DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3172
[ 22.905964][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[ 22.915451][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.31' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 43.770715][ T3503] loop0: detected capacity change from 0 to 8192
[ 43.778716][ T3503] =======================================================
[ 43.778716][ T3503] WARNING: The mand mount option has been deprecated and
[ 43.778716][ T3503] and is ignored by this kernel. Remove the mand
[ 43.778716][ T3503] option from the mount to silence this warning.
[ 43.778716][ T3503] =======================================================
[ 43.815969][ T3503] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 43.825563][ T3503] REISERFS (device loop0): using ordered data mode
[ 43.832123][ T3503] reiserfs: using flush barriers
[ 43.838163][ T3503] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 43.855054][ T3503] REISERFS (device loop0): checking transaction log (loop0)
[ 43.900739][ T3503] REISERFS (device loop0): Using tea hash to sort names
[ 43.908949][ T3503] ==================================================================
[ 43.917268][ T3503] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x95f/0x13a0
[ 43.925022][ T3503] Read of size 18446744073709551584 at addr ffff888011870fa4 by task syz-executor404/3503
[ 43.934988][ T3503]
[ 43.937302][ T3503] CPU: 0 PID: 3503 Comm: syz-executor404 Not tainted 5.15.113-syzkaller #0
[ 43.946412][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 43.956458][ T3503] Call Trace:
[ 43.959814][ T3503]
[ 43.962722][ T3503] dump_stack_lvl+0x1e3/0x2cb
[ 43.967385][ T3503] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 43.973093][ T3503] ? _printk+0xd1/0x111
[ 43.977424][ T3503] ? __wake_up_klogd+0xcc/0x100
[ 43.982348][ T3503] ? panic+0x84d/0x84d
[ 43.986430][ T3503] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 43.991892][ T3503] print_address_description+0x63/0x3b0
[ 43.997613][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.002888][ T3503] kasan_report+0x16b/0x1c0
[ 44.007376][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.012810][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.018072][ T3503] kasan_check_range+0x27e/0x290
[ 44.022993][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.028279][ T3503] memmove+0x25/0x60
[ 44.032151][ T3503] leaf_paste_entries+0x95f/0x13a0
[ 44.037246][ T3503] balance_leaf+0xbd1e/0x12510
[ 44.041989][ T3503] ? print_irqtrace_events+0x210/0x210
[ 44.047534][ T3503] ? do_raw_spin_unlock+0x137/0x8b0
[ 44.052816][ T3503] ? lockdep_hardirqs_on+0x94/0x130
[ 44.058026][ T3503] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 44.063933][ T3503] ? _raw_spin_unlock+0x40/0x40
[ 44.068779][ T3503] ? stack_trace_save+0x113/0x1c0
[ 44.073783][ T3503] ? do_balance+0x8f0/0x8f0
[ 44.078374][ T3503] ? stack_depot_save+0x3db/0x440
[ 44.083379][ T3503] ? ____kasan_kmalloc+0xd1/0xf0
[ 44.088379][ T3503] ? ____kasan_kmalloc+0xba/0xf0
[ 44.093305][ T3503] ? __kmalloc+0x168/0x300
[ 44.097697][ T3503] ? fix_nodes+0x69aa/0x8c70
[ 44.102281][ T3503] ? reiserfs_paste_into_item+0x65d/0x880
[ 44.107988][ T3503] ? reiserfs_add_entry+0x9b8/0xd70
[ 44.113181][ T3503] ? reiserfs_mkdir+0x6bc/0x8f0
[ 44.118052][ T3503] ? reiserfs_xattr_init+0x348/0x730
[ 44.123351][ T3503] ? reiserfs_fill_super+0x226a/0x2690
[ 44.128803][ T3503] ? mount_bdev+0x26d/0x3a0
[ 44.133464][ T3503] ? legacy_get_tree+0xeb/0x180
[ 44.138324][ T3503] ? vfs_get_tree+0x88/0x270
[ 44.142949][ T3503] ? do_new_mount+0x28b/0xad0
[ 44.147635][ T3503] ? __se_sys_mount+0x2d5/0x3c0
[ 44.152607][ T3503] ? do_syscall_64+0x3d/0xb0
[ 44.157204][ T3503] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.163281][ T3503] ? get_parents+0x513/0xfa0
[ 44.167851][ T3503] ? __wake_up_bit+0x190/0x190
[ 44.172610][ T3503] ? set_parameters+0x8d0/0x8d0
[ 44.177440][ T3503] ? get_neighbors+0x631/0x1010
[ 44.182268][ T3503] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 44.188344][ T3503] ? fix_nodes+0x7abc/0x8c70
[ 44.192958][ T3503] ? __might_sleep+0xc0/0xc0
[ 44.197556][ T3503] do_balance+0x309/0x8f0
[ 44.201983][ T3503] ? get_right_neighbor_position+0x210/0x210
[ 44.207943][ T3503] ? reiserfs_paste_into_item+0x3ef/0x880
[ 44.213656][ T3503] reiserfs_paste_into_item+0x73b/0x880
[ 44.219810][ T3503] ? reiserfs_cut_from_item+0x2560/0x2560
[ 44.225540][ T3503] ? reiserfs_get_parent+0x2c0/0x2c0
[ 44.230804][ T3503] ? inode_get_bytes+0x72/0xa0
[ 44.235548][ T3503] ? _find_first_zero_bit+0x60/0xf0
[ 44.240744][ T3503] reiserfs_add_entry+0x9b8/0xd70
[ 44.245768][ T3503] ? drop_new_inode+0x60/0x60
[ 44.250440][ T3503] ? do_journal_begin_r+0xdad/0x1000
[ 44.256001][ T3503] ? journal_begin+0x1ef/0x350
[ 44.260743][ T3503] reiserfs_mkdir+0x6bc/0x8f0
[ 44.265395][ T3503] ? __might_sleep+0xc0/0xc0
[ 44.270066][ T3503] ? reiserfs_symlink+0x720/0x720
[ 44.275065][ T3503] ? down_write+0x10e/0x170
[ 44.279550][ T3503] ? __up_read+0x690/0x690
[ 44.283946][ T3503] reiserfs_xattr_init+0x348/0x730
[ 44.289037][ T3503] reiserfs_fill_super+0x226a/0x2690
[ 44.294306][ T3503] ? reiserfs_kill_sb+0x150/0x150
[ 44.299310][ T3503] ? snprintf+0xd6/0x120
[ 44.303559][ T3503] mount_bdev+0x26d/0x3a0
[ 44.308006][ T3503] ? reiserfs_kill_sb+0x150/0x150
[ 44.313020][ T3503] legacy_get_tree+0xeb/0x180
[ 44.317682][ T3503] ? remove_save_link+0x540/0x540
[ 44.322699][ T3503] vfs_get_tree+0x88/0x270
[ 44.327273][ T3503] do_new_mount+0x28b/0xad0
[ 44.331904][ T3503] ? do_move_mount_old+0x160/0x160
[ 44.337013][ T3503] ? user_path_at_empty+0x12b/0x180
[ 44.342196][ T3503] __se_sys_mount+0x2d5/0x3c0
[ 44.346855][ T3503] ? __x64_sys_mount+0xc0/0xc0
[ 44.351596][ T3503] ? syscall_enter_from_user_mode+0x2e/0x230
[ 44.357557][ T3503] ? lockdep_hardirqs_on+0x94/0x130
[ 44.362731][ T3503] ? __x64_sys_mount+0x1c/0xc0
[ 44.367475][ T3503] do_syscall_64+0x3d/0xb0
[ 44.371868][ T3503] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.377737][ T3503] RIP: 0033:0x7f1ea42cdb2a
[ 44.382328][ T3503] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.401934][ T3503] RSP: 002b:00007ffcb39b80e8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 44.410429][ T3503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1ea42cdb2a
[ 44.418624][ T3503] RDX: 00000000200011c0 RSI: 0000000020001100 RDI: 00007ffcb39b8100
[ 44.426600][ T3503] RBP: 00007ffcb39b8100 R08: 00007ffcb39b8140 R09: 00000000000010ed
[ 44.434555][ T3503] R10: 000000000000c0cc R11: 0000000000000286 R12: 0000000000000004
[ 44.442696][ T3503] R13: 0000555555c1b2c0 R14: 000000000000c0cc R15: 00007ffcb39b8140
[ 44.450666][ T3503]
[ 44.453668][ T3503]
[ 44.455969][ T3503] The buggy address belongs to the page:
[ 44.461690][ T3503] page:ffffea0000461c00 refcount:3 mapcount:0 mapping:ffff88801812cf30 index:0x213 pfn:0x11870
[ 44.472101][ T3503] memcg:ffff888011e64000
[ 44.476327][ T3503] aops:def_blk_aops ino:700000
[ 44.481099][ T3503] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 44.490464][ T3503] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88801812cf30
[ 44.499028][ T3503] raw: 0000000000000213 ffff888074b59910 00000003ffffffff ffff888011e64000
[ 44.507755][ T3503] page dumped because: kasan: bad access detected
[ 44.514152][ T3503] page_owner tracks the page as allocated
[ 44.519852][ T3503] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 3503, ts 43900432671, free_ts 43671741045
[ 44.536938][ T3503] get_page_from_freelist+0x322a/0x33c0
[ 44.542479][ T3503] __alloc_pages+0x272/0x700
[ 44.547218][ T3503] __page_cache_alloc+0xd4/0x4a0
[ 44.552139][ T3503] pagecache_get_page+0xa91/0x1010
[ 44.557273][ T3503] __getblk_gfp+0x22a/0xaf0
[ 44.561797][ T3503] search_by_key+0x46d/0x4730
[ 44.566481][ T3503] reiserfs_read_locked_inode+0x23c/0x2950
[ 44.572294][ T3503] reiserfs_fill_super+0x11bf/0x2690
[ 44.577753][ T3503] mount_bdev+0x26d/0x3a0
[ 44.582056][ T3503] legacy_get_tree+0xeb/0x180
[ 44.586707][ T3503] vfs_get_tree+0x88/0x270
[ 44.591097][ T3503] do_new_mount+0x28b/0xad0
[ 44.595579][ T3503] __se_sys_mount+0x2d5/0x3c0
[ 44.600234][ T3503] do_syscall_64+0x3d/0xb0
[ 44.604624][ T3503] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.610494][ T3503] page last free stack trace:
[ 44.615156][ T3503] free_unref_page_prepare+0xc34/0xcf0
[ 44.620609][ T3503] free_unref_page_list+0x1f7/0x8e0
[ 44.625790][ T3503] release_pages+0x1bb9/0x1f40
[ 44.630543][ T3503] tlb_finish_mmu+0x177/0x320
[ 44.635212][ T3503] exit_mmap+0x3cd/0x670
[ 44.639442][ T3503] __mmput+0x112/0x3b0
[ 44.643482][ T3503] exit_mm+0x688/0x7f0
[ 44.647524][ T3503] do_exit+0x626/0x2480
[ 44.651672][ T3503] do_group_exit+0x144/0x310
[ 44.656235][ T3503] __x64_sys_exit_group+0x3b/0x40
[ 44.661255][ T3503] do_syscall_64+0x3d/0xb0
[ 44.665762][ T3503] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.671648][ T3503]
[ 44.673953][ T3503] Memory state around the buggy address:
[ 44.679576][ T3503] ffff888011870e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.687733][ T3503] ffff888011870f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.695782][ T3503] >ffff888011870f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.703824][ T3503] ^
[ 44.708925][ T3503] ffff888011871000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.716999][ T3503] ffff888011871080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.725032][ T3503] ==================================================================
[ 44.733062][ T3503] Disabling lock debugging due to kernel taint
[ 44.740342][ T3503] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 44.747541][ T3503] CPU: 1 PID: 3503 Comm: syz-executor404 Tainted: G B 5.15.113-syzkaller #0
[ 44.757510][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 44.767632][ T3503] Call Trace:
[ 44.770894][ T3503]
[ 44.773801][ T3503] dump_stack_lvl+0x1e3/0x2cb
[ 44.778453][ T3503] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 44.784057][ T3503] ? panic+0x84d/0x84d
[ 44.788119][ T3503] ? rcu_is_watching+0x11/0xa0
[ 44.792865][ T3503] ? preempt_schedule_common+0xa6/0xd0
[ 44.798294][ T3503] panic+0x318/0x84d
[ 44.802159][ T3503] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 44.808389][ T3503] ? check_panic_on_warn+0x1d/0xa0
[ 44.813508][ T3503] ? fb_is_primary_device+0xcc/0xcc
[ 44.818694][ T3503] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 44.824661][ T3503] ? _raw_spin_unlock+0x40/0x40
[ 44.829495][ T3503] check_panic_on_warn+0x7e/0xa0
[ 44.834597][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.839874][ T3503] end_report+0x6d/0xf0
[ 44.844001][ T3503] kasan_report+0x18e/0x1c0
[ 44.848561][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.853817][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.859096][ T3503] kasan_check_range+0x27e/0x290
[ 44.864048][ T3503] ? leaf_paste_entries+0x95f/0x13a0
[ 44.869331][ T3503] memmove+0x25/0x60
[ 44.873565][ T3503] leaf_paste_entries+0x95f/0x13a0
[ 44.878684][ T3503] balance_leaf+0xbd1e/0x12510
[ 44.883423][ T3503] ? print_irqtrace_events+0x210/0x210
[ 44.888868][ T3503] ? do_raw_spin_unlock+0x137/0x8b0
[ 44.894050][ T3503] ? lockdep_hardirqs_on+0x94/0x130
[ 44.899244][ T3503] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 44.905200][ T3503] ? _raw_spin_unlock+0x40/0x40
[ 44.910216][ T3503] ? stack_trace_save+0x113/0x1c0
[ 44.915319][ T3503] ? do_balance+0x8f0/0x8f0
[ 44.919896][ T3503] ? stack_depot_save+0x3db/0x440
[ 44.925291][ T3503] ? ____kasan_kmalloc+0xd1/0xf0
[ 44.930405][ T3503] ? ____kasan_kmalloc+0xba/0xf0
[ 44.935418][ T3503] ? __kmalloc+0x168/0x300
[ 44.939809][ T3503] ? fix_nodes+0x69aa/0x8c70
[ 44.944456][ T3503] ? reiserfs_paste_into_item+0x65d/0x880
[ 44.950147][ T3503] ? reiserfs_add_entry+0x9b8/0xd70
[ 44.955316][ T3503] ? reiserfs_mkdir+0x6bc/0x8f0
[ 44.960132][ T3503] ? reiserfs_xattr_init+0x348/0x730
[ 44.965387][ T3503] ? reiserfs_fill_super+0x226a/0x2690
[ 44.971007][ T3503] ? mount_bdev+0x26d/0x3a0
[ 44.975499][ T3503] ? legacy_get_tree+0xeb/0x180
[ 44.980324][ T3503] ? vfs_get_tree+0x88/0x270
[ 44.985060][ T3503] ? do_new_mount+0x28b/0xad0
[ 44.989708][ T3503] ? __se_sys_mount+0x2d5/0x3c0
[ 44.994531][ T3503] ? do_syscall_64+0x3d/0xb0
[ 44.999094][ T3503] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.005162][ T3503] ? get_parents+0x513/0xfa0
[ 45.009905][ T3503] ? __wake_up_bit+0x190/0x190
[ 45.014744][ T3503] ? set_parameters+0x8d0/0x8d0
[ 45.019569][ T3503] ? get_neighbors+0x631/0x1010
[ 45.024560][ T3503] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 45.030600][ T3503] ? fix_nodes+0x7abc/0x8c70
[ 45.035164][ T3503] ? __might_sleep+0xc0/0xc0
[ 45.039817][ T3503] do_balance+0x309/0x8f0
[ 45.044125][ T3503] ? get_right_neighbor_position+0x210/0x210
[ 45.050080][ T3503] ? reiserfs_paste_into_item+0x3ef/0x880
[ 45.055773][ T3503] reiserfs_paste_into_item+0x73b/0x880
[ 45.061379][ T3503] ? reiserfs_cut_from_item+0x2560/0x2560
[ 45.067118][ T3503] ? reiserfs_get_parent+0x2c0/0x2c0
[ 45.072462][ T3503] ? inode_get_bytes+0x72/0xa0
[ 45.077287][ T3503] ? _find_first_zero_bit+0x60/0xf0
[ 45.082459][ T3503] reiserfs_add_entry+0x9b8/0xd70
[ 45.087547][ T3503] ? drop_new_inode+0x60/0x60
[ 45.092211][ T3503] ? do_journal_begin_r+0xdad/0x1000
[ 45.097669][ T3503] ? journal_begin+0x1ef/0x350
[ 45.102407][ T3503] reiserfs_mkdir+0x6bc/0x8f0
[ 45.107162][ T3503] ? __might_sleep+0xc0/0xc0
[ 45.111725][ T3503] ? reiserfs_symlink+0x720/0x720
[ 45.116722][ T3503] ? down_write+0x10e/0x170
[ 45.121200][ T3503] ? __up_read+0x690/0x690
[ 45.125591][ T3503] reiserfs_xattr_init+0x348/0x730
[ 45.130846][ T3503] reiserfs_fill_super+0x226a/0x2690
[ 45.136800][ T3503] ? reiserfs_kill_sb+0x150/0x150
[ 45.141794][ T3503] ? snprintf+0xd6/0x120
[ 45.146012][ T3503] mount_bdev+0x26d/0x3a0
[ 45.150402][ T3503] ? reiserfs_kill_sb+0x150/0x150
[ 45.155485][ T3503] legacy_get_tree+0xeb/0x180
[ 45.160393][ T3503] ? remove_save_link+0x540/0x540
[ 45.165560][ T3503] vfs_get_tree+0x88/0x270
[ 45.169977][ T3503] do_new_mount+0x28b/0xad0
[ 45.174634][ T3503] ? do_move_mount_old+0x160/0x160
[ 45.179747][ T3503] ? user_path_at_empty+0x12b/0x180
[ 45.184917][ T3503] __se_sys_mount+0x2d5/0x3c0
[ 45.189564][ T3503] ? __x64_sys_mount+0xc0/0xc0
[ 45.194300][ T3503] ? syscall_enter_from_user_mode+0x2e/0x230
[ 45.200251][ T3503] ? lockdep_hardirqs_on+0x94/0x130
[ 45.205595][ T3503] ? __x64_sys_mount+0x1c/0xc0
[ 45.210608][ T3503] do_syscall_64+0x3d/0xb0
[ 45.215188][ T3503] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.221317][ T3503] RIP: 0033:0x7f1ea42cdb2a
[ 45.225713][ T3503] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 45.245498][ T3503] RSP: 002b:00007ffcb39b80e8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 45.253980][ T3503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1ea42cdb2a
[ 45.261934][ T3503] RDX: 00000000200011c0 RSI: 0000000020001100 RDI: 00007ffcb39b8100
[ 45.269974][ T3503] RBP: 00007ffcb39b8100 R08: 00007ffcb39b8140 R09: 00000000000010ed
[ 45.277943][ T3503] R10: 000000000000c0cc R11: 0000000000000286 R12: 0000000000000004
[ 45.285912][ T3503] R13: 0000555555c1b2c0 R14: 000000000000c0cc R15: 00007ffcb39b8140
[ 45.293969][ T3503]
[ 45.297087][ T3503] Kernel Offset: disabled
[ 45.301397][ T3503] Rebooting in 86400 seconds..