[ OK ] Started Getty on tty1. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.512109] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 32.520922] REISERFS (device loop0): using ordered data mode [ 32.527247] reiserfs: using flush barriers [ 32.532763] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 32.548653] REISERFS (device loop0): checking transaction log (loop0) [ 32.602583] REISERFS (device loop0): Using r5 hash to sort names [ 32.609337] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 32.719116] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 32.728094] REISERFS (device loop0): using ordered data mode [ 32.738377] reiserfs: using flush barriers [ 32.743427] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 32.759467] REISERFS (device loop0): checking transaction log (loop0) [ 32.811751] REISERFS (device loop0): Using r5 hash to sort names [ 32.818107] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 32.836158] ================================================================== [ 32.843664] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0xa27/0xc20 [ 32.850591] Read of size 104 at addr ffff88808abeffd8 by task syz-executor181/8098 [ 32.858286] [ 32.859902] CPU: 0 PID: 8098 Comm: syz-executor181 Not tainted 4.19.211-syzkaller #0 [ 32.867757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.877092] Call Trace: [ 32.879662] dump_stack+0x1fc/0x2ef [ 32.883278] print_address_description.cold+0x54/0x219 [ 32.888533] kasan_report_error.cold+0x8a/0x1b9 [ 32.893180] ? leaf_paste_in_buffer+0xa27/0xc20 [ 32.897826] kasan_report+0x8f/0xa0 [ 32.901435] ? leaf_paste_in_buffer+0xa27/0xc20 [ 32.906083] memcpy+0x20/0x50 [ 32.909171] leaf_paste_in_buffer+0xa27/0xc20 [ 32.913666] ? bpf_patch_insn_single+0x98/0x1f0 [ 32.918318] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 32.923494] ? leaf_paste_entries+0x910/0x910 [ 32.927975] leaf_move_items+0x17f6/0x3b60 [ 32.932194] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 32.937551] ? lock_downgrade+0x720/0x720 [ 32.941676] ? reiserfs_write_lock_nested+0x65/0xe0 [ 32.946674] ? get_empty_nodes+0x22b/0x710 [ 32.950892] leaf_shift_left+0xa0/0x380 [ 32.954846] balance_leaf+0x2fb8/0xca70 [ 32.958809] ? replace_key+0x160/0x160 [ 32.962686] do_balance+0x30a/0x760 [ 32.966291] ? get_right_neighbor_position+0x170/0x170 [ 32.971551] ? __mutex_unlock_slowpath+0xea/0x610 [ 32.976375] ? memset+0x20/0x40 [ 32.979634] reiserfs_insert_item+0xbf3/0x1010 [ 32.984200] ? reiserfs_paste_into_item+0x7d0/0x7d0 [ 32.989225] ? check_preemption_disabled+0x1f/0x280 [ 32.994253] ? scan_bitmap_block.constprop.0+0xf60/0xf60 [ 32.999697] ? journal_begin+0x210/0x400 [ 33.003760] reiserfs_get_block+0x122b/0x3e40 [ 33.008248] ? reiserfs_commit_write+0x6f0/0x6f0 [ 33.012990] ? lock_downgrade+0x720/0x720 [ 33.017120] ? lock_acquire+0x170/0x3c0 [ 33.021081] ? check_preemption_disabled+0x1f/0x280 [ 33.026077] ? check_preemption_disabled+0x41/0x280 [ 33.031075] ? check_preemption_disabled+0x1f/0x280 [ 33.036085] ? alloc_buffer_head+0x20/0x130 [ 33.040401] ? do_raw_spin_unlock+0x171/0x230 [ 33.044878] ? _raw_spin_unlock+0x29/0x40 [ 33.049190] ? create_page_buffers+0x190/0x350 [ 33.053848] __block_write_begin_int+0x46c/0x17b0 [ 33.058678] ? reiserfs_commit_write+0x6f0/0x6f0 [ 33.063418] ? __breadahead_gfp+0x130/0x130 [ 33.067722] ? wait_for_stable_page+0x122/0x360 [ 33.072374] reiserfs_write_begin+0x39f/0xa10 [ 33.076851] generic_cont_expand_simple+0x106/0x170 [ 33.081854] ? page_zero_new_buffers+0x600/0x600 [ 33.086592] reiserfs_setattr+0xc7c/0x1090 [ 33.090807] ? ktime_get_coarse_real_ts64+0x1a1/0x290 [ 33.095990] ? reiserfs_new_inode+0x2180/0x2180 [ 33.100654] ? current_time+0x13c/0x1c0 [ 33.104610] ? igrab+0xb0/0xb0 [ 33.107780] ? __vfs_setxattr+0x170/0x170 [ 33.111908] ? evm_inode_setattr+0x6a/0x170 [ 33.116214] ? reiserfs_new_inode+0x2180/0x2180 [ 33.120865] notify_change+0x70b/0xfc0 [ 33.124742] do_truncate+0x134/0x1f0 [ 33.128433] ? dentry_open+0x1d0/0x1d0 [ 33.132302] ? apparmor_path_truncate+0x183/0x200 [ 33.137126] do_sys_ftruncate+0x492/0x560 [ 33.141267] do_syscall_64+0xf9/0x620 [ 33.145054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.150228] RIP: 0033:0x7fcb6bcfba09 [ 33.153921] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.172803] RSP: 002b:00007ffe578ff6d8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 33.180510] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fcb6bcfba09 [ 33.187759] RDX: 00007fcb6bcfba09 RSI: 0000000002007ffb RDI: 0000000000000006 [ 33.195004] RBP: 0000000000000000 R08: 00007ffe578ff700 R09: 00007ffe578ff700 [ 33.202259] R10: 00007ffe578ff700 R11: 0000000000000246 R12: 00007ffe578ff6fc [ 33.209508] R13: 00007ffe578ff730 R14: 00007ffe578ff710 R15: 0000000000000001 [ 33.216762] [ 33.218363] The buggy address belongs to the page: [ 33.223273] page:ffffea00022afbc0 count:2 mapcount:0 mapping:ffff8880b1af0a20 index:0x213 [ 33.231566] flags: 0xfff00000001064(referenced|lru|active|private) [ 33.237866] raw: 00fff00000001064 ffffea0002295388 ffffea00022af7c8 ffff8880b1af0a20 [ 33.245838] raw: 0000000000000213 ffff88808ac4a9d8 00000002ffffffff ffff8880b59f68c0 [ 33.253697] page dumped because: kasan: bad access detected [ 33.259389] page->mem_cgroup:ffff8880b59f68c0 [ 33.263861] [ 33.265467] Memory state around the buggy address: [ 33.270372] ffff88808abeff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.277710] ffff88808abeff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.285043] >ffff88808abf0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.292377] ^ [ 33.297811] ffff88808abf0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.305146] ffff88808abf0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.312481] ================================================================== [ 33.319829] Disabling lock debugging due to kernel taint [ 33.334512] Kernel panic - not syncing: panic_on_warn set ... [ 33.334512] [ 33.341875] CPU: 1 PID: 8098 Comm: syz-executor181 Tainted: G B 4.19.211-syzkaller #0 [ 33.351132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.360468] Call Trace: [ 33.363039] dump_stack+0x1fc/0x2ef [ 33.366644] panic+0x26a/0x50e [ 33.369816] ? __warn_printk+0xf3/0xf3 [ 33.373678] ? preempt_schedule_common+0x45/0xc0 [ 33.378410] ? ___preempt_schedule+0x16/0x18 [ 33.382797] ? trace_hardirqs_on+0x55/0x210 [ 33.387106] kasan_end_report+0x43/0x49 [ 33.391056] kasan_report_error.cold+0xa7/0x1b9 [ 33.395703] ? leaf_paste_in_buffer+0xa27/0xc20 [ 33.400346] kasan_report+0x8f/0xa0 [ 33.403950] ? leaf_paste_in_buffer+0xa27/0xc20 [ 33.408603] memcpy+0x20/0x50 [ 33.411686] leaf_paste_in_buffer+0xa27/0xc20 [ 33.416161] ? bpf_patch_insn_single+0x98/0x1f0 [ 33.420807] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 33.425976] ? leaf_paste_entries+0x910/0x910 [ 33.430455] leaf_move_items+0x17f6/0x3b60 [ 33.434672] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 33.440102] ? lock_downgrade+0x720/0x720 [ 33.444228] ? reiserfs_write_lock_nested+0x65/0xe0 [ 33.449221] ? get_empty_nodes+0x22b/0x710 [ 33.453434] leaf_shift_left+0xa0/0x380 [ 33.457385] balance_leaf+0x2fb8/0xca70 [ 33.461348] ? replace_key+0x160/0x160 [ 33.465215] do_balance+0x30a/0x760 [ 33.468819] ? get_right_neighbor_position+0x170/0x170 [ 33.474071] ? __mutex_unlock_slowpath+0xea/0x610 [ 33.478892] ? memset+0x20/0x40 [ 33.482153] reiserfs_insert_item+0xbf3/0x1010 [ 33.486711] ? reiserfs_paste_into_item+0x7d0/0x7d0 [ 33.491737] ? check_preemption_disabled+0x1f/0x280 [ 33.496737] ? scan_bitmap_block.constprop.0+0xf60/0xf60 [ 33.502162] ? journal_begin+0x210/0x400 [ 33.506200] reiserfs_get_block+0x122b/0x3e40 [ 33.510675] ? reiserfs_commit_write+0x6f0/0x6f0 [ 33.515409] ? lock_downgrade+0x720/0x720 [ 33.519560] ? lock_acquire+0x170/0x3c0 [ 33.523529] ? check_preemption_disabled+0x1f/0x280 [ 33.528523] ? check_preemption_disabled+0x41/0x280 [ 33.533522] ? check_preemption_disabled+0x1f/0x280 [ 33.538516] ? alloc_buffer_head+0x20/0x130 [ 33.542818] ? do_raw_spin_unlock+0x171/0x230 [ 33.547291] ? _raw_spin_unlock+0x29/0x40 [ 33.551415] ? create_page_buffers+0x190/0x350 [ 33.555974] __block_write_begin_int+0x46c/0x17b0 [ 33.560799] ? reiserfs_commit_write+0x6f0/0x6f0 [ 33.565535] ? __breadahead_gfp+0x130/0x130 [ 33.569836] ? wait_for_stable_page+0x122/0x360 [ 33.574484] reiserfs_write_begin+0x39f/0xa10 [ 33.578956] generic_cont_expand_simple+0x106/0x170 [ 33.583948] ? page_zero_new_buffers+0x600/0x600 [ 33.588682] reiserfs_setattr+0xc7c/0x1090 [ 33.592892] ? ktime_get_coarse_real_ts64+0x1a1/0x290 [ 33.598057] ? reiserfs_new_inode+0x2180/0x2180 [ 33.602706] ? current_time+0x13c/0x1c0 [ 33.606659] ? igrab+0xb0/0xb0 [ 33.609827] ? __vfs_setxattr+0x170/0x170 [ 33.613952] ? evm_inode_setattr+0x6a/0x170 [ 33.618255] ? reiserfs_new_inode+0x2180/0x2180 [ 33.622909] notify_change+0x70b/0xfc0 [ 33.626778] do_truncate+0x134/0x1f0 [ 33.630479] ? dentry_open+0x1d0/0x1d0 [ 33.634354] ? apparmor_path_truncate+0x183/0x200 [ 33.639183] do_sys_ftruncate+0x492/0x560 [ 33.643309] do_syscall_64+0xf9/0x620 [ 33.647089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.652261] RIP: 0033:0x7fcb6bcfba09 [ 33.655950] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.674826] RSP: 002b:00007ffe578ff6d8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 33.682510] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fcb6bcfba09 [ 33.689758] RDX: 00007fcb6bcfba09 RSI: 0000000002007ffb RDI: 0000000000000006 [ 33.697006] RBP: 0000000000000000 R08: 00007ffe578ff700 R09: 00007ffe578ff700 [ 33.704425] R10: 00007ffe578ff700 R11: 0000000000000246 R12: 00007ffe578ff6fc [ 33.711670] R13: 00007ffe578ff730 R14: 00007ffe578ff710 R15: 0000000000000001 [ 33.719181] Kernel Offset: disabled [ 33.722793] Rebooting in 86400 seconds..