[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.997089] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.008041] REISERFS (device loop0): using ordered data mode [ 33.015078] reiserfs: using flush barriers [ 33.024649] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 4294967295, max trans age 30 [ 33.040933] REISERFS (device loop0): checking transaction log (loop0) [ 33.048574] REISERFS (device loop0): Using r5 hash to sort names [ 33.055915] REISERFS (device loop0): using 3.5.x disk format [ 33.062603] ================================================================== [ 33.070019] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 [ 33.076764] Read of size 18446744073709551584 at addr ffff88808a5aefa4 by task syz-executor366/8076 [ 33.085925] [ 33.087537] CPU: 1 PID: 8076 Comm: syz-executor366 Not tainted 4.19.211-syzkaller #0 [ 33.095393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.104731] Call Trace: [ 33.107304] dump_stack+0x1fc/0x2ef [ 33.110918] print_address_description.cold+0x54/0x219 [ 33.116181] kasan_report_error.cold+0x8a/0x1b9 [ 33.120839] ? leaf_paste_entries+0x449/0x910 [ 33.125320] kasan_report+0x8f/0xa0 [ 33.128927] ? journal_mark_dirty+0x7b0/0xc80 [ 33.133405] ? leaf_paste_entries+0x449/0x910 [ 33.137883] memmove+0x20/0x50 [ 33.141088] leaf_paste_entries+0x449/0x910 [ 33.145396] balance_leaf+0x8fd7/0xca70 [ 33.149359] ? replace_key+0x160/0x160 [ 33.153232] do_balance+0x30a/0x760 [ 33.156843] ? get_right_neighbor_position+0x170/0x170 [ 33.162101] ? __mutex_unlock_slowpath+0xea/0x610 [ 33.166929] ? memset+0x20/0x40 [ 33.170190] reiserfs_paste_into_item+0x636/0x7d0 [ 33.175015] ? reiserfs_delete_object+0x200/0x200 [ 33.179868] ? search_by_entry_key+0xf30/0xf30 [ 33.184691] ? reiserfs_new_inode+0x3e3/0x2180 [ 33.189251] ? r5_hash+0xab/0xd0 [ 33.192596] ? make_cpu_key+0x22/0x2a0 [ 33.196467] reiserfs_add_entry+0x89a/0xcc0 [ 33.200773] ? reiserfs_lookup+0x490/0x490 [ 33.204993] ? wait_for_completion_io+0x10/0x10 [ 33.209653] ? do_journal_begin_r+0xd10/0x10b0 [ 33.214224] ? dquot_initialize_needed+0x290/0x290 [ 33.219139] reiserfs_mkdir+0x66e/0x980 [ 33.223095] ? reiserfs_mknod+0x700/0x700 [ 33.227231] ? lock_acquire+0x171/0x3c0 [ 33.231190] reiserfs_xattr_init+0x406/0xae0 [ 33.235583] reiserfs_fill_super+0x1f54/0x2d80 [ 33.240149] ? reiserfs_remount+0x1540/0x1540 [ 33.244625] ? lock_downgrade+0x720/0x720 [ 33.248757] ? snprintf+0xbb/0xf0 [ 33.252194] ? wait_for_completion_io+0x10/0x10 [ 33.256846] mount_bdev+0x2fc/0x3b0 [ 33.260453] ? reiserfs_remount+0x1540/0x1540 [ 33.264927] mount_fs+0xa3/0x310 [ 33.268279] vfs_kern_mount.part.0+0x68/0x470 [ 33.272755] do_mount+0x115c/0x2f50 [ 33.276364] ? __do_page_fault+0x180/0xd60 [ 33.280578] ? copy_mount_string+0x40/0x40 [ 33.284796] ? copy_mount_options+0x1cd/0x380 [ 33.289270] ? copy_mount_options+0x1da/0x380 [ 33.293745] ? copy_mount_options+0x1e9/0x380 [ 33.298220] ? copy_mount_options+0x26f/0x380 [ 33.302710] ksys_mount+0xcf/0x130 [ 33.306241] __x64_sys_mount+0xba/0x150 [ 33.310218] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.314784] do_syscall_64+0xf9/0x620 [ 33.318570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.323742] RIP: 0033:0x7fd5b87a7f4a [ 33.327438] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.346318] RSP: 002b:00007ffd604a2a48 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 33.354018] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd5b87a7f4a [ 33.361275] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffd604a2a60 [ 33.368524] RBP: 00007ffd604a2a60 R08: 00007ffd604a2aa0 R09: 00000000000010f3 [ 33.375778] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 33.383030] R13: 00005555574782c0 R14: 0000000000000000 R15: 00007ffd604a2aa0 [ 33.390297] [ 33.391904] The buggy address belongs to the page: [ 33.396811] page:ffffea0002296b80 count:3 mapcount:0 mapping:ffff8880ae225520 index:0x213 [ 33.405106] flags: 0xfff00000001044(referenced|active|private) [ 33.411068] raw: 00fff00000001044 dead000000000100 dead000000000200 ffff8880ae225520 [ 33.418938] raw: 0000000000000213 ffff88809a34af18 00000003ffffffff ffff8880b59f68c0 [ 33.426802] page dumped because: kasan: bad access detected [ 33.432494] page->mem_cgroup:ffff8880b59f68c0 [ 33.436965] [ 33.438569] Memory state around the buggy address: [ 33.443477] ffff88808a5aee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.450813] ffff88808a5aef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.458149] >ffff88808a5aef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.465483] ^ [ 33.469871] ffff88808a5af000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.477218] ffff88808a5af080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.484555] ================================================================== [ 33.491889] Disabling lock debugging due to kernel taint [ 33.500834] Kernel panic - not syncing: panic_on_warn set ... [ 33.500834] [ 33.508208] CPU: 0 PID: 8076 Comm: syz-executor366 Tainted: G B 4.19.211-syzkaller #0 [ 33.517471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.526811] Call Trace: [ 33.529379] dump_stack+0x1fc/0x2ef [ 33.532989] panic+0x26a/0x50e [ 33.536165] ? __warn_printk+0xf3/0xf3 [ 33.540032] ? preempt_schedule_common+0x45/0xc0 [ 33.544768] ? ___preempt_schedule+0x16/0x18 [ 33.549156] ? trace_hardirqs_on+0x55/0x210 [ 33.553457] kasan_end_report+0x43/0x49 [ 33.557413] kasan_report_error.cold+0xa7/0x1b9 [ 33.562065] ? leaf_paste_entries+0x449/0x910 [ 33.566540] kasan_report+0x8f/0xa0 [ 33.570154] ? journal_mark_dirty+0x7b0/0xc80 [ 33.574630] ? leaf_paste_entries+0x449/0x910 [ 33.579113] memmove+0x20/0x50 [ 33.582294] leaf_paste_entries+0x449/0x910 [ 33.586595] balance_leaf+0x8fd7/0xca70 [ 33.590549] ? replace_key+0x160/0x160 [ 33.594417] do_balance+0x30a/0x760 [ 33.598022] ? get_right_neighbor_position+0x170/0x170 [ 33.603276] ? __mutex_unlock_slowpath+0xea/0x610 [ 33.608107] ? memset+0x20/0x40 [ 33.611363] reiserfs_paste_into_item+0x636/0x7d0 [ 33.616186] ? reiserfs_delete_object+0x200/0x200 [ 33.621022] ? search_by_entry_key+0xf30/0xf30 [ 33.625582] ? reiserfs_new_inode+0x3e3/0x2180 [ 33.630140] ? r5_hash+0xab/0xd0 [ 33.633485] ? make_cpu_key+0x22/0x2a0 [ 33.637351] reiserfs_add_entry+0x89a/0xcc0 [ 33.641652] ? reiserfs_lookup+0x490/0x490 [ 33.645876] ? wait_for_completion_io+0x10/0x10 [ 33.650528] ? do_journal_begin_r+0xd10/0x10b0 [ 33.655094] ? dquot_initialize_needed+0x290/0x290 [ 33.660004] reiserfs_mkdir+0x66e/0x980 [ 33.663961] ? reiserfs_mknod+0x700/0x700 [ 33.668089] ? lock_acquire+0x171/0x3c0 [ 33.672044] reiserfs_xattr_init+0x406/0xae0 [ 33.676446] reiserfs_fill_super+0x1f54/0x2d80 [ 33.681014] ? reiserfs_remount+0x1540/0x1540 [ 33.685491] ? lock_downgrade+0x720/0x720 [ 33.689618] ? snprintf+0xbb/0xf0 [ 33.693051] ? wait_for_completion_io+0x10/0x10 [ 33.697705] mount_bdev+0x2fc/0x3b0 [ 33.701314] ? reiserfs_remount+0x1540/0x1540 [ 33.705789] mount_fs+0xa3/0x310 [ 33.709133] vfs_kern_mount.part.0+0x68/0x470 [ 33.713607] do_mount+0x115c/0x2f50 [ 33.717214] ? __do_page_fault+0x180/0xd60 [ 33.721428] ? copy_mount_string+0x40/0x40 [ 33.725641] ? copy_mount_options+0x1cd/0x380 [ 33.730113] ? copy_mount_options+0x1da/0x380 [ 33.734588] ? copy_mount_options+0x1e9/0x380 [ 33.739060] ? copy_mount_options+0x26f/0x380 [ 33.743535] ksys_mount+0xcf/0x130 [ 33.747053] __x64_sys_mount+0xba/0x150 [ 33.751009] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.755569] do_syscall_64+0xf9/0x620 [ 33.759351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.764517] RIP: 0033:0x7fd5b87a7f4a [ 33.768208] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.787087] RSP: 002b:00007ffd604a2a48 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 33.794775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd5b87a7f4a [ 33.802029] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffd604a2a60 [ 33.809278] RBP: 00007ffd604a2a60 R08: 00007ffd604a2aa0 R09: 00000000000010f3 [ 33.816526] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 33.823779] R13: 00005555574782c0 R14: 0000000000000000 R15: 00007ffd604a2aa0 [ 33.831193] Kernel Offset: disabled [ 33.834805] Rebooting in 86400 seconds..