Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 51.528919][ T3498] loop0: detected capacity change from 0 to 8192
[ 51.539561][ T3498] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 51.549380][ T3498] REISERFS (device loop0): using ordered data mode
[ 51.556061][ T3498] reiserfs: using flush barriers
[ 51.562385][ T3498] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 51.579290][ T3498] REISERFS (device loop0): checking transaction log (loop0)
[ 51.641758][ T3498] REISERFS (device loop0): Using r5 hash to sort names
[ 51.649101][ T3498] REISERFS (device loop0): using 3.5.x disk format
[ 51.656763][ T3498] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 51.679554][ T26] audit: type=1800 audit(1687536031.811:2): pid=3498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor179" name="bus" dev="loop0" ino=3 res=0 errno=0
[ 51.690235][ T3498] ==================================================================
[ 51.708185][ T3498] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0x1b8/0xab0
[ 51.715872][ T3498] Read of size 18446744073709551305 at addr ffff88806fecc000 by task syz-executor179/3498
[ 51.725764][ T3498]
[ 51.728080][ T3498] CPU: 0 PID: 3498 Comm: syz-executor179 Not tainted 5.15.118-syzkaller #0
[ 51.736669][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 51.746999][ T3498] Call Trace:
[ 51.750299][ T3498]
[ 51.753226][ T3498] dump_stack_lvl+0x1e3/0x2cb
[ 51.757912][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 51.763557][ T3498] ? _printk+0xd1/0x111
[ 51.767726][ T3498] ? __wake_up_klogd+0xcc/0x100
[ 51.772672][ T3498] ? panic+0x84d/0x84d
[ 51.776743][ T3498] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 51.782226][ T3498] ? leaf_move_items+0x1c4c/0x28a0
[ 51.787498][ T3498] print_address_description+0x63/0x3b0
[ 51.793056][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 51.798434][ T3498] kasan_report+0x16b/0x1c0
[ 51.802955][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 51.808350][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 51.813736][ T3498] kasan_check_range+0x27e/0x290
[ 51.818693][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 51.824073][ T3498] memmove+0x25/0x60
[ 51.827970][ T3498] leaf_paste_in_buffer+0x1b8/0xab0
[ 51.833412][ T3498] balance_leaf+0x667c/0x12510
[ 51.838210][ T3498] ? do_balance+0x8f0/0x8f0
[ 51.842711][ T3498] ? do_raw_spin_lock+0x14a/0x370
[ 51.847737][ T3498] ? __lock_acquire+0x1ff0/0x1ff0
[ 51.852775][ T3498] ? do_raw_spin_unlock+0x137/0x8b0
[ 51.857986][ T3498] ? unlock_page+0x188/0x200
[ 51.862571][ T3498] ? __getblk_gfp+0x9b0/0xaf0
[ 51.867254][ T3498] ? get_empty_nodes+0xad9/0xd70
[ 51.872183][ T3498] ? direntry_part_size+0xb0/0x1a0
[ 51.877296][ T3498] ? get_neighbors+0x1010/0x1010
[ 51.882229][ T3498] ? __wake_up_bit+0x190/0x190
[ 51.886991][ T3498] ? is_leaf_removable+0x8c0/0x8c0
[ 51.892093][ T3498] ? get_neighbors+0x631/0x1010
[ 51.896950][ T3498] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 51.903016][ T3498] ? fix_nodes+0x7abc/0x8c70
[ 51.907612][ T3498] ? __might_sleep+0xc0/0xc0
[ 51.912237][ T3498] do_balance+0x309/0x8f0
[ 51.916579][ T3498] ? get_right_neighbor_position+0x210/0x210
[ 51.922579][ T3498] ? reiserfs_paste_into_item+0x3ef/0x880
[ 51.928423][ T3498] reiserfs_paste_into_item+0x73b/0x880
[ 51.934096][ T3498] ? reiserfs_cut_from_item+0x2560/0x2560
[ 51.939881][ T3498] ? __kmalloc+0x168/0x300
[ 51.944312][ T3498] reiserfs_get_block+0x226a/0x5390
[ 51.949673][ T3498] ? make_le_item_head+0x5c0/0x5c0
[ 51.954887][ T3498] ? register_lock_class+0x100/0x9a0
[ 51.960203][ T3498] ? alloc_page_buffers+0x3a3/0x660
[ 51.965422][ T3498] ? create_empty_buffers+0x3a/0x6d0
[ 51.970728][ T3498] ? create_page_buffers+0x1d4/0x330
[ 51.976021][ T3498] ? __block_write_begin_int+0x24c/0x1650
[ 51.981832][ T3498] ? reiserfs_write_begin+0x346/0x810
[ 51.987203][ T3498] ? generic_cont_expand_simple+0x144/0x230
[ 51.993269][ T3498] ? reiserfs_setattr+0x3ff/0xf90
[ 51.998289][ T3498] ? notify_change+0xd4d/0x1000
[ 52.003144][ T3498] ? is_dynamic_key+0x1f0/0x1f0
[ 52.008002][ T3498] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.014076][ T3498] ? mark_lock+0x98/0x340
[ 52.018414][ T3498] ? __lock_acquire+0x1295/0x1ff0
[ 52.023488][ T3498] ? __lock_acquire+0x1ff0/0x1ff0
[ 52.028507][ T3498] ? alloc_buffer_head+0xd3/0xf0
[ 52.033559][ T3498] ? alloc_page_buffers+0x54a/0x660
[ 52.038783][ T3498] ? create_page_buffers+0x24b/0x330
[ 52.044077][ T3498] __block_write_begin_int+0x60b/0x1650
[ 52.049677][ T3498] ? make_le_item_head+0x5c0/0x5c0
[ 52.054810][ T3498] ? page_zero_new_buffers+0x510/0x510
[ 52.060271][ T3498] ? __mutex_lock_common+0x444/0x25a0
[ 52.065640][ T3498] ? fix_tail_page_for_writing+0x97/0x220
[ 52.071355][ T3498] reiserfs_write_begin+0x346/0x810
[ 52.076547][ T3498] ? pagecache_write_begin+0x33/0xa0
[ 52.081831][ T3498] generic_cont_expand_simple+0x144/0x230
[ 52.087546][ T3498] ? submit_bh+0x30/0x30
[ 52.091790][ T3498] ? setattr_prepare+0x1f7/0xe30
[ 52.096748][ T3498] ? mutex_lock_nested+0x17/0x20
[ 52.101691][ T3498] reiserfs_setattr+0x3ff/0xf90
[ 52.106545][ T3498] ? reiserfs_commit_write+0x5a0/0x5a0
[ 52.112010][ T3498] ? ktime_get_coarse_real_ts64+0x107/0x120
[ 52.117920][ T3498] ? current_time+0x1d1/0x2f0
[ 52.122598][ T3498] ? atime_needs_update+0x7b0/0x7b0
[ 52.127796][ T3498] ? evm_inode_setattr+0xf7/0x5b0
[ 52.132810][ T3498] ? bpf_lsm_inode_setattr+0x5/0x10
[ 52.138001][ T3498] ? security_inode_setattr+0xce/0x120
[ 52.143454][ T3498] ? reiserfs_commit_write+0x5a0/0x5a0
[ 52.148917][ T3498] notify_change+0xd4d/0x1000
[ 52.153597][ T3498] do_truncate+0x21c/0x300
[ 52.158012][ T3498] ? put_page_bootmem+0x280/0x280
[ 52.163036][ T3498] ? print_irqtrace_events+0x210/0x210
[ 52.168491][ T3498] ? vtime_user_exit+0x2d1/0x400
[ 52.173437][ T3498] ? bpf_lsm_path_truncate+0x5/0x10
[ 52.178651][ T3498] do_sys_ftruncate+0x2eb/0x390
[ 52.183529][ T3498] do_syscall_64+0x3d/0xb0
[ 52.187954][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.193983][ T3498] RIP: 0033:0x7fc63aabc9b9
[ 52.198406][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.218015][ T3498] RSP: 002b:00007ffedc316cc8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 52.226437][ T3498] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc63aabc9b9
[ 52.234409][ T3498] RDX: 00007fc63aabc9b9 RSI: 0000000002007fff RDI: 0000000000000005
[ 52.242400][ T3498] RBP: 00007fc63aa7c250 R08: 0000000000000000 R09: 0000000000000000
[ 52.250391][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc63aa7c2e0
[ 52.258368][ T3498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.266355][ T3498]
[ 52.269368][ T3498]
[ 52.271684][ T3498] The buggy address belongs to the page:
[ 52.277304][ T3498] page:ffffea0001bfb300 refcount:2 mapcount:0 mapping:ffff888070d690f8 index:0x0 pfn:0x6fecc
[ 52.287469][ T3498] memcg:ffff8881407a4000
[ 52.291713][ T3498] aops:reiserfs_address_space_operations ino:2 dentry name:"file0"
[ 52.299614][ T3498] flags: 0xfff0000000201c(uptodate|dirty|lru|private|node=0|zone=1|lastcpupid=0x7ff)
[ 52.309083][ T3498] raw: 00fff0000000201c ffffea0001c06688 ffffea0001e9b9c8 ffff888070d690f8
[ 52.317671][ T3498] raw: 0000000000000000 ffff888070d38cb0 00000002ffffffff ffff8881407a4000
[ 52.326246][ T3498] page dumped because: kasan: bad access detected
[ 52.332649][ T3498] page_owner tracks the page as allocated
[ 52.338370][ T3498] page last allocated via order 0, migratetype Movable, gfp_mask 0x1101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), pid 3498, ts 51676324984, free_ts 15064446963
[ 52.353988][ T3498] get_page_from_freelist+0x322a/0x33c0
[ 52.359548][ T3498] __alloc_pages+0x272/0x700
[ 52.364148][ T3498] __page_cache_alloc+0xd4/0x4a0
[ 52.369088][ T3498] pagecache_get_page+0xa91/0x1010
[ 52.374202][ T3498] grab_cache_page_write_begin+0x57/0x90
[ 52.380011][ T3498] reiserfs_write_begin+0x159/0x810
[ 52.385208][ T3498] generic_perform_write+0x2bf/0x5b0
[ 52.390486][ T3498] __generic_file_write_iter+0x243/0x4f0
[ 52.396111][ T3498] generic_file_write_iter+0xa7/0x1b0
[ 52.401499][ T3498] vfs_write+0xacf/0xe50
[ 52.405825][ T3498] ksys_write+0x1a2/0x2c0
[ 52.410147][ T3498] do_syscall_64+0x3d/0xb0
[ 52.414554][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.420535][ T3498] page last free stack trace:
[ 52.425199][ T3498] free_unref_page_prepare+0xc34/0xcf0
[ 52.430672][ T3498] free_unref_page+0x95/0x2d0
[ 52.435376][ T3498] free_contig_range+0x95/0xf0
[ 52.440224][ T3498] destroy_args+0xfe/0x97f
[ 52.444639][ T3498] debug_vm_pgtable+0x40d/0x462
[ 52.449486][ T3498] do_one_initcall+0x22b/0x7a0
[ 52.454243][ T3498] do_initcall_level+0x157/0x207
[ 52.459178][ T3498] do_initcalls+0x49/0x86
[ 52.463498][ T3498] kernel_init_freeable+0x43c/0x5c5
[ 52.468955][ T3498] kernel_init+0x19/0x290
[ 52.473307][ T3498] ret_from_fork+0x1f/0x30
[ 52.477930][ T3498]
[ 52.480265][ T3498] Memory state around the buggy address:
[ 52.486134][ T3498] ffff88806fecbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.494263][ T3498] ffff88806fecbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.502318][ T3498] >ffff88806fecc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.510567][ T3498] ^
[ 52.514832][ T3498] ffff88806fecc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.522961][ T3498] ffff88806fecc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.531034][ T3498] ==================================================================
[ 52.539155][ T3498] Disabling lock debugging due to kernel taint
[ 52.545592][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 52.552940][ T3498] CPU: 0 PID: 3498 Comm: syz-executor179 Tainted: G B 5.15.118-syzkaller #0
[ 52.562937][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 52.573246][ T3498] Call Trace:
[ 52.576538][ T3498]
[ 52.579471][ T3498] dump_stack_lvl+0x1e3/0x2cb
[ 52.584237][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 52.589871][ T3498] ? panic+0x84d/0x84d
[ 52.593934][ T3498] ? preempt_schedule_common+0xa6/0xd0
[ 52.599392][ T3498] ? preempt_schedule+0xd9/0xe0
[ 52.604240][ T3498] panic+0x318/0x84d
[ 52.608129][ T3498] ? check_panic_on_warn+0x1d/0xa0
[ 52.613389][ T3498] ? fb_is_primary_device+0xcc/0xcc
[ 52.618597][ T3498] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 52.624576][ T3498] ? _raw_spin_unlock+0x40/0x40
[ 52.629431][ T3498] check_panic_on_warn+0x7e/0xa0
[ 52.634369][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 52.639741][ T3498] end_report+0x6d/0xf0
[ 52.643900][ T3498] kasan_report+0x18e/0x1c0
[ 52.648402][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 52.653769][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 52.659152][ T3498] kasan_check_range+0x27e/0x290
[ 52.664086][ T3498] ? leaf_paste_in_buffer+0x1b8/0xab0
[ 52.669452][ T3498] memmove+0x25/0x60
[ 52.673336][ T3498] leaf_paste_in_buffer+0x1b8/0xab0
[ 52.678544][ T3498] balance_leaf+0x667c/0x12510
[ 52.683326][ T3498] ? do_balance+0x8f0/0x8f0
[ 52.687827][ T3498] ? do_raw_spin_lock+0x14a/0x370
[ 52.692856][ T3498] ? __lock_acquire+0x1ff0/0x1ff0
[ 52.697882][ T3498] ? do_raw_spin_unlock+0x137/0x8b0
[ 52.703077][ T3498] ? unlock_page+0x188/0x200
[ 52.707663][ T3498] ? __getblk_gfp+0x9b0/0xaf0
[ 52.712342][ T3498] ? get_empty_nodes+0xad9/0xd70
[ 52.717382][ T3498] ? direntry_part_size+0xb0/0x1a0
[ 52.722506][ T3498] ? get_neighbors+0x1010/0x1010
[ 52.727438][ T3498] ? __wake_up_bit+0x190/0x190
[ 52.732205][ T3498] ? is_leaf_removable+0x8c0/0x8c0
[ 52.737318][ T3498] ? get_neighbors+0x631/0x1010
[ 52.742170][ T3498] ? reiserfs_prepare_for_journal+0x26b/0x280
[ 52.748232][ T3498] ? fix_nodes+0x7abc/0x8c70
[ 52.752820][ T3498] ? __might_sleep+0xc0/0xc0
[ 52.757410][ T3498] do_balance+0x309/0x8f0
[ 52.761855][ T3498] ? get_right_neighbor_position+0x210/0x210
[ 52.767949][ T3498] ? reiserfs_paste_into_item+0x3ef/0x880
[ 52.773690][ T3498] reiserfs_paste_into_item+0x73b/0x880
[ 52.779244][ T3498] ? reiserfs_cut_from_item+0x2560/0x2560
[ 52.784990][ T3498] ? __kmalloc+0x168/0x300
[ 52.789508][ T3498] reiserfs_get_block+0x226a/0x5390
[ 52.794718][ T3498] ? make_le_item_head+0x5c0/0x5c0
[ 52.800169][ T3498] ? register_lock_class+0x100/0x9a0
[ 52.805449][ T3498] ? alloc_page_buffers+0x3a3/0x660
[ 52.810642][ T3498] ? create_empty_buffers+0x3a/0x6d0
[ 52.816089][ T3498] ? create_page_buffers+0x1d4/0x330
[ 52.821365][ T3498] ? __block_write_begin_int+0x24c/0x1650
[ 52.827074][ T3498] ? reiserfs_write_begin+0x346/0x810
[ 52.832441][ T3498] ? generic_cont_expand_simple+0x144/0x230
[ 52.838325][ T3498] ? reiserfs_setattr+0x3ff/0xf90
[ 52.843339][ T3498] ? notify_change+0xd4d/0x1000
[ 52.848182][ T3498] ? is_dynamic_key+0x1f0/0x1f0
[ 52.853028][ T3498] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.859087][ T3498] ? mark_lock+0x98/0x340
[ 52.863410][ T3498] ? __lock_acquire+0x1295/0x1ff0
[ 52.868444][ T3498] ? __lock_acquire+0x1ff0/0x1ff0
[ 52.873462][ T3498] ? alloc_buffer_head+0xd3/0xf0
[ 52.878392][ T3498] ? alloc_page_buffers+0x54a/0x660
[ 52.883584][ T3498] ? create_page_buffers+0x24b/0x330
[ 52.888861][ T3498] __block_write_begin_int+0x60b/0x1650
[ 52.894412][ T3498] ? make_le_item_head+0x5c0/0x5c0
[ 52.899515][ T3498] ? page_zero_new_buffers+0x510/0x510
[ 52.904967][ T3498] ? __mutex_lock_common+0x444/0x25a0
[ 52.910333][ T3498] ? fix_tail_page_for_writing+0x97/0x220
[ 52.916045][ T3498] reiserfs_write_begin+0x346/0x810
[ 52.921234][ T3498] ? pagecache_write_begin+0x33/0xa0
[ 52.926509][ T3498] generic_cont_expand_simple+0x144/0x230
[ 52.932221][ T3498] ? submit_bh+0x30/0x30
[ 52.936452][ T3498] ? setattr_prepare+0x1f7/0xe30
[ 52.941382][ T3498] ? mutex_lock_nested+0x17/0x20
[ 52.946313][ T3498] reiserfs_setattr+0x3ff/0xf90
[ 52.951165][ T3498] ? reiserfs_commit_write+0x5a0/0x5a0
[ 52.956614][ T3498] ? ktime_get_coarse_real_ts64+0x107/0x120
[ 52.962503][ T3498] ? current_time+0x1d1/0x2f0
[ 52.967174][ T3498] ? atime_needs_update+0x7b0/0x7b0
[ 52.972371][ T3498] ? evm_inode_setattr+0xf7/0x5b0
[ 52.977388][ T3498] ? bpf_lsm_inode_setattr+0x5/0x10
[ 52.982580][ T3498] ? security_inode_setattr+0xce/0x120
[ 52.988030][ T3498] ? reiserfs_commit_write+0x5a0/0x5a0
[ 52.993482][ T3498] notify_change+0xd4d/0x1000
[ 52.998155][ T3498] do_truncate+0x21c/0x300
[ 53.002564][ T3498] ? put_page_bootmem+0x280/0x280
[ 53.007583][ T3498] ? print_irqtrace_events+0x210/0x210
[ 53.013035][ T3498] ? vtime_user_exit+0x2d1/0x400
[ 53.017963][ T3498] ? bpf_lsm_path_truncate+0x5/0x10
[ 53.023241][ T3498] do_sys_ftruncate+0x2eb/0x390
[ 53.028088][ T3498] do_syscall_64+0x3d/0xb0
[ 53.032501][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 53.038433][ T3498] RIP: 0033:0x7fc63aabc9b9
[ 53.043000][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.062614][ T3498] RSP: 002b:00007ffedc316cc8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 53.071028][ T3498] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc63aabc9b9
[ 53.078997][ T3498] RDX: 00007fc63aabc9b9 RSI: 0000000002007fff RDI: 0000000000000005
[ 53.086963][ T3498] RBP: 00007fc63aa7c250 R08: 0000000000000000 R09: 0000000000000000
[ 53.094926][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc63aa7c2e0
[ 53.102890][ T3498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.111220][ T3498]
[ 53.114438][ T3498] Kernel Offset: disabled
[ 53.118762][ T3498] Rebooting in 86400 seconds..