DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5
forked to background, child pid 3214
[ 30.315298][ T3215] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.326477][ T3215] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 53.045791][ T3539] loop0: detected capacity change from 0 to 8192
[ 53.057777][ T3539] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 53.071481][ T3539] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 53.080890][ T3539] REISERFS (device loop0): using ordered data mode
[ 53.087618][ T3539] reiserfs: using flush barriers
[ 53.095273][ T3539] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 53.111977][ T3539] REISERFS (device loop0): checking transaction log (loop0)
[ 53.122097][ T3539] REISERFS (device loop0): Using r5 hash to sort names
[ 53.129201][ T3539] REISERFS (device loop0): using 3.5.x disk format
[ 53.136968][ T3539] ==================================================================
[ 53.145115][ T3539] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x95f/0x13a0
[ 53.152684][ T3539] Read of size 18446744073709551584 at addr ffff8880718d5fa4 by task syz-executor326/3539
[ 53.162658][ T3539]
[ 53.164973][ T3539] CPU: 1 PID: 3539 Comm: syz-executor326 Not tainted 6.1.37-syzkaller #0
[ 53.173380][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 53.183506][ T3539] Call Trace:
[ 53.186770][ T3539]
[ 53.189686][ T3539] dump_stack_lvl+0x1e3/0x2cb
[ 53.194628][ T3539] ? irq_work_queue+0xcd/0x150
[ 53.199496][ T3539] ? nf_tcp_handle_invalid+0x642/0x642
[ 53.204952][ T3539] ? panic+0x75d/0x75d
[ 53.209022][ T3539] ? _printk+0xd1/0x111
[ 53.213198][ T3539] ? _raw_spin_lock_irqsave+0xac/0x120
[ 53.218678][ T3539] print_report+0x15f/0x4f0
[ 53.223177][ T3539] ? __lock_acquire+0x125b/0x1f80
[ 53.228184][ T3539] ? __virt_addr_valid+0x22b/0x2e0
[ 53.233281][ T3539] ? __phys_addr+0xb6/0x170
[ 53.237767][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 53.243222][ T3539] kasan_report+0x136/0x160
[ 53.247845][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 53.253121][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 53.258400][ T3539] kasan_check_range+0x27f/0x290
[ 53.263333][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 53.268704][ T3539] memmove+0x25/0x60
[ 53.272589][ T3539] leaf_paste_entries+0x95f/0x13a0
[ 53.277823][ T3539] balance_leaf+0xbd1e/0x12510
[ 53.282578][ T3539] ? print_irqtrace_events+0x210/0x210
[ 53.288127][ T3539] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 53.294108][ T3539] ? _raw_spin_unlock+0x40/0x40
[ 53.299323][ T3539] ? stack_trace_save+0x113/0x1c0
[ 53.305058][ T3539] ? stack_trace_snprint+0xe0/0xe0
[ 53.310273][ T3539] ? stack_trace_snprint+0xe0/0xe0
[ 53.315381][ T3539] ? do_balance+0x8f0/0x8f0
[ 53.320061][ T3539] ? __stack_depot_save+0x3f5/0x470
[ 53.325372][ T3539] ? kasan_set_track+0x60/0x70
[ 53.330150][ T3539] ? kasan_set_track+0x4b/0x70
[ 53.334991][ T3539] ? __kasan_kmalloc+0x97/0xb0
[ 53.339746][ T3539] ? __kmalloc+0xb2/0x230
[ 53.344147][ T3539] ? fix_nodes+0x69aa/0x8c70
[ 53.348732][ T3539] ? reiserfs_paste_into_item+0x65d/0x880
[ 53.354443][ T3539] ? reiserfs_add_entry+0x9b8/0xd70
[ 53.359644][ T3539] ? reiserfs_mkdir+0x6bc/0x8f0
[ 53.364488][ T3539] ? reiserfs_xattr_init+0x348/0x730
[ 53.370641][ T3539] ? reiserfs_fill_super+0x2203/0x2620
[ 53.376088][ T3539] ? mount_bdev+0x2c9/0x3f0
[ 53.380587][ T3539] ? legacy_get_tree+0xeb/0x180
[ 53.385426][ T3539] ? vfs_get_tree+0x88/0x270
[ 53.390000][ T3539] ? do_new_mount+0x28b/0xae0
[ 53.394669][ T3539] ? __se_sys_mount+0x2d5/0x3c0
[ 53.399508][ T3539] ? do_syscall_64+0x3d/0xb0
[ 53.404084][ T3539] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.410586][ T3539] ? __wake_up+0x1c0/0x1c0
[ 53.414993][ T3539] ? get_parents+0x513/0xfa0
[ 53.419598][ T3539] ? set_parameters+0x8d0/0x8d0
[ 53.424459][ T3539] ? get_neighbors+0x631/0x1010
[ 53.429497][ T3539] ? reiserfs_prepare_for_journal+0x269/0x280
[ 53.435561][ T3539] ? fix_nodes+0x7abc/0x8c70
[ 53.440139][ T3539] ? __might_sleep+0xb0/0xb0
[ 53.444723][ T3539] do_balance+0x309/0x8f0
[ 53.449047][ T3539] ? get_right_neighbor_position+0x210/0x210
[ 53.455628][ T3539] ? reiserfs_paste_into_item+0x3ef/0x880
[ 53.461334][ T3539] reiserfs_paste_into_item+0x73b/0x880
[ 53.466872][ T3539] ? reiserfs_cut_from_item+0x2580/0x2580
[ 53.472605][ T3539] ? reiserfs_get_parent+0x2c0/0x2c0
[ 53.477929][ T3539] ? inode_get_bytes+0x72/0xa0
[ 53.482958][ T3539] ? _find_first_zero_bit+0x61/0x100
[ 53.488668][ T3539] reiserfs_add_entry+0x9b8/0xd70
[ 53.493810][ T3539] ? drop_new_inode+0x60/0x60
[ 53.498668][ T3539] ? do_journal_begin_r+0xdc9/0x1020
[ 53.504488][ T3539] ? journal_begin+0x1ef/0x350
[ 53.509254][ T3539] reiserfs_mkdir+0x6bc/0x8f0
[ 53.513927][ T3539] ? reiserfs_symlink+0x720/0x720
[ 53.518968][ T3539] ? rwsem_write_trylock+0x166/0x210
[ 53.524271][ T3539] ? __up_read+0x690/0x690
[ 53.528773][ T3539] reiserfs_xattr_init+0x348/0x730
[ 53.533892][ T3539] reiserfs_fill_super+0x2203/0x2620
[ 53.539354][ T3539] ? reiserfs_kill_sb+0x150/0x150
[ 53.544371][ T3539] ? snprintf+0xd6/0x120
[ 53.548631][ T3539] mount_bdev+0x2c9/0x3f0
[ 53.552964][ T3539] ? reiserfs_kill_sb+0x150/0x150
[ 53.557992][ T3539] legacy_get_tree+0xeb/0x180
[ 53.562660][ T3539] ? remove_save_link+0x540/0x540
[ 53.567855][ T3539] vfs_get_tree+0x88/0x270
[ 53.572257][ T3539] do_new_mount+0x28b/0xae0
[ 53.576875][ T3539] ? do_move_mount_old+0x160/0x160
[ 53.581978][ T3539] ? user_path_at_empty+0x12b/0x180
[ 53.587179][ T3539] __se_sys_mount+0x2d5/0x3c0
[ 53.592391][ T3539] ? __x64_sys_mount+0xc0/0xc0
[ 53.597178][ T3539] ? syscall_enter_from_user_mode+0x2e/0x220
[ 53.603237][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 53.608559][ T3539] ? __x64_sys_mount+0x1c/0xc0
[ 53.614111][ T3539] do_syscall_64+0x3d/0xb0
[ 53.618718][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.624639][ T3539] RIP: 0033:0x7fe096bf1b1a
[ 53.629207][ T3539] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.649370][ T3539] RSP: 002b:00007ffc2f0623d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 53.658235][ T3539] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe096bf1b1a
[ 53.667294][ T3539] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffc2f0623f0
[ 53.675354][ T3539] RBP: 00007ffc2f0623f0 R08: 00007ffc2f062430 R09: 0000000000001107
[ 53.683405][ T3539] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000004
[ 53.691379][ T3539] R13: 0000555556d3b2c0 R14: 0000000000000080 R15: 00007ffc2f062430
[ 53.699539][ T3539]
[ 53.702548][ T3539]
[ 53.705037][ T3539] The buggy address belongs to the physical page:
[ 53.711793][ T3539] page:ffffea0001c63540 refcount:2 mapcount:0 mapping:ffff88801e87f5f8 index:0x213 pfn:0x718d5
[ 53.722097][ T3539] memcg:ffff88813ff58000
[ 53.726319][ T3539] aops:def_blk_aops ino:700000
[ 53.731068][ T3539] flags: 0xfff38000002052(referenced|lru|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[ 53.741118][ T3539] raw: 00fff38000002052 ffffea0001c69508 ffff88813ff5a158 ffff88801e87f5f8
[ 53.749692][ T3539] raw: 0000000000000213 ffff8880734f70e8 00000002ffffffff ffff88813ff58000
[ 53.758539][ T3539] page dumped because: kasan: bad access detected
[ 53.765367][ T3539] page_owner tracks the page as allocated
[ 53.771149][ T3539] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3539, tgid 3539 (syz-executor326), ts 53121802754, free_ts 52924080687
[ 53.791884][ T3539] post_alloc_hook+0x18d/0x1b0
[ 53.796644][ T3539] get_page_from_freelist+0x32ed/0x3480
[ 53.802318][ T3539] __alloc_pages+0x28d/0x770
[ 53.806931][ T3539] folio_alloc+0x1a/0x50
[ 53.811181][ T3539] filemap_alloc_folio+0xda/0x4f0
[ 53.816206][ T3539] __filemap_get_folio+0x711/0xe30
[ 53.821308][ T3539] pagecache_get_page+0x28/0x250
[ 53.826232][ T3539] __getblk_gfp+0x211/0xa20
[ 53.831164][ T3539] search_by_key+0x460/0x4b60
[ 53.835911][ T3539] reiserfs_read_locked_inode+0x23c/0x2950
[ 53.842004][ T3539] reiserfs_fill_super+0x135f/0x2620
[ 53.847297][ T3539] mount_bdev+0x2c9/0x3f0
[ 53.852140][ T3539] legacy_get_tree+0xeb/0x180
[ 53.856999][ T3539] vfs_get_tree+0x88/0x270
[ 53.861409][ T3539] do_new_mount+0x28b/0xae0
[ 53.865899][ T3539] __se_sys_mount+0x2d5/0x3c0
[ 53.870560][ T3539] page last free stack trace:
[ 53.875237][ T3539] free_unref_page_prepare+0xf63/0x1120
[ 53.880779][ T3539] free_unref_page_list+0x107/0x810
[ 53.885979][ T3539] release_pages+0x2836/0x2b40
[ 53.890730][ T3539] tlb_flush_mmu+0xfc/0x210
[ 53.895218][ T3539] tlb_finish_mmu+0xce/0x1f0
[ 53.901094][ T3539] exit_mmap+0x3c3/0x9f0
[ 53.906554][ T3539] __mmput+0x115/0x3c0
[ 53.910857][ T3539] exit_mm+0x226/0x300
[ 53.915120][ T3539] do_exit+0x67e/0x2300
[ 53.919268][ T3539] do_group_exit+0x202/0x2b0
[ 53.924281][ T3539] __x64_sys_exit_group+0x3b/0x40
[ 53.929925][ T3539] do_syscall_64+0x3d/0xb0
[ 53.934813][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.940708][ T3539]
[ 53.943220][ T3539] Memory state around the buggy address:
[ 53.948944][ T3539] ffff8880718d5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.957004][ T3539] ffff8880718d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.965147][ T3539] >ffff8880718d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.973188][ T3539] ^
[ 53.978274][ T3539] ffff8880718d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.986419][ T3539] ffff8880718d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.994546][ T3539] ==================================================================
[ 54.002917][ T3539] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 54.010291][ T3539] CPU: 1 PID: 3539 Comm: syz-executor326 Not tainted 6.1.37-syzkaller #0
[ 54.018781][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 54.028911][ T3539] Call Trace:
[ 54.032359][ T3539]
[ 54.035282][ T3539] dump_stack_lvl+0x1e3/0x2cb
[ 54.039960][ T3539] ? nf_tcp_handle_invalid+0x642/0x642
[ 54.045691][ T3539] ? panic+0x75d/0x75d
[ 54.049753][ T3539] ? preempt_schedule_common+0xa6/0xd0
[ 54.055296][ T3539] ? vscnprintf+0x59/0x80
[ 54.059616][ T3539] panic+0x318/0x75d
[ 54.063529][ T3539] ? check_panic_on_warn+0x1d/0xa0
[ 54.068656][ T3539] ? memcpy_page_flushcache+0xfc/0xfc
[ 54.074037][ T3539] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 54.080146][ T3539] ? _raw_spin_unlock+0x40/0x40
[ 54.084987][ T3539] ? print_report+0x4a3/0x4f0
[ 54.089659][ T3539] check_panic_on_warn+0x7e/0xa0
[ 54.094692][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 54.099986][ T3539] end_report+0x66/0x110
[ 54.104304][ T3539] kasan_report+0x143/0x160
[ 54.108796][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 54.114077][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 54.119354][ T3539] kasan_check_range+0x27f/0x290
[ 54.124278][ T3539] ? leaf_paste_entries+0x95f/0x13a0
[ 54.129649][ T3539] memmove+0x25/0x60
[ 54.133547][ T3539] leaf_paste_entries+0x95f/0x13a0
[ 54.138664][ T3539] balance_leaf+0xbd1e/0x12510
[ 54.143523][ T3539] ? print_irqtrace_events+0x210/0x210
[ 54.149160][ T3539] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 54.155485][ T3539] ? _raw_spin_unlock+0x40/0x40
[ 54.161460][ T3539] ? stack_trace_save+0x113/0x1c0
[ 54.166480][ T3539] ? stack_trace_snprint+0xe0/0xe0
[ 54.171671][ T3539] ? stack_trace_snprint+0xe0/0xe0
[ 54.176775][ T3539] ? do_balance+0x8f0/0x8f0
[ 54.181372][ T3539] ? __stack_depot_save+0x3f5/0x470
[ 54.186581][ T3539] ? kasan_set_track+0x60/0x70
[ 54.191468][ T3539] ? kasan_set_track+0x4b/0x70
[ 54.196677][ T3539] ? __kasan_kmalloc+0x97/0xb0
[ 54.201440][ T3539] ? __kmalloc+0xb2/0x230
[ 54.205763][ T3539] ? fix_nodes+0x69aa/0x8c70
[ 54.210436][ T3539] ? reiserfs_paste_into_item+0x65d/0x880
[ 54.216152][ T3539] ? reiserfs_add_entry+0x9b8/0xd70
[ 54.221539][ T3539] ? reiserfs_mkdir+0x6bc/0x8f0
[ 54.226571][ T3539] ? reiserfs_xattr_init+0x348/0x730
[ 54.231856][ T3539] ? reiserfs_fill_super+0x2203/0x2620
[ 54.237404][ T3539] ? mount_bdev+0x2c9/0x3f0
[ 54.241991][ T3539] ? legacy_get_tree+0xeb/0x180
[ 54.246839][ T3539] ? vfs_get_tree+0x88/0x270
[ 54.251694][ T3539] ? do_new_mount+0x28b/0xae0
[ 54.256377][ T3539] ? __se_sys_mount+0x2d5/0x3c0
[ 54.261317][ T3539] ? do_syscall_64+0x3d/0xb0
[ 54.265918][ T3539] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.272088][ T3539] ? __wake_up+0x1c0/0x1c0
[ 54.276500][ T3539] ? get_parents+0x513/0xfa0
[ 54.281085][ T3539] ? set_parameters+0x8d0/0x8d0
[ 54.285942][ T3539] ? get_neighbors+0x631/0x1010
[ 54.290916][ T3539] ? reiserfs_prepare_for_journal+0x269/0x280
[ 54.296983][ T3539] ? fix_nodes+0x7abc/0x8c70
[ 54.303337][ T3539] ? __might_sleep+0xb0/0xb0
[ 54.308111][ T3539] do_balance+0x309/0x8f0
[ 54.312614][ T3539] ? get_right_neighbor_position+0x210/0x210
[ 54.318684][ T3539] ? reiserfs_paste_into_item+0x3ef/0x880
[ 54.324488][ T3539] reiserfs_paste_into_item+0x73b/0x880
[ 54.330231][ T3539] ? reiserfs_cut_from_item+0x2580/0x2580
[ 54.336174][ T3539] ? reiserfs_get_parent+0x2c0/0x2c0
[ 54.341574][ T3539] ? inode_get_bytes+0x72/0xa0
[ 54.346432][ T3539] ? _find_first_zero_bit+0x61/0x100
[ 54.351911][ T3539] reiserfs_add_entry+0x9b8/0xd70
[ 54.357047][ T3539] ? drop_new_inode+0x60/0x60
[ 54.362244][ T3539] ? do_journal_begin_r+0xdc9/0x1020
[ 54.367901][ T3539] ? journal_begin+0x1ef/0x350
[ 54.373043][ T3539] reiserfs_mkdir+0x6bc/0x8f0
[ 54.378354][ T3539] ? reiserfs_symlink+0x720/0x720
[ 54.383377][ T3539] ? rwsem_write_trylock+0x166/0x210
[ 54.388673][ T3539] ? __up_read+0x690/0x690
[ 54.393456][ T3539] reiserfs_xattr_init+0x348/0x730
[ 54.398595][ T3539] reiserfs_fill_super+0x2203/0x2620
[ 54.405029][ T3539] ? reiserfs_kill_sb+0x150/0x150
[ 54.410787][ T3539] ? snprintf+0xd6/0x120
[ 54.416105][ T3539] mount_bdev+0x2c9/0x3f0
[ 54.420615][ T3539] ? reiserfs_kill_sb+0x150/0x150
[ 54.425746][ T3539] legacy_get_tree+0xeb/0x180
[ 54.430528][ T3539] ? remove_save_link+0x540/0x540
[ 54.436176][ T3539] vfs_get_tree+0x88/0x270
[ 54.440714][ T3539] do_new_mount+0x28b/0xae0
[ 54.445369][ T3539] ? do_move_mount_old+0x160/0x160
[ 54.450490][ T3539] ? user_path_at_empty+0x12b/0x180
[ 54.455866][ T3539] __se_sys_mount+0x2d5/0x3c0
[ 54.460559][ T3539] ? __x64_sys_mount+0xc0/0xc0
[ 54.466118][ T3539] ? syscall_enter_from_user_mode+0x2e/0x220
[ 54.473041][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 54.478777][ T3539] ? __x64_sys_mount+0x1c/0xc0
[ 54.486004][ T3539] do_syscall_64+0x3d/0xb0
[ 54.490693][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.496855][ T3539] RIP: 0033:0x7fe096bf1b1a
[ 54.501349][ T3539] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.521758][ T3539] RSP: 002b:00007ffc2f0623d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 54.530295][ T3539] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe096bf1b1a
[ 54.538369][ T3539] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007ffc2f0623f0
[ 54.546521][ T3539] RBP: 00007ffc2f0623f0 R08: 00007ffc2f062430 R09: 0000000000001107
[ 54.554591][ T3539] R10: 0000000000000080 R11: 0000000000000286 R12: 0000000000000004
[ 54.562759][ T3539] R13: 0000555556d3b2c0 R14: 0000000000000080 R15: 00007ffc2f062430
[ 54.571255][ T3539]
[ 54.574348][ T3539] Kernel Offset: disabled
[ 54.578677][ T3539] Rebooting in 86400 seconds..