[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. executing program [ 82.485175][ T37] audit: type=1400 audit(1624456095.146:8): avc: denied { execmem } for pid=8438 comm="syz-executor837" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 82.513601][ T8439] loop0: detected capacity change from 0 to 131391 [ 82.527747][ T8439] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 82.537505][ T8439] REISERFS (device loop0): using ordered data mode [ 82.544131][ T8439] reiserfs: using flush barriers [ 82.550930][ T8439] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.571005][ T8439] REISERFS (device loop0): checking transaction log (loop0) Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 83.751397][ T8439] REISERFS (device loop0): Using rupasov hash to sort names [ 83.759981][ T8439] ================================================================== [ 83.768172][ T8439] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x404/0x910 [ 83.775659][ T8439] Read of size 18446744073709551571 at addr ffff888044129fe1 by task syz-executor837/8439 [ 83.785577][ T8439] [ 83.787887][ T8439] CPU: 1 PID: 8439 Comm: syz-executor837 Not tainted 5.13.0-rc7-syzkaller #0 [ 83.796635][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.806696][ T8439] Call Trace: [ 83.810052][ T8439] dump_stack+0x141/0x1d7 [ 83.814465][ T8439] ? leaf_paste_entries+0x404/0x910 [ 83.819858][ T8439] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 83.826884][ T8439] ? leaf_paste_entries+0x404/0x910 [ 83.832268][ T8439] ? leaf_paste_entries+0x404/0x910 [ 83.837472][ T8439] kasan_report.cold+0x7c/0xd8 [ 83.842228][ T8439] ? leaf_paste_entries+0x404/0x910 [ 83.847414][ T8439] kasan_check_range+0x13d/0x180 [ 83.852344][ T8439] memmove+0x20/0x60 [ 83.856225][ T8439] leaf_paste_entries+0x404/0x910 [ 83.861242][ T8439] balance_leaf+0x951e/0xd8b0 [ 83.865931][ T8439] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 83.872011][ T8439] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 83.877755][ T8439] ? fix_nodes+0x14cb/0x8650 [ 83.882337][ T8439] ? replace_key+0x160/0x160 [ 83.886926][ T8439] do_balance+0x315/0x810 [ 83.891265][ T8439] ? get_right_neighbor_position+0x170/0x170 [ 83.897250][ T8439] ? __mutex_unlock_slowpath+0xe2/0x610 [ 83.902785][ T8439] reiserfs_paste_into_item+0x762/0x8e0 [ 83.908323][ T8439] ? reiserfs_delete_object+0x200/0x200 [ 83.913885][ T8439] ? search_by_entry_key+0x960/0x960 [ 83.919317][ T8439] ? yura_hash+0x173/0x2a0 [ 83.923752][ T8439] ? make_cpu_key+0x22/0x2a0 [ 83.928344][ T8439] reiserfs_add_entry+0x8cb/0xcf0 [ 83.933386][ T8439] ? reiserfs_lookup+0x490/0x490 [ 83.938327][ T8439] ? wait_for_completion_io+0x270/0x270 [ 83.943875][ T8439] ? do_journal_begin_r+0xd2e/0x10d0 [ 83.949157][ T8439] reiserfs_mkdir+0x675/0x980 [ 83.953834][ T8439] ? reiserfs_mknod+0x700/0x700 [ 83.958695][ T8439] ? down_write+0xe1/0x150 [ 83.963101][ T8439] ? down_write_killable+0x170/0x170 [ 83.968373][ T8439] ? down_write_killable+0x170/0x170 [ 83.973672][ T8439] reiserfs_xattr_init+0x4de/0xb60 [ 83.978779][ T8439] reiserfs_fill_super+0x2166/0x2e00 [ 83.984075][ T8439] ? reiserfs_remount+0x1580/0x1580 [ 83.989264][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 83.994190][ T8439] ? snprintf+0xbb/0xf0 [ 83.998336][ T8439] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 84.004065][ T8439] ? set_blocksize+0x1c1/0x3b0 [ 84.008816][ T8439] mount_bdev+0x34d/0x410 [ 84.013156][ T8439] ? reiserfs_remount+0x1580/0x1580 [ 84.018361][ T8439] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 84.023394][ T8439] legacy_get_tree+0x105/0x220 [ 84.028164][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 84.034429][ T8439] vfs_get_tree+0x89/0x2f0 [ 84.038849][ T8439] path_mount+0x132a/0x1fa0 [ 84.043357][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 84.049593][ T8439] ? strncpy_from_user+0x2a0/0x3e0 [ 84.054721][ T8439] ? finish_automount+0xad0/0xad0 [ 84.059742][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 84.066087][ T8439] ? getname_flags.part.0+0x1dd/0x4f0 [ 84.071464][ T8439] __x64_sys_mount+0x27f/0x300 [ 84.076230][ T8439] ? copy_mnt_ns+0xae0/0xae0 [ 84.080815][ T8439] ? syscall_enter_from_user_mode+0x27/0x70 [ 84.086700][ T8439] do_syscall_64+0x3a/0xb0 [ 84.091121][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 84.097097][ T8439] RIP: 0033:0x445b8a [ 84.100977][ T8439] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 84.120578][ T8439] RSP: 002b:00007ffced423788 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 84.128988][ T8439] RAX: ffffffffffffffda RBX: 00007ffced4237e0 RCX: 0000000000445b8a [ 84.137011][ T8439] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffced4237a0 [ 84.145075][ T8439] RBP: 00007ffced4237a0 R08: 00007ffced4237e0 R09: 0000000000000000 [ 84.153068][ T8439] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 84.161269][ T8439] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 84.169240][ T8439] [ 84.171551][ T8439] The buggy address belongs to the page: [ 84.177163][ T8439] page:ffffea0001104a40 refcount:3 mapcount:0 mapping:ffff888145832b50 index:0x2013 pfn:0x44129 [ 84.187653][ T8439] memcg:ffff888140180000 [ 84.192005][ T8439] aops:def_blk_aops ino:700000 [ 84.196767][ T8439] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 84.206137][ T8439] raw: 00fff00000002022 dead000000000100 dead000000000122 ffff888145832b50 [ 84.214728][ T8439] raw: 0000000000002013 ffff8880409cad98 00000003ffffffff ffff888140180000 [ 84.223293][ T8439] page dumped because: kasan: bad access detected [ 84.229696][ T8439] page_owner tracks the page as allocated [ 84.235389][ T8439] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 8439, ts 83750852768, free_ts 0 [ 84.251778][ T8439] get_page_from_freelist+0x1033/0x2b60 [ 84.257316][ T8439] __alloc_pages+0x1b2/0x500 [ 84.261892][ T8439] alloc_pages+0x18c/0x2a0 [ 84.266303][ T8439] __page_cache_alloc+0x303/0x3a0 [ 84.271374][ T8439] pagecache_get_page+0x38f/0x18d0 [ 84.276492][ T8439] __getblk_slow+0x213/0xb60 [ 84.281075][ T8439] __getblk_gfp+0x70/0x80 [ 84.285397][ T8439] search_by_key+0x3a8/0x3b80 [ 84.290118][ T8439] reiserfs_read_locked_inode+0x154/0x2160 [ 84.295932][ T8439] reiserfs_fill_super+0x18f4/0x2e00 [ 84.301313][ T8439] mount_bdev+0x34d/0x410 [ 84.305635][ T8439] legacy_get_tree+0x105/0x220 [ 84.310402][ T8439] vfs_get_tree+0x89/0x2f0 [ 84.314826][ T8439] path_mount+0x132a/0x1fa0 [ 84.319346][ T8439] __x64_sys_mount+0x27f/0x300 [ 84.324123][ T8439] do_syscall_64+0x3a/0xb0 [ 84.328561][ T8439] page_owner free stack trace missing [ 84.333915][ T8439] [ 84.336241][ T8439] Memory state around the buggy address: [ 84.341860][ T8439] ffff888044129e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.349924][ T8439] ffff888044129f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.358173][ T8439] >ffff888044129f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.366310][ T8439] ^ [ 84.373488][ T8439] ffff88804412a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 84.381546][ T8439] ffff88804412a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 84.389591][ T8439] ================================================================== [ 84.397639][ T8439] Disabling lock debugging due to kernel taint [ 84.404091][ T8439] Kernel panic - not syncing: panic_on_warn set ... [ 84.410673][ T8439] CPU: 1 PID: 8439 Comm: syz-executor837 Tainted: G B 5.13.0-rc7-syzkaller #0 [ 84.420933][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.430979][ T8439] Call Trace: [ 84.434592][ T8439] dump_stack+0x141/0x1d7 [ 84.438911][ T8439] panic+0x306/0x73d [ 84.442806][ T8439] ? __warn_printk+0xf3/0xf3 [ 84.447382][ T8439] ? preempt_schedule_common+0x59/0xc0 [ 84.452836][ T8439] ? leaf_paste_entries+0x404/0x910 [ 84.458029][ T8439] ? preempt_schedule_thunk+0x16/0x18 [ 84.463423][ T8439] ? trace_hardirqs_on+0x38/0x1c0 [ 84.468474][ T8439] ? trace_hardirqs_on+0x51/0x1c0 [ 84.473499][ T8439] ? leaf_paste_entries+0x404/0x910 [ 84.478694][ T8439] ? leaf_paste_entries+0x404/0x910 [ 84.483886][ T8439] end_report.cold+0x5a/0x5a [ 84.488481][ T8439] kasan_report.cold+0x6a/0xd8 [ 84.493241][ T8439] ? leaf_paste_entries+0x404/0x910 [ 84.498422][ T8439] kasan_check_range+0x13d/0x180 [ 84.503347][ T8439] memmove+0x20/0x60 [ 84.507226][ T8439] leaf_paste_entries+0x404/0x910 [ 84.512252][ T8439] balance_leaf+0x951e/0xd8b0 [ 84.516917][ T8439] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 84.522972][ T8439] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 84.528810][ T8439] ? fix_nodes+0x14cb/0x8650 [ 84.533409][ T8439] ? replace_key+0x160/0x160 [ 84.538079][ T8439] do_balance+0x315/0x810 [ 84.542394][ T8439] ? get_right_neighbor_position+0x170/0x170 [ 84.548362][ T8439] ? __mutex_unlock_slowpath+0xe2/0x610 [ 84.553912][ T8439] reiserfs_paste_into_item+0x762/0x8e0 [ 84.559459][ T8439] ? reiserfs_delete_object+0x200/0x200 [ 84.564992][ T8439] ? search_by_entry_key+0x960/0x960 [ 84.570262][ T8439] ? yura_hash+0x173/0x2a0 [ 84.574660][ T8439] ? make_cpu_key+0x22/0x2a0 [ 84.579242][ T8439] reiserfs_add_entry+0x8cb/0xcf0 [ 84.584258][ T8439] ? reiserfs_lookup+0x490/0x490 [ 84.589274][ T8439] ? wait_for_completion_io+0x270/0x270 [ 84.594804][ T8439] ? do_journal_begin_r+0xd2e/0x10d0 [ 84.600121][ T8439] reiserfs_mkdir+0x675/0x980 [ 84.604784][ T8439] ? reiserfs_mknod+0x700/0x700 [ 84.609625][ T8439] ? down_write+0xe1/0x150 [ 84.614046][ T8439] ? down_write_killable+0x170/0x170 [ 84.619317][ T8439] ? down_write_killable+0x170/0x170 [ 84.624603][ T8439] reiserfs_xattr_init+0x4de/0xb60 [ 84.629706][ T8439] reiserfs_fill_super+0x2166/0x2e00 [ 84.634984][ T8439] ? reiserfs_remount+0x1580/0x1580 [ 84.640170][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 84.645010][ T8439] ? snprintf+0xbb/0xf0 [ 84.649260][ T8439] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 84.654977][ T8439] ? set_blocksize+0x1c1/0x3b0 [ 84.659739][ T8439] mount_bdev+0x34d/0x410 [ 84.664055][ T8439] ? reiserfs_remount+0x1580/0x1580 [ 84.669370][ T8439] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 84.674403][ T8439] legacy_get_tree+0x105/0x220 [ 84.679154][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 84.685496][ T8439] vfs_get_tree+0x89/0x2f0 [ 84.689906][ T8439] path_mount+0x132a/0x1fa0 [ 84.694395][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 84.700634][ T8439] ? strncpy_from_user+0x2a0/0x3e0 [ 84.705736][ T8439] ? finish_automount+0xad0/0xad0 [ 84.710756][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 84.716985][ T8439] ? getname_flags.part.0+0x1dd/0x4f0 [ 84.722365][ T8439] __x64_sys_mount+0x27f/0x300 [ 84.727116][ T8439] ? copy_mnt_ns+0xae0/0xae0 [ 84.731689][ T8439] ? syscall_enter_from_user_mode+0x27/0x70 [ 84.737567][ T8439] do_syscall_64+0x3a/0xb0 [ 84.742061][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 84.748032][ T8439] RIP: 0033:0x445b8a [ 84.751912][ T8439] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 84.771517][ T8439] RSP: 002b:00007ffced423788 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 84.780004][ T8439] RAX: ffffffffffffffda RBX: 00007ffced4237e0 RCX: 0000000000445b8a [ 84.788050][ T8439] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffced4237a0 [ 84.796005][ T8439] RBP: 00007ffced4237a0 R08: 00007ffced4237e0 R09: 0000000000000000 [ 84.803959][ T8439] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 84.811917][ T8439] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 84.821254][ T8439] Kernel Offset: disabled [ 84.825656][ T8439] Rebooting in 86400 seconds..