Starting sshd: OK syzkaller syzkaller login: [ 25.013123][ T1061] cgroup: Unknown subsys name 'net' [ 25.137820][ T1061] cgroup: Unknown subsys name 'rlimit' [ 25.286332][ T1061] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.263510][ T1230] modprobe (1230) used greatest stack depth: 22280 bytes left [ 30.237634][ T1065] syz-executor.0 (1065) used greatest stack depth: 20744 bytes left Warning: Permanently added '10.128.0.38' (ED25519) to the list of known hosts. 2023/11/22 02:10:15 ignoring optional flag "sandboxArg"="0" 2023/11/22 02:10:15 parsed 1 programs 2023/11/22 02:10:15 executed programs: 0 [ 50.874810][ T1582] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.825235][ T1999] loop0: detected capacity change from 0 to 8192 [ 55.834252][ T1999] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.847862][ T1999] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.858372][ T1999] REISERFS (device loop0): using ordered data mode [ 55.870397][ T1999] reiserfs: using flush barriers [ 55.876420][ T1999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.897935][ T1999] REISERFS (device loop0): checking transaction log (loop0) [ 55.927404][ T1999] REISERFS (device loop0): Using r5 hash to sort names [ 55.934966][ T1999] REISERFS (device loop0): using 3.5.x disk format [ 55.942025][ T1999] ================================================================== [ 55.950596][ T1999] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x483/0x1320 [ 55.958950][ T1999] Read of size 18446744073709551584 at addr ffff88806e260fa4 by task syz-executor.0/1999 [ 55.970242][ T1999] [ 55.972818][ T1999] CPU: 0 PID: 1999 Comm: syz-executor.0 Not tainted 6.1.63-syzkaller #0 [ 55.983063][ T1999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 55.993657][ T1999] Call Trace: [ 55.997114][ T1999] [ 56.000240][ T1999] dump_stack_lvl+0xf4/0x251 [ 56.005466][ T1999] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 56.011452][ T1999] ? panic+0x3f7/0x3f7 [ 56.015610][ T1999] ? _printk+0xca/0x10a [ 56.020325][ T1999] print_report+0x15f/0x4f0 [ 56.025308][ T1999] ? leaf_paste_entries+0x483/0x1320 [ 56.031108][ T1999] kasan_report+0x136/0x160 [ 56.035992][ T1999] ? leaf_paste_entries+0x483/0x1320 [ 56.041522][ T1999] ? leaf_paste_entries+0x483/0x1320 [ 56.047153][ T1999] kasan_check_range+0x27f/0x290 [ 56.052459][ T1999] ? leaf_paste_entries+0x483/0x1320 [ 56.057979][ T1999] memmove+0x25/0x60 [ 56.061944][ T1999] leaf_paste_entries+0x483/0x1320 [ 56.067224][ T1999] ? leaf_paste_in_buffer+0x5e2/0xa30 [ 56.072776][ T1999] do_balance+0x6fe1/0xe950 [ 56.077366][ T1999] ? stack_trace_save+0x113/0x1c0 [ 56.082393][ T1999] ? __stack_depot_save+0x346/0x460 [ 56.087896][ T1999] ? __kasan_kmalloc+0x97/0xb0 [ 56.092854][ T1999] ? __kmalloc+0xa6/0x1c0 [ 56.097387][ T1999] ? fix_nodes+0x6c3/0xda60 [ 56.102235][ T1999] ? reiserfs_paste_into_item+0x569/0x740 [ 56.108282][ T1999] ? reiserfs_add_entry+0x7cf/0xbd0 [ 56.113960][ T1999] ? reiserfs_mkdir+0x657/0x870 [ 56.119257][ T1999] ? reiserfs_fill_super+0x1b96/0x2070 [ 56.125257][ T1999] ? mount_bdev+0x26b/0x340 [ 56.130029][ T1999] ? legacy_get_tree+0xe5/0x170 [ 56.135329][ T1999] ? vfs_get_tree+0x7a/0x170 [ 56.141308][ T1999] ? do_new_mount+0x1e1/0x8f0 [ 56.146250][ T1999] ? __se_sys_mount+0x23e/0x2d0 [ 56.151538][ T1999] ? do_syscall_64+0x3d/0x80 [ 56.156567][ T1999] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.162913][ T1999] ? get_right_neighbor_position+0x120/0x120 [ 56.169228][ T1999] ? __wake_up+0x1c0/0x1c0 [ 56.174008][ T1999] ? unfix_nodes+0x830/0x830 [ 56.178872][ T1999] ? fix_nodes+0x6c3/0xda60 [ 56.183467][ T1999] ? reiserfs_prepare_for_journal+0x166/0x180 [ 56.189722][ T1999] ? fix_nodes+0xcf78/0xda60 [ 56.194495][ T1999] ? make_empty_dir_item+0x740/0x740 [ 56.199900][ T1999] ? reiserfs_paste_into_item+0x36c/0x740 [ 56.205824][ T1999] reiserfs_paste_into_item+0x66e/0x740 [ 56.211545][ T1999] ? reiserfs_cut_from_item+0x1e90/0x1e90 [ 56.217359][ T1999] ? reiserfs_get_parent+0x270/0x270 [ 56.222828][ T1999] ? inode_get_bytes+0x6d/0x90 [ 56.227572][ T1999] reiserfs_add_entry+0x7cf/0xbd0 [ 56.233449][ T1999] ? drop_new_inode+0x50/0x50 [ 56.238192][ T1999] ? do_journal_begin_r+0xba9/0xdd0 [ 56.243715][ T1999] ? journal_begin+0x13b/0x2f0 [ 56.248540][ T1999] reiserfs_mkdir+0x657/0x870 [ 56.253371][ T1999] ? reiserfs_symlink+0x6b0/0x6b0 [ 56.258651][ T1999] ? __down_write_common+0x12a/0x1e0 [ 56.264801][ T1999] ? up_write+0x137/0x300 [ 56.269388][ T1999] ? __up_read+0x360/0x360 [ 56.273890][ T1999] reiserfs_xattr_init+0x286/0x5f0 [ 56.279180][ T1999] reiserfs_fill_super+0x1b96/0x2070 [ 56.284614][ T1999] ? reiserfs_kill_sb+0x140/0x140 [ 56.290258][ T1999] ? __down_write_common+0x12a/0x1e0 [ 56.296204][ T1999] ? snprintf+0xcc/0x110 [ 56.300958][ T1999] ? __up_read+0x360/0x360 [ 56.305470][ T1999] mount_bdev+0x26b/0x340 [ 56.309812][ T1999] ? reiserfs_kill_sb+0x140/0x140 [ 56.314997][ T1999] legacy_get_tree+0xe5/0x170 [ 56.319862][ T1999] ? remove_save_link+0x4e0/0x4e0 [ 56.325395][ T1999] vfs_get_tree+0x7a/0x170 [ 56.329897][ T1999] do_new_mount+0x1e1/0x8f0 [ 56.334489][ T1999] ? do_move_mount_old+0x120/0x120 [ 56.339973][ T1999] __se_sys_mount+0x23e/0x2d0 [ 56.344921][ T1999] ? __x64_sys_mount+0xc0/0xc0 [ 56.349970][ T1999] ? fpregs_assert_state_consistent+0x43/0x50 [ 56.356140][ T1999] do_syscall_64+0x3d/0x80 [ 56.360739][ T1999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.366827][ T1999] RIP: 0033:0x7f995027e1ea [ 56.371324][ T1999] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.391016][ T1999] RSP: 002b:00007f9951072ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.399788][ T1999] RAX: ffffffffffffffda RBX: 00007f9951072f80 RCX: 00007f995027e1ea [ 56.407877][ T1999] RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007f9951072f40 [ 56.416496][ T1999] RBP: 0000000020001100 R08: 00007f9951072f80 R09: 0000000000000080 [ 56.424578][ T1999] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000020000040 [ 56.432833][ T1999] R13: 00007f9951072f40 R14: 00000000000010fa R15: 0000000020000000 [ 56.441162][ T1999] [ 56.444189][ T1999] [ 56.446664][ T1999] The buggy address belongs to the physical page: [ 56.453227][ T1999] page:ffffea0001b89800 refcount:3 mapcount:0 mapping:ffff8880094412f0 index:0x213 pfn:0x6e260 [ 56.463863][ T1999] memcg:ffff888079568000 [ 56.468634][ T1999] aops:def_blk_aops ino:700000 [ 56.473721][ T1999] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 56.483764][ T1999] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff8880094412f0 [ 56.492776][ T1999] raw: 0000000000000213 ffff88806f94ecb0 00000003ffffffff ffff888079568000 [ 56.501706][ T1999] page dumped because: kasan: bad access detected [ 56.508572][ T1999] page_owner tracks the page as allocated [ 56.514385][ T1999] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 1999, tgid 1998 (syz-executor.0), ts 55927254001, free_ts 43836905438 [ 56.535262][ T1999] post_alloc_hook+0x286/0x2b0 [ 56.540564][ T1999] get_page_from_freelist+0x2fdd/0x3170 [ 56.546270][ T1999] __alloc_pages+0x251/0x640 [ 56.551032][ T1999] folio_alloc+0xf/0x30 [ 56.555434][ T1999] filemap_alloc_folio+0xc2/0x390 [ 56.561099][ T1999] __filemap_get_folio+0x6ca/0x970 [ 56.566382][ T1999] pagecache_get_page+0x10/0x160 [ 56.571397][ T1999] __getblk_gfp+0x1b5/0x810 [ 56.575920][ T1999] search_by_key+0x3bd/0x3d90 [ 56.581819][ T1999] reiserfs_read_locked_inode+0x211/0x2290 [ 56.588058][ T1999] reiserfs_fill_super+0xfed/0x2070 [ 56.593540][ T1999] mount_bdev+0x26b/0x340 [ 56.597866][ T1999] legacy_get_tree+0xe5/0x170 [ 56.602702][ T1999] vfs_get_tree+0x7a/0x170 [ 56.607186][ T1999] do_new_mount+0x1e1/0x8f0 [ 56.611664][ T1999] __se_sys_mount+0x23e/0x2d0 [ 56.616547][ T1999] page last free stack trace: [ 56.621508][ T1999] free_unref_page_prepare+0xd4b/0xee0 [ 56.627560][ T1999] free_unref_page_list+0x54b/0x7e0 [ 56.633326][ T1999] release_pages+0x175c/0x1900 [ 56.638315][ T1999] tlb_flush_mmu+0xe5/0x1d0 [ 56.642999][ T1999] tlb_finish_mmu+0xb0/0x1b0 [ 56.647772][ T1999] unmap_region+0x265/0x2b0 [ 56.652456][ T1999] do_mas_align_munmap+0xa6c/0x11e0 [ 56.658786][ T1999] do_mas_munmap+0x195/0x1f0 [ 56.663924][ T1999] __vm_munmap+0x236/0x300 [ 56.668599][ T1999] __x64_sys_munmap+0x57/0x60 [ 56.673728][ T1999] do_syscall_64+0x3d/0x80 [ 56.678924][ T1999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.685094][ T1999] [ 56.687509][ T1999] Memory state around the buggy address: [ 56.693749][ T1999] ffff88806e260e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.702697][ T1999] ffff88806e260f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.711706][ T1999] >ffff88806e260f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.720106][ T1999] ^ [ 56.725573][ T1999] ffff88806e261000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.734136][ T1999] ffff88806e261080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.742713][ T1999] ================================================================== [ 56.753068][ T1999] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.761904][ T1999] Kernel Offset: disabled [ 56.766371][ T1999] Rebooting in 86400 seconds..