Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. executing program syzkaller login: [ 33.389860][ T4219] loop0: detected capacity change from 0 to 8192 [ 33.395588][ T4219] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 33.398779][ T4219] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.401168][ T4219] REISERFS (device loop0): using ordered data mode [ 33.403060][ T4219] reiserfs: using flush barriers [ 33.404964][ T4219] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 33.408956][ T4219] REISERFS (device loop0): checking transaction log (loop0) [ 33.413355][ T4219] REISERFS (device loop0): Using r5 hash to sort names [ 33.415252][ T4219] REISERFS (device loop0): using 3.5.x disk format [ 33.417354][ T4219] ================================================================== [ 33.419313][ T4219] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 33.421077][ T4219] Read of size 18446744073709551584 at addr ffff0000e2c3bfa4 by task syz-executor284/4219 [ 33.423426][ T4219] [ 33.424047][ T4219] CPU: 1 PID: 4219 Comm: syz-executor284 Not tainted 6.1.84-syzkaller #0 [ 33.426134][ T4219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.428545][ T4219] Call trace: [ 33.429334][ T4219] dump_backtrace+0x1c8/0x1f4 [ 33.430449][ T4219] show_stack+0x2c/0x3c [ 33.431483][ T4219] dump_stack_lvl+0x108/0x170 [ 33.432665][ T4219] print_report+0x174/0x4c0 [ 33.433861][ T4219] kasan_report+0xd4/0x130 [ 33.434920][ T4219] kasan_check_range+0x264/0x2a4 [ 33.436181][ T4219] memmove+0x48/0x90 [ 33.437125][ T4219] leaf_paste_entries+0x698/0xb10 [ 33.438343][ T4219] balance_leaf+0xa0d4/0xe860 [ 33.439486][ T4219] do_balance+0x27c/0x788 [ 33.440582][ T4219] reiserfs_paste_into_item+0x630/0x744 [ 33.441919][ T4219] reiserfs_add_entry+0x8ec/0xcc4 [ 33.443155][ T4219] reiserfs_mkdir+0x588/0x77c [ 33.444235][ T4219] reiserfs_xattr_init+0x2b0/0x6bc [ 33.445498][ T4219] reiserfs_fill_super+0x1bfc/0x2028 [ 33.446864][ T4219] mount_bdev+0x274/0x370 [ 33.447870][ T4219] get_super_block+0x44/0x58 [ 33.448862][ T4219] legacy_get_tree+0xd4/0x16c [ 33.449960][ T4219] vfs_get_tree+0x90/0x274 [ 33.451100][ T4219] do_new_mount+0x278/0x8fc [ 33.452161][ T4219] path_mount+0x590/0xe5c [ 33.453230][ T4219] __arm64_sys_mount+0x45c/0x594 [ 33.454451][ T4219] invoke_syscall+0x98/0x2c0 [ 33.455679][ T4219] el0_svc_common+0x138/0x258 [ 33.456838][ T4219] do_el0_svc+0x64/0x218 [ 33.457865][ T4219] el0_svc+0x58/0x168 [ 33.458852][ T4219] el0t_64_sync_handler+0x84/0xf0 [ 33.460183][ T4219] el0t_64_sync+0x18c/0x190 [ 33.461331][ T4219] [ 33.461905][ T4219] The buggy address belongs to the physical page: [ 33.463389][ T4219] page:00000000ad65db85 refcount:3 mapcount:0 mapping:000000003201d786 index:0x213 pfn:0x122c3b [ 33.465887][ T4219] memcg:ffff0000c0940000 [ 33.466937][ T4219] aops:def_blk_aops ino:700000 [ 33.468085][ T4219] flags: 0x5ffe30000002042(referenced|workingset|private|node=0|zone=2|lastcpupid=0xfff) [ 33.470560][ T4219] raw: 05ffe30000002042 0000000000000000 dead000000000122 ffff0000c0494a10 [ 33.472524][ T4219] raw: 0000000000000213 ffff0000e2800910 00000003ffffffff ffff0000c0940000 [ 33.474639][ T4219] page dumped because: kasan: bad access detected [ 33.476237][ T4219] [ 33.476801][ T4219] Memory state around the buggy address: [ 33.478195][ T4219] ffff0000e2c3be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.480143][ T4219] ffff0000e2c3bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.482038][ T4219] >ffff0000e2c3bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.484079][ T4219] ^ [ 33.485365][ T4219] ffff0000e2c3c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.487272][ T4219] ffff0000e2c3c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.489273][ T4219] ================================================================== [ 33.491333][ T4219] Disabling lock debugging due to kernel taint [ 33.492949][ T4219] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 33.497868][ T4219] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 33.500325][ T4219] REISERFS (device loop0): Remounting filesystem read-only [ 33.502161][ T4219] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 33.505285][ T4219] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 33.508758][ T4219] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 33.513639][ T4219] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 33.516173][ T4219] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error