[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 70.750531][ T6527] loop0: detected capacity change from 0 to 252287
[ 70.761903][ T6527] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 70.771774][ T6527] REISERFS (device loop0): using ordered data mode
[ 70.778549][ T6527] reiserfs: using flush barriers
[ 70.785262][ T6527] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
[ 70.810579][ T6527] REISERFS (device loop0): checking transaction log (loop0)
[ 72.255067][ T6527] REISERFS (device loop0): Using tea hash to sort names
[ 72.263038][ T6527] ==================================================================
[ 72.271191][ T6527] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910
[ 72.278678][ T6527] Read of size 18446744073709551584 at addr ffff888063fc6fa4 by task syz-executor779/6527
[ 72.288563][ T6527]
[ 72.290876][ T6527] CPU: 1 PID: 6527 Comm: syz-executor779 Not tainted 5.15.0-rc4-next-20211008-syzkaller #0
[ 72.300969][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 72.311023][ T6527] Call Trace:
[ 72.314313][ T6527]
[ 72.317246][ T6527] dump_stack_lvl+0xcd/0x134
[ 72.321858][ T6527] print_address_description.constprop.0.cold+0x8d/0x320
[ 72.328896][ T6527] ? leaf_paste_entries+0x449/0x910
[ 72.334107][ T6527] ? leaf_paste_entries+0x449/0x910
[ 72.339319][ T6527] kasan_report.cold+0x83/0xdf
[ 72.344106][ T6527] ? leaf_paste_entries+0x449/0x910
[ 72.349313][ T6527] kasan_check_range+0x13d/0x180
[ 72.354289][ T6527] memmove+0x20/0x60
[ 72.358193][ T6527] leaf_paste_entries+0x449/0x910
[ 72.363235][ T6527] balance_leaf+0x951e/0xd8b0
[ 72.367929][ T6527] ? reiserfs_prepare_for_journal+0x115/0x2a0
[ 72.374006][ T6527] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 72.379737][ T6527] ? fix_nodes+0x14cb/0x8650
[ 72.384333][ T6527] ? replace_key+0x160/0x160
[ 72.388948][ T6527] do_balance+0x315/0x810
[ 72.393285][ T6527] ? get_right_neighbor_position+0x170/0x170
[ 72.399271][ T6527] ? wait_for_completion_io+0x270/0x270
[ 72.404845][ T6527] reiserfs_paste_into_item+0x762/0x8e0
[ 72.410403][ T6527] ? reiserfs_delete_object+0x200/0x200
[ 72.416040][ T6527] ? search_by_entry_key+0x960/0x960
[ 72.421342][ T6527] ? keyed_hash+0x83b/0xee0
[ 72.425854][ T6527] ? make_cpu_key+0x22/0x2a0
[ 72.430450][ T6527] reiserfs_add_entry+0x8cb/0xcf0
[ 72.435496][ T6527] ? reiserfs_lookup+0x490/0x490
[ 72.440461][ T6527] ? do_journal_begin_r+0xd2e/0x10d0
[ 72.445769][ T6527] ? dquot_free_inode+0x6c0/0x6c0
[ 72.450816][ T6527] reiserfs_mkdir+0x675/0x980
[ 72.455503][ T6527] ? reiserfs_mknod+0x700/0x700
[ 72.460366][ T6527] ? down_write+0xdf/0x150
[ 72.464795][ T6527] ? down_write_killable_nested+0x180/0x180
[ 72.470705][ T6527] reiserfs_xattr_init+0x4de/0xb60
[ 72.475824][ T6527] reiserfs_fill_super+0x210d/0x2eb0
[ 72.481387][ T6527] ? reiserfs_remount+0x1580/0x1580
[ 72.486600][ T6527] ? sget+0x472/0x580
[ 72.490676][ T6527] ? snprintf+0xbb/0xf0
[ 72.494839][ T6527] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 72.501086][ T6527] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 72.506816][ T6527] ? set_blocksize+0x1c1/0x3b0
[ 72.511595][ T6527] mount_bdev+0x34d/0x410
[ 72.515941][ T6527] ? reiserfs_remount+0x1580/0x1580
[ 72.521152][ T6527] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 72.526176][ T6527] legacy_get_tree+0x105/0x220
[ 72.530947][ T6527] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 72.537193][ T6527] vfs_get_tree+0x89/0x2f0
[ 72.541616][ T6527] path_mount+0x1320/0x1fa0
[ 72.546133][ T6527] ? finish_automount+0xaf0/0xaf0
[ 72.551179][ T6527] ? putname+0xfe/0x140
[ 72.555339][ T6527] __x64_sys_mount+0x27f/0x300
[ 72.560197][ T6527] ? copy_mnt_ns+0xae0/0xae0
[ 72.564804][ T6527] ? syscall_enter_from_user_mode+0x21/0x70
[ 72.570722][ T6527] do_syscall_64+0x35/0xb0
[ 72.575145][ T6527] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 72.581050][ T6527] RIP: 0033:0x7ff648597d2a
[ 72.585468][ T6527] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.605077][ T6527] RSP: 002b:00007ffe8e311eb8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 72.613507][ T6527] RAX: ffffffffffffffda RBX: 00007ffe8e311f10 RCX: 00007ff648597d2a
[ 72.621495][ T6527] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe8e311ed0
[ 72.629465][ T6527] RBP: 00007ffe8e311ed0 R08: 00007ffe8e311f10 R09: 0000000000000000
[ 72.637435][ T6527] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8
[ 72.645408][ T6527] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007
[ 72.653394][ T6527]
[ 72.656409][ T6527]
[ 72.658725][ T6527] The buggy address belongs to the page:
[ 72.664432][ T6527] page:ffffea00018ff180 refcount:3 mapcount:0 mapping:ffff88801102cf30 index:0x3d97 pfn:0x63fc6
[ 72.674842][ T6527] memcg:ffff88814076c000
[ 72.679073][ T6527] aops:def_blk_aops ino:700000
[ 72.683858][ T6527] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 72.693236][ T6527] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88801102cf30
[ 72.701815][ T6527] raw: 0000000000003d97 ffff88806a345658 00000003ffffffff ffff88814076c000
[ 72.710388][ T6527] page dumped because: kasan: bad access detected
[ 72.716786][ T6527] page_owner tracks the page as allocated
[ 72.722488][ T6527] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 6527, ts 72254745914, free_ts 13118707832
[ 72.740566][ T6527] get_page_from_freelist+0xa72/0x2f50
[ 72.746028][ T6527] __alloc_pages+0x1b2/0x500
[ 72.750704][ T6527] alloc_pages+0x1a7/0x300
[ 72.755114][ T6527] folio_alloc+0x1c/0x70
[ 72.759352][ T6527] __filemap_get_folio+0x5f2/0xd60
[ 72.764458][ T6527] pagecache_get_page+0x2c/0x1a0
[ 72.769398][ T6527] __getblk_slow+0x35f/0xe40
[ 72.773986][ T6527] __getblk_gfp+0x6e/0x80
[ 72.778321][ T6527] search_by_key+0x3a5/0x3cc0
[ 72.783008][ T6527] reiserfs_read_locked_inode+0x154/0x2160
[ 72.788810][ T6527] reiserfs_fill_super+0x1578/0x2eb0
[ 72.794105][ T6527] mount_bdev+0x34d/0x410
[ 72.798451][ T6527] legacy_get_tree+0x105/0x220
[ 72.803222][ T6527] vfs_get_tree+0x89/0x2f0
[ 72.807640][ T6527] path_mount+0x1320/0x1fa0
[ 72.812164][ T6527] __x64_sys_mount+0x27f/0x300
[ 72.816954][ T6527] page last free stack trace:
[ 72.821618][ T6527] free_pcp_prepare+0x373/0x870
[ 72.826490][ T6527] free_unref_page+0x19/0x690
[ 72.831168][ T6527] free_contig_range+0xa8/0xf0
[ 72.835966][ T6527] destroy_args+0xa8/0x646
[ 72.840390][ T6527] debug_vm_pgtable+0x2984/0x2a16
[ 72.845421][ T6527] do_one_initcall+0x103/0x650
[ 72.850187][ T6527] kernel_init_freeable+0x6b1/0x73a
[ 72.855401][ T6527] kernel_init+0x1a/0x1d0
[ 72.859746][ T6527] ret_from_fork+0x1f/0x30
[ 72.864175][ T6527]
[ 72.866488][ T6527] Memory state around the buggy address:
[ 72.872221][ T6527] ffff888063fc6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.880298][ T6527] ffff888063fc6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.888357][ T6527] >ffff888063fc6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.896411][ T6527] ^
[ 72.901520][ T6527] ffff888063fc7000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.909572][ T6527] ffff888063fc7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.917619][ T6527] ==================================================================
[ 72.925676][ T6527] Disabling lock debugging due to kernel taint
[ 72.931980][ T6527] Kernel panic - not syncing: panic_on_warn set ...
[ 72.938586][ T6527] CPU: 1 PID: 6527 Comm: syz-executor779 Tainted: G B 5.15.0-rc4-next-20211008-syzkaller #0
[ 72.950385][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 72.960455][ T6527] Call Trace:
[ 72.963722][ T6527]
[ 72.966642][ T6527] dump_stack_lvl+0xcd/0x134
[ 72.971232][ T6527] panic+0x2b0/0x6dd
[ 72.975138][ T6527] ? __warn_printk+0xf3/0xf3
[ 72.979726][ T6527] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 72.985887][ T6527] ? trace_hardirqs_on+0x38/0x1c0
[ 72.990909][ T6527] ? trace_hardirqs_on+0x51/0x1c0
[ 72.995933][ T6527] ? leaf_paste_entries+0x449/0x910
[ 73.001128][ T6527] ? leaf_paste_entries+0x449/0x910
[ 73.006329][ T6527] end_report.cold+0x63/0x6f
[ 73.010917][ T6527] kasan_report.cold+0x71/0xdf
[ 73.015683][ T6527] ? leaf_paste_entries+0x449/0x910
[ 73.020876][ T6527] kasan_check_range+0x13d/0x180
[ 73.025810][ T6527] memmove+0x20/0x60
[ 73.029702][ T6527] leaf_paste_entries+0x449/0x910
[ 73.034728][ T6527] balance_leaf+0x951e/0xd8b0
[ 73.039409][ T6527] ? reiserfs_prepare_for_journal+0x115/0x2a0
[ 73.045477][ T6527] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 73.051199][ T6527] ? fix_nodes+0x14cb/0x8650
[ 73.055800][ T6527] ? replace_key+0x160/0x160
[ 73.060406][ T6527] do_balance+0x315/0x810
[ 73.064742][ T6527] ? get_right_neighbor_position+0x170/0x170
[ 73.070727][ T6527] ? wait_for_completion_io+0x270/0x270
[ 73.076290][ T6527] reiserfs_paste_into_item+0x762/0x8e0
[ 73.081853][ T6527] ? reiserfs_delete_object+0x200/0x200
[ 73.087431][ T6527] ? search_by_entry_key+0x960/0x960
[ 73.092715][ T6527] ? keyed_hash+0x83b/0xee0
[ 73.097302][ T6527] ? make_cpu_key+0x22/0x2a0
[ 73.101887][ T6527] reiserfs_add_entry+0x8cb/0xcf0
[ 73.106929][ T6527] ? reiserfs_lookup+0x490/0x490
[ 73.111968][ T6527] ? do_journal_begin_r+0xd2e/0x10d0
[ 73.117256][ T6527] ? dquot_free_inode+0x6c0/0x6c0
[ 73.122379][ T6527] reiserfs_mkdir+0x675/0x980
[ 73.127054][ T6527] ? reiserfs_mknod+0x700/0x700
[ 73.131916][ T6527] ? down_write+0xdf/0x150
[ 73.136322][ T6527] ? down_write_killable_nested+0x180/0x180
[ 73.142211][ T6527] reiserfs_xattr_init+0x4de/0xb60
[ 73.147579][ T6527] reiserfs_fill_super+0x210d/0x2eb0
[ 73.152864][ T6527] ? reiserfs_remount+0x1580/0x1580
[ 73.158058][ T6527] ? sget+0x472/0x580
[ 73.162037][ T6527] ? snprintf+0xbb/0xf0
[ 73.166191][ T6527] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 73.172428][ T6527] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 73.178229][ T6527] ? set_blocksize+0x1c1/0x3b0
[ 73.183082][ T6527] mount_bdev+0x34d/0x410
[ 73.187490][ T6527] ? reiserfs_remount+0x1580/0x1580
[ 73.192773][ T6527] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 73.197803][ T6527] legacy_get_tree+0x105/0x220
[ 73.202566][ T6527] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 73.208802][ T6527] vfs_get_tree+0x89/0x2f0
[ 73.213220][ T6527] path_mount+0x1320/0x1fa0
[ 73.217724][ T6527] ? finish_automount+0xaf0/0xaf0
[ 73.222752][ T6527] ? putname+0xfe/0x140
[ 73.226933][ T6527] __x64_sys_mount+0x27f/0x300
[ 73.231703][ T6527] ? copy_mnt_ns+0xae0/0xae0
[ 73.236294][ T6527] ? syscall_enter_from_user_mode+0x21/0x70
[ 73.242200][ T6527] do_syscall_64+0x35/0xb0
[ 73.246616][ T6527] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 73.252605][ T6527] RIP: 0033:0x7ff648597d2a
[ 73.257011][ T6527] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.276608][ T6527] RSP: 002b:00007ffe8e311eb8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 73.285009][ T6527] RAX: ffffffffffffffda RBX: 00007ffe8e311f10 RCX: 00007ff648597d2a
[ 73.292978][ T6527] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe8e311ed0
[ 73.300947][ T6527] RBP: 00007ffe8e311ed0 R08: 00007ffe8e311f10 R09: 0000000000000000
[ 73.308915][ T6527] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8
[ 73.316967][ T6527] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007
[ 73.324943][ T6527]
[ 73.328209][ T6527] Kernel Offset: disabled
[ 73.332520][ T6527] Rebooting in 86400 seconds..