Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. executing program [ 74.834139][ T8462] loop0: detected capacity change from 0 to 131391 [ 74.847917][ T8462] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.857852][ T8462] REISERFS (device loop0): using ordered data mode [ 74.865768][ T8462] reiserfs: using flush barriers [ 74.872805][ T8462] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.893737][ T8462] REISERFS (device loop0): checking transaction log (loop0) [ 76.178692][ T8462] REISERFS (device loop0): Using rupasov hash to sort names [ 76.187590][ T8462] ================================================================== [ 76.196130][ T8462] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x404/0x910 [ 76.203819][ T8462] Read of size 18446744073709551571 at addr ffff88803d7f3fe1 by task syz-executor121/8462 [ 76.214786][ T8462] [ 76.217293][ T8462] CPU: 0 PID: 8462 Comm: syz-executor121 Not tainted 5.13.0-rc2-next-20210518-syzkaller #0 [ 76.227999][ T8462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.238061][ T8462] Call Trace: [ 76.241346][ T8462] dump_stack_lvl+0x13e/0x1d6 [ 76.246217][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.251644][ T8462] print_address_description.constprop.0.cold+0x6c/0x309 [ 76.258723][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.263941][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.269274][ T8462] kasan_report.cold+0x83/0xdf [ 76.274148][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.279631][ T8462] kasan_check_range+0x13d/0x180 [ 76.284694][ T8462] memmove+0x20/0x60 [ 76.288607][ T8462] leaf_paste_entries+0x404/0x910 [ 76.293676][ T8462] balance_leaf+0x951e/0xd8b0 [ 76.298385][ T8462] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 76.304471][ T8462] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 76.310579][ T8462] ? fix_nodes+0x14cb/0x8650 [ 76.315286][ T8462] ? replace_key+0x160/0x160 [ 76.320207][ T8462] do_balance+0x315/0x810 [ 76.324655][ T8462] ? get_right_neighbor_position+0x170/0x170 [ 76.331200][ T8462] ? __mutex_unlock_slowpath+0xe2/0x610 [ 76.336782][ T8462] reiserfs_paste_into_item+0x762/0x8e0 [ 76.343011][ T8462] ? reiserfs_delete_object+0x200/0x200 [ 76.348835][ T8462] ? search_by_entry_key+0x960/0x960 [ 76.354635][ T8462] ? yura_hash+0x183/0x2a0 [ 76.359228][ T8462] ? make_cpu_key+0x22/0x2a0 [ 76.364174][ T8462] reiserfs_add_entry+0x8cb/0xcf0 [ 76.369371][ T8462] ? reiserfs_lookup+0x490/0x490 [ 76.374594][ T8462] ? wait_for_completion_io+0x270/0x270 [ 76.380500][ T8462] ? do_journal_begin_r+0xd2e/0x10d0 [ 76.385841][ T8462] ? dquot_free_inode+0x6c0/0x6c0 [ 76.391097][ T8462] reiserfs_mkdir+0x675/0x980 [ 76.395848][ T8462] ? reiserfs_mknod+0x700/0x700 [ 76.400749][ T8462] ? down_write+0xe1/0x150 [ 76.405469][ T8462] ? down_write_killable+0x170/0x170 [ 76.411695][ T8462] ? down_write_killable+0x170/0x170 [ 76.417356][ T8462] reiserfs_xattr_init+0x4de/0xb60 [ 76.422743][ T8462] reiserfs_fill_super+0x2166/0x2e00 [ 76.428153][ T8462] ? reiserfs_remount+0x1580/0x1580 [ 76.433406][ T8462] ? lock_downgrade+0x6e0/0x6e0 [ 76.440356][ T8462] ? snprintf+0xbb/0xf0 [ 76.444737][ T8462] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 76.450464][ T8462] ? set_blocksize+0x1c1/0x3b0 [ 76.455727][ T8462] mount_bdev+0x34d/0x410 [ 76.460061][ T8462] ? reiserfs_remount+0x1580/0x1580 [ 76.465493][ T8462] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 76.470612][ T8462] legacy_get_tree+0x105/0x220 [ 76.475475][ T8462] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.481798][ T8462] vfs_get_tree+0x89/0x2f0 [ 76.486614][ T8462] path_mount+0x132a/0x1fa0 [ 76.491293][ T8462] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.497649][ T8462] ? strncpy_from_user+0x2a0/0x3e0 [ 76.502847][ T8462] ? finish_automount+0xaf0/0xaf0 [ 76.507911][ T8462] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.514214][ T8462] ? getname_flags.part.0+0x1dd/0x4f0 [ 76.519650][ T8462] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.526250][ T8462] __x64_sys_mount+0x27f/0x300 [ 76.531269][ T8462] ? copy_mnt_ns+0xae0/0xae0 [ 76.536217][ T8462] ? syscall_enter_from_user_mode+0x21/0x70 [ 76.542332][ T8462] do_syscall_64+0x31/0xb0 [ 76.546787][ T8462] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.552759][ T8462] RIP: 0033:0x445b8a [ 76.557053][ T8462] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.577172][ T8462] RSP: 002b:00007ffe298fef98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 76.585702][ T8462] RAX: ffffffffffffffda RBX: 00007ffe298feff0 RCX: 0000000000445b8a [ 76.594215][ T8462] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe298fefb0 [ 76.602482][ T8462] RBP: 00007ffe298fefb0 R08: 00007ffe298feff0 R09: 0000000000000000 [ 76.610816][ T8462] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 76.620224][ T8462] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 76.628574][ T8462] [ 76.631089][ T8462] The buggy address belongs to the page: [ 76.636721][ T8462] page:ffffea0000f5fcc0 refcount:3 mapcount:0 mapping:ffff8881452fab90 index:0x2013 pfn:0x3d7f3 [ 76.647535][ T8462] memcg:ffff88814010c000 [ 76.651898][ T8462] aops:def_blk_aops ino:700000 [ 76.656698][ T8462] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 76.666180][ T8462] raw: 00fff00000002022 dead000000000100 dead000000000122 ffff8881452fab90 [ 76.674769][ T8462] raw: 0000000000002013 ffff888039727570 00000003ffffffff ffff88814010c000 [ 76.683349][ T8462] page dumped because: kasan: bad access detected [ 76.690018][ T8462] page_owner tracks the page as allocated [ 76.695818][ T8462] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 8462, ts 76178208078, free_ts 0 [ 76.712378][ T8462] get_page_from_freelist+0x125c/0x2ed0 [ 76.718331][ T8462] __alloc_pages+0x1b2/0x500 [ 76.722923][ T8462] alloc_pages+0x18c/0x2a0 [ 76.727358][ T8462] __page_cache_alloc+0x303/0x3a0 [ 76.732418][ T8462] pagecache_get_page+0x357/0x18d0 [ 76.737567][ T8462] __getblk_slow+0x358/0xe90 [ 76.742313][ T8462] __getblk_gfp+0x70/0x80 [ 76.746925][ T8462] search_by_key+0x3a8/0x3b80 [ 76.751802][ T8462] reiserfs_read_locked_inode+0x154/0x2160 [ 76.757655][ T8462] reiserfs_fill_super+0x18f4/0x2e00 [ 76.762948][ T8462] mount_bdev+0x34d/0x410 [ 76.767666][ T8462] legacy_get_tree+0x105/0x220 [ 76.772749][ T8462] vfs_get_tree+0x89/0x2f0 [ 76.777477][ T8462] path_mount+0x132a/0x1fa0 [ 76.782260][ T8462] __x64_sys_mount+0x27f/0x300 [ 76.787219][ T8462] do_syscall_64+0x31/0xb0 [ 76.792195][ T8462] page_owner free stack trace missing [ 76.797713][ T8462] [ 76.800039][ T8462] Memory state around the buggy address: [ 76.805778][ T8462] ffff88803d7f3e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.813844][ T8462] ffff88803d7f3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.822162][ T8462] >ffff88803d7f3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.830454][ T8462] ^ [ 76.837660][ T8462] ffff88803d7f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.845724][ T8462] ffff88803d7f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.854108][ T8462] ================================================================== [ 76.862214][ T8462] Disabling lock debugging due to kernel taint [ 76.869417][ T8462] Kernel panic - not syncing: panic_on_warn set ... [ 76.876031][ T8462] CPU: 0 PID: 8462 Comm: syz-executor121 Tainted: G B 5.13.0-rc2-next-20210518-syzkaller #0 [ 76.887508][ T8462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.897622][ T8462] Call Trace: [ 76.901022][ T8462] dump_stack_lvl+0x13e/0x1d6 [ 76.905918][ T8462] ? leaf_paste_entries+0x3e0/0x910 [ 76.911336][ T8462] panic+0x306/0x73d [ 76.915420][ T8462] ? __warn_printk+0xf3/0xf3 [ 76.920222][ T8462] ? preempt_schedule_common+0x59/0xc0 [ 76.925816][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.931028][ T8462] ? preempt_schedule_thunk+0x16/0x18 [ 76.936543][ T8462] ? trace_hardirqs_on+0x38/0x1c0 [ 76.941603][ T8462] ? trace_hardirqs_on+0x51/0x1c0 [ 76.946651][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.952393][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.958242][ T8462] end_report.cold+0x5a/0x5a [ 76.962843][ T8462] kasan_report.cold+0x71/0xdf [ 76.967733][ T8462] ? leaf_paste_entries+0x404/0x910 [ 76.972945][ T8462] kasan_check_range+0x13d/0x180 [ 76.977913][ T8462] memmove+0x20/0x60 [ 76.982075][ T8462] leaf_paste_entries+0x404/0x910 [ 76.987129][ T8462] balance_leaf+0x951e/0xd8b0 [ 76.991808][ T8462] ? reiserfs_prepare_for_journal+0x115/0x2b0 [ 76.998352][ T8462] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 77.004302][ T8462] ? fix_nodes+0x14cb/0x8650 [ 77.009149][ T8462] ? replace_key+0x160/0x160 [ 77.013761][ T8462] do_balance+0x315/0x810 [ 77.018134][ T8462] ? get_right_neighbor_position+0x170/0x170 [ 77.024283][ T8462] ? __mutex_unlock_slowpath+0xe2/0x610 [ 77.030197][ T8462] reiserfs_paste_into_item+0x762/0x8e0 [ 77.035979][ T8462] ? reiserfs_delete_object+0x200/0x200 [ 77.041648][ T8462] ? search_by_entry_key+0x960/0x960 [ 77.046970][ T8462] ? yura_hash+0x183/0x2a0 [ 77.051511][ T8462] ? make_cpu_key+0x22/0x2a0 [ 77.056360][ T8462] reiserfs_add_entry+0x8cb/0xcf0 [ 77.061522][ T8462] ? reiserfs_lookup+0x490/0x490 [ 77.067555][ T8462] ? wait_for_completion_io+0x270/0x270 [ 77.074105][ T8462] ? do_journal_begin_r+0xd2e/0x10d0 [ 77.080012][ T8462] ? dquot_free_inode+0x6c0/0x6c0 [ 77.085442][ T8462] reiserfs_mkdir+0x675/0x980 [ 77.090226][ T8462] ? reiserfs_mknod+0x700/0x700 [ 77.095103][ T8462] ? down_write+0xe1/0x150 [ 77.099998][ T8462] ? down_write_killable+0x170/0x170 [ 77.105598][ T8462] ? down_write_killable+0x170/0x170 [ 77.111038][ T8462] reiserfs_xattr_init+0x4de/0xb60 [ 77.116154][ T8462] reiserfs_fill_super+0x2166/0x2e00 [ 77.121546][ T8462] ? reiserfs_remount+0x1580/0x1580 [ 77.127090][ T8462] ? lock_downgrade+0x6e0/0x6e0 [ 77.132183][ T8462] ? snprintf+0xbb/0xf0 [ 77.136362][ T8462] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 77.142351][ T8462] ? set_blocksize+0x1c1/0x3b0 [ 77.147260][ T8462] mount_bdev+0x34d/0x410 [ 77.152111][ T8462] ? reiserfs_remount+0x1580/0x1580 [ 77.157449][ T8462] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 77.162506][ T8462] legacy_get_tree+0x105/0x220 [ 77.167387][ T8462] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.174293][ T8462] vfs_get_tree+0x89/0x2f0 [ 77.179434][ T8462] path_mount+0x132a/0x1fa0 [ 77.184039][ T8462] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 77.190298][ T8462] ? strncpy_from_user+0x2a0/0x3e0 [ 77.195499][ T8462] ? finish_automount+0xaf0/0xaf0 [ 77.200754][ T8462] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.207029][ T8462] ? getname_flags.part.0+0x1dd/0x4f0 [ 77.212466][ T8462] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 77.219072][ T8462] __x64_sys_mount+0x27f/0x300 [ 77.224096][ T8462] ? copy_mnt_ns+0xae0/0xae0 [ 77.228802][ T8462] ? syscall_enter_from_user_mode+0x21/0x70 [ 77.234840][ T8462] do_syscall_64+0x31/0xb0 [ 77.239465][ T8462] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.245648][ T8462] RIP: 0033:0x445b8a [ 77.249641][ T8462] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.271961][ T8462] RSP: 002b:00007ffe298fef98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 77.281215][ T8462] RAX: ffffffffffffffda RBX: 00007ffe298feff0 RCX: 0000000000445b8a [ 77.289507][ T8462] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe298fefb0 [ 77.297481][ T8462] RBP: 00007ffe298fefb0 R08: 00007ffe298feff0 R09: 0000000000000000 [ 77.305475][ T8462] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 77.313455][ T8462] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 77.322524][ T8462] Kernel Offset: disabled [ 77.326857][ T8462] Rebooting in 86400 seconds..