bisecting fixing commit since 31acccdc877486a649a86d37725a15175fcd5ed6
building syzkaller on cca8798699baeeccbf80af23d234ac19a5d667aa
testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.1.0
kernel signature: d5690a4c5b7a9665e335575a6640d133e82145042d511faf2525c3fadcf25e45
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
testing current HEAD 3207316b3beec7e38e5dbe2f463df0cec71e0b97
testing commit 3207316b3beec7e38e5dbe2f463df0cec71e0b97 with gcc (GCC) 8.1.0
kernel signature: f585f5f3a992fd1646e752a802ccbbb7527c88690480641cc87c9969e8af0c82
all runs: crashed: kernel BUG at fs/reiserfs/prints.c:LINE!
revisions tested: 2, total time: 23m17.763010309s (build: 17m6.51574214s, test: 5m40.050621573s)
the crash still happens on HEAD
commit msg: Linux 4.19.164
crash: kernel BUG at fs/reiserfs/prints.c:LINE!
REISERFS (device loop1): journal params: device loop1, size 8195, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
REISERFS (device loop2): found reiserfs format "3.5" with standard journal
REISERFS panic (device loop4): journal-2332 do_journal_end: Trying to log block 8211, which is a log block
REISERFS (device loop2): using ordered data mode
------------[ cut here ]------------
kernel BUG at fs/reiserfs/prints.c:390!
REISERFS (device loop1): checking transaction log (loop1)
reiserfs: using flush barriers
REISERFS (device loop0): found reiserfs format "3.5" with standard journal
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7829 Comm: syz-executor.4 Not tainted 4.19.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
REISERFS (device loop0): using ordered data mode
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 80 30 70 ff 4d 85 e4 48 c7 c2 c0 e4 17 88 74 49 49 c7 c0 60 62 b8 8b 4c 89 e9 4c 89 e6 48 c7 c7 80 e6 17 88 e8 bb 18 86 ff <0f> 0b 4d 85 e4 48 c7 c1 c0 e4 17 88 74 2e 48 8d b3 50 06 00 00 49
RSP: 0018:ffff8881dc53fa50 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff8881ce5acec0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff885003c0 RDI: ffffffff8bad66e0
RBP: ffff8881dc53faf8 R08: ffffed103ec84e99 R09: ffffed103ec84e98
R10: ffffed103ec84e98 R11: ffff8881f64274c7 R12: ffffffff88184000
R13: ffffffff88184860 R14: 0000000000000001 R15: 0000000000002013
FS:  000000000222c940(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe19265f80 CR3: 00000001db79d003 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
reiserfs: using flush barriers
Call Trace:
 do_journal_end+0x3881/0x4400 fs/reiserfs/journal.c:4149
 journal_end_sync+0x117/0x210 fs/reiserfs/journal.c:3534
REISERFS (device loop0): journal params: device loop0, size 8195, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
 reiserfs_sync_fs+0xcc/0xe0 fs/reiserfs/super.c:78
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0xd4/0x1f0 fs/sync.c:64
 generic_shutdown_super+0x69/0x330 fs/super.c:442
REISERFS (device loop0): checking transaction log (loop0)
 kill_block_super+0x96/0xe0 fs/super.c:1185
 reiserfs_kill_sb+0x171/0x1d0 fs/reiserfs/super.c:570
 deactivate_locked_super+0x77/0xd0 fs/super.c:329
 deactivate_super+0x13f/0x160 fs/super.c:360
 cleanup_mnt+0xa3/0x130 fs/namespace.c:1098
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1105
 task_work_run+0x108/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x185/0x1e0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608e7
Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff3f76ed78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 000000000000edbb RCX: 00000000004608e7
RDX: 00000000004031f8 RSI: 0000000000000002 RDI: 00007fff3f76ee20
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000246 R12: 00007fff3f76feb0
R13: 000000000222da60 R14: 0000000000000000 R15: 00007fff3f76feb0
Modules linked in:
---[ end trace cd019de1448b7640 ]---
RIP: 0010:__reiserfs_panic.cold.9+0x25/0x6d fs/reiserfs/prints.c:390
Code: e8 80 30 70 ff 4d 85 e4 48 c7 c2 c0 e4 17 88 74 49 49 c7 c0 60 62 b8 8b 4c 89 e9 4c 89 e6 48 c7 c7 80 e6 17 88 e8 bb 18 86 ff <0f> 0b 4d 85 e4 48 c7 c1 c0 e4 17 88 74 2e 48 8d b3 50 06 00 00 49
RSP: 0018:ffff8881dc53fa50 EFLAGS: 00010282
RAX: 000000000000006a RBX: ffff8881ce5acec0 RCX: 0000000000000000
REISERFS (device loop2): journal params: device loop2, size 8195, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
RDX: 0000000000000000 RSI: ffffffff885003c0 RDI: ffffffff8bad66e0
RBP: ffff8881dc53faf8 R08: ffffed103ec84e99 R09: ffffed103ec84e98
R10: ffffed103ec84e98 R11: ffff8881f64274c7 R12: ffffffff88184000
R13: ffffffff88184860 R14: 0000000000000001 R15: 0000000000002013
FS:  000000000222c940(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe19265f80 CR3: 00000001db79d003 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400