[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.900545] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.909230] REISERFS (device loop0): using ordered data mode [ 36.916389] reiserfs: using flush barriers [ 36.923133] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.941697] REISERFS (device loop0): checking transaction log (loop0) [ 37.755108] REISERFS (device loop0): Using rupasov hash to sort names [ 37.762666] ================================================================== [ 37.770186] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x417/0x910 [ 37.776971] Read of size 18446744073709551571 at addr ffff88808728ffe1 by task syz-executor854/8126 [ 37.786157] [ 37.787775] CPU: 0 PID: 8126 Comm: syz-executor854 Not tainted 4.19.163-syzkaller #0 [ 37.795688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.805040] Call Trace: [ 37.807646] dump_stack+0x1fc/0x2fe [ 37.811284] print_address_description.cold+0x54/0x219 [ 37.816561] kasan_report_error.cold+0x8a/0x1c7 [ 37.821221] ? leaf_paste_entries+0x417/0x910 [ 37.825733] kasan_report+0x8f/0x96 [ 37.829367] ? cache_alloc_refill+0x2a0/0x340 [ 37.833852] ? leaf_paste_entries+0x417/0x910 [ 37.838356] memmove+0x20/0x50 [ 37.842586] leaf_paste_entries+0x417/0x910 [ 37.846916] balance_leaf+0x8fb4/0xca40 [ 37.850899] ? replace_key+0x160/0x160 [ 37.854781] do_balance+0x306/0x760 [ 37.858416] ? get_right_neighbor_position+0x170/0x170 [ 37.863687] ? __mutex_unlock_slowpath+0xea/0x610 [ 37.868529] ? memset+0x20/0x40 [ 37.871799] reiserfs_paste_into_item+0x636/0x7d0 [ 37.876644] ? reiserfs_delete_object+0x200/0x200 [ 37.881514] ? search_by_entry_key+0xf30/0xf30 [ 37.886191] ? yura_hash+0x1e3/0x2a0 [ 37.889910] ? make_cpu_key+0x22/0x2a0 [ 37.893787] reiserfs_add_entry+0x89a/0xcc0 [ 37.898125] ? reiserfs_lookup+0x490/0x490 [ 37.902378] ? wait_for_completion_io+0x10/0x10 [ 37.907044] ? do_journal_begin_r+0xd10/0x10b0 [ 37.911622] ? dquot_initialize_needed+0x290/0x290 [ 37.916572] reiserfs_mkdir+0x66e/0x980 [ 37.920540] ? reiserfs_mknod+0x700/0x700 [ 37.924698] ? lock_acquire+0x171/0x3c0 [ 37.928688] reiserfs_xattr_init+0x406/0xae0 [ 37.933097] reiserfs_fill_super+0x206e/0x2ce4 [ 37.937700] ? reiserfs_remount+0x1540/0x1540 [ 37.942204] ? lock_downgrade+0x720/0x720 [ 37.946372] ? snprintf+0xbb/0xf0 [ 37.949830] ? wait_for_completion_io+0x10/0x10 [ 37.954498] mount_bdev+0x2fc/0x3b0 [ 37.958116] ? reiserfs_remount+0x1540/0x1540 [ 37.962693] mount_fs+0xa3/0x30c [ 37.966072] vfs_kern_mount.part.0+0x68/0x470 [ 37.970584] do_mount+0x113c/0x2f10 [ 37.974211] ? cmp_ex_sort+0xc0/0xc0 [ 37.977921] ? __do_page_fault+0x180/0xd60 [ 37.982161] ? copy_mount_string+0x40/0x40 [ 37.986407] ? copy_mount_options+0x1cd/0x380 [ 37.990894] ? memset+0x20/0x40 [ 37.994161] ? copy_mount_options+0x26f/0x380 [ 37.998647] ksys_mount+0xcf/0x130 [ 38.002192] __x64_sys_mount+0xba/0x150 [ 38.006168] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.010739] do_syscall_64+0xf9/0x620 [ 38.014534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.019799] RIP: 0033:0x447dda [ 38.022998] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 38.041925] RSP: 002b:00007ffd019408f8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 38.049641] RAX: ffffffffffffffda RBX: 00007ffd01940950 RCX: 0000000000447dda [ 38.056920] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd01940910 [ 38.064183] RBP: 00007ffd01940910 R08: 00007ffd01940950 R09: 0000000000000000 [ 38.071476] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000007 [ 38.078736] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.086106] [ 38.087731] The buggy address belongs to the page: [ 38.092646] page:ffffea00021ca3c0 count:3 mapcount:0 mapping:ffff88808ffa7be0 index:0x2013 [ 38.101056] flags: 0xfff00000001044(referenced|active|private) [ 38.107041] raw: 00fff00000001044 dead000000000100 dead000000000200 ffff88808ffa7be0 [ 38.114919] raw: 0000000000002013 ffff88808b97dc78 00000003ffffffff ffff88823b2d08c0 [ 38.122787] page dumped because: kasan: bad access detected [ 38.128623] page->mem_cgroup:ffff88823b2d08c0 [ 38.133104] [ 38.134710] Memory state around the buggy address: [ 38.139651] ffff88808728fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.147013] ffff88808728ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.154382] >ffff88808728ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.161749] ^ [ 38.168239] ffff888087290000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.175595] ffff888087290080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.182988] ================================================================== [ 38.190337] Disabling lock debugging due to kernel taint [ 38.200048] Kernel panic - not syncing: panic_on_warn set ... [ 38.200048] [ 38.207451] CPU: 1 PID: 8126 Comm: syz-executor854 Tainted: G B 4.19.163-syzkaller #0 [ 38.216727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.226083] Call Trace: [ 38.228703] dump_stack+0x1fc/0x2fe [ 38.232335] panic+0x26a/0x50e [ 38.235520] ? __warn_printk+0xf3/0xf3 [ 38.239442] ? preempt_schedule_common+0x45/0xc0 [ 38.244199] ? ___preempt_schedule+0x16/0x18 [ 38.248626] ? trace_hardirqs_on+0x55/0x210 [ 38.252967] kasan_end_report+0x43/0x49 [ 38.256944] kasan_report_error.cold+0xa7/0x1c7 [ 38.261604] ? leaf_paste_entries+0x417/0x910 [ 38.266090] kasan_report+0x8f/0x96 [ 38.269705] ? cache_alloc_refill+0x2a0/0x340 [ 38.274190] ? leaf_paste_entries+0x417/0x910 [ 38.278685] memmove+0x20/0x50 [ 38.281876] leaf_paste_entries+0x417/0x910 [ 38.286185] balance_leaf+0x8fb4/0xca40 [ 38.290157] ? replace_key+0x160/0x160 [ 38.294030] do_balance+0x306/0x760 [ 38.297640] ? get_right_neighbor_position+0x170/0x170 [ 38.302907] ? __mutex_unlock_slowpath+0xea/0x610 [ 38.307742] ? memset+0x20/0x40 [ 38.311021] reiserfs_paste_into_item+0x636/0x7d0 [ 38.315853] ? reiserfs_delete_object+0x200/0x200 [ 38.320700] ? search_by_entry_key+0xf30/0xf30 [ 38.325283] ? yura_hash+0x1e3/0x2a0 [ 38.329069] ? make_cpu_key+0x22/0x2a0 [ 38.332942] reiserfs_add_entry+0x89a/0xcc0 [ 38.337267] ? reiserfs_lookup+0x490/0x490 [ 38.341590] ? wait_for_completion_io+0x10/0x10 [ 38.346281] ? do_journal_begin_r+0xd10/0x10b0 [ 38.350854] ? dquot_initialize_needed+0x290/0x290 [ 38.355807] reiserfs_mkdir+0x66e/0x980 [ 38.359772] ? reiserfs_mknod+0x700/0x700 [ 38.363926] ? lock_acquire+0x171/0x3c0 [ 38.367886] reiserfs_xattr_init+0x406/0xae0 [ 38.372303] reiserfs_fill_super+0x206e/0x2ce4 [ 38.376960] ? reiserfs_remount+0x1540/0x1540 [ 38.381459] ? lock_downgrade+0x720/0x720 [ 38.385591] ? snprintf+0xbb/0xf0 [ 38.389033] ? wait_for_completion_io+0x10/0x10 [ 38.393690] mount_bdev+0x2fc/0x3b0 [ 38.397315] ? reiserfs_remount+0x1540/0x1540 [ 38.401800] mount_fs+0xa3/0x30c [ 38.405152] vfs_kern_mount.part.0+0x68/0x470 [ 38.409633] do_mount+0x113c/0x2f10 [ 38.413243] ? cmp_ex_sort+0xc0/0xc0 [ 38.416941] ? __do_page_fault+0x180/0xd60 [ 38.421164] ? copy_mount_string+0x40/0x40 [ 38.425399] ? copy_mount_options+0x1cd/0x380 [ 38.429899] ? memset+0x20/0x40 [ 38.433187] ? copy_mount_options+0x26f/0x380 [ 38.437672] ksys_mount+0xcf/0x130 [ 38.441199] __x64_sys_mount+0xba/0x150 [ 38.445174] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.449744] do_syscall_64+0xf9/0x620 [ 38.453532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.458734] RIP: 0033:0x447dda [ 38.461915] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 38.480834] RSP: 002b:00007ffd019408f8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 38.488546] RAX: ffffffffffffffda RBX: 00007ffd01940950 RCX: 0000000000447dda [ 38.495819] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd01940910 [ 38.503074] RBP: 00007ffd01940910 R08: 00007ffd01940950 R09: 0000000000000000 [ 38.510331] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000007 [ 38.517590] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.525244] Kernel Offset: disabled [ 38.528882] Rebooting in 86400 seconds..