[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. syzkaller login: [ 36.596740] IPVS: ftp: loaded support on port[0] = 21 executing program [ 36.712866] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.722782] REISERFS (device loop0): using ordered data mode [ 36.729824] reiserfs: using flush barriers [ 36.736326] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.752869] REISERFS (device loop0): checking transaction log (loop0) [ 36.808005] REISERFS (device loop0): Using r5 hash to sort names [ 36.814745] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 36.831233] ================================================================== [ 36.838747] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0xa27/0xc20 [ 36.845670] Read of size 80 at addr ffff88808af42fe0 by task syz-executor400/8105 [ 36.853275] [ 36.854890] CPU: 1 PID: 8105 Comm: syz-executor400 Not tainted 4.19.211-syzkaller #0 [ 36.862745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 36.872075] Call Trace: [ 36.874643] dump_stack+0x1fc/0x2ef [ 36.878254] print_address_description.cold+0x54/0x219 [ 36.883621] kasan_report_error.cold+0x8a/0x1b9 [ 36.888280] ? leaf_paste_in_buffer+0xa27/0xc20 [ 36.892930] kasan_report+0x8f/0xa0 [ 36.896548] ? leaf_paste_in_buffer+0xa27/0xc20 [ 36.901201] memcpy+0x20/0x50 [ 36.904288] leaf_paste_in_buffer+0xa27/0xc20 [ 36.908773] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 36.913953] ? leaf_paste_entries+0x910/0x910 [ 36.918431] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.922996] ? _raw_spin_unlock_irq+0x5a/0x80 [ 36.927471] ? finish_task_switch+0x146/0x760 [ 36.931945] ? finish_task_switch+0x118/0x760 [ 36.936417] ? switch_mm_irqs_off+0x764/0x1340 [ 36.940982] leaf_move_items+0x17f6/0x3b60 [ 36.945204] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 36.950549] ? check_preemption_disabled+0x33/0x280 [ 36.955542] ? check_preemption_disabled+0x41/0x280 [ 36.960538] ? reiserfs_write_lock_nested+0x65/0xe0 [ 36.965536] ? get_empty_nodes+0x22b/0x710 [ 36.969766] leaf_shift_left+0xa0/0x380 [ 36.973723] balance_leaf+0x2fb8/0xca70 [ 36.977683] ? replace_key+0x160/0x160 [ 36.981554] do_balance+0x30a/0x760 [ 36.985161] ? get_right_neighbor_position+0x170/0x170 [ 36.990414] ? __mutex_unlock_slowpath+0xea/0x610 [ 36.995240] ? memset+0x20/0x40 [ 36.998503] reiserfs_insert_item+0xbf3/0x1010 [ 37.003066] ? reiserfs_paste_into_item+0x7d0/0x7d0 [ 37.008094] ? check_preemption_disabled+0x1f/0x280 [ 37.013095] ? scan_bitmap_block.constprop.0+0xf60/0xf60 [ 37.018526] ? journal_begin+0x210/0x400 [ 37.022568] reiserfs_get_block+0x122b/0x3e40 [ 37.027053] ? reiserfs_commit_write+0x6f0/0x6f0 [ 37.031792] ? lock_downgrade+0x720/0x720 [ 37.035915] ? lock_acquire+0x170/0x3c0 [ 37.039869] ? check_preemption_disabled+0x1f/0x280 [ 37.044864] ? check_preemption_disabled+0x41/0x280 [ 37.049859] ? check_preemption_disabled+0x1f/0x280 [ 37.054853] ? alloc_buffer_head+0x20/0x130 [ 37.059162] ? do_raw_spin_unlock+0x171/0x230 [ 37.063638] ? _raw_spin_unlock+0x29/0x40 [ 37.067765] ? create_page_buffers+0x190/0x350 [ 37.072329] __block_write_begin_int+0x46c/0x17b0 [ 37.077174] ? reiserfs_commit_write+0x6f0/0x6f0 [ 37.081913] ? __breadahead_gfp+0x130/0x130 [ 37.086216] ? mark_held_locks+0xa6/0xf0 [ 37.090257] ? wait_for_stable_page+0x122/0x360 [ 37.094906] reiserfs_write_begin+0x39f/0xa10 [ 37.099384] generic_perform_write+0x1f8/0x4d0 [ 37.103949] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 37.108593] ? current_time+0x1c0/0x1c0 [ 37.112549] ? lock_acquire+0x170/0x3c0 [ 37.116502] __generic_file_write_iter+0x24b/0x610 [ 37.121409] generic_file_write_iter+0x3f8/0x730 [ 37.126147] __vfs_write+0x51b/0x770 [ 37.129841] ? kernel_read+0x110/0x110 [ 37.133714] ? mark_held_locks+0xa6/0xf0 [ 37.137756] __kernel_write+0x109/0x370 [ 37.141719] dump_emit+0x183/0x300 [ 37.145239] ? zap_process+0x290/0x290 [ 37.149104] ? elf_core_dump+0x3c78/0x4c10 [ 37.153316] elf_core_dump+0x2914/0x4c10 [ 37.157362] ? set_brk+0x170/0x170 [ 37.160884] ? fsnotify_first_mark+0x200/0x200 [ 37.165443] ? do_truncate+0x15e/0x1f0 [ 37.169307] ? mark_held_locks+0xf0/0xf0 [ 37.173362] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.178356] do_coredump+0x1d4e/0x2d60 [ 37.182221] ? debug_check_no_obj_freed+0x201/0x490 [ 37.187218] ? lock_acquire+0x160/0x3c0 [ 37.191173] ? cn_esc_printf+0x510/0x510 [ 37.195215] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 37.200609] ? debug_check_no_obj_freed+0x201/0x490 [ 37.206853] ? check_preemption_disabled+0x41/0x280 [ 37.211861] ? collect_signal+0x2ee/0x580 [ 37.215998] ? collect_signal+0x2ee/0x580 [ 37.220135] ? _raw_spin_unlock_irq+0x24/0x80 [ 37.224614] get_signal+0xed9/0x1f70 [ 37.228314] do_signal+0x8f/0x1670 [ 37.231845] ? lock_downgrade+0x720/0x720 [ 37.235973] ? setup_sigcontext+0x820/0x820 [ 37.240272] ? reiserfs_new_inode+0x2180/0x2180 [ 37.244930] ? notify_change+0x8e8/0xfc0 [ 37.248982] ? lock_downgrade+0x720/0x720 [ 37.253110] ? check_preemption_disabled+0x41/0x280 [ 37.258108] ? exit_to_usermode_loop+0x36/0x2a0 [ 37.262758] exit_to_usermode_loop+0x204/0x2a0 [ 37.267320] do_syscall_64+0x538/0x620 [ 37.271188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.276360] RIP: 0033:0x7fa5c6cf8819 [ 37.280063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.298941] RSP: 002b:00007fffe032b488 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 37.306627] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007fa5c6cf8819 [ 37.313875] RDX: 00007fa5c6cf8819 RSI: 000001fffffff000 RDI: 0000000000000006 [ 37.321132] RBP: 00007fffe032b4f0 R08: 00000000000f4240 R09: 00000000000f4240 [ 37.328392] R10: 00000000000f4240 R11: 0000000000000246 R12: 0000000000000000 [ 37.335645] R13: 00000000000f4240 R14: 00007fffe032b4b4 R15: 00007fffe032b4c0 [ 37.342906] [ 37.344513] The buggy address belongs to the page: [ 37.349424] page:ffffea00022bd080 count:2 mapcount:0 mapping:ffff8880b1adeae0 index:0x213 [ 37.357731] flags: 0xfff00000001064(referenced|lru|active|private) [ 37.364051] raw: 00fff00000001064 ffffea00022bd048 ffffea00022baa88 ffff8880b1adeae0 [ 37.371918] raw: 0000000000000213 ffff88808db6d7e0 00000002ffffffff ffff8880b59f68c0 [ 37.379775] page dumped because: kasan: bad access detected [ 37.385472] page->mem_cgroup:ffff8880b59f68c0 [ 37.389946] [ 37.391551] Memory state around the buggy address: [ 37.396459] ffff88808af42f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.403801] ffff88808af42f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.411192] >ffff88808af43000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.418546] ^ [ 37.423458] ffff88808af43080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.430797] ffff88808af43100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.438133] ================================================================== [ 37.445466] Disabling lock debugging due to kernel taint [ 37.456347] Kernel panic - not syncing: panic_on_warn set ... [ 37.456347] [ 37.463724] CPU: 0 PID: 8105 Comm: syz-executor400 Tainted: G B 4.19.211-syzkaller #0 [ 37.472986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 37.482337] Call Trace: [ 37.484931] dump_stack+0x1fc/0x2ef [ 37.488564] panic+0x26a/0x50e [ 37.491755] ? __warn_printk+0xf3/0xf3 [ 37.495626] ? preempt_schedule_common+0x45/0xc0 [ 37.500361] ? ___preempt_schedule+0x16/0x18 [ 37.504751] ? trace_hardirqs_on+0x55/0x210 [ 37.509055] kasan_end_report+0x43/0x49 [ 37.513012] kasan_report_error.cold+0xa7/0x1b9 [ 37.517662] ? leaf_paste_in_buffer+0xa27/0xc20 [ 37.522308] kasan_report+0x8f/0xa0 [ 37.525915] ? leaf_paste_in_buffer+0xa27/0xc20 [ 37.530564] memcpy+0x20/0x50 [ 37.533648] leaf_paste_in_buffer+0xa27/0xc20 [ 37.538125] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 37.543304] ? leaf_paste_entries+0x910/0x910 [ 37.547788] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.552361] ? _raw_spin_unlock_irq+0x5a/0x80 [ 37.556841] ? finish_task_switch+0x146/0x760 [ 37.561313] ? finish_task_switch+0x118/0x760 [ 37.565790] ? switch_mm_irqs_off+0x764/0x1340 [ 37.570354] leaf_move_items+0x17f6/0x3b60 [ 37.574581] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 37.579928] ? check_preemption_disabled+0x33/0x280 [ 37.584925] ? check_preemption_disabled+0x41/0x280 [ 37.589919] ? reiserfs_write_lock_nested+0x65/0xe0 [ 37.594917] ? get_empty_nodes+0x22b/0x710 [ 37.599142] leaf_shift_left+0xa0/0x380 [ 37.603102] balance_leaf+0x2fb8/0xca70 [ 37.607063] ? replace_key+0x160/0x160 [ 37.610932] do_balance+0x30a/0x760 [ 37.614543] ? get_right_neighbor_position+0x170/0x170 [ 37.619803] ? __mutex_unlock_slowpath+0xea/0x610 [ 37.624632] ? memset+0x20/0x40 [ 37.627892] reiserfs_insert_item+0xbf3/0x1010 [ 37.632456] ? reiserfs_paste_into_item+0x7d0/0x7d0 [ 37.637477] ? check_preemption_disabled+0x1f/0x280 [ 37.642476] ? scan_bitmap_block.constprop.0+0xf60/0xf60 [ 37.647911] ? journal_begin+0x210/0x400 [ 37.651968] reiserfs_get_block+0x122b/0x3e40 [ 37.656541] ? reiserfs_commit_write+0x6f0/0x6f0 [ 37.661304] ? lock_downgrade+0x720/0x720 [ 37.665433] ? lock_acquire+0x170/0x3c0 [ 37.669391] ? check_preemption_disabled+0x1f/0x280 [ 37.674390] ? check_preemption_disabled+0x41/0x280 [ 37.679386] ? check_preemption_disabled+0x1f/0x280 [ 37.684387] ? alloc_buffer_head+0x20/0x130 [ 37.688692] ? do_raw_spin_unlock+0x171/0x230 [ 37.693166] ? _raw_spin_unlock+0x29/0x40 [ 37.697294] ? create_page_buffers+0x190/0x350 [ 37.701859] __block_write_begin_int+0x46c/0x17b0 [ 37.706682] ? reiserfs_commit_write+0x6f0/0x6f0 [ 37.711420] ? __breadahead_gfp+0x130/0x130 [ 37.715722] ? mark_held_locks+0xa6/0xf0 [ 37.719766] ? wait_for_stable_page+0x122/0x360 [ 37.724429] reiserfs_write_begin+0x39f/0xa10 [ 37.728906] generic_perform_write+0x1f8/0x4d0 [ 37.733467] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 37.738205] ? current_time+0x1c0/0x1c0 [ 37.742156] ? lock_acquire+0x170/0x3c0 [ 37.746108] __generic_file_write_iter+0x24b/0x610 [ 37.751015] generic_file_write_iter+0x3f8/0x730 [ 37.755749] __vfs_write+0x51b/0x770 [ 37.759441] ? kernel_read+0x110/0x110 [ 37.763310] ? mark_held_locks+0xa6/0xf0 [ 37.767348] __kernel_write+0x109/0x370 [ 37.771300] dump_emit+0x183/0x300 [ 37.774831] ? zap_process+0x290/0x290 [ 37.778703] ? elf_core_dump+0x3c78/0x4c10 [ 37.782916] elf_core_dump+0x2914/0x4c10 [ 37.786961] ? set_brk+0x170/0x170 [ 37.790483] ? fsnotify_first_mark+0x200/0x200 [ 37.795049] ? do_truncate+0x15e/0x1f0 [ 37.798918] ? mark_held_locks+0xf0/0xf0 [ 37.802969] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.807972] do_coredump+0x1d4e/0x2d60 [ 37.811848] ? debug_check_no_obj_freed+0x201/0x490 [ 37.816846] ? lock_acquire+0x160/0x3c0 [ 37.820799] ? cn_esc_printf+0x510/0x510 [ 37.824840] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 37.829925] ? debug_check_no_obj_freed+0x201/0x490 [ 37.834923] ? check_preemption_disabled+0x41/0x280 [ 37.839920] ? collect_signal+0x2ee/0x580 [ 37.844049] ? collect_signal+0x2ee/0x580 [ 37.848179] ? _raw_spin_unlock_irq+0x24/0x80 [ 37.852654] get_signal+0xed9/0x1f70 [ 37.856351] do_signal+0x8f/0x1670 [ 37.859874] ? lock_downgrade+0x720/0x720 [ 37.864000] ? setup_sigcontext+0x820/0x820 [ 37.868298] ? reiserfs_new_inode+0x2180/0x2180 [ 37.872945] ? notify_change+0x8e8/0xfc0 [ 37.876987] ? lock_downgrade+0x720/0x720 [ 37.881115] ? check_preemption_disabled+0x41/0x280 [ 37.886118] ? exit_to_usermode_loop+0x36/0x2a0 [ 37.890782] exit_to_usermode_loop+0x204/0x2a0 [ 37.895350] do_syscall_64+0x538/0x620 [ 37.899221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.904394] RIP: 0033:0x7fa5c6cf8819 [ 37.908089] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.926970] RSP: 002b:00007fffe032b488 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 37.934660] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007fa5c6cf8819 [ 37.941912] RDX: 00007fa5c6cf8819 RSI: 000001fffffff000 RDI: 0000000000000006 [ 37.949161] RBP: 00007fffe032b4f0 R08: 00000000000f4240 R09: 00000000000f4240 [ 37.956525] R10: 00000000000f4240 R11: 0000000000000246 R12: 0000000000000000 [ 37.963775] R13: 00000000000f4240 R14: 00007fffe032b4b4 R15: 00007fffe032b4c0 [ 37.971106] Kernel Offset: disabled [ 37.974725] Rebooting in 86400 seconds..