[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 83.324726][ T35] audit: type=1400 audit(1613460389.324:8): avc: denied { execmem } for pid=8423 comm="syz-executor585" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 83.355169][ T8424] loop0: detected capacity change from 252287 to 0 [ 83.368055][ T8424] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 83.377938][ T8424] REISERFS (device loop0): using ordered data mode [ 83.384941][ T8424] reiserfs: using flush barriers [ 83.391898][ T8424] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 83.413567][ T8424] REISERFS (device loop0): checking transaction log (loop0) [ 85.730498][ T8424] REISERFS (device loop0): Using tea hash to sort names [ 85.738984][ T8424] ================================================================== [ 85.747310][ T8424] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 [ 85.754802][ T8424] Read of size 18446744073709551584 at addr ffff888040a03fa4 by task syz-executor585/8424 [ 85.764694][ T8424] [ 85.767058][ T8424] CPU: 1 PID: 8424 Comm: syz-executor585 Not tainted 5.11.0-syzkaller #0 [ 85.775510][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.785579][ T8424] Call Trace: [ 85.788886][ T8424] dump_stack+0x107/0x163 [ 85.793231][ T8424] ? leaf_paste_entries+0x449/0x910 [ 85.798456][ T8424] ? leaf_paste_entries+0x449/0x910 [ 85.803686][ T8424] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 85.810729][ T8424] ? leaf_paste_entries+0x449/0x910 [ 85.816729][ T8424] ? leaf_paste_entries+0x449/0x910 [ 85.822004][ T8424] kasan_report.cold+0x79/0xd5 [ 85.826795][ T8424] ? leaf_paste_entries+0x449/0x910 [ 85.832030][ T8424] check_memory_region+0x13d/0x180 [ 85.837169][ T8424] memmove+0x20/0x60 [ 85.841074][ T8424] leaf_paste_entries+0x449/0x910 [ 85.846113][ T8424] balance_leaf+0x951e/0xd8b0 [ 85.850806][ T8424] ? reiserfs_prepare_for_journal+0x115/0x2a0 [ 85.856880][ T8424] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 85.862637][ T8424] ? fix_nodes+0x14cb/0x8650 [ 85.867273][ T8424] ? replace_key+0x160/0x160 [ 85.871898][ T8424] do_balance+0x315/0x810 [ 85.876246][ T8424] ? get_right_neighbor_position+0x170/0x170 [ 85.882286][ T8424] ? __mutex_unlock_slowpath+0xe2/0x610 [ 85.887971][ T8424] reiserfs_paste_into_item+0x762/0x8e0 [ 85.893542][ T8424] ? reiserfs_delete_object+0x200/0x200 [ 85.899143][ T8424] ? search_by_entry_key+0x960/0x960 [ 85.904434][ T8424] ? keyed_hash+0x83b/0xee0 [ 85.908978][ T8424] ? make_cpu_key+0x22/0x2a0 [ 85.913579][ T8424] reiserfs_add_entry+0x8cb/0xcf0 [ 85.918638][ T8424] ? reiserfs_lookup+0x490/0x490 [ 85.923585][ T8424] ? wait_for_completion_io+0x260/0x260 [ 85.929164][ T8424] ? do_journal_begin_r+0xd2e/0x10d0 [ 85.934489][ T8424] reiserfs_mkdir+0x66e/0x980 [ 85.939181][ T8424] ? reiserfs_mknod+0x700/0x700 [ 85.944046][ T8424] ? down_write+0xdb/0x150 [ 85.948469][ T8424] ? down_write_killable_nested+0x170/0x170 [ 85.954377][ T8424] ? down_write_killable_nested+0x170/0x170 [ 85.960278][ T8424] reiserfs_xattr_init+0x4de/0xb60 [ 85.965424][ T8424] reiserfs_fill_super+0x215d/0x2e00 [ 85.970718][ T8424] ? reiserfs_remount+0x1580/0x1580 [ 85.975930][ T8424] ? lock_downgrade+0x6d0/0x6d0 [ 85.980787][ T8424] ? snprintf+0xbb/0xf0 [ 85.984945][ T8424] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 85.990673][ T8424] ? set_blocksize+0x1bb/0x400 [ 85.995447][ T8424] mount_bdev+0x34d/0x410 [ 85.999789][ T8424] ? reiserfs_remount+0x1580/0x1580 [ 86.005000][ T8424] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 86.010044][ T8424] legacy_get_tree+0x105/0x220 [ 86.014833][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.021086][ T8424] vfs_get_tree+0x89/0x2f0 [ 86.025527][ T8424] path_mount+0x13ad/0x20c0 [ 86.030149][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 86.036388][ T8424] ? strncpy_from_user+0x2a0/0x3e0 [ 86.041500][ T8424] ? finish_automount+0xac0/0xac0 [ 86.046542][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.052796][ T8424] ? getname_flags.part.0+0x1dd/0x4f0 [ 86.058198][ T8424] __x64_sys_mount+0x27f/0x300 [ 86.062970][ T8424] ? copy_mnt_ns+0xae0/0xae0 [ 86.067566][ T8424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 86.073710][ T8424] do_syscall_64+0x2d/0x70 [ 86.078256][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.084180][ T8424] RIP: 0033:0x445b8a [ 86.088083][ T8424] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 86.107775][ T8424] RSP: 002b:00007fff8c7af438 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 86.116220][ T8424] RAX: ffffffffffffffda RBX: 00007fff8c7af490 RCX: 0000000000445b8a [ 86.124216][ T8424] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff8c7af450 [ 86.132218][ T8424] RBP: 00007fff8c7af450 R08: 00007fff8c7af490 R09: 0000000000000000 [ 86.140195][ T8424] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 86.148254][ T8424] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 86.156262][ T8424] [ 86.158591][ T8424] The buggy address belongs to the page: [ 86.164220][ T8424] page:000000008f17f20f refcount:3 mapcount:0 mapping:000000009acfcc32 index:0x3d97 pfn:0x40a03 [ 86.174730][ T8424] aops:def_blk_aops ino:700000 [ 86.179511][ T8424] flags: 0xfff00000002022(referenced|active|private) [ 86.186226][ T8424] raw: 00fff00000002022 dead000000000100 dead000000000122 ffff88801795cb50 [ 86.194813][ T8424] raw: 0000000000003d97 ffff888038f7c4c8 00000003ffffffff ffff8881407ac000 [ 86.203413][ T8424] page dumped because: kasan: bad access detected [ 86.209837][ T8424] pages's memcg:ffff8881407ac000 [ 86.214783][ T8424] [ 86.217155][ T8424] Memory state around the buggy address: [ 86.222909][ T8424] ffff888040a03e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.231000][ T8424] ffff888040a03f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.239061][ T8424] >ffff888040a03f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.247196][ T8424] ^ [ 86.252436][ T8424] ffff888040a04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.260515][ T8424] ffff888040a04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.268607][ T8424] ================================================================== [ 86.276700][ T8424] Disabling lock debugging due to kernel taint [ 86.284869][ T8424] Kernel panic - not syncing: panic_on_warn set ... [ 86.291482][ T8424] CPU: 0 PID: 8424 Comm: syz-executor585 Tainted: G B 5.11.0-syzkaller #0 [ 86.301315][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.311385][ T8424] Call Trace: [ 86.314671][ T8424] dump_stack+0x107/0x163 [ 86.319123][ T8424] ? leaf_paste_entries+0x430/0x910 [ 86.324366][ T8424] panic+0x306/0x73d [ 86.328266][ T8424] ? __warn_printk+0xf3/0xf3 [ 86.332848][ T8424] ? preempt_schedule_common+0x59/0xc0 [ 86.339023][ T8424] ? leaf_paste_entries+0x449/0x910 [ 86.344217][ T8424] ? preempt_schedule_thunk+0x16/0x18 [ 86.349615][ T8424] ? trace_hardirqs_on+0x38/0x1c0 [ 86.354649][ T8424] ? trace_hardirqs_on+0x51/0x1c0 [ 86.359680][ T8424] ? leaf_paste_entries+0x449/0x910 [ 86.364969][ T8424] ? leaf_paste_entries+0x449/0x910 [ 86.370393][ T8424] end_report+0x58/0x5e [ 86.374556][ T8424] kasan_report.cold+0x67/0xd5 [ 86.379631][ T8424] ? leaf_paste_entries+0x449/0x910 [ 86.384948][ T8424] check_memory_region+0x13d/0x180 [ 86.390062][ T8424] memmove+0x20/0x60 [ 86.393961][ T8424] leaf_paste_entries+0x449/0x910 [ 86.398992][ T8424] balance_leaf+0x951e/0xd8b0 [ 86.405686][ T8424] ? reiserfs_prepare_for_journal+0x115/0x2a0 [ 86.411759][ T8424] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 86.417491][ T8424] ? fix_nodes+0x14cb/0x8650 [ 86.422093][ T8424] ? replace_key+0x160/0x160 [ 86.426696][ T8424] do_balance+0x315/0x810 [ 86.431053][ T8424] ? get_right_neighbor_position+0x170/0x170 [ 86.437047][ T8424] ? __mutex_unlock_slowpath+0xe2/0x610 [ 86.442600][ T8424] reiserfs_paste_into_item+0x762/0x8e0 [ 86.448152][ T8424] ? reiserfs_delete_object+0x200/0x200 [ 86.453719][ T8424] ? search_by_entry_key+0x960/0x960 [ 86.459021][ T8424] ? keyed_hash+0x83b/0xee0 [ 86.467109][ T8424] ? make_cpu_key+0x22/0x2a0 [ 86.471700][ T8424] reiserfs_add_entry+0x8cb/0xcf0 [ 86.476752][ T8424] ? reiserfs_lookup+0x490/0x490 [ 86.481708][ T8424] ? wait_for_completion_io+0x260/0x260 [ 86.487252][ T8424] ? do_journal_begin_r+0xd2e/0x10d0 [ 86.492541][ T8424] reiserfs_mkdir+0x66e/0x980 [ 86.497231][ T8424] ? reiserfs_mknod+0x700/0x700 [ 86.502106][ T8424] ? down_write+0xdb/0x150 [ 86.506521][ T8424] ? down_write_killable_nested+0x170/0x170 [ 86.512423][ T8424] ? down_write_killable_nested+0x170/0x170 [ 86.518328][ T8424] reiserfs_xattr_init+0x4de/0xb60 [ 86.523463][ T8424] reiserfs_fill_super+0x215d/0x2e00 [ 86.528801][ T8424] ? reiserfs_remount+0x1580/0x1580 [ 86.534096][ T8424] ? lock_downgrade+0x6d0/0x6d0 [ 86.539059][ T8424] ? snprintf+0xbb/0xf0 [ 86.543227][ T8424] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 86.548966][ T8424] ? set_blocksize+0x1bb/0x400 [ 86.553748][ T8424] mount_bdev+0x34d/0x410 [ 86.558182][ T8424] ? reiserfs_remount+0x1580/0x1580 [ 86.563385][ T8424] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 86.568418][ T8424] legacy_get_tree+0x105/0x220 [ 86.573191][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.579453][ T8424] vfs_get_tree+0x89/0x2f0 [ 86.583884][ T8424] path_mount+0x13ad/0x20c0 [ 86.590290][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 86.596727][ T8424] ? strncpy_from_user+0x2a0/0x3e0 [ 86.602040][ T8424] ? finish_automount+0xac0/0xac0 [ 86.607174][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.613756][ T8424] ? getname_flags.part.0+0x1dd/0x4f0 [ 86.619133][ T8424] __x64_sys_mount+0x27f/0x300 [ 86.623917][ T8424] ? copy_mnt_ns+0xae0/0xae0 [ 86.628503][ T8424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 86.634501][ T8424] do_syscall_64+0x2d/0x70 [ 86.638933][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.644851][ T8424] RIP: 0033:0x445b8a [ 86.648755][ T8424] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 86.668374][ T8424] RSP: 002b:00007fff8c7af438 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 86.676785][ T8424] RAX: ffffffffffffffda RBX: 00007fff8c7af490 RCX: 0000000000445b8a [ 86.684790][ T8424] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff8c7af450 [ 86.692762][ T8424] RBP: 00007fff8c7af450 R08: 00007fff8c7af490 R09: 0000000000000000 [ 86.700781][ T8424] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 86.708762][ T8424] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 86.717319][ T8424] Kernel Offset: disabled [ 86.721659][ T8424] Rebooting in 86400 seconds..