DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3173
[ 22.815138][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 22.831570][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 45.455198][ T3498] loop0: detected capacity change from 0 to 8192
[ 45.465393][ T3498] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 45.475024][ T3498] REISERFS (device loop0): using ordered data mode
[ 45.481892][ T3498] reiserfs: using flush barriers
[ 45.488489][ T3498] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 45.505153][ T3498] REISERFS (device loop0): checking transaction log (loop0)
[ 45.550444][ T3498] REISERFS (device loop0): Using r5 hash to sort names
[ 45.557818][ T3498] REISERFS (device loop0): using 3.5.x disk format
[ 45.565210][ T3498] ==================================================================
[ 45.573503][ T3498] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x95f/0x13a0
[ 45.581149][ T3498] Read of size 18446744073709551584 at addr ffff888071c8cfa4 by task syz-executor380/3498
[ 45.591285][ T3498]
[ 45.593597][ T3498] CPU: 1 PID: 3498 Comm: syz-executor380 Not tainted 5.15.118-syzkaller #0
[ 45.602157][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 45.612191][ T3498] Call Trace:
[ 45.615979][ T3498]
[ 45.618897][ T3498] dump_stack_lvl+0x1e3/0x2cb
[ 45.623563][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 45.629174][ T3498] ? _printk+0xd1/0x111
[ 45.633482][ T3498] ? __wake_up_klogd+0xcc/0x100
[ 45.638749][ T3498] ? panic+0x84d/0x84d
[ 45.642792][ T3498] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 45.648340][ T3498] print_address_description+0x63/0x3b0
[ 45.653886][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 45.659506][ T3498] kasan_report+0x16b/0x1c0
[ 45.663996][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 45.669358][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 45.674622][ T3498] kasan_check_range+0x27e/0x290
[ 45.679537][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 45.685109][ T3498] memmove+0x25/0x60
[ 45.689019][ T3498] leaf_paste_entries+0x95f/0x13a0
[ 45.694150][ T3498] balance_leaf+0xbd1e/0x12510
[ 45.698924][ T3498] ? print_irqtrace_events+0x210/0x210
[ 45.704549][ T3498] ? do_raw_spin_unlock+0x137/0x8b0
[ 45.709747][ T3498] ? lockdep_hardirqs_on+0x94/0x130
[ 45.715198][ T3498] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 45.721289][ T3498] ? _raw_spin_unlock+0x40/0x40
[ 45.726138][ T3498] ? stack_trace_save+0x113/0x1c0
[ 45.731414][ T3498] ? do_balance+0x8f0/0x8f0
[ 45.735985][ T3498] ? __lock_acquire+0x1295/0x1ff0
[ 45.741081][ T3498] ? stack_depot_save+0x3db/0x440
[ 45.746189][ T3498] ? ____kasan_kmalloc+0xd1/0xf0
[ 45.751144][ T3498] ? ____kasan_kmalloc+0xba/0xf0
[ 45.756279][ T3498] ? __kmalloc+0x168/0x300
[ 45.761156][ T3498] ? fix_nodes+0x69aa/0x8c70
[ 45.765814][ T3498] ? reiserfs_paste_into_item+0x65d/0x880
[ 45.771757][ T3498] ? reiserfs_add_entry+0x9b8/0xd70
[ 45.776990][ T3498] ? reiserfs_mkdir+0x6bc/0x8f0
[ 45.781840][ T3498] ? reiserfs_xattr_init+0x348/0x730
[ 45.787118][ T3498] ? reiserfs_fill_super+0x226a/0x2690
[ 45.792751][ T3498] ? mount_bdev+0x2c9/0x3f0
[ 45.797233][ T3498] ? legacy_get_tree+0xeb/0x180
[ 45.802080][ T3498] ? vfs_get_tree+0x88/0x270
[ 45.806646][ T3498] ? do_new_mount+0x28b/0xae0
[ 45.811345][ T3498] ? __se_sys_mount+0x2d5/0x3c0
[ 45.816332][ T3498] ? do_syscall_64+0x3d/0xb0
[ 45.821186][ T3498] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.827257][ T3498] ? get_parents+0x513/0xfa0
[ 45.831850][ T3498] ? __wake_up_bit+0x190/0x190
[ 45.836595][ T3498] ? set_parameters+0x8d0/0x8d0
[ 45.841425][ T3498] ? get_neighbors+0x631/0x1010
[ 45.846271][ T3498] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 45.852334][ T3498] ? fix_nodes+0x7abc/0x8c70
[ 45.856905][ T3498] ? __might_sleep+0xc0/0xc0
[ 45.861507][ T3498] do_balance+0x309/0x8f0
[ 45.865995][ T3498] ? get_right_neighbor_position+0x210/0x210
[ 45.871994][ T3498] ? reiserfs_paste_into_item+0x3ef/0x880
[ 45.877801][ T3498] reiserfs_paste_into_item+0x73b/0x880
[ 45.883343][ T3498] ? reiserfs_cut_from_item+0x2560/0x2560
[ 45.889168][ T3498] ? reiserfs_get_parent+0x2c0/0x2c0
[ 45.894615][ T3498] ? inode_get_bytes+0x72/0xa0
[ 45.899553][ T3498] ? _find_first_zero_bit+0x60/0xf0
[ 45.904818][ T3498] reiserfs_add_entry+0x9b8/0xd70
[ 45.910183][ T3498] ? drop_new_inode+0x60/0x60
[ 45.914935][ T3498] ? do_journal_begin_r+0xdad/0x1000
[ 45.921105][ T3498] ? journal_begin+0x1ef/0x350
[ 45.926117][ T3498] reiserfs_mkdir+0x6bc/0x8f0
[ 45.930796][ T3498] ? __might_sleep+0xc0/0xc0
[ 45.935400][ T3498] ? reiserfs_symlink+0x720/0x720
[ 45.940982][ T3498] ? down_write+0x10e/0x170
[ 45.945789][ T3498] ? __up_read+0x690/0x690
[ 45.950621][ T3498] reiserfs_xattr_init+0x348/0x730
[ 45.955925][ T3498] reiserfs_fill_super+0x226a/0x2690
[ 45.961582][ T3498] ? reiserfs_kill_sb+0x150/0x150
[ 45.966698][ T3498] ? snprintf+0xd6/0x120
[ 45.970952][ T3498] mount_bdev+0x2c9/0x3f0
[ 45.975287][ T3498] ? reiserfs_kill_sb+0x150/0x150
[ 45.980315][ T3498] legacy_get_tree+0xeb/0x180
[ 45.984997][ T3498] ? remove_save_link+0x540/0x540
[ 45.990110][ T3498] vfs_get_tree+0x88/0x270
[ 45.994685][ T3498] do_new_mount+0x28b/0xae0
[ 45.999173][ T3498] ? do_move_mount_old+0x160/0x160
[ 46.004356][ T3498] ? user_path_at_empty+0x12b/0x180
[ 46.009536][ T3498] __se_sys_mount+0x2d5/0x3c0
[ 46.014312][ T3498] ? __x64_sys_mount+0xc0/0xc0
[ 46.019365][ T3498] ? syscall_enter_from_user_mode+0x2e/0x230
[ 46.025491][ T3498] ? lockdep_hardirqs_on+0x94/0x130
[ 46.031182][ T3498] ? __x64_sys_mount+0x1c/0xc0
[ 46.035960][ T3498] do_syscall_64+0x3d/0xb0
[ 46.041312][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.047887][ T3498] RIP: 0033:0x7f3b3fa92b1a
[ 46.052385][ T3498] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.072937][ T3498] RSP: 002b:00007ffe9ebfc308 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 46.081364][ T3498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b3fa92b1a
[ 46.089428][ T3498] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffe9ebfc320
[ 46.097664][ T3498] RBP: 00007ffe9ebfc320 R08: 00007ffe9ebfc360 R09: 00000000000010f0
[ 46.105808][ T3498] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000004
[ 46.113956][ T3498] R13: 000055555673a2c0 R14: 0000000000000080 R15: 00007ffe9ebfc360
[ 46.122735][ T3498]
[ 46.125757][ T3498]
[ 46.128099][ T3498] The buggy address belongs to the page:
[ 46.133743][ T3498] page:ffffea0001c72300 refcount:3 mapcount:0 mapping:ffff8880120cdaf0 index:0x213 pfn:0x71c8c
[ 46.144196][ T3498] memcg:ffff8881407a4000
[ 46.148978][ T3498] aops:def_blk_aops ino:700000
[ 46.154450][ T3498] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 46.164711][ T3498] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff8880120cdaf0
[ 46.174298][ T3498] raw: 0000000000000213 ffff888073201488 00000003ffffffff ffff8881407a4000
[ 46.183130][ T3498] page dumped because: kasan: bad access detected
[ 46.189632][ T3498] page_owner tracks the page as allocated
[ 46.195793][ T3498] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 3498, ts 45550168209, free_ts 38229199115
[ 46.213665][ T3498] get_page_from_freelist+0x322a/0x33c0
[ 46.219535][ T3498] __alloc_pages+0x272/0x700
[ 46.224262][ T3498] __page_cache_alloc+0xd4/0x4a0
[ 46.229208][ T3498] pagecache_get_page+0xa91/0x1010
[ 46.234481][ T3498] __getblk_gfp+0x22a/0xaf0
[ 46.238972][ T3498] search_by_key+0x46d/0x4730
[ 46.243724][ T3498] reiserfs_read_locked_inode+0x23c/0x2950
[ 46.249538][ T3498] reiserfs_fill_super+0x11bf/0x2690
[ 46.254896][ T3498] mount_bdev+0x2c9/0x3f0
[ 46.259252][ T3498] legacy_get_tree+0xeb/0x180
[ 46.263940][ T3498] vfs_get_tree+0x88/0x270
[ 46.268442][ T3498] do_new_mount+0x28b/0xae0
[ 46.273456][ T3498] __se_sys_mount+0x2d5/0x3c0
[ 46.278350][ T3498] do_syscall_64+0x3d/0xb0
[ 46.283033][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.289009][ T3498] page last free stack trace:
[ 46.293667][ T3498] free_unref_page_prepare+0xc34/0xcf0
[ 46.299135][ T3498] free_unref_page_list+0x1f7/0x8e0
[ 46.304331][ T3498] release_pages+0x1bb9/0x1f40
[ 46.309164][ T3498] tlb_finish_mmu+0x177/0x320
[ 46.313823][ T3498] unmap_region+0x304/0x350
[ 46.318305][ T3498] __do_munmap+0x12db/0x1740
[ 46.322870][ T3498] __vm_munmap+0x134/0x230
[ 46.327264][ T3498] __x64_sys_munmap+0x67/0x70
[ 46.331917][ T3498] do_syscall_64+0x3d/0xb0
[ 46.336397][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.342275][ T3498]
[ 46.344573][ T3498] Memory state around the buggy address:
[ 46.350355][ T3498] ffff888071c8ce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.358389][ T3498] ffff888071c8cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.366422][ T3498] >ffff888071c8cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.374562][ T3498] ^
[ 46.379932][ T3498] ffff888071c8d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 46.387981][ T3498] ffff888071c8d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 46.396081][ T3498] ==================================================================
[ 46.404125][ T3498] Disabling lock debugging due to kernel taint
[ 46.410842][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 46.418635][ T3498] CPU: 1 PID: 3498 Comm: syz-executor380 Tainted: G B 5.15.118-syzkaller #0
[ 46.429226][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 46.439369][ T3498] Call Trace:
[ 46.443155][ T3498]
[ 46.446248][ T3498] dump_stack_lvl+0x1e3/0x2cb
[ 46.450916][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 46.456699][ T3498] ? panic+0x84d/0x84d
[ 46.461674][ T3498] ? rcu_is_watching+0x11/0xa0
[ 46.467097][ T3498] ? preempt_schedule_common+0xa6/0xd0
[ 46.473658][ T3498] panic+0x318/0x84d
[ 46.477853][ T3498] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 46.484531][ T3498] ? check_panic_on_warn+0x1d/0xa0
[ 46.489656][ T3498] ? fb_is_primary_device+0xcc/0xcc
[ 46.495110][ T3498] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 46.501977][ T3498] ? _raw_spin_unlock+0x40/0x40
[ 46.507117][ T3498] check_panic_on_warn+0x7e/0xa0
[ 46.512240][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 46.517613][ T3498] end_report+0x6d/0xf0
[ 46.521948][ T3498] kasan_report+0x18e/0x1c0
[ 46.526648][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 46.531946][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 46.537842][ T3498] kasan_check_range+0x27e/0x290
[ 46.543220][ T3498] ? leaf_paste_entries+0x95f/0x13a0
[ 46.548508][ T3498] memmove+0x25/0x60
[ 46.552692][ T3498] leaf_paste_entries+0x95f/0x13a0
[ 46.557978][ T3498] balance_leaf+0xbd1e/0x12510
[ 46.563082][ T3498] ? print_irqtrace_events+0x210/0x210
[ 46.568755][ T3498] ? do_raw_spin_unlock+0x137/0x8b0
[ 46.573933][ T3498] ? lockdep_hardirqs_on+0x94/0x130
[ 46.579284][ T3498] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 46.585167][ T3498] ? _raw_spin_unlock+0x40/0x40
[ 46.590190][ T3498] ? stack_trace_save+0x113/0x1c0
[ 46.596774][ T3498] ? do_balance+0x8f0/0x8f0
[ 46.601434][ T3498] ? __lock_acquire+0x1295/0x1ff0
[ 46.606438][ T3498] ? stack_depot_save+0x3db/0x440
[ 46.611450][ T3498] ? ____kasan_kmalloc+0xd1/0xf0
[ 46.616454][ T3498] ? ____kasan_kmalloc+0xba/0xf0
[ 46.621455][ T3498] ? __kmalloc+0x168/0x300
[ 46.625933][ T3498] ? fix_nodes+0x69aa/0x8c70
[ 46.630590][ T3498] ? reiserfs_paste_into_item+0x65d/0x880
[ 46.636463][ T3498] ? reiserfs_add_entry+0x9b8/0xd70
[ 46.642624][ T3498] ? reiserfs_mkdir+0x6bc/0x8f0
[ 46.647822][ T3498] ? reiserfs_xattr_init+0x348/0x730
[ 46.653082][ T3498] ? reiserfs_fill_super+0x226a/0x2690
[ 46.658517][ T3498] ? mount_bdev+0x2c9/0x3f0
[ 46.663002][ T3498] ? legacy_get_tree+0xeb/0x180
[ 46.667831][ T3498] ? vfs_get_tree+0x88/0x270
[ 46.672399][ T3498] ? do_new_mount+0x28b/0xae0
[ 46.677065][ T3498] ? __se_sys_mount+0x2d5/0x3c0
[ 46.681936][ T3498] ? do_syscall_64+0x3d/0xb0
[ 46.686500][ T3498] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.692555][ T3498] ? get_parents+0x513/0xfa0
[ 46.697144][ T3498] ? __wake_up_bit+0x190/0x190
[ 46.702004][ T3498] ? set_parameters+0x8d0/0x8d0
[ 46.706827][ T3498] ? get_neighbors+0x631/0x1010
[ 46.711652][ T3498] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 46.717702][ T3498] ? fix_nodes+0x7abc/0x8c70
[ 46.722304][ T3498] ? __might_sleep+0xc0/0xc0
[ 46.726967][ T3498] do_balance+0x309/0x8f0
[ 46.731368][ T3498] ? get_right_neighbor_position+0x210/0x210
[ 46.737336][ T3498] ? reiserfs_paste_into_item+0x3ef/0x880
[ 46.743076][ T3498] reiserfs_paste_into_item+0x73b/0x880
[ 46.748606][ T3498] ? reiserfs_cut_from_item+0x2560/0x2560
[ 46.754715][ T3498] ? reiserfs_get_parent+0x2c0/0x2c0
[ 46.759995][ T3498] ? inode_get_bytes+0x72/0xa0
[ 46.764740][ T3498] ? _find_first_zero_bit+0x60/0xf0
[ 46.769933][ T3498] reiserfs_add_entry+0x9b8/0xd70
[ 46.775026][ T3498] ? drop_new_inode+0x60/0x60
[ 46.779865][ T3498] ? do_journal_begin_r+0xdad/0x1000
[ 46.785229][ T3498] ? journal_begin+0x1ef/0x350
[ 46.790067][ T3498] reiserfs_mkdir+0x6bc/0x8f0
[ 46.794726][ T3498] ? __might_sleep+0xc0/0xc0
[ 46.799312][ T3498] ? reiserfs_symlink+0x720/0x720
[ 46.804326][ T3498] ? down_write+0x10e/0x170
[ 46.809167][ T3498] ? __up_read+0x690/0x690
[ 46.813688][ T3498] reiserfs_xattr_init+0x348/0x730
[ 46.818881][ T3498] reiserfs_fill_super+0x226a/0x2690
[ 46.824262][ T3498] ? reiserfs_kill_sb+0x150/0x150
[ 46.830918][ T3498] ? snprintf+0xd6/0x120
[ 46.835597][ T3498] mount_bdev+0x2c9/0x3f0
[ 46.840095][ T3498] ? reiserfs_kill_sb+0x150/0x150
[ 46.845449][ T3498] legacy_get_tree+0xeb/0x180
[ 46.850221][ T3498] ? remove_save_link+0x540/0x540
[ 46.855335][ T3498] vfs_get_tree+0x88/0x270
[ 46.859761][ T3498] do_new_mount+0x28b/0xae0
[ 46.864335][ T3498] ? do_move_mount_old+0x160/0x160
[ 46.869429][ T3498] ? user_path_at_empty+0x12b/0x180
[ 46.874606][ T3498] __se_sys_mount+0x2d5/0x3c0
[ 46.879262][ T3498] ? __x64_sys_mount+0xc0/0xc0
[ 46.884000][ T3498] ? syscall_enter_from_user_mode+0x2e/0x230
[ 46.889974][ T3498] ? lockdep_hardirqs_on+0x94/0x130
[ 46.895523][ T3498] ? __x64_sys_mount+0x1c/0xc0
[ 46.900273][ T3498] do_syscall_64+0x3d/0xb0
[ 46.904787][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.910677][ T3498] RIP: 0033:0x7f3b3fa92b1a
[ 46.915080][ T3498] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.934832][ T3498] RSP: 002b:00007ffe9ebfc308 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 46.943749][ T3498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b3fa92b1a
[ 46.951878][ T3498] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffe9ebfc320
[ 46.960087][ T3498] RBP: 00007ffe9ebfc320 R08: 00007ffe9ebfc360 R09: 00000000000010f0
[ 46.968472][ T3498] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000004
[ 46.976594][ T3498] R13: 000055555673a2c0 R14: 0000000000000080 R15: 00007ffe9ebfc360
[ 46.984807][ T3498]
[ 46.988374][ T3498] Kernel Offset: disabled
[ 46.992868][ T3498] Rebooting in 86400 seconds..