[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.455989] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 29.465393] REISERFS (device loop0): using ordered data mode [ 29.471545] reiserfs: using flush barriers [ 29.477429] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 29.494469] REISERFS (device loop0): checking transaction log (loop0) [ 30.013403] REISERFS (device loop0): Using rupasov hash to sort names [ 30.020467] ================================================================== [ 30.027856] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x421/0x9b0 [ 30.034582] Read of size 18446744073709551571 at addr ffff88808760efe1 by task syz-executor856/7985 [ 30.043735] [ 30.045342] CPU: 1 PID: 7985 Comm: syz-executor856 Not tainted 4.14.209-syzkaller #0 [ 30.053191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.062515] Call Trace: [ 30.065076] dump_stack+0x1b2/0x283 [ 30.068691] print_address_description.cold+0x54/0x1d3 [ 30.073940] kasan_report_error.cold+0x8a/0x194 [ 30.078581] ? leaf_paste_entries+0x421/0x9b0 [ 30.083048] kasan_report+0x6f/0x7b [ 30.086647] ? leaf_paste_entries+0x421/0x9b0 [ 30.091149] memmove+0x20/0x50 [ 30.094313] leaf_paste_entries+0x421/0x9b0 [ 30.098612] balance_leaf+0x8298/0xbaa0 [ 30.102560] ? reiserfs_prepare_for_journal+0xd5/0x150 [ 30.107842] ? replace_key+0x150/0x150 [ 30.111703] do_balance+0x27e/0x630 [ 30.115306] ? get_right_neighbor_position+0x160/0x160 [ 30.120555] ? __mutex_unlock_slowpath+0x75/0x770 [ 30.125371] ? memset+0x20/0x40 [ 30.128628] reiserfs_paste_into_item+0x569/0x6f0 [ 30.133445] ? reiserfs_delete_object+0x1e0/0x1e0 [ 30.138283] ? __mutex_unlock_slowpath+0x23/0x770 [ 30.143129] ? search_by_entry_key+0xf70/0xf70 [ 30.147686] ? make_cpu_key+0x22/0x2a0 [ 30.151550] reiserfs_add_entry+0x7d3/0xbc0 [ 30.155845] ? reiserfs_lookup+0x400/0x400 [ 30.160052] ? __mutex_unlock_slowpath+0x23/0x770 [ 30.164869] ? wait_for_completion_io+0x10/0x10 [ 30.169521] reiserfs_mkdir+0x5ca/0x8b0 [ 30.173469] ? reiserfs_mknod+0x690/0x690 [ 30.177595] reiserfs_xattr_init+0x393/0xa49 [ 30.181982] reiserfs_fill_super+0x1b18/0x28be [ 30.186549] ? reiserfs_remount+0x1390/0x1390 [ 30.191021] ? lock_downgrade+0x740/0x740 [ 30.195155] ? snprintf+0xa5/0xd0 [ 30.198605] mount_bdev+0x2b3/0x360 [ 30.202205] ? reiserfs_remount+0x1390/0x1390 [ 30.206672] mount_fs+0x92/0x2a0 [ 30.210011] vfs_kern_mount.part.0+0x5b/0x470 [ 30.214480] do_mount+0xe53/0x2a00 [ 30.217995] ? retint_kernel+0x2d/0x2d [ 30.221857] ? copy_mount_string+0x40/0x40 [ 30.226065] ? memset+0x20/0x40 [ 30.229318] ? copy_mount_options+0x1fa/0x2f0 [ 30.233784] ? copy_mnt_ns+0xa30/0xa30 [ 30.237643] SyS_mount+0xa8/0x120 [ 30.241078] ? copy_mnt_ns+0xa30/0xa30 [ 30.244939] do_syscall_64+0x1d5/0x640 [ 30.248800] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.253963] RIP: 0033:0x4470da [ 30.257127] RSP: 002b:00007fff9e730218 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 30.264806] RAX: ffffffffffffffda RBX: 00007fff9e730270 RCX: 00000000004470da [ 30.272051] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff9e730230 [ 30.279293] RBP: 00007fff9e730230 R08: 00007fff9e730270 R09: 00007fff00000015 [ 30.286534] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000007 [ 30.293777] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 30.301024] [ 30.302622] The buggy address belongs to the page: [ 30.307531] page:ffffea00021d8380 count:3 mapcount:0 mapping:ffff8880b1fd1568 index:0x2013 [ 30.315905] flags: 0xfff00000001044(referenced|active|private) [ 30.321847] raw: 00fff00000001044 ffff8880b1fd1568 0000000000002013 00000003ffffffff [ 30.329710] raw: dead000000000100 dead000000000200 ffff88808845eb28 ffff88823b3201c0 [ 30.337558] page dumped because: kasan: bad access detected [ 30.343363] page->mem_cgroup:ffff88823b3201c0 [ 30.347829] [ 30.349437] Memory state around the buggy address: [ 30.354338] ffff88808760ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.361667] ffff88808760ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.368998] >ffff88808760ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.376327] ^ [ 30.382789] ffff88808760f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.390118] ffff88808760f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.397444] ================================================================== [ 30.404773] Disabling lock debugging due to kernel taint [ 30.413039] Kernel panic - not syncing: panic_on_warn set ... [ 30.413039] [ 30.420411] CPU: 0 PID: 7985 Comm: syz-executor856 Tainted: G B 4.14.209-syzkaller #0 [ 30.429491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.438880] Call Trace: [ 30.441444] dump_stack+0x1b2/0x283 [ 30.445044] panic+0x1f9/0x42d [ 30.448208] ? add_taint.cold+0x16/0x16 [ 30.452189] ? ___preempt_schedule+0x16/0x18 [ 30.456571] kasan_end_report+0x43/0x49 [ 30.460517] kasan_report_error.cold+0xa7/0x194 [ 30.465174] ? leaf_paste_entries+0x421/0x9b0 [ 30.469639] kasan_report+0x6f/0x7b [ 30.473241] ? leaf_paste_entries+0x421/0x9b0 [ 30.477706] memmove+0x20/0x50 [ 30.480869] leaf_paste_entries+0x421/0x9b0 [ 30.485165] balance_leaf+0x8298/0xbaa0 [ 30.489153] ? reiserfs_prepare_for_journal+0xd5/0x150 [ 30.494407] ? replace_key+0x150/0x150 [ 30.498270] do_balance+0x27e/0x630 [ 30.501881] ? get_right_neighbor_position+0x160/0x160 [ 30.507134] ? __mutex_unlock_slowpath+0x75/0x770 [ 30.511967] ? memset+0x20/0x40 [ 30.515221] reiserfs_paste_into_item+0x569/0x6f0 [ 30.520048] ? reiserfs_delete_object+0x1e0/0x1e0 [ 30.524877] ? __mutex_unlock_slowpath+0x23/0x770 [ 30.529696] ? search_by_entry_key+0xf70/0xf70 [ 30.534253] ? make_cpu_key+0x22/0x2a0 [ 30.538114] reiserfs_add_entry+0x7d3/0xbc0 [ 30.542418] ? reiserfs_lookup+0x400/0x400 [ 30.546638] ? __mutex_unlock_slowpath+0x23/0x770 [ 30.551451] ? wait_for_completion_io+0x10/0x10 [ 30.556098] reiserfs_mkdir+0x5ca/0x8b0 [ 30.560045] ? reiserfs_mknod+0x690/0x690 [ 30.564189] reiserfs_xattr_init+0x393/0xa49 [ 30.568584] reiserfs_fill_super+0x1b18/0x28be [ 30.573137] ? reiserfs_remount+0x1390/0x1390 [ 30.577624] ? lock_downgrade+0x740/0x740 [ 30.581755] ? snprintf+0xa5/0xd0 [ 30.585185] mount_bdev+0x2b3/0x360 [ 30.588785] ? reiserfs_remount+0x1390/0x1390 [ 30.593266] mount_fs+0x92/0x2a0 [ 30.596619] vfs_kern_mount.part.0+0x5b/0x470 [ 30.601091] do_mount+0xe53/0x2a00 [ 30.604602] ? retint_kernel+0x2d/0x2d [ 30.608464] ? copy_mount_string+0x40/0x40 [ 30.612668] ? memset+0x20/0x40 [ 30.615917] ? copy_mount_options+0x1fa/0x2f0 [ 30.620393] ? copy_mnt_ns+0xa30/0xa30 [ 30.624269] SyS_mount+0xa8/0x120 [ 30.627696] ? copy_mnt_ns+0xa30/0xa30 [ 30.631555] do_syscall_64+0x1d5/0x640 [ 30.635418] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.640579] RIP: 0033:0x4470da [ 30.643752] RSP: 002b:00007fff9e730218 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 30.651451] RAX: ffffffffffffffda RBX: 00007fff9e730270 RCX: 00000000004470da [ 30.658694] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff9e730230 [ 30.665934] RBP: 00007fff9e730230 R08: 00007fff9e730270 R09: 00007fff00000015 [ 30.673187] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000007 [ 30.680426] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 30.688416] Kernel Offset: disabled [ 30.692022] Rebooting in 86400 seconds..