[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.785341] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 29.795332] REISERFS (device loop0): using ordered data mode [ 29.802054] reiserfs: using flush barriers [ 29.808837] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 29.825091] REISERFS (device loop0): checking transaction log (loop0) [ 29.833257] REISERFS (device loop0): Using rupasov hash to sort names [ 29.886501] BUG: unable to handle kernel paging request at ffff888094f84000 [ 29.893653] IP: __memmove+0x24/0x1a0 [ 29.895820] kasan: CONFIG_KASAN_INLINE enabled [ 29.897341] PGD c9dc067 [ 29.901899] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 29.901903] P4D c9dc067 PUD 23ffff067 PMD b07c0063 PTE 8000000094f84161 [ 29.918605] Oops: 0003 [#1] PREEMPT SMP KASAN [ 29.923094] Modules linked in: [ 29.926261] CPU: 1 PID: 7970 Comm: syz-executor126 Not tainted 4.14.299-syzkaller #0 [ 29.934113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.943440] task: ffff888098a1c000 task.stack: ffff888095a08000 [ 29.949533] RIP: 0010:__memmove+0x24/0x1a0 [ 29.953737] RSP: 0018:ffff888095a0f060 EFLAGS: 00010293 [ 29.959076] RAX: ffff88808e64cfb4 RBX: 0000000000000010 RCX: fffffffff96c8fb0 [ 29.966318] RDX: fffffffffffffffc RSI: ffff888094f83ff0 RDI: ffff888094f84000 [ 29.973560] RBP: 0000000000000010 R08: ffff88808e64cfa0 R09: ffffed1011cc99f5 [ 29.980802] R10: ffff88808e64cfaf R11: 00002e2e0004003c R12: ffff88808e64cfa4 [ 29.988044] R13: 000000000000001c R14: ffff88808e64cf84 R15: ffff88808e64c030 [ 29.995430] FS: 0000555556059300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 30.003652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.009512] CR2: ffff888094f84000 CR3: 00000000b610c000 CR4: 00000000003406e0 [ 30.016759] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.024123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.031382] Call Trace: [ 30.033945] leaf_paste_entries+0x44b/0x9b0 [ 30.038332] balance_leaf+0x827e/0xba30 [ 30.042282] ? replace_key+0x150/0x150 [ 30.046145] do_balance+0x282/0x630 [ 30.049744] ? get_right_neighbor_position+0x160/0x160 [ 30.054992] ? __mutex_unlock_slowpath+0x75/0x770 [ 30.059806] ? memset+0x20/0x40 [ 30.063059] reiserfs_paste_into_item+0x569/0x6f0 [ 30.067875] ? reiserfs_delete_object+0x1e0/0x1e0 [ 30.072819] ? __mutex_unlock_slowpath+0x43/0x770 [ 30.077645] ? search_by_entry_key+0xf50/0xf50 [ 30.082202] ? make_cpu_key+0x22/0x2a0 [ 30.086068] reiserfs_add_entry+0x7d3/0xbc0 [ 30.090369] ? reiserfs_lookup+0x400/0x400 [ 30.094579] ? __mutex_unlock_slowpath+0x43/0x770 [ 30.099398] ? wait_for_completion_io+0x10/0x10 [ 30.104062] reiserfs_mkdir+0x5ca/0x8b0 [ 30.108030] ? reiserfs_mknod+0x690/0x690 [ 30.112163] reiserfs_xattr_init+0x393/0xa50 [ 30.116564] reiserfs_fill_super+0x1d4a/0x2990 [ 30.121126] ? reiserfs_remount+0x1390/0x1390 [ 30.125610] ? lock_downgrade+0x740/0x740 [ 30.129733] ? snprintf+0xa5/0xd0 [ 30.133164] mount_bdev+0x2b3/0x360 [ 30.136767] ? reiserfs_remount+0x1390/0x1390 [ 30.141237] mount_fs+0x92/0x2a0 [ 30.144578] vfs_kern_mount.part.0+0x5b/0x470 [ 30.149133] do_mount+0xe65/0x2a30 [ 30.152650] ? retint_kernel+0x2d/0x2d [ 30.156511] ? copy_mount_string+0x40/0x40 [ 30.160721] ? memset+0x20/0x40 [ 30.163974] ? copy_mount_options+0x1fa/0x2f0 [ 30.168445] ? copy_mnt_ns+0xa30/0xa30 [ 30.172308] SyS_mount+0xa8/0x120 [ 30.175735] ? copy_mnt_ns+0xa30/0xa30 [ 30.179600] do_syscall_64+0x1d5/0x640 [ 30.183461] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.188629] Code: 90 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 [ 30.207689] RIP: __memmove+0x24/0x1a0 RSP: ffff888095a0f060 [ 30.213370] CR2: ffff888094f84000 [ 30.216808] ---[ end trace 430efb6fe8da0b39 ]--- [ 30.216844] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 30.221540] Kernel panic - not syncing: Fatal exception [ 30.228529] Modules linked in: [ 30.237048] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G D 4.14.299-syzkaller #0 [ 30.245597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.254938] Workqueue: events defense_work_handler [ 30.259863] task: ffff8880b561c680 task.stack: ffff8880b5610000 [ 30.265903] RIP: 0010:nr_blockdev_pages+0x68/0x100 [ 30.270810] RSP: 0018:ffff8880b5617bf8 EFLAGS: 00010a06 [ 30.276154] RAX: 1ffc4005c0000006 RBX: ffff8880903a8600 RCX: 0000000000000000 [ 30.283403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffe2002e00000030 [ 30.290736] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 30.297984] R10: 0000000000000000 R11: ffff8880b561c680 R12: ffe2002e00000000 [ 30.305232] R13: 0000000000000000 R14: ffff8880ba433b80 R15: ffff88823551ef78 [ 30.312497] FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 30.320701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.326562] CR2: 00007ff1f0247000 CR3: 00000000b610c000 CR4: 00000000003406f0 [ 30.333813] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.341062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.348312] Call Trace: [ 30.350883] si_meminfo+0xe2/0x200 [ 30.355101] update_defense_level+0x70/0xf20 [ 30.359493] ? ip_vs_del_dest+0x230/0x230 [ 30.363631] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 30.368719] ? debug_object_deactivate+0x1da/0x2e0 [ 30.373633] ? lock_acquire+0x170/0x3f0 [ 30.377587] ? process_one_work+0x6e6/0x14a0 [ 30.381976] defense_work_handler+0x1b/0xc0 [ 30.386284] process_one_work+0x793/0x14a0 [ 30.390726] ? work_busy+0x320/0x320 [ 30.394443] ? worker_thread+0x158/0xff0 [ 30.398488] ? _raw_spin_unlock_irq+0x24/0x80 [ 30.402964] worker_thread+0x5cc/0xff0 [ 30.406835] ? rescuer_thread+0xc80/0xc80 [ 30.410963] kthread+0x30d/0x420 [ 30.414309] ? kthread_create_on_node+0xd0/0xd0 [ 30.419045] ret_from_fork+0x24/0x30 [ 30.422917] Code: df e8 6d 00 c1 ff 48 8d 7b 08 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 86 00 00 00 4c 8b 63 08 49 8d 7c 24 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 84 00 00 00 4d 8b 64 24 30 49 8d bc 24 e8 00 [ 30.442076] RIP: nr_blockdev_pages+0x68/0x100 RSP: ffff8880b5617bf8 [ 30.448700] Kernel Offset: disabled [ 30.452311] Rebooting in 86400 seconds..