bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67
building syzkaller on 54289b0835634ca07a8117613c48b73e9e647d13
testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.1.0
kernel signature: 52690542c2a686de32d2ea973db71d15a8dcaea4e50d21e504c7bfcec66c1d86
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
testing current HEAD 5b7a52cd2eef952cee8a72512ef370bcdef46636
testing commit 5b7a52cd2eef952cee8a72512ef370bcdef46636 with gcc (GCC) 8.1.0
kernel signature: 79501106baae66f9412ba8d73437e946798d01b86c5614f9230bbe88b1cd9e4b
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
revisions tested: 2, total time: 22m46.50072739s (build: 16m20.476811159s, test: 5m52.226330189s)
the crash still happens on HEAD
commit msg: Linux 4.14.202
crash: kernel BUG at fs/reiserfs/prints.c:LINE!
REISERFS panic (device loop5): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
REISERFS (device loop4): journal params: device loop4, size 8199, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6485 Comm: syz-executor.5 Not tainted 4.14.202-syzkaller #0
REISERFS (device loop4): checking transaction log (loop4)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880b3804240 task.stack: ffff88809b530000
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
RSP: 0018:ffff88809b537ab0 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff88809cb60640 RCX: 0000000000000000
RDX: 000000000000006a RSI: ffffffff86cbea20 RDI: ffffed10136a6f4d
RBP: ffff88809b537b58 R08: ffff8880b3804b60 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000000 R12: ffffffff86d74720
R13: ffffffff86d74f20 R14: 0000000000000001 R15: 0000000000002013
FS:  000000000184a940(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0bd195e000 CR3: 00000000b44d2000 CR4: 00000000001406f0
ieee80211 phy13: mac80211_hwsim_config (freq=2412(2412 - 0)/noht idle=0 ps=0 smps=static)
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee80211 phy13: mac80211_hwsim_config (freq=2412(2412 - 0)/noht idle=0 ps=0 smps=static)
 do_journal_end+0x3d19/0x4390 fs/reiserfs/journal.c:4146
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3531
 reiserfs_sync_fs+0xb6/0xd0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xc7/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:432
 kill_block_super+0x96/0xe0 fs/super.c:1161
 reiserfs_kill_sb+0x169/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x62/0xb0 fs/super.c:319
 deactivate_super+0x7d/0x90 fs/super.c:350
 cleanup_mnt+0x9f/0x130 fs/namespace.c:1183
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1190
 task_work_run+0xe5/0x170 kernel/task_work.c:113
ieee80211 phy13: mac80211_hwsim_bss_info_changed(changed=0x40000 vif->addr=02:00:00:00:0d:00)
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x14a/0x190 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x460ba7
RSP: 002b:00007fff77a0c7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000460ba7
RDX: 00000000004031b8 RSI: 0000000000000002 RDI: 00007fff77a0c890
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007fff77a0d920
R13: 000000000184ba60 R14: 0000000000000000 R15: 00007fff77a0d920
Code: f2 02 95 ff eb bd 4d 85 e4 48 c7 c2 a0 ec d6 86 74 49 49 c7 c0 60 32 ad 89 4c 89 e9 4c 89 e6 48 c7 c7 60 ee d6 86 e8 cb 02 95 ff <0f> 0b 4d 85 e4 48 c7 c1 a0 ec d6 86 74 2e 48 8d b3 50 06 00 00 
ieee80211 phy13:   TX Power: 20 dBm
RIP: __reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390 RSP: ffff88809b537ab0
ieee80211 phy13: mac80211_hwsim_bss_info_changed(changed=0x4000 vif->addr=02:00:00:00:0d:00)
ieee80211 phy13: mac80211_hwsim_conf_tx (queue=0 txop=0 cw_min=15 cw_max=1023 aifs=2)
ieee80211 phy13: mac80211_hwsim_conf_tx (queue=1 txop=0 cw_min=15 cw_max=1023 aifs=2)
ieee80211 phy13: mac80211_hwsim_conf_tx (queue=2 txop=0 cw_min=15 cw_max=1023 aifs=2)
ieee80211 phy13: mac80211_hwsim_conf_tx (queue=3 txop=0 cw_min=15 cw_max=1023 aifs=2)
ieee80211 phy13: mac80211_hwsim_bss_info_changed(changed=0x2000 vif->addr=02:00:00:00:0d:00)
ieee80211 phy13: mac80211_hwsim_bss_info_changed(changed=0x8bfe vif->addr=02:00:00:00:0d:00)
ieee80211 phy13: mac80211_hwsim_bss_info_changed: BSSID changed: 50:50:50:50:50:50
ieee80211 phy13:   BCN EN: 1 (BI=100)
ieee80211 phy13:   ERP_CTS_PROT: 0
ieee80211 phy13:   ERP_PREAMBLE: 0
ieee80211 phy13:   ERP_SLOT: 0
ieee80211 phy13:   HT: op_mode=0xb
ieee80211 phy13:   BASIC_RATES: 0x1
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
ieee80211 phy13: mac80211_hwsim_configure_filter
REISERFS (device loop1): Using r5 hash to sort names
REISERFS panic (device loop3): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
REISERFS (device loop1): using 3.5.x disk format
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6479 Comm: syz-executor.3 Tainted: G      D         4.14.202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880b20cc0c0 task.stack: ffff888095b50000
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
REISERFS (device loop4): Using r5 hash to sort names
RSP: 0018:ffff888095b57ab0 EFLAGS: 00010282
REISERFS (device loop4): using 3.5.x disk format
RAX: 000000000000006a RBX: ffff88809a090d00 RCX: 0000000000000000
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
RDX: 000000000000006a RSI: ffffffff86cbea20 RDI: ffffed1012b6af4d
RBP: ffff888095b57b58 R08: 0000000000000000 R09: 0000000000000000
R10: fffffbfff13444cb R11: dffffc0000000000 R12: ffffffff86d74720
R13: ffffffff86d74f20 R14: 0000000000000001 R15: 0000000000002013
FS:  0000000002daa940(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056270c22e638 CR3: 00000000955ae000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_journal_end+0x3d19/0x4390 fs/reiserfs/journal.c:4146
REISERFS (device loop0): found reiserfs format "3.5" with standard journal
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3531
 reiserfs_sync_fs+0xb6/0xd0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xc7/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:432
 kill_block_super+0x96/0xe0 fs/super.c:1161
 reiserfs_kill_sb+0x169/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x62/0xb0 fs/super.c:319
 deactivate_super+0x7d/0x90 fs/super.c:350
 cleanup_mnt+0x9f/0x130 fs/namespace.c:1183
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1190
 task_work_run+0xe5/0x170 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x14a/0x190 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x460ba7
RSP: 002b:00007ffdcdd653d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000460ba7
RDX: 00000000004031b8 RSI: 0000000000000002 RDI: 00007ffdcdd65480
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffdcdd66510
R13: 0000000002daba60 R14: 0000000000000000 R15: 00007ffdcdd66510
Code: f2 02 95 ff eb bd 4d 85 e4 48 c7 c2 a0 ec d6 86 74 49 49 c7 c0 60 32 ad 89 4c 89 e9 4c 89 e6 48 c7 c7 60 ee d6 86 e8 cb 02 95 ff <0f> 0b 4d 85 e4 48 c7 c1 a0 ec d6 86 74 2e 48 8d b3 50 06 00 00 
RIP: __reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390 RSP: ffff888095b57ab0
REISERFS panic (device loop4): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6484 Comm: syz-executor.4 Tainted: G      D         4.14.202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880b35ce200 task.stack: ffff8880aae60000
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
RSP: 0018:ffff8880aae67ab0 EFLAGS: 00010282
REISERFS (device loop0): using ordered data mode
RAX: 000000000000006a RBX: ffff888098260400 RCX: 0000000000000000
RDX: 000000000000006a RSI: 0000000000000001 RDI: ffffed10155ccf4d
RBP: ffff8880aae67b58 R08: 0000000000000000 R09: 0000000000000000
R10: fffffbfff134b8df R11: ffff8880b35ce200 R12: ffffffff86d74720
R13: ffffffff86d74f20 R14: 0000000000000001 R15: 0000000000002013
FS:  0000000001859940(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff6af71c7c CR3: 0000000096eab000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_journal_end+0x3d19/0x4390 fs/reiserfs/journal.c:4146
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3531
 reiserfs_sync_fs+0xb6/0xd0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xc7/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:432
 kill_block_super+0x96/0xe0 fs/super.c:1161
 reiserfs_kill_sb+0x169/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x62/0xb0 fs/super.c:319
 deactivate_super+0x7d/0x90 fs/super.c:350
 cleanup_mnt+0x9f/0x130 fs/namespace.c:1183
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1190
 task_work_run+0xe5/0x170 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x14a/0x190 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x460ba7
RSP: 002b:00007fff6af72388 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000460ba7
RDX: 00000000004031b8 RSI: 0000000000000002 RDI: 00007fff6af72430
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007fff6af734c0
R13: 000000000185aa60 R14: 0000000000000000 R15: 00007fff6af734c0
Code: f2 02 95 ff eb bd 4d 85 e4 48 c7 c2 a0 ec d6 86 74 49 49 c7 c0 60 32 ad 89 4c 89 e9 4c 89 e6 48 c7 c7 60 ee d6 86 e8 cb 02 95 ff <0f> 0b 4d 85 e4 48 c7 c1 
reiserfs: using flush barriers
a0 ec d6 86 74 2e 48 8d b3 50 06 00 00 
RIP: __reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390 RSP: ffff8880aae67ab0
REISERFS panic (device loop1): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
REISERFS (device loop0): journal params: device loop0, size 8199, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
------------[ cut here ]------------
---[ end trace 216328f3bb408f46 ]---
kernel BUG at fs/reiserfs/prints.c:390!
REISERFS (device loop2): Using r5 hash to sort names