Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. executing program [ 43.527848][ T3968] loop0: detected capacity change from 0 to 8192 [ 43.533402][ T3968] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 43.535394][ T3968] REISERFS (device loop0): using ordered data mode [ 43.536725][ T3968] reiserfs: using flush barriers [ 43.538848][ T3968] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 43.542919][ T3968] REISERFS (device loop0): checking transaction log (loop0) [ 43.591407][ T3968] REISERFS (device loop0): Using r5 hash to sort names [ 43.593112][ T3968] REISERFS (device loop0): using 3.5.x disk format [ 43.595081][ T3968] ================================================================== [ 43.596846][ T3968] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944 [ 43.598529][ T3968] Read of size 18446744073709551600 at addr ffff0000df6d8f94 by task syz-executor273/3968 [ 43.600583][ T3968] [ 43.601050][ T3968] CPU: 0 PID: 3968 Comm: syz-executor273 Not tainted 5.15.118-syzkaller #0 [ 43.602852][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 43.604924][ T3968] Call trace: [ 43.605602][ T3968] dump_backtrace+0x0/0x530 [ 43.606544][ T3968] show_stack+0x2c/0x3c [ 43.607393][ T3968] dump_stack_lvl+0x108/0x170 [ 43.608371][ T3968] print_address_description+0x7c/0x3f0 [ 43.609526][ T3968] kasan_report+0x174/0x1e4 [ 43.610482][ T3968] kasan_check_range+0x274/0x2b4 [ 43.611494][ T3968] memmove+0x90/0xe8 [ 43.612335][ T3968] leaf_paste_entries+0x504/0x944 [ 43.613446][ T3968] balance_leaf+0xa0d4/0xe860 [ 43.614422][ T3968] do_balance+0x27c/0x790 [ 43.615307][ T3968] reiserfs_paste_into_item+0x630/0x744 [ 43.616436][ T3968] reiserfs_add_entry+0x8c0/0xc8c [ 43.617506][ T3968] reiserfs_mkdir+0x588/0x77c [ 43.618488][ T3968] reiserfs_xattr_init+0x2b0/0x6dc [ 43.619546][ T3968] reiserfs_fill_super+0x1b28/0x1e8c [ 43.620691][ T3968] mount_bdev+0x274/0x370 [ 43.621715][ T3968] get_super_block+0x44/0x58 [ 43.622715][ T3968] legacy_get_tree+0xd4/0x16c [ 43.623676][ T3968] vfs_get_tree+0x90/0x274 [ 43.624616][ T3968] do_new_mount+0x25c/0x8c4 [ 43.625700][ T3968] path_mount+0x590/0x104c [ 43.626750][ T3968] __arm64_sys_mount+0x510/0x5e0 [ 43.627688][ T3968] invoke_syscall+0x98/0x2b8 [ 43.628589][ T3968] el0_svc_common+0x138/0x258 [ 43.629559][ T3968] do_el0_svc+0x58/0x14c [ 43.630474][ T3968] el0_svc+0x7c/0x1f0 [ 43.631301][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 43.632347][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 43.633192][ T3968] [ 43.633698][ T3968] The buggy address belongs to the page: [ 43.634875][ T3968] page:000000005f64aca8 refcount:3 mapcount:0 mapping:000000003274d46e index:0x213 pfn:0x11f6d8 [ 43.636999][ T3968] memcg:ffff0000c0894000 [ 43.637871][ T3968] aops:def_blk_aops ino:700000 [ 43.638883][ T3968] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 43.640887][ T3968] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c058cf48 [ 43.642710][ T3968] raw: 0000000000000213 ffff0000dbd60740 00000003ffffffff ffff0000c0894000 [ 43.644483][ T3968] page dumped because: kasan: bad access detected [ 43.645832][ T3968] [ 43.646327][ T3968] Memory state around the buggy address: [ 43.647541][ T3968] ffff0000df6d8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.649230][ T3968] ffff0000df6d8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.650911][ T3968] >ffff0000df6d8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.652628][ T3968] ^ [ 43.653580][ T3968] ffff0000df6d9000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.655184][ T3968] ffff0000df6d9080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.656793][ T3968] ================================================================== [ 43.658488][ T3968] Disabling lock debugging due to kernel taint [ 43.659924][ T3968] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.