7d2f30142359e2066e56604fe535f03d6330a0d209ddb707574
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
revisions tested: 2, total time: 24m12.447256487s (build: 17m40.004542996s, test: 5m49.222780131s)
the crash still happens on HEAD
commit msg: Linux 4.19.154
crash: kernel BUG at fs/reiserfs/prints.c:LINE!
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
REISERFS panic (device loop5): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6681 Comm: syz-executor.5 Not tainted 4.19.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 40 a6 70 ff 4d 85 e4 48 c7 c2 80 d5 57 87 74 49 49 c7 c0 00 2b 49 8a 4c 89 e9 4c 89 e6 48 c7 c7 40 d7 57 87 e8 5b 87 86 ff <0f> 0b 4d 85 e4 48 c7 c1 80 d5 57 87 74 2e 48 8d b3 50 06 00 00 49
RSP: 0018:ffff88809ab97a50 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff88809d792780 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff878b5220 RDI: ffffffff8a3e2a60
RBP: ffff88809ab97af8 R08: ffffed1017485081 R09: ffffed1017485080
R10: ffffed1017485080 R11: ffff8880ba428407 R12: ffffffff875830c0
R13: ffffffff87583920 R14: 0000000000000001 R15: 0000000000002013
FS:  0000000002504940(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc757357018 CR3: 00000000a8484000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_journal_end+0x3881/0x4400 fs/reiserfs/journal.c:4149
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3534
 reiserfs_sync_fs+0xcc/0xe0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xd4/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:442
 kill_block_super+0x96/0xe0 fs/super.c:1185
 reiserfs_kill_sb+0x171/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x77/0xd0 fs/super.c:329
 deactivate_super+0x13f/0x160 fs/super.c:360
 cleanup_mnt+0xa3/0x130 fs/namespace.c:1098
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1105
 task_work_run+0x108/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x185/0x1e0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x460857
Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd57a0b6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000460857
RDX: 0000000000403158 RSI: 0000000000000002 RDI: 00007ffd57a0b750
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffd57a0c7e0
R13: 0000000002505a60 R14: 0000000000000000 R15: 00007ffd57a0c7e0
Modules linked in:
---[ end trace bff4a20c5102685c ]---
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 40 a6 70 ff 4d 85 e4 48 c7 c2 80 d5 57 87 74 49 49 c7 c0 00 2b 49 8a 4c 89 e9 4c 89 e6 48 c7 c7 40 d7 57 87 e8 5b 87 86 ff <0f> 0b 4d 85 e4 48 c7 c1 80 d5 57 87 74 2e 48 8d b3 50 06 00 00 49
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
RSP: 0018:ffff88809ab97a50 EFLAGS: 00010282
REISERFS panic (device loop3): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
RAX: 000000000000006a RBX: ffff88809d792780 RCX: 0000000000000000
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
RDX: 0000000000000000 RSI: ffffffff878b5220 RDI: ffffffff8a3e2a60
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 6675 Comm: syz-executor.3 Tainted: G      D           4.19.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 40 a6 70 ff 4d 85 e4 48 c7 c2 80 d5 57 87 74 49 49 c7 c0 00 2b 49 8a 4c 89 e9 4c 89 e6 48 c7 c7 40 d7 57 87 e8 5b 87 86 ff <0f> 0b 4d 85 e4 48 c7 c1 80 d5 57 87 74 2e 48 8d b3 50 06 00 00 49
RSP: 0018:ffff8880b0ea7a50 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff8880a24bee80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff878b5220 RDI: ffffffff8a3e2a60
RBP: ffff8880b0ea7af8 R08: ffffed1017485081 R09: ffffed1017485080
R10: ffffed1017485080 R11: ffff8880ba428407 R12: ffffffff875830c0
R13: ffffffff87583920 R14: 0000000000000001 R15: 0000000000002013
FS:  0000000002ea1940(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe39b59e28 CR3: 00000000993cd000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_journal_end+0x3881/0x4400 fs/reiserfs/journal.c:4149
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3534
 reiserfs_sync_fs+0xcc/0xe0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xd4/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:442
 kill_block_super+0x96/0xe0 fs/super.c:1185
 reiserfs_kill_sb+0x171/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x77/0xd0 fs/super.c:329
 deactivate_super+0x13f/0x160 fs/super.c:360
 cleanup_mnt+0xa3/0x130 fs/namespace.c:1098
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1105
 task_work_run+0x108/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x185/0x1e0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x460857
Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe39b59e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000460857
RDX: 0000000000403158 RSI: 0000000000000002 RDI: 00007ffe39b59ed0
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffe39b5af60
R13: 0000000002ea2a60 R14: 0000000000000000 R15: 00007ffe39b5af60
Modules linked in:
REISERFS (device loop2): Using r5 hash to sort names
RBP: ffff88809ab97af8 R08: ffffed1017485081 R09: ffffed1017485080
REISERFS (device loop1): Using r5 hash to sort names
R10: ffffed1017485080 R11: ffff8880ba428407 R12: ffffffff875830c0
REISERFS (device loop1): using 3.5.x disk format
R13: ffffffff87583920 R14: 0000000000000001 R15: 0000000000002013
REISERFS (device loop2): using 3.5.x disk format
FS:  0000000002504940(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
CR2: 00007fc757362000 CR3: 00000000a8484000 CR4: 00000000001406f0
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
---[ end trace bff4a20c5102685d ]---
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
REISERFS panic (device loop1): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
Code: e8 40 a6 70 ff 4d 85 e4 48 c7 c2 80 d5 57 87 74 49 49 c7 c0 00 2b 49 8a 4c 89 e9 4c 89 e6 48 c7 c7 40 d7 57 87 e8 5b 87 86 ff <0f> 0b 4d 85 e4 48 c7 c1 80 d5 57 87 74 2e 48 8d b3 50 06 00 00 49
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
RSP: 0018:ffff88809ab97a50 EFLAGS: 00010282
------------[ cut here ]------------
RAX: 000000000000006a RBX: ffff88809d792780 RCX: 0000000000000000
kernel BUG at fs/reiserfs/prints.c:390!
REISERFS panic (device loop2): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
RDX: 0000000000000000 RSI: ffffffff878b5220 RDI: ffffffff8a3e2a60
REISERFS (device loop4): Using r5 hash to sort names
RBP: ffff88809ab97af8 R08: ffffed1017485081 R09: ffffed1017485080
------------[ cut here ]------------
R10: ffffed1017485080 R11: ffff8880ba428407 R12: ffffffff875830c0
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
R13: ffffffff87583920 R14: 0000000000000001 R15: 0000000000002013
CPU: 0 PID: 6684 Comm: syz-executor.1 Tainted: G      D           4.19.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 40 a6 70 ff 4d 85 e4 48 c7 c2 80 d5 57 87 74 49 49 c7 c0 00 2b 49 8a 4c 89 e9 4c 89 e6 48 c7 c7 40 d7 57 87 e8 5b 87 86 ff <0f> 0b 4d 85 e4 48 c7 c1 80 d5 57 87 74 2e 48 8d b3 50 06 00 00 49
RSP: 0018:ffff888093f5fa50 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff88809ae94bc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff878b5220 RDI: ffffffff8a3e2a60
RBP: ffff888093f5faf8 R08: ffffed1017485081 R09: ffffed1017485080
R10: ffffed1017485080 R11: ffff8880ba428407 R12: ffffffff875830c0
R13: ffffffff87583920 R14: 0000000000000001 R15: 0000000000002013
FS:  00000000033eb940(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc757364028 CR3: 00000000b0ed0000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_journal_end+0x3881/0x4400 fs/reiserfs/journal.c:4149
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3534
FS:  0000000002ea1940(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
 reiserfs_sync_fs+0xcc/0xe0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xd4/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:442
 kill_block_super+0x96/0xe0 fs/super.c:1185
 reiserfs_kill_sb+0x171/0x1d0 fs/reiserfs/super.c:570
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 deactivate_locked_super+0x77/0xd0 fs/super.c:329
 deactivate_super+0x13f/0x160 fs/super.c:360