Warning: Permanently added '10.128.1.252' (ED25519) to the list of known hosts. 2024/09/22 05:03:28 ignoring optional flag "sandboxArg"="0" 2024/09/22 05:03:28 parsed 1 programs 2024/09/22 05:03:28 executed programs: 0 [ 47.600718][ T1508] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.130267][ T1933] loop0: detected capacity change from 0 to 8192 [ 50.138374][ T1933] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.147650][ T1933] REISERFS (device loop0): using ordered data mode [ 50.154490][ T1933] reiserfs: using flush barriers [ 50.160072][ T1933] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 50.176513][ T1933] REISERFS (device loop0): checking transaction log (loop0) [ 50.200356][ T1933] REISERFS (device loop0): Using r5 hash to sort names [ 50.207399][ T1933] REISERFS (device loop0): using 3.5.x disk format [ 50.214383][ T1933] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 50.227382][ T1933] ================================================================== [ 50.235448][ T1933] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0x223/0x9b0 [ 50.243172][ T1933] Read of size 18446744073709551365 at addr ffff88806a9d8000 by task syz-executor.0/1933 [ 50.252973][ T1933] [ 50.255297][ T1933] CPU: 1 PID: 1933 Comm: syz-executor.0 Not tainted 5.15.167-syzkaller #0 [ 50.263894][ T1933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 50.273928][ T1933] Call Trace: [ 50.277187][ T1933] [ 50.280184][ T1933] dump_stack_lvl+0x41/0x5e [ 50.284661][ T1933] print_address_description.constprop.0.cold+0x6c/0x309 [ 50.291654][ T1933] ? leaf_paste_in_buffer+0x223/0x9b0 [ 50.296995][ T1933] ? leaf_paste_in_buffer+0x223/0x9b0 [ 50.302336][ T1933] kasan_report.cold+0x83/0xdf [ 50.307172][ T1933] ? leaf_paste_in_buffer+0x223/0x9b0 [ 50.312788][ T1933] kasan_check_range+0x13d/0x180 [ 50.317793][ T1933] memmove+0x20/0x60 [ 50.321662][ T1933] leaf_paste_in_buffer+0x223/0x9b0 [ 50.326848][ T1933] balance_leaf+0x1dbc/0xe180 [ 50.331492][ T1933] ? replace_key+0x300/0x300 [ 50.336073][ T1933] ? do_balance+0x2e0/0x6b0 [ 50.340545][ T1933] do_balance+0x2e0/0x6b0 [ 50.344860][ T1933] ? get_right_neighbor_position+0x170/0x170 [ 50.350813][ T1933] ? wait_for_completion+0x220/0x220 [ 50.356083][ T1933] ? unwind_next_frame+0x13d8/0x1ce0 [ 50.361338][ T1933] reiserfs_paste_into_item+0x63c/0x7b0 [ 50.366951][ T1933] ? reiserfs_delete_object+0x1b0/0x1b0 [ 50.372467][ T1933] ? fs_reclaim_acquire+0xb2/0x160 [ 50.377550][ T1933] ? kasan_unpoison+0x40/0x60 [ 50.382205][ T1933] reiserfs_get_block+0xe98/0x39b0 [ 50.387393][ T1933] ? reiserfs_commit_write+0x620/0x620 [ 50.392819][ T1933] ? lock_downgrade+0x46f/0x4f0 [ 50.397640][ T1933] ? get_obj_cgroup_from_current+0x199/0x410 [ 50.403683][ T1933] ? __lock_acquire.constprop.0+0x478/0xb30 [ 50.409892][ T1933] ? rwlock_bug.part.0+0x90/0x90 [ 50.414886][ T1933] ? do_raw_spin_unlock+0x171/0x230 [ 50.420052][ T1933] __block_write_begin_int+0x2ef/0x1180 [ 50.425567][ T1933] ? reiserfs_commit_write+0x620/0x620 [ 50.430992][ T1933] ? reiserfs_allow_writes+0x90/0x90 [ 50.436248][ T1933] ? invalidate_bh_lrus_cpu+0xe0/0xe0 [ 50.441607][ T1933] ? __mutex_lock+0x1d4/0xea0 [ 50.446268][ T1933] reiserfs_write_begin+0x320/0x820 [ 50.451452][ T1933] generic_cont_expand_simple+0xea/0x120 [ 50.457083][ T1933] ? invalidate_bh_lrus+0x30/0x30 [ 50.462087][ T1933] ? setattr_prepare+0xe3/0xa40 [ 50.467190][ T1933] reiserfs_setattr+0x9b2/0xd20 [ 50.472552][ T1933] ? reiserfs_new_inode+0x1ee0/0x1ee0 [ 50.478007][ T1933] ? current_time+0x6e/0x200 [ 50.482714][ T1933] ? mode_strip_sgid+0x160/0x160 [ 50.487631][ T1933] notify_change+0x4b4/0xea0 [ 50.492375][ T1933] ? down_read_killable+0x380/0x380 [ 50.497680][ T1933] ? do_truncate+0xee/0x1a0 [ 50.502389][ T1933] do_truncate+0xee/0x1a0 [ 50.506701][ T1933] ? file_open_root+0x1f0/0x1f0 [ 50.511552][ T1933] ? lock_acquire+0x11a/0x250 [ 50.516225][ T1933] do_sys_ftruncate+0x423/0x550 [ 50.521258][ T1933] do_syscall_64+0x33/0x80 [ 50.525680][ T1933] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 50.531996][ T1933] RIP: 0033:0x7f1c36477ae9 [ 50.536504][ T1933] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.556089][ T1933] RSP: 002b:00007f1c35ffa0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 50.564575][ T1933] RAX: ffffffffffffffda RBX: 00007f1c36596f80 RCX: 00007f1c36477ae9 [ 50.572533][ T1933] RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000005 [ 50.580757][ T1933] RBP: 00007f1c364c347a R08: 0000000000000000 R09: 0000000000000000 [ 50.588726][ T1933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.596691][ T1933] R13: 0000000000000006 R14: 00007f1c36596f80 R15: 00007ffccb99cc48 [ 50.604642][ T1933] [ 50.607660][ T1933] [ 50.609998][ T1933] The buggy address belongs to the page: [ 50.615621][ T1933] page:ffffea0001aa7600 refcount:1 mapcount:1 mapping:0000000000000000 index:0x7f1c36593 pfn:0x6a9d8 [ 50.626441][ T1933] memcg:ffff888073f38000 [ 50.630650][ T1933] anon flags: 0xfff00000080014(uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 50.640271][ T1933] raw: 00fff00000080014 ffffea0001b49088 ffffea0001aa76c8 ffff888011c86001 [ 50.648830][ T1933] raw: 00000007f1c36593 0000000000000000 0000000100000000 ffff888073f38000 [ 50.657388][ T1933] page dumped because: kasan: bad access detected [ 50.663772][ T1933] page_owner tracks the page as allocated [ 50.669459][ T1933] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 1932, ts 50225734539, free_ts 5262455567 [ 50.684094][ T1933] get_page_from_freelist+0x12d1/0x2d40 [ 50.689613][ T1933] __alloc_pages+0x1b2/0x440 [ 50.694179][ T1933] alloc_pages_vma+0xe0/0x650 [ 50.698826][ T1933] wp_page_copy+0x18c/0x1890 [ 50.703385][ T1933] __handle_mm_fault+0x15ac/0x33a0 [ 50.708560][ T1933] handle_mm_fault+0x1c5/0x5b0 [ 50.713293][ T1933] do_user_addr_fault+0x298/0xc80 [ 50.718311][ T1933] exc_page_fault+0x5a/0xb0 [ 50.722792][ T1933] asm_exc_page_fault+0x22/0x30 [ 50.727624][ T1933] page last free stack trace: [ 50.732271][ T1933] free_pcp_prepare+0x379/0x850 [ 50.737094][ T1933] free_unref_page+0x19/0x4b0 [ 50.741755][ T1933] free_contig_range+0x8b/0xb0 [ 50.746490][ T1933] destroy_args+0x7e/0x503 [ 50.750894][ T1933] debug_vm_pgtable+0x1773/0x17f5 [ 50.755982][ T1933] do_one_initcall+0xb4/0x320 [ 50.760627][ T1933] kernel_init_freeable+0x51e/0x580 [ 50.765801][ T1933] kernel_init+0x14/0x120 [ 50.770100][ T1933] ret_from_fork+0x1f/0x30 [ 50.774488][ T1933] [ 50.776896][ T1933] Memory state around the buggy address: [ 50.782507][ T1933] ffff88806a9d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.790538][ T1933] ffff88806a9d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.798657][ T1933] >ffff88806a9d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.806702][ T1933] ^ [ 50.810746][ T1933] ffff88806a9d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.818863][ T1933] ffff88806a9d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.826991][ T1933] ================================================================== [ 50.835219][ T1933] Disabling lock debugging due to kernel taint [ 50.841657][ T1933] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 50.849123][ T1933] Kernel Offset: disabled [ 50.853447][ T1933] Rebooting in 86400 seconds..