[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.395739] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 34.404576] REISERFS (device loop0): using ordered data mode [ 34.410380] reiserfs: using flush barriers [ 34.417971] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 34.434197] REISERFS (device loop0): checking transaction log (loop0) [ 34.442053] REISERFS (device loop0): Using rupasov hash to sort names [ 34.449775] ================================================================== [ 34.457185] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 [ 34.463938] Read of size 18446744073709551585 at addr ffff88808f01afa4 by task syz-executor372/8075 [ 34.473115] [ 34.474730] CPU: 0 PID: 8075 Comm: syz-executor372 Not tainted 4.19.211-syzkaller #0 [ 34.482607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 34.492046] Call Trace: [ 34.494619] dump_stack+0x1fc/0x2ef [ 34.498240] print_address_description.cold+0x54/0x219 [ 34.503500] kasan_report_error.cold+0x8a/0x1b9 [ 34.508152] ? leaf_paste_entries+0x449/0x910 [ 34.512629] kasan_report+0x8f/0xa0 [ 34.516241] ? journal_mark_dirty+0x7b0/0xc80 [ 34.520716] ? leaf_paste_entries+0x449/0x910 [ 34.525192] memmove+0x20/0x50 [ 34.528366] leaf_paste_entries+0x449/0x910 [ 34.532674] balance_leaf+0x8fd7/0xca70 [ 34.536643] ? replace_key+0x160/0x160 [ 34.540516] do_balance+0x30a/0x760 [ 34.544196] ? get_right_neighbor_position+0x170/0x170 [ 34.549472] ? __mutex_unlock_slowpath+0xea/0x610 [ 34.554312] ? memset+0x20/0x40 [ 34.557606] reiserfs_paste_into_item+0x636/0x7d0 [ 34.562432] ? reiserfs_delete_object+0x200/0x200 [ 34.567285] ? search_by_entry_key+0xf30/0xf30 [ 34.571850] ? yura_hash+0x1b3/0x2a0 [ 34.575545] ? make_cpu_key+0x22/0x2a0 [ 34.579415] reiserfs_add_entry+0x89a/0xcc0 [ 34.583736] ? reiserfs_lookup+0x490/0x490 [ 34.587978] ? wait_for_completion_io+0x10/0x10 [ 34.592719] ? do_journal_begin_r+0xd10/0x10b0 [ 34.597303] ? dquot_initialize_needed+0x290/0x290 [ 34.602232] reiserfs_mkdir+0x66e/0x980 [ 34.606363] ? reiserfs_mknod+0x700/0x700 [ 34.610497] ? lock_acquire+0x171/0x3c0 [ 34.614459] reiserfs_xattr_init+0x406/0xae0 [ 34.618865] reiserfs_fill_super+0x1f54/0x2d80 [ 34.623447] ? reiserfs_remount+0x1540/0x1540 [ 34.627930] ? lock_downgrade+0x720/0x720 [ 34.632062] ? snprintf+0xbb/0xf0 [ 34.635504] ? wait_for_completion_io+0x10/0x10 [ 34.640158] mount_bdev+0x2fc/0x3b0 [ 34.643766] ? reiserfs_remount+0x1540/0x1540 [ 34.648240] mount_fs+0xa3/0x310 [ 34.651590] vfs_kern_mount.part.0+0x68/0x470 [ 34.656068] do_mount+0x115c/0x2f50 [ 34.659676] ? lock_acquire+0x170/0x3c0 [ 34.663630] ? check_preemption_disabled+0x41/0x280 [ 34.668632] ? copy_mount_string+0x40/0x40 [ 34.672855] ? copy_mount_options+0x59/0x380 [ 34.677254] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.682251] ? kmem_cache_alloc_trace+0x323/0x380 [ 34.687079] ? copy_mount_options+0x26f/0x380 [ 34.691556] ksys_mount+0xcf/0x130 [ 34.695081] __x64_sys_mount+0xba/0x150 [ 34.699038] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 34.703607] do_syscall_64+0xf9/0x620 [ 34.707393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.712572] RIP: 0033:0x7f097d3dd37a [ 34.716269] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.735152] RSP: 002b:00007ffcb330eec8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 34.742845] RAX: ffffffffffffffda RBX: 00007ffcb330ef20 RCX: 00007f097d3dd37a [ 34.750095] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcb330eee0 [ 34.757344] RBP: 00007ffcb330eee0 R08: 00007ffcb330ef20 R09: 0000000000000000 [ 34.764610] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290 [ 34.771859] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006 [ 34.779113] [ 34.780716] The buggy address belongs to the page: [ 34.785624] page:ffffea00023c0680 count:3 mapcount:0 mapping:ffff8880b54023e0 index:0x213 [ 34.793921] flags: 0xfff00000001044(referenced|active|private) [ 34.799872] raw: 00fff00000001044 dead000000000100 dead000000000200 ffff8880b54023e0 [ 34.807732] raw: 0000000000000213 ffff88808e3f8000 00000003ffffffff ffff8880b59f68c0 [ 34.815603] page dumped because: kasan: bad access detected [ 34.821316] page->mem_cgroup:ffff8880b59f68c0 [ 34.825788] [ 34.827395] Memory state around the buggy address: [ 34.832310] ffff88808f01ae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.839653] ffff88808f01af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.846994] >ffff88808f01af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.854329] ^ [ 34.858719] ffff88808f01b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.866058] ffff88808f01b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.873406] ================================================================== [ 34.880746] Disabling lock debugging due to kernel taint [ 34.889469] Kernel panic - not syncing: panic_on_warn set ... [ 34.889469] [ 34.896860] CPU: 0 PID: 8075 Comm: syz-executor372 Tainted: G B 4.19.211-syzkaller #0 [ 34.906123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 34.915493] Call Trace: [ 34.918066] dump_stack+0x1fc/0x2ef [ 34.921689] panic+0x26a/0x50e [ 34.924864] ? __warn_printk+0xf3/0xf3 [ 34.928734] ? preempt_schedule_common+0x45/0xc0 [ 34.933473] ? ___preempt_schedule+0x16/0x18 [ 34.937862] ? trace_hardirqs_on+0x55/0x210 [ 34.942164] kasan_end_report+0x43/0x49 [ 34.946118] kasan_report_error.cold+0xa7/0x1b9 [ 34.950786] ? leaf_paste_entries+0x449/0x910 [ 34.955261] kasan_report+0x8f/0xa0 [ 34.958868] ? journal_mark_dirty+0x7b0/0xc80 [ 34.963344] ? leaf_paste_entries+0x449/0x910 [ 34.967818] memmove+0x20/0x50 [ 34.970991] leaf_paste_entries+0x449/0x910 [ 34.975298] balance_leaf+0x8fd7/0xca70 [ 34.979254] ? replace_key+0x160/0x160 [ 34.983125] do_balance+0x30a/0x760 [ 34.986732] ? get_right_neighbor_position+0x170/0x170 [ 34.991989] ? __mutex_unlock_slowpath+0xea/0x610 [ 34.996812] ? memset+0x20/0x40 [ 35.000070] reiserfs_paste_into_item+0x636/0x7d0 [ 35.004890] ? reiserfs_delete_object+0x200/0x200 [ 35.009739] ? search_by_entry_key+0xf30/0xf30 [ 35.014321] ? yura_hash+0x1b3/0x2a0 [ 35.018017] ? make_cpu_key+0x22/0x2a0 [ 35.021899] reiserfs_add_entry+0x89a/0xcc0 [ 35.026204] ? reiserfs_lookup+0x490/0x490 [ 35.030418] ? wait_for_completion_io+0x10/0x10 [ 35.035067] ? do_journal_begin_r+0xd10/0x10b0 [ 35.039631] ? dquot_initialize_needed+0x290/0x290 [ 35.044542] reiserfs_mkdir+0x66e/0x980 [ 35.048499] ? reiserfs_mknod+0x700/0x700 [ 35.052631] ? lock_acquire+0x171/0x3c0 [ 35.056587] reiserfs_xattr_init+0x406/0xae0 [ 35.060977] reiserfs_fill_super+0x1f54/0x2d80 [ 35.065565] ? reiserfs_remount+0x1540/0x1540 [ 35.070042] ? lock_downgrade+0x720/0x720 [ 35.074172] ? snprintf+0xbb/0xf0 [ 35.077603] ? wait_for_completion_io+0x10/0x10 [ 35.082250] mount_bdev+0x2fc/0x3b0 [ 35.085856] ? reiserfs_remount+0x1540/0x1540 [ 35.090354] mount_fs+0xa3/0x310 [ 35.093718] vfs_kern_mount.part.0+0x68/0x470 [ 35.098192] do_mount+0x115c/0x2f50 [ 35.101802] ? lock_acquire+0x170/0x3c0 [ 35.105863] ? check_preemption_disabled+0x41/0x280 [ 35.110875] ? copy_mount_string+0x40/0x40 [ 35.115088] ? copy_mount_options+0x59/0x380 [ 35.119476] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 35.124472] ? kmem_cache_alloc_trace+0x323/0x380 [ 35.129292] ? copy_mount_options+0x26f/0x380 [ 35.133767] ksys_mount+0xcf/0x130 [ 35.137289] __x64_sys_mount+0xba/0x150 [ 35.141244] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.145804] do_syscall_64+0xf9/0x620 [ 35.149615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.154796] RIP: 0033:0x7f097d3dd37a [ 35.158489] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 35.177383] RSP: 002b:00007ffcb330eec8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 35.185078] RAX: ffffffffffffffda RBX: 00007ffcb330ef20 RCX: 00007f097d3dd37a [ 35.192330] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcb330eee0 [ 35.199589] RBP: 00007ffcb330eee0 R08: 00007ffcb330ef20 R09: 0000000000000000 [ 35.206947] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290 [ 35.214284] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006 [ 35.221615] Kernel Offset: disabled [ 35.225242] Rebooting in 86400 seconds..