[ 15.475219][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.478260][ T5643] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.526021][ T1786] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.530261][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.953375][ T5979] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5979 'syz-executor206' [ 34.995264][ T5979] loop0: detected capacity change from 0 to 8192 [ 35.000328][ T5979] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 35.003327][ T5979] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 35.005586][ T5979] REISERFS (device loop0): using ordered data mode [ 35.007001][ T5979] reiserfs: using flush barriers [ 35.008842][ T5979] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.012576][ T5979] REISERFS (device loop0): checking transaction log (loop0) [ 35.016256][ T5979] REISERFS (device loop0): Using r5 hash to sort names [ 35.017867][ T5979] REISERFS (device loop0): using 3.5.x disk format [ 35.019811][ T5979] ================================================================== [ 35.021642][ T5979] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 35.023341][ T5979] Read of size 18446744073709551584 at addr ffff0001624dcfa4 by task syz-executor206/5979 [ 35.025632][ T5979] [ 35.026158][ T5979] CPU: 0 PID: 5979 Comm: syz-executor206 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0 [ 35.028571][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 35.030930][ T5979] Call trace: [ 35.031664][ T5979] dump_backtrace+0x1b8/0x1e4 [ 35.032826][ T5979] show_stack+0x2c/0x44 [ 35.033820][ T5979] dump_stack_lvl+0xd0/0x124 [ 35.034868][ T5979] print_report+0x174/0x514 [ 35.035865][ T5979] kasan_report+0xd4/0x130 [ 35.036901][ T5979] kasan_check_range+0x264/0x2a4 [ 35.038063][ T5979] __asan_memmove+0x3c/0x84 [ 35.039143][ T5979] leaf_paste_entries+0x698/0xb10 [ 35.040320][ T5979] balance_leaf+0xa0d4/0xe860 [ 35.041616][ T5979] do_balance+0x27c/0x788 [ 35.042584][ T5979] reiserfs_paste_into_item+0x630/0x744 [ 35.043965][ T5979] reiserfs_add_entry+0x8ec/0xcc4 [ 35.045153][ T5979] reiserfs_mkdir+0x588/0x77c [ 35.046345][ T5979] reiserfs_xattr_init+0x2b4/0x638 [ 35.047638][ T5979] reiserfs_fill_super+0x1bfc/0x2028 [ 35.049024][ T5979] mount_bdev+0x26c/0x368 [ 35.050092][ T5979] get_super_block+0x44/0x58 [ 35.051222][ T5979] legacy_get_tree+0xd4/0x16c [ 35.052382][ T5979] vfs_get_tree+0x90/0x274 [ 35.053468][ T5979] do_new_mount+0x25c/0x8c8 [ 35.054565][ T5979] path_mount+0x590/0xe04 [ 35.055659][ T5979] __arm64_sys_mount+0x45c/0x594 [ 35.056929][ T5979] invoke_syscall+0x98/0x2c0 [ 35.058004][ T5979] el0_svc_common+0x138/0x258 [ 35.059103][ T5979] do_el0_svc+0x64/0x198 [ 35.060157][ T5979] el0_svc+0x4c/0x15c [ 35.061143][ T5979] el0t_64_sync_handler+0x84/0xf0 [ 35.062167][ T5979] el0t_64_sync+0x190/0x194 [ 35.063290][ T5979] [ 35.063824][ T5979] The buggy address belongs to the physical page: [ 35.065344][ T5979] page:00000000413504c2 refcount:3 mapcount:0 mapping:000000002bd29220 index:0x213 pfn:0x1a24dc [ 35.067832][ T5979] memcg:ffff0000c1572000 [ 35.068792][ T5979] aops:def_blk_aops ino:700000 [ 35.069927][ T5979] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 35.072167][ T5979] page_type: 0xffffffff() [ 35.073254][ T5979] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c1884a00 [ 35.075358][ T5979] raw: 0000000000000213 ffff0000df622488 00000003ffffffff ffff0000c1572000 [ 35.077354][ T5979] page dumped because: kasan: bad access detected [ 35.078827][ T5979] [ 35.079405][ T5979] Memory state around the buggy address: [ 35.080810][ T5979] ffff0001624dce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.082749][ T5979] ffff0001624dcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.084654][ T5979] >ffff0001624dcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.086639][ T5979] ^ [ 35.087950][ T5979] ffff0001624dd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.089845][ T5979] ffff0001624dd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.091797][ T5979] ================================================================== [ 35.093942][ T5979] Disabling lock debugging due to kernel taint [ 35.095542][ T5979] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.100175][ T5979] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.102484][ T5979] REISERFS (device loop0): Remounting filesystem read-only [ 35.104045][ T5979] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 35.107283][ T5979] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 35.110527][ T5979] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.114911][ T5979] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.117225][ T5979] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error