[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. syzkaller login: [ 36.353188] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.366320] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 36.369042] REISERFS (device loop0): using ordered data mode [ 36.385752] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 36.394958] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 36.400493] reiserfs: using flush barriers [ 36.405472] REISERFS (device loop4): using ordered data mode [ 36.410619] REISERFS (device loop5): using ordered data mode [ 36.419837] REISERFS (device loop1): using ordered data mode [ 36.420118] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 36.437026] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 36.440197] reiserfs: using flush barriers [ 36.448967] REISERFS (device loop2): using ordered data mode [ 36.452422] reiserfs: using flush barriers [ 36.456958] reiserfs: using flush barriers [ 36.465215] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.471238] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.484414] REISERFS (device loop3): using ordered data mode [ 36.499486] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.506991] reiserfs: using flush barriers [ 36.523660] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.540139] REISERFS (device loop0): checking transaction log (loop0) [ 36.548493] REISERFS (device loop4): checking transaction log (loop4) [ 36.549308] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.577608] reiserfs: using flush barriers [ 36.583395] REISERFS (device loop5): checking transaction log (loop5) [ 36.600885] REISERFS (device loop1): checking transaction log (loop1) [ 36.603797] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.701436] REISERFS (device loop2): checking transaction log (loop2) [ 36.740434] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.758634] REISERFS (device loop3): checking transaction log (loop3) [ 36.772755] REISERFS warning (device loop5): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.788257] REISERFS (device loop0): Using tea hash to sort names [ 36.794915] REISERFS (device loop5): Using tea hash to sort names [ 36.822718] REISERFS warning (device loop4): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.853986] REISERFS warning (device loop1): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.902726] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.910230] REISERFS (device loop4): Using tea hash to sort names [ 36.940970] REISERFS warning (device loop2): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.941101] REISERFS (device loop0): using ordered data mode [ 36.960087] REISERFS (device loop1): Using tea hash to sort names [ 36.973540] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 36.994644] REISERFS warning (device loop3): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.995541] REISERFS (device loop5): using ordered data mode [ 37.017251] reiserfs: using flush barriers [ 37.034569] REISERFS (device loop2): Using tea hash to sort names [ 37.042227] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.067707] reiserfs: using flush barriers [ 37.088054] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.101185] REISERFS (device loop3): Using tea hash to sort names [ 37.109668] REISERFS (device loop0): checking transaction log (loop0) [ 37.123928] REISERFS (device loop5): checking transaction log (loop5) [ 37.130994] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 37.140710] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 37.159025] REISERFS (device loop1): using ordered data mode [ 37.168584] REISERFS (device loop4): using ordered data mode [ 37.181250] reiserfs: using flush barriers [ 37.187641] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 37.205662] reiserfs: using flush barriers [ 37.225153] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.227004] REISERFS (device loop2): using ordered data mode [ 37.266416] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.281864] REISERFS (device loop0): Using tea hash to sort names [ 37.287688] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.294029] REISERFS warning (device loop5): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.328637] REISERFS (device loop1): checking transaction log (loop1) [ 37.335743] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 37.337545] reiserfs: using flush barriers [ 37.350242] REISERFS (device loop4): checking transaction log (loop4) [ 37.361682] REISERFS (device loop3): using ordered data mode [ 37.367099] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.367484] reiserfs: using flush barriers [ 37.368813] REISERFS (device loop5): Using tea hash to sort names [ 37.416273] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.462339] REISERFS (device loop3): checking transaction log (loop3) [ 37.475947] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.489368] REISERFS warning (device loop1): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.505463] REISERFS (device loop2): checking transaction log (loop2) [ 37.508820] REISERFS (device loop0): using ordered data mode [ 37.538207] reiserfs: using flush barriers [ 37.553532] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.570580] REISERFS (device loop1): Using tea hash to sort names [ 37.604311] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 37.623010] ------------[ cut here ]------------ [ 37.627916] kernel BUG at fs/reiserfs/journal.c:3640! [ 37.628757] REISERFS warning (device loop4): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.634490] REISERFS (device loop5): using ordered data mode [ 37.662341] REISERFS warning (device loop3): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.691975] REISERFS (device loop0): checking transaction log (loop0) [ 37.702398] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 37.708213] Modules linked in: [ 37.711410] CPU: 1 PID: 8063 Comm: syz-executor581 Not tainted 4.14.206-syzkaller #0 [ 37.718347] init_special_inode: bogus i_mode (0) for inode loop2:2 [ 37.719470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.719476] task: ffff8880b0a301c0 task.stack: ffff888095fa0000 [ 37.719488] RIP: 0010:do_journal_end+0x30ee/0x4260 [ 37.719491] RSP: 0018:ffff888095fa79f8 EFLAGS: 00010297 [ 37.728193] REISERFS (device loop4): Using tea hash to sort names [ 37.735245] RAX: ffff8880b0a301c0 RBX: ffffc90005c73000 RCX: 0000000000000000 [ 37.735250] RDX: 0000000000000000 RSI: ffff888095fa7c30 RDI: ffff888095fa7c3c [ 37.735254] RBP: ffff888096cf8040 R08: 0000000000000000 R09: 000000000004057e [ 37.735258] R10: ffff8880b0a30a98 R11: ffff8880b0a301c0 R12: 0000000000000000 [ 37.735262] R13: ffffc90005c73058 R14: ffffc90005c73048 R15: ffff888095fa7c38 [ 37.735267] FS: 0000000000c72880(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 37.735271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.735274] CR2: 00007fef454b2000 CR3: 000000009e413000 CR4: 00000000001406e0 [ 37.735280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.735283] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.735285] Call Trace: [ 37.735300] ? do_journal_end+0x4260/0x4260 [ 37.735306] ? reiserfs_info.cold+0x1d/0x67 [ 37.735315] ? do_raw_spin_unlock+0x164/0x220 [ 37.735323] journal_end+0x259/0x300 [ 37.745607] REISERFS warning (device loop2): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.746387] reiserfs_fill_super+0x1ac0/0x28be [ 37.746398] ? reiserfs_remount+0x1390/0x1390 [ 37.746408] ? lock_downgrade+0x740/0x740 [ 37.751888] REISERFS (device loop2): Using tea hash to sort names [ 37.757974] ? snprintf+0xa5/0xd0 [ 37.757987] mount_bdev+0x2b3/0x360 [ 37.757994] ? reiserfs_remount+0x1390/0x1390 [ 37.758001] mount_fs+0x92/0x2a0 [ 37.765422] ------------[ cut here ]------------ [ 37.772684] vfs_kern_mount.part.0+0x5b/0x470 [ 37.780098] kernel BUG at fs/reiserfs/journal.c:3640! [ 37.787365] do_mount+0xe53/0x2a00 [ 37.917169] ? copy_mount_string+0x40/0x40 [ 37.921380] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.926471] ? copy_mnt_ns+0xa30/0xa30 [ 37.930365] ? copy_mount_options+0x1fa/0x2f0 [ 37.934849] ? copy_mnt_ns+0xa30/0xa30 [ 37.938725] SyS_mount+0xa8/0x120 [ 37.942154] ? copy_mnt_ns+0xa30/0xa30 [ 37.946037] do_syscall_64+0x1d5/0x640 [ 37.949901] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.955062] RIP: 0033:0x447e8a [ 37.958229] RSP: 002b:00007fffb1cf5fe8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 37.966107] RAX: ffffffffffffffda RBX: 00007fffb1cf6040 RCX: 0000000000447e8a [ 37.973370] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffb1cf6000 [ 37.981415] RBP: 00007fffb1cf6000 R08: 00007fffb1cf6040 R09: 0000000000000000 [ 37.988687] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 37.996018] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.003265] Code: e8 08 21 ff ff e9 11 fa ff ff e8 de 50 a1 ff 0f 0b e8 d7 50 a1 ff 0f 0b e8 d0 50 a1 ff 0f 0b e8 c9 50 a1 ff 0f 0b e8 c2 50 a1 ff <0f> 0b e8 bb 50 a1 ff 48 8d bb d0 01 00 00 48 b8 00 00 00 00 00 [ 38.022342] RIP: do_journal_end+0x30ee/0x4260 RSP: ffff888095fa79f8 [ 38.028867] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 38.034233] Modules linked in: [ 38.037428] CPU: 0 PID: 8064 Comm: syz-executor581 Tainted: G D 4.14.206-syzkaller #0 [ 38.046515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.047404] REISERFS (device loop3): Using tea hash to sort names [ 38.058377] task: ffff8880b3c486c0 task.stack: ffff8880b3ac0000 [ 38.058388] RIP: 0010:do_journal_end+0x30ee/0x4260 [ 38.058391] RSP: 0018:ffff8880b3ac79f8 EFLAGS: 00010297 [ 38.058397] RAX: ffff8880b3c486c0 RBX: ffffc90005c9f000 RCX: 0000000000000000 [ 38.058400] RDX: 0000000000000000 RSI: ffff8880b3ac7c30 RDI: ffff8880b3ac7c3c [ 38.058403] RBP: ffff8880ac78c080 R08: 0000000000000000 R09: 0000000000000000 [ 38.058409] R10: 0000000000000000 R11: ffff8880b3c486c0 R12: 0000000000000000 [ 38.064657] reiserfs: using flush barriers [ 38.070672] R13: ffffc90005c9f058 R14: ffffc90005c9f048 R15: ffff8880b3ac7c38 [ 38.079789] ---[ end trace 79e59c8f037b411a ]--- [ 38.080944] FS: 0000000000c72880(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 38.089000] Kernel panic - not syncing: Fatal exception [ 38.095602] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.145723] CR2: 00007fffb1cf619c CR3: 000000009bb19000 CR4: 00000000001406f0 [ 38.152978] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.160244] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.167493] Call Trace: [ 38.170071] ? do_journal_end+0x4260/0x4260 [ 38.174376] ? reiserfs_info.cold+0x1d/0x67 [ 38.178683] ? do_raw_spin_unlock+0x164/0x220 [ 38.183158] journal_end+0x259/0x300 [ 38.186853] reiserfs_fill_super+0x1ac0/0x28be [ 38.191418] ? reiserfs_remount+0x1390/0x1390 [ 38.195894] ? lock_downgrade+0x740/0x740 [ 38.200023] ? snprintf+0xa5/0xd0 [ 38.203461] mount_bdev+0x2b3/0x360 [ 38.207085] ? reiserfs_remount+0x1390/0x1390 [ 38.211587] mount_fs+0x92/0x2a0 [ 38.214936] vfs_kern_mount.part.0+0x5b/0x470 [ 38.219429] do_mount+0xe53/0x2a00 [ 38.222952] ? do_raw_spin_unlock+0x164/0x220 [ 38.227447] ? copy_mount_string+0x40/0x40 [ 38.231662] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.236673] ? copy_mnt_ns+0xa30/0xa30 [ 38.240560] ? copy_mount_options+0x1fa/0x2f0 [ 38.245065] ? copy_mnt_ns+0xa30/0xa30 [ 38.249025] SyS_mount+0xa8/0x120 [ 38.252499] ? copy_mnt_ns+0xa30/0xa30 [ 38.256664] do_syscall_64+0x1d5/0x640 [ 38.260537] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.265791] RIP: 0033:0x447e8a [ 38.268960] RSP: 002b:00007fffb1cf5fe8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 38.276670] RAX: ffffffffffffffda RBX: 00007fffb1cf6040 RCX: 0000000000447e8a [ 38.283922] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffb1cf6000 [ 38.291171] RBP: 00007fffb1cf6000 R08: 00007fffb1cf6040 R09: 0000000000000000 [ 38.298421] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 38.305671] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.312946] Code: e8 08 21 ff ff e9 11 fa ff ff e8 de 50 a1 ff 0f 0b e8 d7 50 a1 ff 0f 0b e8 d0 50 a1 ff 0f 0b e8 c9 50 a1 ff 0f 0b e8 c2 50 a1 ff <0f> 0b e8 bb 50 a1 ff 48 8d bb d0 01 00 00 48 b8 00 00 00 00 00 [ 38.332161] RIP: do_journal_end+0x30ee/0x4260 RSP: ffff8880b3ac79f8 [ 38.339475] Kernel Offset: disabled [ 38.343096] Rebooting in 86400 seconds..