Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. 2020/11/11 03:59:15 parsed 1 programs 2020/11/11 03:59:16 executed programs: 0 syzkaller login: [ 29.864104] IPVS: ftp: loaded support on port[0] = 21 [ 29.951114] chnl_net:caif_netlink_parms(): no params data found [ 30.021017] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.028562] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.036202] device bridge_slave_0 entered promiscuous mode [ 30.043733] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.050084] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.057586] device bridge_slave_1 entered promiscuous mode [ 30.073470] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.082512] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.099538] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.106784] team0: Port device team_slave_0 added [ 30.112709] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.119697] team0: Port device team_slave_1 added [ 30.135514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.141785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.167558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.179069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.185726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.211478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.221962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.229164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.247583] device hsr_slave_0 entered promiscuous mode [ 30.253183] device hsr_slave_1 entered promiscuous mode [ 30.258978] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.266638] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.324313] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.330784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.337621] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.344012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.369699] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.376260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.385480] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.394579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.412877] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.419888] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.429565] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.436074] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.444181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.452044] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.458401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.472097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.479643] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.486035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.493611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.501364] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.511583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.522361] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.533561] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.544470] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.550829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.559002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.567259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.578998] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.586623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.593433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.604209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.650538] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.660754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.689890] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.697698] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.704893] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.714346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.722664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.729467] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.738283] device veth0_vlan entered promiscuous mode [ 30.746559] device veth1_vlan entered promiscuous mode [ 30.752541] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.760549] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.771041] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.779574] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.787022] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.794389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.803476] device veth0_macvtap entered promiscuous mode [ 30.809562] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.817851] device veth1_macvtap entered promiscuous mode [ 30.826248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.835158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.845090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.852441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.860486] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.870272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.877375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.941549] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.976551] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 30.985215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.996630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.007479] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 31.026577] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 31.036596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.047109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.059118] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 31.124194] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 31.132887] REISERFS (device loop0): using ordered data mode [ 31.138752] reiserfs: using flush barriers [ 31.145817] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 31.165250] REISERFS (device loop0): checking transaction log (loop0) [ 31.208627] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 31.224971] REISERFS (device loop0): Using r5 hash to sort names [ 31.232111] REISERFS (device loop0): using 3.5.x disk format [ 31.299412] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 31.307989] REISERFS (device loop0): using ordered data mode [ 31.315210] reiserfs: using flush barriers [ 31.319989] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 31.336683] REISERFS (device loop0): checking transaction log (loop0) [ 31.378843] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 31.395124] REISERFS (device loop0): Using r5 hash to sort names [ 31.401699] REISERFS (device loop0): using 3.5.x disk format [ 31.513085] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 31.521850] REISERFS (device loop0): using ordered data mode [ 31.527702] reiserfs: using flush barriers [ 31.533177] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 31.549219] REISERFS (device loop0): checking transaction log (loop0) [ 31.591599] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 31.607379] REISERFS (device loop0): Using r5 hash to sort names [ 31.613943] REISERFS (device loop0): using 3.5.x disk format [ 31.695217] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 31.704341] REISERFS (device loop0): using ordered data mode [ 31.710878] reiserfs: using flush barriers [ 31.715784] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 31.733045] REISERFS (device loop0): checking transaction log (loop0) [ 31.775392] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 31.790735] REISERFS (device loop0): Using r5 hash to sort names [ 31.796900] REISERFS (device loop0): using 3.5.x disk format [ 31.890859] Bluetooth: hci0 command 0x0409 tx timeout [ 31.904703] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 31.915158] REISERFS (device loop0): using ordered data mode [ 31.921341] reiserfs: using flush barriers [ 31.927235] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 31.943054] REISERFS (device loop0): checking transaction log (loop0) [ 31.986550] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.002018] REISERFS (device loop0): Using r5 hash to sort names [ 32.008171] REISERFS (device loop0): using 3.5.x disk format [ 32.077503] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 32.090266] REISERFS (device loop0): using ordered data mode [ 32.096170] reiserfs: using flush barriers [ 32.102715] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 32.118800] REISERFS (device loop0): checking transaction log (loop0) [ 32.169217] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.185689] REISERFS (device loop0): Using r5 hash to sort names [ 32.192301] REISERFS (device loop0): using 3.5.x disk format [ 32.314898] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 32.324070] REISERFS (device loop0): using ordered data mode [ 32.330747] reiserfs: using flush barriers [ 32.335487] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 32.352070] REISERFS (device loop0): checking transaction log (loop0) [ 32.394801] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.411202] REISERFS (device loop0): Using r5 hash to sort names [ 32.417349] REISERFS (device loop0): using 3.5.x disk format [ 32.478347] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 32.487441] REISERFS (device loop0): using ordered data mode [ 32.493960] reiserfs: using flush barriers [ 32.498829] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 32.515301] REISERFS (device loop0): checking transaction log (loop0) [ 32.559484] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.575624] REISERFS (device loop0): Using r5 hash to sort names [ 32.582659] REISERFS (device loop0): using 3.5.x disk format [ 32.701520] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 32.710323] REISERFS (device loop0): using ordered data mode [ 32.716135] reiserfs: using flush barriers [ 32.721961] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 32.737770] REISERFS (device loop0): checking transaction log (loop0) [ 32.779866] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.795651] REISERFS (device loop0): Using r5 hash to sort names [ 32.802258] REISERFS (device loop0): using 3.5.x disk format [ 32.866264] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 32.875135] REISERFS (device loop0): using ordered data mode [ 32.881000] reiserfs: using flush barriers [ 32.885770] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 32.902977] REISERFS (device loop0): checking transaction log (loop0) [ 32.949540] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 32.966668] REISERFS (device loop0): Using r5 hash to sort names [ 32.973350] REISERFS (device loop0): using 3.5.x disk format [ 33.094188] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.102914] REISERFS (device loop0): using ordered data mode [ 33.108760] reiserfs: using flush barriers [ 33.114002] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 33.129499] REISERFS (device loop0): checking transaction log (loop0) [ 33.170849] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 33.186461] REISERFS (device loop0): Using r5 hash to sort names [ 33.192677] REISERFS (device loop0): using 3.5.x disk format [ 33.248826] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.257484] REISERFS (device loop0): using ordered data mode [ 33.263434] reiserfs: using flush barriers [ 33.269347] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 0, max trans age 30 [ 33.285104] REISERFS (device loop0): checking transaction log (loop0) [ 33.331248] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 33.348092] REISERFS (device loop0): Using r5 hash to sort names [ 33.354910] REISERFS (device loop0): using 3.5.x disk format [ 33.361419] ------------[ cut here ]------------ [ 33.366309] kernel BUG at fs/reiserfs/journal.c:3640! [ 33.372166] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 33.377519] Modules linked in: [ 33.380727] CPU: 0 PID: 8351 Comm: syz-executor.0 Not tainted 4.14.206-syzkaller #0 [ 33.388496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.397827] task: ffff8880aaac4340 task.stack: ffff8880a9a18000 [ 33.403883] RIP: 0010:do_journal_end+0x30ee/0x4260 [ 33.408788] RSP: 0018:ffff8880a9a1f9f8 EFLAGS: 00010297 [ 33.414133] RAX: ffff8880aaac4340 RBX: ffffc90005f10000 RCX: 0000000000000000 [ 33.421382] RDX: 0000000000000000 RSI: ffff8880a9a1fc30 RDI: ffff8880a9a1fc3c [ 33.428643] RBP: ffff888092f5ca80 R08: 0000000000000000 R09: 000000000004061f [ 33.435889] R10: ffff8880aaac4c18 R11: ffff8880aaac4340 R12: 0000000000000000 [ 33.443133] R13: ffffc90005f10058 R14: ffffc90005f10048 R15: ffff8880a9a1fc38 [ 33.450381] FS: 00007fbf77397700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 33.458597] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.464453] CR2: 00007f2b7ba46020 CR3: 00000000ac2fb000 CR4: 00000000001406f0 [ 33.471699] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.478952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.486197] Call Trace: [ 33.488795] ? reiserfs_info.cold+0x1d/0x67 [ 33.493093] ? __reiserfs_warning+0xb0/0xb0 [ 33.497390] ? do_raw_spin_unlock+0x164/0x220 [ 33.501947] journal_end+0x259/0x300 [ 33.505637] reiserfs_fill_super+0x1ac0/0x28be [ 33.510196] ? reiserfs_remount+0x1390/0x1390 [ 33.514670] ? lock_downgrade+0x740/0x740 [ 33.518797] ? snprintf+0xa5/0xd0 [ 33.522229] mount_bdev+0x2b3/0x360 [ 33.525832] ? reiserfs_remount+0x1390/0x1390 [ 33.530336] mount_fs+0x92/0x2a0 [ 33.533679] vfs_kern_mount.part.0+0x5b/0x470 [ 33.538153] do_mount+0xe53/0x2a00 [ 33.541688] ? copy_mount_string+0x40/0x40 [ 33.545902] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.550899] ? copy_mnt_ns+0xa30/0xa30 [ 33.554762] ? copy_mount_options+0x1fa/0x2f0 [ 33.559232] ? copy_mnt_ns+0xa30/0xa30 [ 33.563096] SyS_mount+0xa8/0x120 [ 33.566526] ? copy_mnt_ns+0xa30/0xa30 [ 33.570391] do_syscall_64+0x1d5/0x640 [ 33.574259] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.579424] RIP: 0033:0x46090a [ 33.582764] RSP: 002b:00007fbf77396a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.590455] RAX: ffffffffffffffda RBX: 00007fbf77396b20 RCX: 000000000046090a [ 33.597706] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fbf77396ae0 [ 33.604959] RBP: 00007fbf77396ae0 R08: 00007fbf77396b20 R09: 0000000020000000 [ 33.612363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000 [ 33.619626] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020011400 [ 33.626999] Code: e8 08 21 ff ff e9 11 fa ff ff e8 de 50 a1 ff 0f 0b e8 d7 50 a1 ff 0f 0b e8 d0 50 a1 ff 0f 0b e8 c9 50 a1 ff 0f 0b e8 c2 50 a1 ff <0f> 0b e8 bb 50 a1 ff 48 8d bb d0 01 00 00 48 b8 00 00 00 00 00 [ 33.646096] RIP: do_journal_end+0x30ee/0x4260 RSP: ffff8880a9a1f9f8 [ 33.660135] ---[ end trace bd5e7c4d654c8285 ]--- [ 33.664910] Kernel panic - not syncing: Fatal exception [ 33.671066] Kernel Offset: disabled [ 33.674676] Rebooting in 86400 seconds..