[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. syzkaller login: [ 36.361021] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.367991] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 36.374874] REISERFS (device loop0): using ordered data mode [ 36.385678] REISERFS (device loop5): using ordered data mode [ 36.388367] reiserfs: using flush barriers [ 36.392406] reiserfs: using flush barriers [ 36.400344] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 36.409374] REISERFS (device loop3): using ordered data mode [ 36.410411] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.428080] reiserfs: using flush barriers [ 36.435999] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 36.444742] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.449315] REISERFS (device loop4): using ordered data mode [ 36.463226] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 36.475513] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.478159] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 36.514511] REISERFS (device loop5): checking transaction log (loop5) [ 36.514696] REISERFS (device loop2): using ordered data mode [ 36.521407] REISERFS (device loop1): using ordered data mode [ 36.531738] reiserfs: using flush barriers [ 36.541896] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.559678] REISERFS (device loop0): checking transaction log (loop0) [ 36.565399] reiserfs: using flush barriers [ 36.567767] REISERFS (device loop3): checking transaction log (loop3) [ 36.581052] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.587514] reiserfs: using flush barriers [ 36.634946] REISERFS (device loop4): checking transaction log (loop4) [ 36.651329] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.657132] REISERFS (device loop1): checking transaction log (loop1) [ 36.745067] REISERFS warning (device loop5): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.776579] REISERFS (device loop2): checking transaction log (loop2) [ 36.852540] REISERFS (device loop5): Using r5 hash to sort names [ 36.902687] REISERFS warning (device loop3): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 36.957993] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.002418] REISERFS warning (device loop4): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.018573] REISERFS (device loop4): Using r5 hash to sort names [ 37.030347] REISERFS (device loop0): Using r5 hash to sort names [ 37.049080] REISERFS (device loop3): Using r5 hash to sort names [ 37.097491] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 37.117264] REISERFS (device loop5): using ordered data mode [ 37.124320] REISERFS warning (device loop1): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.146822] reiserfs: using flush barriers [ 37.147924] REISERFS (device loop1): Using r5 hash to sort names [ 37.157595] REISERFS warning (device loop2): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.174572] REISERFS (device loop2): Using r5 hash to sort names [ 37.213952] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.232951] REISERFS (device loop5): checking transaction log (loop5) [ 37.302617] REISERFS warning (device loop5): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.331151] REISERFS (device loop5): Using r5 hash to sort names [ 37.393796] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 37.393997] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 37.402607] REISERFS (device loop3): using ordered data mode [ 37.417546] REISERFS (device loop4): using ordered data mode [ 37.419629] reiserfs: using flush barriers [ 37.424360] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.435791] reiserfs: using flush barriers [ 37.436898] REISERFS (device loop0): using ordered data mode [ 37.447834] reiserfs: using flush barriers [ 37.456094] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.472014] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.474047] REISERFS (device loop0): checking transaction log (loop0) [ 37.500966] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 37.509736] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.510525] REISERFS (device loop2): using ordered data mode [ 37.535194] REISERFS (device loop3): checking transaction log (loop3) [ 37.543949] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 37.552853] REISERFS (device loop1): using ordered data mode [ 37.565886] reiserfs: using flush barriers [ 37.582822] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.590103] REISERFS (device loop4): checking transaction log (loop4) [ 37.602662] reiserfs: using flush barriers [ 37.607506] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 37.627612] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.635139] REISERFS (device loop5): using ordered data mode [ 37.663542] REISERFS (device loop1): checking transaction log (loop1) [ 37.688334] REISERFS (device loop2): checking transaction log (loop2) [ 37.720071] reiserfs: using flush barriers [ 37.754476] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.775708] REISERFS warning (device loop3): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 37.862841] REISERFS (device loop3): Using r5 hash to sort names [ 37.902424] ------------[ cut here ]------------ [ 37.907348] kernel BUG at fs/reiserfs/journal.c:3643! [ 37.950280] REISERFS (device loop5): checking transaction log (loop5) [ 37.991464] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 38.014817] REISERFS warning (device loop1): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 38.017978] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 38.035226] CPU: 0 PID: 8158 Comm: syz-executor419 Not tainted 4.19.195-syzkaller #0 [ 38.043130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.044704] REISERFS (device loop1): Using r5 hash to sort names [ 38.052682] RIP: 0010:do_journal_end+0x3601/0x4840 [ 38.052696] Code: 05 0f ff ff e9 9a f9 ff ff e8 8b 7d 8b ff 0f 0b e8 84 7d 8b ff 0f 0b e8 7d 7d 8b ff 0f 0b e8 76 7d 8b ff 0f 0b e8 6f 7d 8b ff <0f> 0b e8 68 7d 8b ff 0f 0b e8 61 7d 8b ff 48 8b 44 24 08 48 8b 54 [ 38.052702] RSP: 0018:ffff8880b329f998 EFLAGS: 00010293 [ 38.052711] RAX: ffff8880add7a080 RBX: ffffc90005d50000 RCX: ffffffff81d6d1e3 [ 38.052717] RDX: 0000000000000000 RSI: ffffffff81d701c1 RDI: 0000000000000007 [ 38.052723] RBP: ffff8880aecb2100 R08: 0000000000000001 R09: 0000000000000000 [ 38.052729] R10: 0000000000000007 R11: 0000000000000000 R12: 0000000000000000 [ 38.052735] R13: ffffc90005d50058 R14: ffff8880b329fbc8 R15: 0000000000000000 [ 38.052751] FS: 0000000000a24300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 38.132268] init_special_inode: bogus i_mode (0) for inode loop5:2 [ 38.132838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.132847] CR2: 00007fdf95d06000 CR3: 00000000a8c68000 CR4: 00000000001406f0 [ 38.132857] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.132870] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.139270] REISERFS warning (device loop5): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 38.145060] Call Trace: [ 38.145086] ? reiserfs_info.cold+0x1d/0x7c [ 38.145098] ? wake_up_var+0x110/0x110 [ 38.145109] ? yura_hash+0x2a0/0x2a0 [ 38.145121] journal_end+0x277/0x310 [ 38.145141] reiserfs_fill_super+0x2002/0x2cf0 [ 38.156742] REISERFS (device loop5): Using r5 hash to sort names [ 38.159791] ? reiserfs_remount+0x1540/0x1540 [ 38.159807] ? lock_downgrade+0x720/0x720 [ 38.159824] ? snprintf+0xbb/0xf0 [ 38.169637] REISERFS (device loop0): Using r5 hash to sort names [ 38.182180] ? wait_for_completion_io+0x10/0x10 [ 38.182196] mount_bdev+0x2fc/0x3b0 [ 38.182210] ? reiserfs_remount+0x1540/0x1540 [ 38.182221] mount_fs+0xa3/0x310 [ 38.182235] vfs_kern_mount.part.0+0x68/0x470 [ 38.182247] do_mount+0x113c/0x2f10 [ 38.182265] ? do_raw_spin_unlock+0x171/0x230 [ 38.258220] ? check_preemption_disabled+0x41/0x280 [ 38.263349] ? copy_mount_string+0x40/0x40 [ 38.267607] ? copy_mount_options+0x59/0x380 [ 38.272075] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.277104] ? kmem_cache_alloc_trace+0x323/0x380 [ 38.281957] ? copy_mount_options+0x26f/0x380 [ 38.286470] ksys_mount+0xcf/0x130 [ 38.290075] __x64_sys_mount+0xba/0x150 [ 38.294063] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.299020] do_syscall_64+0xf9/0x620 [ 38.302842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.308031] RIP: 0033:0x445c0a [ 38.311229] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.330355] RSP: 002b:00007fff8f47b778 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 38.338327] RAX: ffffffffffffffda RBX: 00007fff8f47b7d0 RCX: 0000000000445c0a [ 38.345600] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff8f47b790 [ 38.352865] RBP: 00007fff8f47b790 R08: 00007fff8f47b7d0 R09: 0000000000000000 [ 38.360232] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290 [ 38.367508] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006 [ 38.374779] Modules linked in: [ 38.381572] ---[ end trace 47350a324acaccbf ]--- [ 38.388817] init_special_inode: bogus i_mode (0) for inode loop2:2 [ 38.388871] RIP: 0010:do_journal_end+0x3601/0x4840 [ 38.400965] Code: 05 0f ff ff e9 9a f9 ff ff e8 8b 7d 8b ff 0f 0b e8 84 7d 8b ff 0f 0b e8 7d 7d 8b ff 0f 0b e8 76 7d 8b ff 0f 0b e8 6f 7d 8b ff <0f> 0b e8 68 7d 8b ff 0f 0b e8 61 7d 8b ff 48 8b 44 24 08 48 8b 54 [ 38.401319] REISERFS warning (device loop2): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 38.420224] RSP: 0018:ffff8880b329f998 EFLAGS: 00010293 [ 38.440987] RAX: ffff8880add7a080 RBX: ffffc90005d50000 RCX: ffffffff81d6d1e3 [ 38.447602] init_special_inode: bogus i_mode (0) for inode loop4:2 [ 38.448331] RDX: 0000000000000000 RSI: ffffffff81d701c1 RDI: 0000000000000007 [ 38.460203] REISERFS warning (device loop4): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 38.462536] RBP: ffff8880aecb2100 R08: 0000000000000001 R09: 0000000000000000 [ 38.482299] REISERFS (device loop4): Using r5 hash to sort names [ 38.484705] R10: 0000000000000007 R11: 0000000000000000 R12: 0000000000000000 [ 38.493188] REISERFS (device loop2): Using r5 hash to sort names [ 38.498416] R13: ffffc90005d50058 R14: ffff8880b329fbc8 R15: 0000000000000000 [ 38.512177] FS: 0000000000a24300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 38.520582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.527368] CR2: 00007fdf95d06000 CR3: 00000000a8c68000 CR4: 00000000001406f0 [ 38.535370] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.544483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.552324] Kernel panic - not syncing: Fatal exception [ 38.558481] Kernel Offset: disabled [ 38.562346] Rebooting in 86400 seconds..