[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.049024][ T8443] loop0: detected capacity change from 0 to 252287 [ 55.060640][ T8443] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 55.071279][ T8443] REISERFS (device loop0): using ordered data mode [ 55.078462][ T8443] reiserfs: using flush barriers [ 55.085267][ T8443] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 55.109208][ T8443] REISERFS (device loop0): checking transaction log (loop0) [ 56.740934][ T8443] REISERFS (device loop0): Using tea hash to sort names [ 56.748839][ T8443] ================================================================== [ 56.757281][ T8443] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 [ 56.764760][ T8443] Read of size 18446744073709551584 at addr ffff88804238ffa4 by task syz-executor219/8443 [ 56.774641][ T8443] [ 56.776954][ T8443] CPU: 0 PID: 8443 Comm: syz-executor219 Not tainted 5.14.0-rc6-syzkaller #0 [ 56.785706][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.795753][ T8443] Call Trace: [ 56.799021][ T8443] dump_stack_lvl+0xcd/0x134 [ 56.803708][ T8443] print_address_description.constprop.0.cold+0x6c/0x309 [ 56.810732][ T8443] ? leaf_paste_entries+0x449/0x910 [ 56.815929][ T8443] ? leaf_paste_entries+0x449/0x910 [ 56.821120][ T8443] kasan_report.cold+0x83/0xdf [ 56.825884][ T8443] ? allocate_slab+0xe0/0x4b0 [ 56.830561][ T8443] ? leaf_paste_entries+0x449/0x910 [ 56.835749][ T8443] kasan_check_range+0x13d/0x180 [ 56.840865][ T8443] memmove+0x20/0x60 [ 56.844753][ T8443] leaf_paste_entries+0x449/0x910 [ 56.850032][ T8443] balance_leaf+0x951e/0xd8b0 [ 56.854704][ T8443] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 56.860760][ T8443] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 56.866467][ T8443] ? fix_nodes+0x14cb/0x8650 [ 56.871054][ T8443] ? replace_key+0x160/0x160 [ 56.875654][ T8443] do_balance+0x315/0x810 [ 56.879970][ T8443] ? get_right_neighbor_position+0x170/0x170 [ 56.885936][ T8443] ? __mutex_unlock_slowpath+0xe2/0x610 [ 56.891483][ T8443] reiserfs_paste_into_item+0x762/0x8e0 [ 56.897024][ T8443] ? reiserfs_delete_object+0x200/0x200 [ 56.902592][ T8443] ? search_by_entry_key+0x960/0x960 [ 56.907860][ T8443] ? keyed_hash+0x83b/0xee0 [ 56.912350][ T8443] ? make_cpu_key+0x22/0x2a0 [ 56.916940][ T8443] reiserfs_add_entry+0x8cb/0xcf0 [ 56.921976][ T8443] ? reiserfs_lookup+0x490/0x490 [ 56.926919][ T8443] ? wait_for_completion_io+0x280/0x280 [ 56.932477][ T8443] ? do_journal_begin_r+0xd2e/0x10d0 [ 56.937765][ T8443] ? dquot_free_inode+0x6c0/0x6c0 [ 56.942788][ T8443] reiserfs_mkdir+0x675/0x980 [ 56.947463][ T8443] ? reiserfs_mknod+0x700/0x700 [ 56.952307][ T8443] ? down_write+0xe1/0x150 [ 56.956714][ T8443] ? down_write_killable_nested+0x180/0x180 [ 56.962597][ T8443] ? down_write_killable_nested+0x180/0x180 [ 56.968482][ T8443] reiserfs_xattr_init+0x4de/0xb60 [ 56.973593][ T8443] reiserfs_fill_super+0x20fb/0x2e80 [ 56.978896][ T8443] ? reiserfs_remount+0x1580/0x1580 [ 56.984189][ T8443] ? lock_downgrade+0x6e0/0x6e0 [ 56.989037][ T8443] ? snprintf+0xbb/0xf0 [ 56.993197][ T8443] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 56.998918][ T8443] ? set_blocksize+0x1c1/0x3b0 [ 57.003682][ T8443] mount_bdev+0x34d/0x410 [ 57.008005][ T8443] ? reiserfs_remount+0x1580/0x1580 [ 57.013194][ T8443] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 57.018201][ T8443] legacy_get_tree+0x105/0x220 [ 57.022950][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.029175][ T8443] vfs_get_tree+0x89/0x2f0 [ 57.033574][ T8443] path_mount+0x134a/0x1fc0 [ 57.038064][ T8443] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.044293][ T8443] ? strncpy_from_user+0x2a0/0x3e0 [ 57.049392][ T8443] ? finish_automount+0xaf0/0xaf0 [ 57.054399][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.060623][ T8443] ? getname_flags.part.0+0x1dd/0x4f0 [ 57.065985][ T8443] __x64_sys_mount+0x27f/0x300 [ 57.070733][ T8443] ? copy_mnt_ns+0xae0/0xae0 [ 57.075304][ T8443] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.081191][ T8443] do_syscall_64+0x35/0xb0 [ 57.085599][ T8443] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.091482][ T8443] RIP: 0033:0x445b8a [ 57.095371][ T8443] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.114980][ T8443] RSP: 002b:00007ffd168486d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 57.123390][ T8443] RAX: ffffffffffffffda RBX: 00007ffd16848730 RCX: 0000000000445b8a [ 57.131360][ T8443] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd168486f0 [ 57.139325][ T8443] RBP: 00007ffd168486f0 R08: 00007ffd16848730 R09: 0000000000000000 [ 57.147300][ T8443] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 57.155267][ T8443] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 57.163244][ T8443] [ 57.165553][ T8443] The buggy address belongs to the page: [ 57.171159][ T8443] page:ffffea000108e3c0 refcount:3 mapcount:0 mapping:ffff8881454d1400 index:0x3d97 pfn:0x4238f [ 57.181552][ T8443] memcg:ffff888140144000 [ 57.185771][ T8443] aops:def_blk_aops ino:700000 [ 57.190522][ T8443] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 57.199887][ T8443] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff8881454d1400 [ 57.210372][ T8443] raw: 0000000000003d97 ffff888041833740 00000003ffffffff ffff888140144000 [ 57.219021][ T8443] page dumped because: kasan: bad access detected [ 57.225500][ T8443] page_owner tracks the page as allocated [ 57.231204][ T8443] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 8443, ts 56740585754, free_ts 0 [ 57.247513][ T8443] get_page_from_freelist+0xa72/0x2f80 [ 57.252965][ T8443] __alloc_pages+0x1b2/0x500 [ 57.257543][ T8443] alloc_pages+0x18c/0x2a0 [ 57.261942][ T8443] __page_cache_alloc+0x303/0x3a0 [ 57.266953][ T8443] pagecache_get_page+0x357/0x18d0 [ 57.272052][ T8443] __getblk_slow+0x217/0xb70 [ 57.276626][ T8443] __getblk_gfp+0x70/0x80 [ 57.280937][ T8443] search_by_key+0x3a5/0x3cc0 [ 57.285686][ T8443] reiserfs_read_locked_inode+0x154/0x2160 [ 57.291487][ T8443] reiserfs_fill_super+0x157a/0x2e80 [ 57.296864][ T8443] mount_bdev+0x34d/0x410 [ 57.301379][ T8443] legacy_get_tree+0x105/0x220 [ 57.306127][ T8443] vfs_get_tree+0x89/0x2f0 [ 57.310523][ T8443] path_mount+0x134a/0x1fc0 [ 57.315042][ T8443] __x64_sys_mount+0x27f/0x300 [ 57.319786][ T8443] do_syscall_64+0x35/0xb0 [ 57.324199][ T8443] page_owner free stack trace missing [ 57.329670][ T8443] [ 57.331976][ T8443] Memory state around the buggy address: [ 57.337580][ T8443] ffff88804238fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.345823][ T8443] ffff88804238ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.353874][ T8443] >ffff88804238ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.361915][ T8443] ^ [ 57.367010][ T8443] ffff888042390000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.375060][ T8443] ffff888042390080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.383100][ T8443] ================================================================== [ 57.391147][ T8443] Disabling lock debugging due to kernel taint [ 57.403759][ T8443] Kernel panic - not syncing: panic_on_warn set ... [ 57.410465][ T8443] CPU: 0 PID: 8443 Comm: syz-executor219 Tainted: G B 5.14.0-rc6-syzkaller #0 [ 57.420695][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.430739][ T8443] Call Trace: [ 57.434010][ T8443] dump_stack_lvl+0xcd/0x134 [ 57.438855][ T8443] panic+0x306/0x73d [ 57.442735][ T8443] ? __warn_printk+0xf3/0xf3 [ 57.447307][ T8443] ? preempt_schedule_common+0x59/0xc0 [ 57.452842][ T8443] ? leaf_paste_entries+0x449/0x910 [ 57.458025][ T8443] ? preempt_schedule_thunk+0x16/0x18 [ 57.463390][ T8443] ? trace_hardirqs_on+0x38/0x1c0 [ 57.468406][ T8443] ? trace_hardirqs_on+0x51/0x1c0 [ 57.473424][ T8443] ? leaf_paste_entries+0x449/0x910 [ 57.478612][ T8443] ? leaf_paste_entries+0x449/0x910 [ 57.483800][ T8443] end_report.cold+0x5a/0x5a [ 57.488628][ T8443] kasan_report.cold+0x71/0xdf [ 57.493396][ T8443] ? allocate_slab+0xe0/0x4b0 [ 57.498063][ T8443] ? leaf_paste_entries+0x449/0x910 [ 57.503253][ T8443] kasan_check_range+0x13d/0x180 [ 57.508189][ T8443] memmove+0x20/0x60 [ 57.512076][ T8443] leaf_paste_entries+0x449/0x910 [ 57.517095][ T8443] balance_leaf+0x951e/0xd8b0 [ 57.521769][ T8443] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 57.527826][ T8443] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.533531][ T8443] ? fix_nodes+0x14cb/0x8650 [ 57.538109][ T8443] ? replace_key+0x160/0x160 [ 57.542687][ T8443] do_balance+0x315/0x810 [ 57.547007][ T8443] ? get_right_neighbor_position+0x170/0x170 [ 57.552978][ T8443] ? __mutex_unlock_slowpath+0xe2/0x610 [ 57.558693][ T8443] reiserfs_paste_into_item+0x762/0x8e0 [ 57.564231][ T8443] ? reiserfs_delete_object+0x200/0x200 [ 57.569864][ T8443] ? search_by_entry_key+0x960/0x960 [ 57.575135][ T8443] ? keyed_hash+0x83b/0xee0 [ 57.579620][ T8443] ? make_cpu_key+0x22/0x2a0 [ 57.584281][ T8443] reiserfs_add_entry+0x8cb/0xcf0 [ 57.589294][ T8443] ? reiserfs_lookup+0x490/0x490 [ 57.594393][ T8443] ? wait_for_completion_io+0x280/0x280 [ 57.600297][ T8443] ? do_journal_begin_r+0xd2e/0x10d0 [ 57.605576][ T8443] ? dquot_free_inode+0x6c0/0x6c0 [ 57.610586][ T8443] reiserfs_mkdir+0x675/0x980 [ 57.615245][ T8443] ? reiserfs_mknod+0x700/0x700 [ 57.620081][ T8443] ? down_write+0xe1/0x150 [ 57.624488][ T8443] ? down_write_killable_nested+0x180/0x180 [ 57.630363][ T8443] ? down_write_killable_nested+0x180/0x180 [ 57.636240][ T8443] reiserfs_xattr_init+0x4de/0xb60 [ 57.641337][ T8443] reiserfs_fill_super+0x20fb/0x2e80 [ 57.646608][ T8443] ? reiserfs_remount+0x1580/0x1580 [ 57.651787][ T8443] ? lock_downgrade+0x6e0/0x6e0 [ 57.656621][ T8443] ? snprintf+0xbb/0xf0 [ 57.660760][ T8443] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.666461][ T8443] ? set_blocksize+0x1c1/0x3b0 [ 57.671207][ T8443] mount_bdev+0x34d/0x410 [ 57.675517][ T8443] ? reiserfs_remount+0x1580/0x1580 [ 57.680879][ T8443] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 57.685895][ T8443] legacy_get_tree+0x105/0x220 [ 57.690660][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.696972][ T8443] vfs_get_tree+0x89/0x2f0 [ 57.701376][ T8443] path_mount+0x134a/0x1fc0 [ 57.705862][ T8443] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.712089][ T8443] ? strncpy_from_user+0x2a0/0x3e0 [ 57.717189][ T8443] ? finish_automount+0xaf0/0xaf0 [ 57.722199][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.728427][ T8443] ? getname_flags.part.0+0x1dd/0x4f0 [ 57.733787][ T8443] __x64_sys_mount+0x27f/0x300 [ 57.738537][ T8443] ? copy_mnt_ns+0xae0/0xae0 [ 57.743113][ T8443] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.748996][ T8443] do_syscall_64+0x35/0xb0 [ 57.753400][ T8443] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.759281][ T8443] RIP: 0033:0x445b8a [ 57.763165][ T8443] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.782761][ T8443] RSP: 002b:00007ffd168486d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 57.791163][ T8443] RAX: ffffffffffffffda RBX: 00007ffd16848730 RCX: 0000000000445b8a [ 57.799122][ T8443] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd168486f0 [ 57.807079][ T8443] RBP: 00007ffd168486f0 R08: 00007ffd16848730 R09: 0000000000000000 [ 57.815122][ T8443] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 57.823078][ T8443] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 57.836805][ T8443] Kernel Offset: disabled [ 57.841132][ T8443] Rebooting in 86400 seconds..