Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
executing program
[   40.284018][ T3966] loop0: detected capacity change from 0 to 8192
[   40.370086][ T3966] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   40.373178][ T3966] REISERFS (device loop0): using ordered data mode
[   40.374908][ T3966] reiserfs: using flush barriers
[   40.378007][ T3966] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   40.382589][ T3966] REISERFS (device loop0): checking transaction log (loop0)
[   40.387177][ T3966] REISERFS (device loop0): Using tea hash to sort names
[   40.389445][ T3966] REISERFS (device loop0): using 3.5.x disk format
[   40.392006][ T3966] ==================================================================
[   40.394178][ T3966] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944
[   40.396187][ T3966] Read of size 18446744073709551592 at addr ffff0000e134bfa4 by task syz-executor193/3966
[   40.398931][ T3966] 
[   40.399572][ T3966] CPU: 1 PID: 3966 Comm: syz-executor193 Not tainted 5.15.163-syzkaller #0
[   40.401929][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   40.404624][ T3966] Call trace:
[   40.405493][ T3966]  dump_backtrace+0x0/0x530
[   40.406730][ T3966]  show_stack+0x2c/0x3c
[   40.407869][ T3966]  dump_stack_lvl+0x108/0x170
[   40.409111][ T3966]  print_address_description+0x7c/0x3f0
[   40.410619][ T3966]  kasan_report+0x174/0x1e4
[   40.411842][ T3966]  kasan_check_range+0x274/0x2b4
[   40.413183][ T3966]  memmove+0x90/0xe8
[   40.414262][ T3966]  leaf_paste_entries+0x504/0x944
[   40.415593][ T3966]  balance_leaf+0xa0d4/0xe860
[   40.416858][ T3966]  do_balance+0x27c/0x790
[   40.417985][ T3966]  reiserfs_paste_into_item+0x630/0x744
[   40.419558][ T3966]  reiserfs_add_entry+0x8c0/0xc8c
[   40.420892][ T3966]  reiserfs_mkdir+0x588/0x77c
[   40.422199][ T3966]  reiserfs_xattr_init+0x2b0/0x6dc
[   40.423611][ T3966]  reiserfs_fill_super+0x1b28/0x1e8c
[   40.425018][ T3966]  mount_bdev+0x274/0x370
[   40.426179][ T3966]  get_super_block+0x44/0x58
[   40.427456][ T3966]  legacy_get_tree+0xd4/0x16c
[   40.428688][ T3966]  vfs_get_tree+0x90/0x274
[   40.429875][ T3966]  do_new_mount+0x278/0x8fc
[   40.431045][ T3966]  path_mount+0x594/0x101c
[   40.432231][ T3966]  __arm64_sys_mount+0x510/0x5e0
[   40.433581][ T3966]  invoke_syscall+0x98/0x2b8
[   40.434792][ T3966]  el0_svc_common+0x138/0x258
[   40.436070][ T3966]  do_el0_svc+0x58/0x14c
[   40.437229][ T3966]  el0_svc+0x7c/0x1f0
[   40.438302][ T3966]  el0t_64_sync_handler+0x84/0xe4
[   40.439722][ T3966]  el0t_64_sync+0x1a0/0x1a4
[   40.441028][ T3966] 
[   40.441648][ T3966] The buggy address belongs to the page:
[   40.443159][ T3966] page:00000000eba80b5b refcount:3 mapcount:0 mapping:000000008bf78b53 index:0x213 pfn:0x12134b
[   40.446028][ T3966] memcg:ffff0000c08a4000
[   40.447148][ T3966] aops:def_blk_aops ino:700000
[   40.448446][ T3966] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff)
[   40.451067][ T3966] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c058cf48
[   40.453344][ T3966] raw: 0000000000000213 ffff0000dfa1a488 00000003ffffffff ffff0000c08a4000
[   40.455638][ T3966] page dumped because: kasan: bad access detected
[   40.457381][ T3966] 
[   40.458048][ T3966] Memory state around the buggy address:
[   40.459573][ T3966]  ffff0000e134be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.461740][ T3966]  ffff0000e134bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.463946][ T3966] >ffff0000e134bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.466105][ T3966]                                ^
[   40.467467][ T3966]  ffff0000e134c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.469725][ T3966]  ffff0000e134c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.471913][ T3966] ==================================================================
[   40.474128][ T3966] Disabling lock debugging due to kernel taint
[   40.475932][ T3966] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[2 0 0x6965722e UNKNOWN], item_len 29662, item_location 2, free_space(entry_count) 37376
[   40.480963][ T3966] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[   40.483756][ T3966] REISERFS (device loop0): Remounting filesystem read-only
[   40.485657][ T3966] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data
[   40.489338][ T3966] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount.
[   40.493314][ T3966] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[2 0 0x6965722e UNKNOWN], item_len 29662, item_location 2, free_space(entry_count) 37376
[   40.498498][ T3966] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[   40.501315][ T3966] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error
executing program
[   40.663553][ T3969] loop0: detected capacity change from 0 to 8192
[   40.728135][ T3969] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   40.730758][ T3969] REISERFS (device loop0): using ordered data mode
[   40.732527][ T3969] reiserfs: using flush barriers
[   40.734923][ T3969] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   40.739946][ T3969] REISERFS (device loop0): checking transaction log (loop0)
[   40.742744][ T3969] REISERFS (device loop0): Using tea hash to sort names
[   40.744709][ T3969] REISERFS (device loop0): using 3.5.x disk format
[   40.755292][    C1] ================================================================================
[   40.757936][    C1] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9
[   40.760275][    C1] index 1130 is out of range for type 'unsigned long[8]'
[   40.762251][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.15.163-syzkaller #0
[   40.764869][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   40.767512][    C1] Call trace:
[   40.768495][    C1]  dump_backtrace+0x0/0x530
[   40.769840][    C1]  show_stack+0x2c/0x3c
[   40.770677][ T3969] Unable to handle kernel write to read-only memory at virtual address ffff0000d1b00ff0
[   40.771110][    C1]  dump_stack_lvl+0x108/0x170
[   40.773814][ T3969] Mem abort info:
[   40.775155][    C1]  dump_stack+0x1c/0x58
[   40.776086][ T3969]   ESR = 0x000000009600004f
[   40.777181][    C1]  __ubsan_handle_out_of_bounds+0x108/0x15c
[   40.778486][    C0] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[   40.780090][    C1]  queued_spin_lock_slowpath+0x854/0x938
[   40.782698][    C0] Mem abort info:
[   40.784237][    C1]  do_raw_spin_lock+0x334/0x35c
[   40.785269][    C0]   ESR = 0x0000000086000004
[   40.786536][    C1]  _raw_spin_lock_irqsave+0xcc/0x14c
[   40.787778][    C0]   EC = 0x21: IABT (current EL), IL = 32 bits
[   40.789237][    C1]  try_to_wake_up+0xb0/0xc2c
[   40.790898][    C0]   SET = 0, FnV = 0
[   40.792143][    C1]  wake_up_process+0x18/0x24
[   40.793246][    C0]   EA = 0, S1PTW = 0
[   40.794443][    C1]  hrtimer_wakeup+0x64/0xbc
[   40.795540][    C0]   FSC = 0x04: level 0 translation fault
[   40.796792][    C1]  __hrtimer_run_queues+0x484/0xca4
[   40.798321][    C0] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000113280000
[   40.799742][    C1]  hrtimer_interrupt+0x2c0/0xb64
[   40.801717][    C0] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[   40.803006][    C1]  arch_timer_handler_virt+0x74/0x88
[   40.805163][    C0] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP
[   40.806589][    C1]  handle_percpu_devid_irq+0x29c/0x7fc
[   40.808503][    C0] Modules linked in:
[   40.809920][    C1]  handle_domain_irq+0xec/0x178
[   40.811074][    C0] CPU: 0 PID: 3969 Comm: syz-executor193 Tainted: G    B             5.15.163-syzkaller #0
[   40.812433][    C1]  gic_handle_irq+0x78/0x1c8
[   40.815248][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   40.816563][    C1]  call_on_irq_stack+0x24/0x4c
[   40.819250][    C0] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   40.820536][    C1]  do_interrupt_handler+0x74/0x94
[   40.822732][    C0] pc : 0x0
[   40.824068][    C1]  el1_interrupt+0x30/0x58
[   40.824865][    C0] lr : __wake_up_common+0x23c/0x3bc
[   40.826116][    C1]  el1h_64_irq_handler+0x18/0x24
[   40.827538][    C0] sp : ffff800008007960
[   40.828950][    C1]  el1h_64_irq+0x78/0x7c
[   40.830081][    C0] x29: ffff800008007980 x28: dfff800000000000 x27: ffff8000149ff040
[   40.831243][    C1]  arch_local_irq_enable+0xc/0x18
[   40.831256][    C0] 
[   40.831264][    C1]  default_idle_call+0xcc/0x4a8
[   40.833409][    C0] x26: ffff80001f0f7aa0
[   40.834551][    C1]  do_idle+0x1d4/0x4dc
[   40.835070][    C0]  x25: ffff80001f0f7a90
[   40.836190][    C1]  cpu_startup_entry+0x24/0x28
[   40.837134][    C0]  x24: ffff0000d5b91b40
[   40.838038][    C1]  secondary_start_kernel+0x240/0x298
[   40.839113][    C0] 
[   40.840353][    C1]  __secondary_switched+0x94/0x98
[   40.841440][    C0] x23: 0000000000000001
[   40.842880][    C1] ================================================================================
[   40.843489][    C0]  x22: 000000001f0f7a90 x21: 0000000000000000
[   40.850330][    C0] x20: ffff800008007a00 x19: 0000000000000001 x18: 0000000000000001
[   40.852522][    C0] x17: ffff80019ff47000 x16: ffff800008304870 x15: 0000000000000012
[   40.854705][    C0] x14: 0000000000000000 x13: 205d393639335420 x12: ffff700001000f20
[   40.856900][    C0] x11: 1ffff00001000f20 x10: 0000000000000004 x9 : 0000000000000003
[   40.859053][    C0] x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff8000082be390
[   40.861354][    C0] x5 : ffff800008007a00 x4 : 0000000000000000 x3 : 0000000000000000
[   40.863622][    C0] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff80001f0f7a90
[   40.865782][    C0] Call trace:
[   40.866657][    C0]  0x0
[   40.867417][    C0]  __wake_up+0x108/0x1a0
[   40.868568][    C0]  wake_up_klogd_work_func+0x15c/0x1cc
[   40.870019][    C0]  irq_work_single+0xbc/0x1e4
[   40.871277][    C0]  irq_work_tick+0x16c/0x1c8
[   40.872588][    C0]  update_process_times+0x204/0x270
[   40.873989][    C0]  tick_sched_timer+0x340/0x4f8
[   40.875326][    C0]  __hrtimer_run_queues+0x458/0xca4
[   40.876715][    C0]  hrtimer_interrupt+0x2c0/0xb64
[   40.878073][    C0]  arch_timer_handler_virt+0x74/0x88
[   40.879491][    C0]  handle_percpu_devid_irq+0x29c/0x7fc
[   40.880924][    C0]  handle_domain_irq+0xec/0x178
[   40.882177][    C0]  gic_handle_irq+0x78/0x1c8
[   40.883460][    C0]  call_on_irq_stack+0x24/0x4c
[   40.884784][    C0]  do_interrupt_handler+0x74/0x94
[   40.886120][    C0]  el1_interrupt+0x30/0x58
[   40.887409][    C0]  el1h_64_irq_handler+0x18/0x24
[   40.888784][    C0]  el1h_64_irq+0x78/0x7c
[   40.889977][    C0]  console_unlock+0xca0/0x1394
[   40.891283][    C0]  vprintk_emit+0x140/0x21c
[   40.892591][    C0]  vprintk_default+0xa0/0xe4
[   40.893873][    C0]  vprintk+0x200/0x2d4
[   40.894992][    C0]  _printk+0xdc/0x128
[   40.896096][    C0]  mem_abort_decode+0x38/0x1ac
[   40.897265][    C0]  __do_kernel_fault+0x3b0/0x448
[   40.898397][    C0]  do_page_fault+0x140/0xb60
[   40.899436][    C0]  do_mem_abort+0x70/0x1d8
[   40.900467][    C0]  el1_abort+0x3c/0x5c
[   40.901392][    C0]  el1h_64_sync_handler+0x60/0xac
[   40.902698][    C0]  el1h_64_sync+0x78/0x7c
[   40.903907][    C0]  __memcpy+0x1d8/0x260
[   40.905186][    C0]  leaf_paste_entries+0x504/0x944
[   40.906611][    C0]  balance_leaf+0xa0d4/0xe860
[   40.907917][    C0]  do_balance+0x27c/0x790
[   40.909069][    C0]  reiserfs_paste_into_item+0x630/0x744
[   40.910555][    C0]  reiserfs_add_entry+0x8c0/0xc8c
[   40.911943][    C0]  reiserfs_mkdir+0x588/0x77c
[   40.913320][    C0]  reiserfs_xattr_init+0x2b0/0x6dc
[   40.914783][    C0]  reiserfs_fill_super+0x1b28/0x1e8c
[   40.916244][    C0]  mount_bdev+0x274/0x370
[   40.917437][    C0]  get_super_block+0x44/0x58
[   40.918776][    C0]  legacy_get_tree+0xd4/0x16c
[   40.920028][    C0]  vfs_get_tree+0x90/0x274
[   40.921254][    C0]  do_new_mount+0x278/0x8fc
[   40.922479][    C0]  path_mount+0x594/0x101c
[   40.923703][    C0]  __arm64_sys_mount+0x510/0x5e0
[   40.925056][    C0]  invoke_syscall+0x98/0x2b8
[   40.926374][    C0]  el0_svc_common+0x138/0x258
[   40.927758][    C0]  do_el0_svc+0x58/0x14c
[   40.928858][    C0]  el0_svc+0x7c/0x1f0
[   40.929935][    C0]  el0t_64_sync_handler+0x84/0xe4
[   40.931410][    C0]  el0t_64_sync+0x1a0/0x1a4
[   40.932685][    C0] Code: bad PC value
[   40.933743][    C0] ---[ end trace bc0821fa65881384 ]---
[   40.947602][    C0] Unable to handle kernel paging request at virtual address dfff800000000028
[   40.949960][    C0] Mem abort info:
[   40.951002][    C0]   ESR = 0x0000000096000006
[   40.952288][    C0]   EC = 0x25: DABT (current EL), IL = 32 bits
[   40.953964][    C0]   SET = 0, FnV = 0
[   40.954989][    C0]   EA = 0, S1PTW = 0
[   40.956022][    C0]   FSC = 0x06: level 2 translation fault
[   40.957721][    C0] Data abort info:
[   40.958791][    C0]   ISV = 0, ISS = 0x00000006
[   40.960149][    C0]   CM = 0, WnR = 0
[   40.961190][    C0] [dfff800000000028] address between user and kernel address ranges