./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2626724921
<...>
forked to background, child pid 3183
no interfa[ 18.713047][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
ces have a carrier
[ 18.726907][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts.
execve("./syz-executor2626724921", ["./syz-executor2626724921"], 0x7ffcfe961260 /* 10 vars */) = 0
brk(NULL) = 0x555556cbb000
brk(0x555556cbbc40) = 0x555556cbbc40
arch_prctl(ARCH_SET_FS, 0x555556cbb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2626724921", 4096) = 28
brk(0x555556cdcc40) = 0x555556cdcc40
brk(0x555556cdd000) = 0x555556cdd000
mprotect(0x7f285d54c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
ftruncate(3, 4194304) = 0
pwrite64(3, "\x00\x04\x00\x00\xec\x01\x00\x00\x13\x02\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x61\x1c\xad\x49\xe1\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x10\xcc\x03\x10\x00\x01\x00\x52\x65\x49\x73\x45\x72\x33\x46\x73\x00\x00\x00\x02\x00\x00\x00\x02\x00\x01\x00\x02\x00\x01\x02\x00\x00\x00\x00\x01\x00\x00\x00\x12\x31\x23\x12\x12\x33\x12\x33\x12\x31\x12\x34\x13\x41\x24\x12"..., 128, 65536) = 128
pwrite64(3, "\xf7\x9e\x37\x75\xc3\x1e\x60\x86\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x01\x00\x00\x00\x03\x00\x00\x00\x00\x4d\x0a\x00\x00\x13\xb0\xe2\x91\x52\xb5\x55\x67\xaa\x50", 43, 65728) = 43
pwrite64(3, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4096, 69632) = 4096
pwrite64(3, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x61\x1c\xad\x49\xe1\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x05\xcc\x56\xee\xe3\xb7\xe7\x47\xe9\xbb\xaf\xc6\x3e\xe8\x1e\xa3\x26\x3a\x2c\xf3\xd2\xa1\x12\x47\x27\x0c\xff\x1a\x3a\x9a\xf1\x73\xed\xf0\xd6"..., 198, 2170880) = 198
pwrite64(3, "\x01\x00\x02\x00\x5c\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2c\x00\xd4\x0f\x01\x00\x01\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xf4\x01\x00\x00\x02\x00\x30\x00\xa4\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 96, 2174976) = 96
pwrite64(3, "\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x09\x00\x02\x00\x00\x00\x28\x00\x04\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x04\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x00\x00\x00\x00\xed\x41\x00\x00\x03\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x5c\xf9\x01\x00\x53\x5f\x01\x00\x3a\xc1\x65\x5f\x3a\xc1\x65\x5f\x3a\x00\x00\x5f\x01\x00\x00\x00\x00\x00\x00\x00", 96, 2178976) = 96
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
mkdir("./file0", 0777) = 0
syzkaller login: [ 39.996438][ T3604] loop0: detected capacity change from 0 to 8192
[ 40.005868][ T3604] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 40.019126][ T3604] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 40.028660][ T3604] REISERFS (device loop0): using ordered data mode
[ 40.035328][ T3604] reiserfs: using flush barriers
[ 40.040996][ T3604] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 40.057368][ T3604] REISERFS (device loop0): checking transaction log (loop0)
[ 40.065699][ T3604] REISERFS (device loop0): Using rupasov hash to sort names
[ 40.073158][ T3604] ==================================================================
[ 40.081313][ T3604] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910
[ 40.088853][ T3604] Read of size 18446744073709551584 at addr ffff88807c9e4fa4 by task syz-executor262/3604
[ 40.098723][ T3604]
[ 40.101028][ T3604] CPU: 1 PID: 3604 Comm: syz-executor262 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[ 40.111070][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 40.121115][ T3604] Call Trace:
[ 40.124485][ T3604]
[ 40.127399][ T3604] dump_stack_lvl+0xcd/0x134
[ 40.131992][ T3604] print_report.cold+0x2ba/0x719
[ 40.136915][ T3604] ? leaf_paste_entries+0x449/0x910
[ 40.142546][ T3604] kasan_report+0xb1/0x1e0
[ 40.147295][ T3604] ? flush_all_cpus_locked+0x260/0x270
[ 40.152804][ T3604] ? leaf_paste_entries+0x449/0x910
[ 40.158078][ T3604] kasan_check_range+0x13d/0x180
[ 40.163000][ T3604] memmove+0x20/0x60
[ 40.166879][ T3604] leaf_paste_entries+0x449/0x910
[ 40.171922][ T3604] balance_leaf+0x917d/0xde40
[ 40.176597][ T3604] ? reiserfs_prepare_for_journal+0x15e/0x2b0
[ 40.182658][ T3604] ? fix_nodes+0x14cb/0x8650
[ 40.187245][ T3604] ? replace_key+0x160/0x160
[ 40.191833][ T3604] do_balance+0x315/0x810
[ 40.196158][ T3604] ? get_right_neighbor_position+0x170/0x170
[ 40.202127][ T3604] ? wait_for_completion_io_timeout+0x20/0x20
[ 40.208193][ T3604] ? folio_flags.constprop.0+0x53/0x150
[ 40.213732][ T3604] ? __find_get_block+0x2c8/0xe20
[ 40.218755][ T3604] reiserfs_paste_into_item+0x763/0x8e0
[ 40.224388][ T3604] ? reiserfs_delete_object+0x200/0x200
[ 40.229954][ T3604] ? search_by_entry_key+0x960/0x960
[ 40.235247][ T3604] ? yura_hash+0x143/0x2a0
[ 40.239680][ T3604] ? make_cpu_key+0x22/0x2a0
[ 40.244265][ T3604] reiserfs_add_entry+0x8cb/0xcf0
[ 40.249285][ T3604] ? reiserfs_lookup+0x490/0x490
[ 40.254214][ T3604] ? wait_for_completion_io_timeout+0x20/0x20
[ 40.260279][ T3604] ? lock_acquire+0x3a0/0x570
[ 40.264975][ T3604] ? dquot_get_next_dqblk+0x180/0x180
[ 40.270349][ T3604] ? rwlock_bug.part.0+0x90/0x90
[ 40.275284][ T3604] reiserfs_mkdir+0x675/0x980
[ 40.280146][ T3604] ? reiserfs_mknod+0x700/0x700
[ 40.285007][ T3604] ? down_write+0x153/0x220
[ 40.289507][ T3604] ? down_write_killable_nested+0x250/0x250
[ 40.295400][ T3604] reiserfs_xattr_init+0x57a/0xc30
[ 40.300513][ T3604] reiserfs_fill_super+0x21d7/0x2f80
[ 40.305802][ T3604] ? reiserfs_remount+0x1530/0x1530
[ 40.310998][ T3604] ? sget+0x472/0x580
[ 40.314985][ T3604] ? snprintf+0xbb/0xf0
[ 40.319156][ T3604] ? set_blocksize+0x2e5/0x370
[ 40.323922][ T3604] mount_bdev+0x34d/0x410
[ 40.328251][ T3604] ? reiserfs_remount+0x1530/0x1530
[ 40.333534][ T3604] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 40.338600][ T3604] legacy_get_tree+0x105/0x220
[ 40.343375][ T3604] vfs_get_tree+0x89/0x2f0
[ 40.347789][ T3604] path_mount+0x1326/0x1e20
[ 40.352298][ T3604] ? kmem_cache_free+0xeb/0x5b0
[ 40.357146][ T3604] ? finish_automount+0x960/0x960
[ 40.362174][ T3604] ? putname+0xfe/0x140
[ 40.366328][ T3604] __x64_sys_mount+0x27f/0x300
[ 40.371092][ T3604] ? copy_mnt_ns+0xae0/0xae0
[ 40.375769][ T3604] ? _raw_spin_unlock_irq+0x2a/0x40
[ 40.380960][ T3604] ? ptrace_notify+0xfa/0x140
[ 40.385629][ T3604] do_syscall_64+0x35/0xb0
[ 40.390042][ T3604] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 40.395938][ T3604] RIP: 0033:0x7f285d4e035a
[ 40.400348][ T3604] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 40.419959][ T3604] RSP: 002b:00007fff8a91f0d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 40.428374][ T3604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f285d4e035a
[ 40.436360][ T3604] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 00007fff8a91f0f0
[ 40.444332][ T3604] RBP: 00007fff8a91f0f0 R08: 00007fff8a91f130 R09: 0000555556cbb2c0
[ 40.452505][ T3604] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 40.460478][ T3604] R13: 00007fff8a91f130 R14: 0000000000000006 R15: 0000000020000290
[ 40.468449][ T3604]
[ 40.471460][ T3604]
[ 40.473768][ T3604] The buggy address belongs to the physical page:
[ 40.480174][ T3604] page:ffffea0001f27900 refcount:3 mapcount:0 mapping:ffff888140daeaf8 index:0x213 pfn:0x7c9e4
[ 40.490526][ T3604] memcg:ffff888140188000
[ 40.494758][ T3604] aops:def_blk_aops ino:700000
[ 40.499527][ T3604] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 40.508902][ T3604] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888140daeaf8
[ 40.517652][ T3604] raw: 0000000000000213 ffff8880700251d0 00000003ffffffff ffff888140188000
[ 40.526235][ T3604] page dumped because: kasan: bad access detected
[ 40.532638][ T3604] page_owner tracks the page as allocated
[ 40.538359][ T3604] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3604, tgid 3604 (syz-executor262), ts 40065573836, free_ts 40040802854
[ 40.559016][ T3604] get_page_from_freelist+0x109b/0x2ce0
[ 40.564585][ T3604] __alloc_pages+0x1c7/0x510
[ 40.569173][ T3604] alloc_pages+0x1a6/0x270
[ 40.573582][ T3604] folio_alloc+0x1c/0x70
[ 40.577818][ T3604] filemap_alloc_folio+0x306/0x3a0
[ 40.583115][ T3604] __filemap_get_folio+0x328/0xed0
[ 40.588236][ T3604] pagecache_get_page+0x2e/0x290
[ 40.593175][ T3604] __getblk_slow+0x1f4/0x1030
[ 40.597862][ T3604] __getblk_gfp+0x6e/0x80
[ 40.602279][ T3604] search_by_key+0x3a8/0x3bc0
[ 40.606959][ T3604] reiserfs_read_locked_inode+0x154/0x2160
[ 40.612757][ T3604] reiserfs_fill_super+0x1616/0x2f80
[ 40.618036][ T3604] mount_bdev+0x34d/0x410
[ 40.622364][ T3604] legacy_get_tree+0x105/0x220
[ 40.627115][ T3604] vfs_get_tree+0x89/0x2f0
[ 40.631533][ T3604] path_mount+0x1326/0x1e20
[ 40.636036][ T3604] page last free stack trace:
[ 40.640699][ T3604] free_pcp_prepare+0x5e4/0xd20
[ 40.645549][ T3604] free_unref_page_list+0x16f/0xb90
[ 40.650744][ T3604] release_pages+0xbd3/0x1400
[ 40.655412][ T3604] folio_batch_move_lru+0x2b7/0x440
[ 40.660780][ T3604] folio_batch_add_and_move+0xd4/0x130
[ 40.666237][ T3604] folio_add_lru+0x26e/0x680
[ 40.670824][ T3604] filemap_add_folio+0x133/0x1d0
[ 40.675753][ T3604] __filemap_get_folio+0x385/0xed0
[ 40.680856][ T3604] pagecache_get_page+0x2e/0x290
[ 40.685791][ T3604] __getblk_slow+0x1f4/0x1030
[ 40.690463][ T3604] __bread_gfp+0x228/0x320
[ 40.694873][ T3604] journal_init+0xd9a/0x64c0
[ 40.699455][ T3604] reiserfs_fill_super+0xc57/0x2f80
[ 40.704652][ T3604] mount_bdev+0x34d/0x410
[ 40.708982][ T3604] legacy_get_tree+0x105/0x220
[ 40.713754][ T3604] vfs_get_tree+0x89/0x2f0
[ 40.718254][ T3604]
[ 40.720562][ T3604] Memory state around the buggy address:
[ 40.726172][ T3604] ffff88807c9e4e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.734307][ T3604] ffff88807c9e4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.742354][ T3604] >ffff88807c9e4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.750398][ T3604] ^
[ 40.755491][ T3604] ffff88807c9e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.763623][ T3604] ffff88807c9e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.771758][ T3604] ==================================================================
[ 40.779985][ T3604] Kernel panic - not syncing: panic_on_warn set ...
[ 40.786841][ T3604] CPU: 0 PID: 3604 Comm: syz-executor262 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[ 40.796894][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 40.806929][ T3604] Call Trace:
[ 40.810209][ T3604]
[ 40.813119][ T3604] dump_stack_lvl+0xcd/0x134
[ 40.817697][ T3604] panic+0x2c8/0x622
[ 40.821662][ T3604] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 40.827627][ T3604] ? preempt_schedule_common+0x59/0xc0
[ 40.833069][ T3604] ? preempt_schedule_thunk+0x16/0x18
[ 40.838426][ T3604] ? leaf_paste_entries+0x449/0x910
[ 40.843607][ T3604] end_report.part.0+0x3f/0x7c
[ 40.848357][ T3604] kasan_report.cold+0xa/0xf
[ 40.852928][ T3604] ? flush_all_cpus_locked+0x260/0x270
[ 40.858383][ T3604] ? leaf_paste_entries+0x449/0x910
[ 40.863566][ T3604] kasan_check_range+0x13d/0x180
[ 40.868577][ T3604] memmove+0x20/0x60
[ 40.872455][ T3604] leaf_paste_entries+0x449/0x910
[ 40.877466][ T3604] balance_leaf+0x917d/0xde40
[ 40.882124][ T3604] ? reiserfs_prepare_for_journal+0x15e/0x2b0
[ 40.888170][ T3604] ? fix_nodes+0x14cb/0x8650
[ 40.892749][ T3604] ? replace_key+0x160/0x160
[ 40.897324][ T3604] do_balance+0x315/0x810
[ 40.901635][ T3604] ? get_right_neighbor_position+0x170/0x170
[ 40.907606][ T3604] ? wait_for_completion_io_timeout+0x20/0x20
[ 40.913663][ T3604] ? folio_flags.constprop.0+0x53/0x150
[ 40.919284][ T3604] ? __find_get_block+0x2c8/0xe20
[ 40.924292][ T3604] reiserfs_paste_into_item+0x763/0x8e0
[ 40.929824][ T3604] ? reiserfs_delete_object+0x200/0x200
[ 40.935367][ T3604] ? search_by_entry_key+0x960/0x960
[ 40.940807][ T3604] ? yura_hash+0x143/0x2a0
[ 40.945209][ T3604] ? make_cpu_key+0x22/0x2a0
[ 40.949779][ T3604] reiserfs_add_entry+0x8cb/0xcf0
[ 40.954785][ T3604] ? reiserfs_lookup+0x490/0x490
[ 40.959702][ T3604] ? wait_for_completion_io_timeout+0x20/0x20
[ 40.965753][ T3604] ? lock_acquire+0x3a0/0x570
[ 40.970415][ T3604] ? dquot_get_next_dqblk+0x180/0x180
[ 40.975773][ T3604] ? rwlock_bug.part.0+0x90/0x90
[ 40.980692][ T3604] reiserfs_mkdir+0x675/0x980
[ 40.985351][ T3604] ? reiserfs_mknod+0x700/0x700
[ 40.990269][ T3604] ? down_write+0x153/0x220
[ 40.994757][ T3604] ? down_write_killable_nested+0x250/0x250
[ 41.000637][ T3604] reiserfs_xattr_init+0x57a/0xc30
[ 41.005732][ T3604] reiserfs_fill_super+0x21d7/0x2f80
[ 41.011001][ T3604] ? reiserfs_remount+0x1530/0x1530
[ 41.016195][ T3604] ? sget+0x472/0x580
[ 41.020168][ T3604] ? snprintf+0xbb/0xf0
[ 41.024311][ T3604] ? set_blocksize+0x2e5/0x370
[ 41.029059][ T3604] mount_bdev+0x34d/0x410
[ 41.033372][ T3604] ? reiserfs_remount+0x1530/0x1530
[ 41.038572][ T3604] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 41.043582][ T3604] legacy_get_tree+0x105/0x220
[ 41.048325][ T3604] vfs_get_tree+0x89/0x2f0
[ 41.052741][ T3604] path_mount+0x1326/0x1e20
[ 41.057231][ T3604] ? kmem_cache_free+0xeb/0x5b0
[ 41.062064][ T3604] ? finish_automount+0x960/0x960
[ 41.067074][ T3604] ? putname+0xfe/0x140
[ 41.071215][ T3604] __x64_sys_mount+0x27f/0x300
[ 41.075965][ T3604] ? copy_mnt_ns+0xae0/0xae0
[ 41.080559][ T3604] ? _raw_spin_unlock_irq+0x2a/0x40
[ 41.085740][ T3604] ? ptrace_notify+0xfa/0x140
[ 41.090419][ T3604] do_syscall_64+0x35/0xb0
[ 41.094839][ T3604] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 41.100742][ T3604] RIP: 0033:0x7f285d4e035a
[ 41.105148][ T3604] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 41.125369][ T3604] RSP: 002b:00007fff8a91f0d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 41.133870][ T3604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f285d4e035a
[ 41.141827][ T3604] RDX: 0000000020000000 RSI: 0000000020000180 RDI: 00007fff8a91f0f0
[ 41.149784][ T3604] RBP: 00007fff8a91f0f0 R08: 00007fff8a91f130 R09: 0000555556cbb2c0
[ 41.157739][ T3604] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 41.165871][ T3604] R13: 00007fff8a91f130 R14: 0000000000000006 R15: 0000000020000290
[ 41.173834][ T3604]
[ 41.177443][ T3604] Kernel Offset: disabled
[ 41.181762][ T3604] Rebooting in 86400 seconds..