Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program [ 39.078026] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.087251] REISERFS (device loop0): using ordered data mode [ 39.093956] reiserfs: using flush barriers [ 39.099149] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.115110] REISERFS (device loop0): checking transaction log (loop0) [ 39.157508] REISERFS (device loop0): Using r5 hash to sort names [ 39.164301] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 39.263038] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.272921] REISERFS (device loop0): using ordered data mode [ 39.278742] reiserfs: using flush barriers [ 39.284624] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.300885] REISERFS (device loop0): checking transaction log (loop0) [ 39.342492] REISERFS (device loop0): Using r5 hash to sort names [ 39.348774] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 39.462661] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.471125] REISERFS (device loop0): using ordered data mode [ 39.477765] reiserfs: using flush barriers [ 39.482959] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.498563] REISERFS (device loop0): checking transaction log (loop0) [ 39.539827] REISERFS (device loop0): Using r5 hash to sort names [ 39.546277] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 39.647496] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.658463] REISERFS (device loop0): using ordered data mode [ 39.664341] reiserfs: using flush barriers [ 39.669181] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.685058] REISERFS (device loop0): checking transaction log (loop0) [ 39.727242] REISERFS (device loop0): Using r5 hash to sort names [ 39.733938] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 39.845535] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.856152] REISERFS (device loop0): using ordered data mode [ 39.862026] reiserfs: using flush barriers [ 39.866845] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.882781] REISERFS (device loop0): checking transaction log (loop0) [ 39.924491] REISERFS (device loop0): Using r5 hash to sort names [ 39.931705] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 40.045817] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.055840] REISERFS (device loop0): using ordered data mode [ 40.062119] reiserfs: using flush barriers [ 40.066890] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.083676] REISERFS (device loop0): checking transaction log (loop0) [ 40.125318] REISERFS (device loop0): Using r5 hash to sort names [ 40.131687] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 40.245260] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.255456] REISERFS (device loop0): using ordered data mode [ 40.262436] reiserfs: using flush barriers [ 40.267193] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.283684] REISERFS (device loop0): checking transaction log (loop0) executing program [ 40.326236] REISERFS (device loop0): Using r5 hash to sort names [ 40.332581] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 40.405219] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.414060] REISERFS (device loop0): using ordered data mode [ 40.419847] reiserfs: using flush barriers [ 40.425100] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.440658] REISERFS (device loop0): checking transaction log (loop0) executing program [ 40.482716] REISERFS (device loop0): Using r5 hash to sort names [ 40.488990] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 40.573672] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.582415] REISERFS (device loop0): using ordered data mode [ 40.588200] reiserfs: using flush barriers [ 40.593803] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.609715] REISERFS (device loop0): checking transaction log (loop0) executing program [ 40.651930] REISERFS (device loop0): Using r5 hash to sort names [ 40.658233] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 40.734653] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.743441] REISERFS (device loop0): using ordered data mode [ 40.749250] reiserfs: using flush barriers [ 40.755072] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.771633] REISERFS (device loop0): checking transaction log (loop0) [ 40.813449] REISERFS (device loop0): Using r5 hash to sort names [ 40.819840] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 40.926399] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.936534] REISERFS (device loop0): using ordered data mode [ 40.943376] reiserfs: using flush barriers [ 40.948228] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.964478] REISERFS (device loop0): checking transaction log (loop0) [ 41.007385] REISERFS (device loop0): Using r5 hash to sort names [ 41.013736] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 41.025077] ================================================================== [ 41.032607] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0x981/0xb80 [ 41.039612] Read of size 104 at addr ffff88808ac82fd8 by task syz-executor144/8089 [ 41.047394] [ 41.049019] CPU: 1 PID: 8089 Comm: syz-executor144 Not tainted 4.14.302-syzkaller #0 [ 41.056884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 41.066346] Call Trace: [ 41.068926] dump_stack+0x1b2/0x281 [ 41.072552] print_address_description.cold+0x54/0x1d3 [ 41.077831] kasan_report_error.cold+0x8a/0x191 [ 41.082489] ? leaf_paste_in_buffer+0x981/0xb80 [ 41.087141] kasan_report+0x6f/0x80 [ 41.090842] ? leaf_paste_in_buffer+0x981/0xb80 [ 41.095662] memcpy+0x20/0x50 [ 41.098779] leaf_paste_in_buffer+0x981/0xb80 [ 41.103267] leaf_copy_dir_entries.isra.0+0x770/0x8f0 [ 41.108521] ? leaf_paste_entries+0x9b0/0x9b0 [ 41.113004] ? lock_acquire+0x170/0x3f0 [ 41.116956] leaf_move_items+0x147e/0x3440 [ 41.121980] ? do_journal_end+0x2f1/0x4310 [ 41.126220] ? reiserfs_write_unlock_nested+0xb2/0xf0 [ 41.131384] ? leaf_copy_dir_entries.isra.0+0x8f0/0x8f0 [ 41.137009] ? reiserfs_write_lock_nested+0x59/0xd0 [ 41.142087] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 41.147510] ? get_empty_nodes+0x1fc/0x650 [ 41.151721] ? is_left_neighbor_in_cache+0x2f0/0x2f0 [ 41.156801] leaf_shift_left+0x9f/0x360 [ 41.160751] balance_leaf+0x2b73/0xba30 [ 41.164706] ? replace_key+0x150/0x150 [ 41.168573] do_balance+0x282/0x630 [ 41.172177] ? get_right_neighbor_position+0x160/0x160 [ 41.177430] ? __mutex_unlock_slowpath+0x75/0x770 [ 41.182251] ? memset+0x20/0x40 [ 41.185508] reiserfs_insert_item+0x95b/0xc70 [ 41.189979] ? reiserfs_paste_into_item+0x6f0/0x6f0 [ 41.195009] ? scan_bitmap_block.constprop.0+0xd20/0xd20 [ 41.200438] reiserfs_get_block+0xb54/0x36b0 [ 41.204830] ? reiserfs_commit_write+0x650/0x650 [ 41.209565] ? radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 41.215337] ? kmem_cache_alloc+0x35f/0x3c0 [ 41.219637] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 41.225084] ? _raw_spin_unlock+0x29/0x40 [ 41.229206] ? create_page_buffers+0xce/0x1c0 [ 41.233721] __block_write_begin_int+0x35c/0x11d0 [ 41.238538] ? reiserfs_commit_write+0x650/0x650 [ 41.243274] ? __breadahead_gfp+0x150/0x150 [ 41.248450] ? wait_for_stable_page+0xe3/0x260 [ 41.253010] reiserfs_write_begin+0x2e3/0x8a0 [ 41.257592] ? pagecache_write_begin+0x2b/0xc0 [ 41.262259] generic_cont_expand_simple+0xe1/0x130 [ 41.267164] ? page_zero_new_buffers+0x420/0x420 [ 41.271894] ? inode_newsize_ok+0x145/0x1c0 [ 41.276194] reiserfs_setattr+0xa1c/0xe00 [ 41.280320] ? current_kernel_time64+0x17c/0x230 [ 41.285051] ? reiserfs_new_inode+0x2150/0x2150 [ 41.289691] ? timespec_trunc+0xb7/0x120 [ 41.293744] ? put_timespec64+0xf0/0xf0 [ 41.297692] ? current_kernel_time64+0x154/0x230 [ 41.302510] ? evm_inode_setattr+0x41/0x1e0 [ 41.306806] ? reiserfs_new_inode+0x2150/0x2150 [ 41.311449] notify_change+0x56b/0xd10 [ 41.315312] do_truncate+0xff/0x1a0 [ 41.318912] ? finish_open+0x170/0x170 [ 41.322794] ? apparmor_path_truncate+0x163/0x1d0 [ 41.327617] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 41.332804] ? compat_SyS_truncate+0x40/0x40 [ 41.337188] do_syscall_64+0x1d5/0x640 [ 41.341052] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 41.346226] RIP: 0033:0x7f7d96155a09 [ 41.349920] RSP: 002b:00007ffd704ed018 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 41.357616] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f7d96155a09 [ 41.364865] RDX: 00007f7d96155a09 RSI: 0000000002007ffb RDI: 0000000000000006 [ 41.372226] RBP: 0000000000000000 R08: 00007ffd704ed040 R09: 00007ffd704ed040 [ 41.379485] R10: 00007ffd704ed040 R11: 0000000000000246 R12: 00007ffd704ed03c [ 41.386762] R13: 00007ffd704ed070 R14: 00007ffd704ed050 R15: 000000000000000a [ 41.394022] [ 41.395749] The buggy address belongs to the page: [ 41.400667] page:ffffea00022b2080 count:2 mapcount:0 mapping:ffff8880a401d4e8 index:0x213 [ 41.410969] flags: 0xfff00000001064(referenced|lru|active|private) [ 41.417537] raw: 00fff00000001064 ffff8880a401d4e8 0000000000000213 00000002ffffffff [ 41.425396] raw: ffffea00022b2060 ffffea00022faea0 ffff88808a8d7bd0 ffff88823b3288c0 [ 41.433252] page dumped because: kasan: bad access detected [ 41.438936] page->mem_cgroup:ffff88823b3288c0 [ 41.443408] [ 41.445052] Memory state around the buggy address: [ 41.450042] ffff88808ac82f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.457378] ffff88808ac82f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.464717] >ffff88808ac83000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.472241] ^ [ 41.475582] ffff88808ac83080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.482919] ffff88808ac83100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.490258] ================================================================== [ 41.497604] Disabling lock debugging due to kernel taint [ 41.503304] Kernel panic - not syncing: panic_on_warn set ... [ 41.503304] [ 41.511100] CPU: 1 PID: 8089 Comm: syz-executor144 Tainted: G B 4.14.302-syzkaller #0 [ 41.520359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 41.529699] Call Trace: [ 41.532279] dump_stack+0x1b2/0x281 [ 41.535918] panic+0x1f9/0x42d [ 41.539091] ? add_taint.cold+0x16/0x16 [ 41.543041] ? ___preempt_schedule+0x16/0x18 [ 41.547439] kasan_end_report+0x43/0x49 [ 41.551386] kasan_report_error.cold+0xa7/0x191 [ 41.556120] ? leaf_paste_in_buffer+0x981/0xb80 [ 41.560763] kasan_report+0x6f/0x80 [ 41.564366] ? leaf_paste_in_buffer+0x981/0xb80 [ 41.569008] memcpy+0x20/0x50 [ 41.572105] leaf_paste_in_buffer+0x981/0xb80 [ 41.576576] leaf_copy_dir_entries.isra.0+0x770/0x8f0 [ 41.581748] ? leaf_paste_entries+0x9b0/0x9b0 [ 41.586226] ? lock_acquire+0x170/0x3f0 [ 41.590174] leaf_move_items+0x147e/0x3440 [ 41.594397] ? do_journal_end+0x2f1/0x4310 [ 41.598623] ? reiserfs_write_unlock_nested+0xb2/0xf0 [ 41.603786] ? leaf_copy_dir_entries.isra.0+0x8f0/0x8f0 [ 41.609330] ? reiserfs_write_lock_nested+0x59/0xd0 [ 41.614332] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 41.619944] ? get_empty_nodes+0x1fc/0x650 [ 41.624162] ? is_left_neighbor_in_cache+0x2f0/0x2f0 [ 41.629242] leaf_shift_left+0x9f/0x360 [ 41.633202] balance_leaf+0x2b73/0xba30 [ 41.637196] ? replace_key+0x150/0x150 [ 41.641063] do_balance+0x282/0x630 [ 41.644756] ? get_right_neighbor_position+0x160/0x160 [ 41.650008] ? __mutex_unlock_slowpath+0x75/0x770 [ 41.654824] ? memset+0x20/0x40 [ 41.658087] reiserfs_insert_item+0x95b/0xc70 [ 41.662566] ? reiserfs_paste_into_item+0x6f0/0x6f0 [ 41.667574] ? scan_bitmap_block.constprop.0+0xd20/0xd20 [ 41.673006] reiserfs_get_block+0xb54/0x36b0 [ 41.677395] ? reiserfs_commit_write+0x650/0x650 [ 41.682126] ? radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 41.687897] ? kmem_cache_alloc+0x35f/0x3c0 [ 41.692207] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 41.697635] ? _raw_spin_unlock+0x29/0x40 [ 41.701755] ? create_page_buffers+0xce/0x1c0 [ 41.706233] __block_write_begin_int+0x35c/0x11d0 [ 41.711074] ? reiserfs_commit_write+0x650/0x650 [ 41.715808] ? __breadahead_gfp+0x150/0x150 [ 41.720110] ? wait_for_stable_page+0xe3/0x260 [ 41.724671] reiserfs_write_begin+0x2e3/0x8a0 [ 41.729147] ? pagecache_write_begin+0x2b/0xc0 [ 41.733719] generic_cont_expand_simple+0xe1/0x130 [ 41.738626] ? page_zero_new_buffers+0x420/0x420 [ 41.743366] ? inode_newsize_ok+0x145/0x1c0 [ 41.748291] reiserfs_setattr+0xa1c/0xe00 [ 41.752416] ? current_kernel_time64+0x17c/0x230 [ 41.757146] ? reiserfs_new_inode+0x2150/0x2150 [ 41.761789] ? timespec_trunc+0xb7/0x120 [ 41.765825] ? put_timespec64+0xf0/0xf0 [ 41.769782] ? current_kernel_time64+0x154/0x230 [ 41.774518] ? evm_inode_setattr+0x41/0x1e0 [ 41.778817] ? reiserfs_new_inode+0x2150/0x2150 [ 41.783462] notify_change+0x56b/0xd10 [ 41.787325] do_truncate+0xff/0x1a0 [ 41.790942] ? finish_open+0x170/0x170 [ 41.794805] ? apparmor_path_truncate+0x163/0x1d0 [ 41.799624] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 41.804792] ? compat_SyS_truncate+0x40/0x40 [ 41.809261] do_syscall_64+0x1d5/0x640 [ 41.813126] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 41.818285] RIP: 0033:0x7f7d96155a09 [ 41.821971] RSP: 002b:00007ffd704ed018 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 41.829999] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f7d96155a09 [ 41.837242] RDX: 00007f7d96155a09 RSI: 0000000002007ffb RDI: 0000000000000006 [ 41.844498] RBP: 0000000000000000 R08: 00007ffd704ed040 R09: 00007ffd704ed040 [ 41.851741] R10: 00007ffd704ed040 R11: 0000000000000246 R12: 00007ffd704ed03c [ 41.858984] R13: 00007ffd704ed070 R14: 00007ffd704ed050 R15: 000000000000000a [ 41.866401] Kernel Offset: disabled [ 41.870055] Rebooting in 86400 seconds..