DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5
forked to background, child pid 3217
[ 28.236957][ T3218] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.247508][ T3218] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts.
executing program
syzkaller login: [ 50.664630][ T3549] loop0: detected capacity change from 0 to 8192
[ 50.674410][ T3549] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 50.687812][ T3549] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 50.697183][ T3549] REISERFS (device loop0): using ordered data mode
[ 50.704369][ T3549] reiserfs: using flush barriers
[ 50.710994][ T3549] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 50.727416][ T3549] REISERFS (device loop0): checking transaction log (loop0)
[ 50.766447][ T3549] REISERFS (device loop0): Using r5 hash to sort names
[ 50.773565][ T3549] REISERFS (device loop0): using 3.5.x disk format
[ 50.780805][ T3549] ==================================================================
[ 50.788866][ T3549] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x95f/0x13a0
[ 50.796410][ T3549] Read of size 18446744073709551600 at addr ffff888070e55f94 by task syz-executor331/3549
[ 50.806304][ T3549]
[ 50.808613][ T3549] CPU: 0 PID: 3549 Comm: syz-executor331 Not tainted 6.1.53-syzkaller #0
[ 50.817016][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 50.827108][ T3549] Call Trace:
[ 50.830376][ T3549]
[ 50.833293][ T3549] dump_stack_lvl+0x1e3/0x2cb
[ 50.838062][ T3549] ? irq_work_queue+0xc6/0x150
[ 50.842843][ T3549] ? nf_tcp_handle_invalid+0x642/0x642
[ 50.848296][ T3549] ? panic+0x75d/0x75d
[ 50.852378][ T3549] ? _printk+0xd1/0x111
[ 50.856539][ T3549] ? _raw_spin_lock_irqsave+0xac/0x120
[ 50.862007][ T3549] print_report+0x15f/0x4f0
[ 50.866510][ T3549] ? __lock_acquire+0x125b/0x1f80
[ 50.871528][ T3549] ? __virt_addr_valid+0x22b/0x2e0
[ 50.876639][ T3549] ? __phys_addr+0xb6/0x170
[ 50.881150][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 50.886602][ T3549] kasan_report+0x136/0x160
[ 50.891102][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 50.896380][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 50.901653][ T3549] kasan_check_range+0x27f/0x290
[ 50.906582][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 50.911855][ T3549] memmove+0x25/0x60
[ 50.915745][ T3549] leaf_paste_entries+0x95f/0x13a0
[ 50.920850][ T3549] balance_leaf+0xbd1e/0x12510
[ 50.925643][ T3549] ? print_irqtrace_events+0x210/0x210
[ 50.931096][ T3549] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 50.936986][ T3549] ? _raw_spin_unlock+0x40/0x40
[ 50.941859][ T3549] ? stack_trace_save+0x113/0x1c0
[ 50.946872][ T3549] ? stack_trace_snprint+0xe0/0xe0
[ 50.951973][ T3549] ? do_balance+0x8f0/0x8f0
[ 50.956473][ T3549] ? __stack_depot_save+0x3f5/0x470
[ 50.961695][ T3549] ? kasan_set_track+0x60/0x70
[ 50.966449][ T3549] ? kasan_set_track+0x4b/0x70
[ 50.971197][ T3549] ? __kasan_kmalloc+0x97/0xb0
[ 50.975999][ T3549] ? __kmalloc+0xb2/0x230
[ 50.980317][ T3549] ? fix_nodes+0x69aa/0x8c70
[ 50.984898][ T3549] ? reiserfs_paste_into_item+0x65d/0x880
[ 50.990606][ T3549] ? reiserfs_add_entry+0x9b8/0xd70
[ 50.995795][ T3549] ? reiserfs_mkdir+0x6bc/0x8f0
[ 51.000638][ T3549] ? reiserfs_xattr_init+0x348/0x730
[ 51.005918][ T3549] ? reiserfs_fill_super+0x2203/0x2620
[ 51.011367][ T3549] ? mount_bdev+0x2c9/0x3f0
[ 51.015863][ T3549] ? legacy_get_tree+0xeb/0x180
[ 51.020701][ T3549] ? vfs_get_tree+0x88/0x270
[ 51.025370][ T3549] ? do_new_mount+0x28b/0xae0
[ 51.030219][ T3549] ? __se_sys_mount+0x2d5/0x3c0
[ 51.035064][ T3549] ? do_syscall_64+0x3d/0xb0
[ 51.039729][ T3549] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.045793][ T3549] ? __wake_up+0x1c0/0x1c0
[ 51.050205][ T3549] ? get_parents+0x513/0xfa0
[ 51.054792][ T3549] ? set_parameters+0x8d0/0x8d0
[ 51.059722][ T3549] ? get_neighbors+0x631/0x1010
[ 51.064661][ T3549] ? reiserfs_prepare_for_journal+0x269/0x280
[ 51.070719][ T3549] ? fix_nodes+0x7abc/0x8c70
[ 51.075391][ T3549] ? __might_sleep+0xb0/0xb0
[ 51.079984][ T3549] do_balance+0x309/0x8f0
[ 51.084404][ T3549] ? get_right_neighbor_position+0x210/0x210
[ 51.090476][ T3549] ? reiserfs_paste_into_item+0x3ef/0x880
[ 51.096189][ T3549] reiserfs_paste_into_item+0x73b/0x880
[ 51.101727][ T3549] ? reiserfs_cut_from_item+0x2580/0x2580
[ 51.107459][ T3549] ? reiserfs_get_parent+0x2c0/0x2c0
[ 51.112745][ T3549] ? inode_get_bytes+0x72/0xa0
[ 51.117501][ T3549] ? _find_first_zero_bit+0x61/0x100
[ 51.122781][ T3549] reiserfs_add_entry+0x9b8/0xd70
[ 51.127803][ T3549] ? drop_new_inode+0x60/0x60
[ 51.132560][ T3549] ? do_journal_begin_r+0xdc9/0x1020
[ 51.137851][ T3549] ? journal_begin+0x1ef/0x350
[ 51.142604][ T3549] reiserfs_mkdir+0x6bc/0x8f0
[ 51.147278][ T3549] ? reiserfs_symlink+0x720/0x720
[ 51.152296][ T3549] ? rwsem_write_trylock+0x166/0x210
[ 51.157670][ T3549] ? __up_read+0x690/0x690
[ 51.162086][ T3549] reiserfs_xattr_init+0x348/0x730
[ 51.167191][ T3549] reiserfs_fill_super+0x2203/0x2620
[ 51.172478][ T3549] ? reiserfs_kill_sb+0x150/0x150
[ 51.177498][ T3549] ? snprintf+0xd6/0x120
[ 51.181739][ T3549] mount_bdev+0x2c9/0x3f0
[ 51.186061][ T3549] ? reiserfs_kill_sb+0x150/0x150
[ 51.191082][ T3549] legacy_get_tree+0xeb/0x180
[ 51.195747][ T3549] ? remove_save_link+0x540/0x540
[ 51.200855][ T3549] vfs_get_tree+0x88/0x270
[ 51.205269][ T3549] do_new_mount+0x28b/0xae0
[ 51.209765][ T3549] ? do_move_mount_old+0x160/0x160
[ 51.214870][ T3549] ? user_path_at_empty+0x12b/0x180
[ 51.220062][ T3549] __se_sys_mount+0x2d5/0x3c0
[ 51.224734][ T3549] ? __x64_sys_mount+0xc0/0xc0
[ 51.229489][ T3549] ? syscall_enter_from_user_mode+0x2e/0x220
[ 51.235463][ T3549] ? lockdep_hardirqs_on+0x94/0x130
[ 51.240652][ T3549] ? __x64_sys_mount+0x1c/0xc0
[ 51.245496][ T3549] do_syscall_64+0x3d/0xb0
[ 51.249903][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.255785][ T3549] RIP: 0033:0x7fb47e6e28ba
[ 51.260204][ T3549] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 51.279800][ T3549] RSP: 002b:00007ffc2d608c08 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 51.288202][ T3549] RAX: ffffffffffffffda RBX: 00007ffc2d608c20 RCX: 00007fb47e6e28ba
[ 51.296252][ T3549] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffc2d608c20
[ 51.304214][ T3549] RBP: 0000000000000004 R08: 00007ffc2d608c60 R09: 00000000000010fb
[ 51.312352][ T3549] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000080
[ 51.320396][ T3549] R13: 00007ffc2d608c60 R14: 0000000000000003 R15: 0000000000400000
[ 51.328361][ T3549]
[ 51.331365][ T3549]
[ 51.333677][ T3549] The buggy address belongs to the physical page:
[ 51.340071][ T3549] page:ffffea0001c39540 refcount:3 mapcount:0 mapping:ffff888148d749f8 index:0x213 pfn:0x70e55
[ 51.350382][ T3549] memcg:ffff888140058000
[ 51.354605][ T3549] aops:def_blk_aops ino:700000
[ 51.359362][ T3549] flags: 0xfff18000002042(referenced|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[ 51.369069][ T3549] raw: 00fff18000002042 0000000000000000 dead000000000122 ffff888148d749f8
[ 51.377636][ T3549] raw: 0000000000000213 ffff888073759910 00000003ffffffff ffff888140058000
[ 51.386201][ T3549] page dumped because: kasan: bad access detected
[ 51.392622][ T3549] page_owner tracks the page as allocated
[ 51.398318][ T3549] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3549, tgid 3549 (syz-executor331), ts 50766181967, free_ts 44951001277
[ 51.418882][ T3549] post_alloc_hook+0x18d/0x1b0
[ 51.423726][ T3549] get_page_from_freelist+0x32ed/0x3480
[ 51.429348][ T3549] __alloc_pages+0x28d/0x770
[ 51.433926][ T3549] folio_alloc+0x1a/0x50
[ 51.438182][ T3549] filemap_alloc_folio+0xda/0x4f0
[ 51.443201][ T3549] __filemap_get_folio+0x711/0xe30
[ 51.448303][ T3549] pagecache_get_page+0x28/0x250
[ 51.453230][ T3549] __getblk_gfp+0x211/0xa20
[ 51.457722][ T3549] search_by_key+0x460/0x4b60
[ 51.462383][ T3549] reiserfs_read_locked_inode+0x23c/0x2950
[ 51.468179][ T3549] reiserfs_fill_super+0x135f/0x2620
[ 51.473458][ T3549] mount_bdev+0x2c9/0x3f0
[ 51.477780][ T3549] legacy_get_tree+0xeb/0x180
[ 51.482442][ T3549] vfs_get_tree+0x88/0x270
[ 51.486852][ T3549] do_new_mount+0x28b/0xae0
[ 51.491347][ T3549] __se_sys_mount+0x2d5/0x3c0
[ 51.496018][ T3549] page last free stack trace:
[ 51.500673][ T3549] free_unref_page_prepare+0xf63/0x1120
[ 51.506207][ T3549] free_unref_page_list+0x107/0x810
[ 51.511402][ T3549] release_pages+0x2836/0x2b40
[ 51.516168][ T3549] tlb_flush_mmu+0xfc/0x210
[ 51.520662][ T3549] tlb_finish_mmu+0xce/0x1f0
[ 51.525250][ T3549] unmap_region+0x29f/0x2f0
[ 51.529749][ T3549] do_mas_align_munmap+0xe93/0x15c0
[ 51.535027][ T3549] do_mas_munmap+0x246/0x2b0
[ 51.539609][ T3549] __vm_munmap+0x268/0x370
[ 51.544027][ T3549] __x64_sys_munmap+0x5c/0x70
[ 51.548873][ T3549] do_syscall_64+0x3d/0xb0
[ 51.553280][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.559167][ T3549]
[ 51.561476][ T3549] Memory state around the buggy address:
[ 51.567091][ T3549] ffff888070e55e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.575253][ T3549] ffff888070e55f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.583316][ T3549] >ffff888070e55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.591376][ T3549] ^
[ 51.596042][ T3549] ffff888070e56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.604130][ T3549] ffff888070e56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.612207][ T3549] ==================================================================
[ 51.620707][ T3549] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 51.627914][ T3549] CPU: 0 PID: 3549 Comm: syz-executor331 Not tainted 6.1.53-syzkaller #0
[ 51.636345][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 51.646390][ T3549] Call Trace:
[ 51.649662][ T3549]
[ 51.652583][ T3549] dump_stack_lvl+0x1e3/0x2cb
[ 51.657363][ T3549] ? nf_tcp_handle_invalid+0x642/0x642
[ 51.662814][ T3549] ? panic+0x75d/0x75d
[ 51.666876][ T3549] ? preempt_schedule_common+0xa6/0xd0
[ 51.672330][ T3549] ? vscnprintf+0x59/0x80
[ 51.676656][ T3549] panic+0x318/0x75d
[ 51.680544][ T3549] ? check_panic_on_warn+0x1d/0xa0
[ 51.685648][ T3549] ? memcpy_page_flushcache+0xfc/0xfc
[ 51.691014][ T3549] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 51.697000][ T3549] ? _raw_spin_unlock+0x40/0x40
[ 51.701844][ T3549] ? print_report+0x4a3/0x4f0
[ 51.706511][ T3549] check_panic_on_warn+0x7e/0xa0
[ 51.711440][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 51.716715][ T3549] end_report+0x66/0x110
[ 51.720947][ T3549] kasan_report+0x143/0x160
[ 51.725439][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 51.730716][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 51.735999][ T3549] kasan_check_range+0x27f/0x290
[ 51.740929][ T3549] ? leaf_paste_entries+0x95f/0x13a0
[ 51.746200][ T3549] memmove+0x25/0x60
[ 51.750086][ T3549] leaf_paste_entries+0x95f/0x13a0
[ 51.755193][ T3549] balance_leaf+0xbd1e/0x12510
[ 51.759955][ T3549] ? print_irqtrace_events+0x210/0x210
[ 51.765406][ T3549] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 51.771295][ T3549] ? _raw_spin_unlock+0x40/0x40
[ 51.776140][ T3549] ? stack_trace_save+0x113/0x1c0
[ 51.781169][ T3549] ? stack_trace_snprint+0xe0/0xe0
[ 51.786282][ T3549] ? do_balance+0x8f0/0x8f0
[ 51.790784][ T3549] ? __stack_depot_save+0x3f5/0x470
[ 51.795988][ T3549] ? kasan_set_track+0x60/0x70
[ 51.800752][ T3549] ? kasan_set_track+0x4b/0x70
[ 51.805509][ T3549] ? __kasan_kmalloc+0x97/0xb0
[ 51.810264][ T3549] ? __kmalloc+0xb2/0x230
[ 51.814586][ T3549] ? fix_nodes+0x69aa/0x8c70
[ 51.819168][ T3549] ? reiserfs_paste_into_item+0x65d/0x880
[ 51.824877][ T3549] ? reiserfs_add_entry+0x9b8/0xd70
[ 51.830070][ T3549] ? reiserfs_mkdir+0x6bc/0x8f0
[ 51.834913][ T3549] ? reiserfs_xattr_init+0x348/0x730
[ 51.840190][ T3549] ? reiserfs_fill_super+0x2203/0x2620
[ 51.845657][ T3549] ? mount_bdev+0x2c9/0x3f0
[ 51.850178][ T3549] ? legacy_get_tree+0xeb/0x180
[ 51.855024][ T3549] ? vfs_get_tree+0x88/0x270
[ 51.859610][ T3549] ? do_new_mount+0x28b/0xae0
[ 51.864283][ T3549] ? __se_sys_mount+0x2d5/0x3c0
[ 51.869134][ T3549] ? do_syscall_64+0x3d/0xb0
[ 51.873737][ T3549] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.879905][ T3549] ? __wake_up+0x1c0/0x1c0
[ 51.884313][ T3549] ? get_parents+0x513/0xfa0
[ 51.888902][ T3549] ? set_parameters+0x8d0/0x8d0
[ 51.893747][ T3549] ? get_neighbors+0x631/0x1010
[ 51.898597][ T3549] ? reiserfs_prepare_for_journal+0x269/0x280
[ 51.904661][ T3549] ? fix_nodes+0x7abc/0x8c70
[ 51.909251][ T3549] ? __might_sleep+0xb0/0xb0
[ 51.913851][ T3549] do_balance+0x309/0x8f0
[ 51.918186][ T3549] ? get_right_neighbor_position+0x210/0x210
[ 51.924162][ T3549] ? reiserfs_paste_into_item+0x3ef/0x880
[ 51.929872][ T3549] reiserfs_paste_into_item+0x73b/0x880
[ 51.935412][ T3549] ? reiserfs_cut_from_item+0x2580/0x2580
[ 51.941163][ T3549] ? reiserfs_get_parent+0x2c0/0x2c0
[ 51.946451][ T3549] ? inode_get_bytes+0x72/0xa0
[ 51.951218][ T3549] ? _find_first_zero_bit+0x61/0x100
[ 51.956508][ T3549] reiserfs_add_entry+0x9b8/0xd70
[ 51.961538][ T3549] ? drop_new_inode+0x60/0x60
[ 51.966218][ T3549] ? do_journal_begin_r+0xdc9/0x1020
[ 51.971517][ T3549] ? journal_begin+0x1ef/0x350
[ 51.976301][ T3549] reiserfs_mkdir+0x6bc/0x8f0
[ 51.981001][ T3549] ? reiserfs_symlink+0x720/0x720
[ 51.986029][ T3549] ? rwsem_write_trylock+0x166/0x210
[ 51.991340][ T3549] ? __up_read+0x690/0x690
[ 51.995762][ T3549] reiserfs_xattr_init+0x348/0x730
[ 52.000874][ T3549] reiserfs_fill_super+0x2203/0x2620
[ 52.006187][ T3549] ? reiserfs_kill_sb+0x150/0x150
[ 52.011217][ T3549] ? snprintf+0xd6/0x120
[ 52.015476][ T3549] mount_bdev+0x2c9/0x3f0
[ 52.019807][ T3549] ? reiserfs_kill_sb+0x150/0x150
[ 52.024843][ T3549] legacy_get_tree+0xeb/0x180
[ 52.029520][ T3549] ? remove_save_link+0x540/0x540
[ 52.034550][ T3549] vfs_get_tree+0x88/0x270
[ 52.038972][ T3549] do_new_mount+0x28b/0xae0
[ 52.043567][ T3549] ? do_move_mount_old+0x160/0x160
[ 52.048675][ T3549] ? user_path_at_empty+0x12b/0x180
[ 52.053949][ T3549] __se_sys_mount+0x2d5/0x3c0
[ 52.058623][ T3549] ? __x64_sys_mount+0xc0/0xc0
[ 52.063383][ T3549] ? syscall_enter_from_user_mode+0x2e/0x220
[ 52.069355][ T3549] ? lockdep_hardirqs_on+0x94/0x130
[ 52.074550][ T3549] ? __x64_sys_mount+0x1c/0xc0
[ 52.079309][ T3549] do_syscall_64+0x3d/0xb0
[ 52.083716][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.089598][ T3549] RIP: 0033:0x7fb47e6e28ba
[ 52.094004][ T3549] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.113607][ T3549] RSP: 002b:00007ffc2d608c08 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 52.122012][ T3549] RAX: ffffffffffffffda RBX: 00007ffc2d608c20 RCX: 00007fb47e6e28ba
[ 52.130062][ T3549] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffc2d608c20
[ 52.138024][ T3549] RBP: 0000000000000004 R08: 00007ffc2d608c60 R09: 00000000000010fb
[ 52.146145][ T3549] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000080
[ 52.154110][ T3549] R13: 00007ffc2d608c60 R14: 0000000000000003 R15: 0000000000400000
[ 52.162075][ T3549]
[ 52.165308][ T3549] Kernel Offset: disabled
[ 52.169620][ T3549] Rebooting in 86400 seconds..