Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. executing program [ 46.801886][ T3960] loop0: detected capacity change from 0 to 8192 [ 46.925955][ T3960] REISERFS warning (device loop0): reiserfs_fill_super: Cannot allocate commit workqueue executing program [ 47.071775][ T3965] loop0: detected capacity change from 0 to 8192 [ 47.195950][ T3965] REISERFS warning (device loop0): reiserfs_fill_super: Cannot allocate commit workqueue executing program [ 47.325331][ T3970] loop0: detected capacity change from 0 to 8192 [ 47.367642][ T3970] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 47.370347][ T3970] REISERFS (device loop0): using ordered data mode [ 47.372266][ T3970] reiserfs: using flush barriers [ 47.375046][ T3970] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.380276][ T3970] REISERFS (device loop0): checking transaction log (loop0) [ 47.431363][ T3970] REISERFS (device loop0): Using rupasov hash to sort names [ 47.434232][ T3970] ================================================================== [ 47.436486][ T3970] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944 [ 47.438576][ T3970] Read of size 18446744073709551584 at addr ffff0000dd267fa4 by task syz-executor122/3970 [ 47.441280][ T3970] [ 47.441869][ T3970] CPU: 0 PID: 3970 Comm: syz-executor122 Not tainted 5.15.151-syzkaller #0 [ 47.444234][ T3970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 47.446946][ T3970] Call trace: [ 47.447879][ T3970] dump_backtrace+0x0/0x530 [ 47.449090][ T3970] show_stack+0x2c/0x3c [ 47.450222][ T3970] dump_stack_lvl+0x108/0x170 [ 47.451481][ T3970] print_address_description+0x7c/0x3f0 [ 47.453036][ T3970] kasan_report+0x174/0x1e4 [ 47.454279][ T3970] kasan_check_range+0x274/0x2b4 [ 47.455657][ T3970] memmove+0x90/0xe8 [ 47.456741][ T3970] leaf_paste_entries+0x504/0x944 [ 47.458181][ T3970] balance_leaf+0xa0d4/0xe860 [ 47.459475][ T3970] do_balance+0x27c/0x790 [ 47.460669][ T3970] reiserfs_paste_into_item+0x630/0x744 [ 47.462214][ T3970] reiserfs_add_entry+0x8c0/0xc8c [ 47.463646][ T3970] reiserfs_mkdir+0x588/0x77c [ 47.464955][ T3970] reiserfs_xattr_init+0x2b0/0x6dc [ 47.466389][ T3970] reiserfs_fill_super+0x1b28/0x1e8c [ 47.467934][ T3970] mount_bdev+0x274/0x370 [ 47.469121][ T3970] get_super_block+0x44/0x58 [ 47.470324][ T3970] legacy_get_tree+0xd4/0x16c [ 47.471594][ T3970] vfs_get_tree+0x90/0x274 [ 47.472782][ T3970] do_new_mount+0x278/0x8fc [ 47.474048][ T3970] path_mount+0x594/0x101c [ 47.475272][ T3970] __arm64_sys_mount+0x510/0x5e0 [ 47.476648][ T3970] invoke_syscall+0x98/0x2b8 [ 47.477963][ T3970] el0_svc_common+0x138/0x258 [ 47.479205][ T3970] do_el0_svc+0x58/0x14c [ 47.480381][ T3970] el0_svc+0x7c/0x1f0 [ 47.481453][ T3970] el0t_64_sync_handler+0x84/0xe4 [ 47.482836][ T3970] el0t_64_sync+0x1a0/0x1a4 [ 47.484034][ T3970] [ 47.484705][ T3970] The buggy address belongs to the page: [ 47.486268][ T3970] page:00000000a367d4ef refcount:3 mapcount:0 mapping:000000002c3248f3 index:0x213 pfn:0x11d267 [ 47.489102][ T3970] memcg:ffff0000c08a4000 [ 47.490267][ T3970] aops:def_blk_aops ino:700000 [ 47.491574][ T3970] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 47.494147][ T3970] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c0494f48 [ 47.496594][ T3970] raw: 0000000000000213 ffff0000df506828 00000003ffffffff ffff0000c08a4000 [ 47.498950][ T3970] page dumped because: kasan: bad access detected [ 47.500737][ T3970] [ 47.501341][ T3970] Memory state around the buggy address: [ 47.502924][ T3970] ffff0000dd267e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.505129][ T3970] ffff0000dd267f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.507380][ T3970] >ffff0000dd267f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.509607][ T3970] ^ [ 47.511021][ T3970] ffff0000dd268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.513230][ T3970] ffff0000dd268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.515530][ T3970] ================================================================== [ 47.517750][ T3970] Disabling lock debugging due to kernel taint [ 47.519572][ T3970] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 10864, item_location 2, free_space(entry_count) 1536 [ 47.525090][ T3970] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.528069][ T3970] REISERFS (device loop0): Remounting filesystem read-only [ 47.530094][ T3970] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 47.533613][ T3970] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 47.537547][ T3970] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 10864, item_location 2, free_space(entry_count) 1536 [ 47.543031][ T3970] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.545860][ T3970] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error executing program [ 47.729680][ T3974] loop0: detected capacity change from 0 to 8192 [ 47.796653][ T3974] REISERFS warning (device loop0): super-6506 reiserfs_getopt: bad value "continue" for option "errors" [ 47.796653][ T3974] executing program [ 47.976885][ T3978] loop0: detected capacity change from 0 to 8192 [ 48.056192][ T3978] REISERFS warning (device loop0): super-6506 reiserfs_getopt: bad value "continue" for option "errors" [ 48.056192][ T3978] executing program [ 48.227681][ T3982] loop0: detected capacity change from 0 to 8192 [ 48.306526][ T3982] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 48.309254][ T3982] REISERFS (device loop0): using ordered data mode [ 48.311274][ T3982] reiserfs: using flush barriers [ 48.313237][ T3982] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 48.318162][ T3982] REISERFS (device loop0): checking transaction log (loop0) [ 48.349779][ T3982] REISERFS (device loop0): Using rupasov hash to sort names [ 48.580003][ T3958] Unable to handle kernel paging request at virtual address dfff80002000000a [ 48.582462][ T3958] Mem abort info: [ 48.583420][ T3958] ESR = 0x0000000096000007 [ 48.584676][ T3958] EC = 0x25: DABT (current EL), IL = 32 bits [ 48.586353][ T3982] Unable to handle kernel write to read-only memory at virtual address ffff0000d9f3bff0 [ 48.586566][ C0] Unable to handle kernel paging request at virtual address e3ff7c000358c006 [ 48.589161][ T3982] Mem abort info: [ 48.591538][ C0] Mem abort info: [ 48.591543][ C0] ESR = 0x0000000096000004 [ 48.592499][ T3982] ESR = 0x000000009600004f [ 48.593480][ C0] EC = 0x25: DABT (current EL), IL = 32 bits [ 48.594677][ T3982] EC = 0x25: DABT (current EL), IL = 32 bits [ 48.595906][ C0] SET = 0, FnV = 0 [ 48.595914][ C0] EA = 0, S1PTW = 0 [ 48.595918][ C0] FSC = 0x04: level 0 translation fault [ 48.595923][ C0] Data abort info: [ 48.595926][ C0] ISV = 0, ISS = 0x00000004 [ 48.595929][ C0] CM = 0, WnR = 0 [ 48.595934][ C0] [e3ff7c000358c006] address between user and kernel address ranges [ 48.595941][ C0] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 48.595949][ C0] Modules linked in: [ 48.595958][ C0] CPU: 0 PID: 3958 Comm: syz-executor122 Tainted: G B 5.15.151-syzkaller #0 [ 48.595969][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 48.595975][ C0] pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.597603][ T3982] SET = 0, FnV = 0 [ 48.599260][ C0] pc : timerqueue_add+0xc0/0x220 [ 48.600239][ T3982] EA = 0, S1PTW = 0 [ 48.601344][ C0] lr : timerqueue_add+0x11c/0x220 [ 48.602795][ T3982] FSC = 0x0f: level 3 permission fault [ 48.603798][ C0] sp : ffff800008007bc0 [ 48.604973][ T3982] Data abort info: [ 48.605969][ C0] x29: ffff800008007be0 x28: 0000000000000010 x27: dfff800000000000 [ 48.605991][ C0] x26: 0000000000000000 x25: 1fffe0001ac6001a x24: dfff800000000000 [ 48.606006][ C0] x23: 1fffe0001ac6001a x22: ffff80001d0474c8 x21: 0000000b4e66cc00 [ 48.606022][ C0] x20: 0000000000000000 x19: 1ffff00003a08e99 [ 48.608117][ T3982] ISV = 0, ISS = 0x0000004f [ 48.609979][ C0] x18: 0000000000000001 [ 48.611065][ T3982] CM = 0, WnR = 1 [ 48.613711][ C0] [ 48.613717][ C0] x17: ffff80019ff93000 [ 48.616359][ T3982] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001b4949000 [ 48.618405][ C0] x16: ffff80001197884c [ 48.619451][ T3982] [ffff0000d9f3bff0] pgd=180000023fff7003 [ 48.620728][ C0] x15: 0000000000000012 [ 48.621726][ T3982] , p4d=180000023fff7003 [ 48.623045][ C0] [ 48.623051][ C0] x14: 0000000000000000 [ 48.624481][ T3982] , pud=180000023f613003 [ 48.625666][ C0] x13: 205d383539335420 x12: 0000000000000001 [ 48.625684][ C0] x11: 0000000000010002 x10: 0000000000010002 x9 : ffff0000d1e38000 [ 48.625699][ C0] x8 : 03fffc000358c006 x7 : 0000000000000000 [ 48.626662][ T3982] , pmd=180000023f543003 [ 48.628822][ C0] x6 : ffff80000a9b1168 [ 48.630939][ T3982] , pte=0060000119f3b787 [ 48.633132][ C0] [ 48.633139][ C0] x5 : 0000000000000000 [ 48.634675][ T3982] [ 48.635944][ C0] x4 : 0000000000000001 x3 : ffff800008303d78 [ 48.635962][ C0] x2 : 0000000000000001 x1 : ffff80001844a860 x0 : 1fffe0001ac60032 [ 48.635978][ C0] Call trace: [ 48.635983][ C0] timerqueue_add+0xc0/0x220 [ 48.635997][ C0] enqueue_hrtimer+0x1a4/0x474 [ 48.668143][ C0] __hrtimer_run_queues+0x588/0xca4 [ 48.669519][ C0] hrtimer_interrupt+0x2c0/0xb64 [ 48.670835][ C0] arch_timer_handler_virt+0x74/0x88 [ 48.672336][ C0] handle_percpu_devid_irq+0x29c/0x7fc [ 48.673800][ C0] handle_domain_irq+0xec/0x178 [ 48.675147][ C0] gic_handle_irq+0x78/0x1c8 [ 48.676340][ C0] call_on_irq_stack+0x24/0x4c [ 48.677621][ C0] do_interrupt_handler+0x74/0x94 [ 48.678988][ C0] el1_interrupt+0x30/0x58 [ 48.680186][ C0] el1h_64_irq_handler+0x18/0x24 [ 48.681533][ C0] el1h_64_irq+0x78/0x7c [ 48.682655][ C0] console_unlock+0xca0/0x1394 [ 48.683996][ C0] vprintk_emit+0x140/0x21c [ 48.685286][ C0] vprintk_default+0xa0/0xe4 [ 48.686587][ C0] vprintk+0x200/0x2d4 [ 48.687757][ C0] _printk+0xdc/0x128 [ 48.688837][ C0] mem_abort_decode+0x78/0x1ac [ 48.690111][ C0] __do_kernel_fault+0x3b0/0x448 [ 48.691402][ C0] do_bad_area+0x80/0x2b8 [ 48.692560][ C0] do_translation_fault+0x100/0x138 [ 48.693979][ C0] do_mem_abort+0x70/0x1d8 [ 48.695198][ C0] el1_abort+0x3c/0x5c [ 48.696289][ C0] el1h_64_sync_handler+0x60/0xac [ 48.697790][ C0] el1h_64_sync+0x78/0x7c [ 48.699008][ C0] locks_remove_posix+0xd0/0x730 [ 48.700408][ C0] filp_close+0xfc/0x160 [ 48.701602][ C0] put_files_struct+0x198/0x334 [ 48.702963][ C0] exit_files+0x7c/0x9c [ 48.704109][ C0] do_exit+0x624/0x20bc [ 48.705249][ C0] do_group_exit+0x110/0x268 [ 48.706448][ C0] get_signal+0x634/0x1550 [ 48.707720][ C0] do_notify_resume+0x320/0x32b8 [ 48.709103][ C0] el0_ia+0x15c/0x2f0 [ 48.710209][ C0] el0t_64_sync_handler+0xa8/0xe4 [ 48.711610][ C0] el0t_64_sync+0x1a0/0x1a4 [ 48.712930][ C0] Code: 5280021c f2fbfffb 910062e0 d343fc08 (38786908) [ 48.714855][ C0] ---[ end trace ea4d18ef5aa1bfc0 ]--- [ 49.013510][ C0] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 49.015639][ C0] SMP: stopping secondary CPUs [ 50.105822][ C0] SMP: failed to stop secondary CPUs 0-1 [ 50.107495][ C0] Kernel Offset: disabled [ 50.108667][ C0] CPU features: 0x0,000081c1,21302e40 [ 50.110129][ C0] Memory Limit: none [ 50.362259][ C0] Rebooting in 86400 seconds..