[ 15.252282][ T3891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.262691][ T3891] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.303594][ T11] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.307286][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.176' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.352814][ T4216] loop0: detected capacity change from 0 to 8192 [ 38.357660][ T4216] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.360450][ T4216] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 38.362442][ T4216] REISERFS (device loop0): using ordered data mode [ 38.363785][ T4216] reiserfs: using flush barriers [ 38.365769][ T4216] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.369162][ T4216] REISERFS (device loop0): checking transaction log (loop0) [ 38.372834][ T4216] REISERFS (device loop0): Using r5 hash to sort names [ 38.376265][ T4216] reiserfs: enabling write barrier flush mode [ 38.382395][ T4216] ================================================================== [ 38.384130][ T4216] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 38.385719][ T4216] Read of size 18446744073709551584 at addr ffff0000e2926fa4 by task syz-executor167/4216 [ 38.387783][ T4216] [ 38.388252][ T4216] CPU: 0 PID: 4216 Comm: syz-executor167 Not tainted 6.1.34-syzkaller #0 [ 38.390004][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 38.392041][ T4216] Call trace: [ 38.392676][ T4216] dump_backtrace+0x1c8/0x1f4 [ 38.393710][ T4216] show_stack+0x2c/0x3c [ 38.394624][ T4216] dump_stack_lvl+0x108/0x170 [ 38.395574][ T4216] print_report+0x174/0x4c0 [ 38.396442][ T4216] kasan_report+0xd4/0x130 [ 38.397361][ T4216] kasan_check_range+0x264/0x2a4 [ 38.398432][ T4216] memmove+0x48/0x90 [ 38.399248][ T4216] leaf_paste_entries+0x698/0xb10 [ 38.400302][ T4216] balance_leaf+0xa0d4/0xe860 [ 38.401326][ T4216] do_balance+0x27c/0x788 [ 38.402260][ T4216] reiserfs_paste_into_item+0x630/0x744 [ 38.403435][ T4216] reiserfs_add_entry+0x8ec/0xcc4 [ 38.404569][ T4216] reiserfs_mkdir+0x588/0x77c [ 38.405544][ T4216] reiserfs_xattr_init+0x2b0/0x6bc [ 38.406689][ T4216] reiserfs_remount+0x78c/0x13f4 [ 38.407740][ T4216] legacy_reconfigure+0xfc/0x114 [ 38.408885][ T4216] reconfigure_super+0x328/0x738 [ 38.409986][ T4216] path_mount+0xc6c/0xe58 [ 38.410905][ T4216] __arm64_sys_mount+0x45c/0x594 [ 38.412016][ T4216] invoke_syscall+0x98/0x2c0 [ 38.412993][ T4216] el0_svc_common+0x138/0x258 [ 38.414038][ T4216] do_el0_svc+0x64/0x218 [ 38.414978][ T4216] el0_svc+0x58/0x168 [ 38.415903][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 38.416925][ T4216] el0t_64_sync+0x18c/0x190 [ 38.417959][ T4216] [ 38.418500][ T4216] The buggy address belongs to the physical page: [ 38.419905][ T4216] page:00000000a3efa56f refcount:3 mapcount:0 mapping:00000000d1bb684a index:0x213 pfn:0x122926 [ 38.422023][ T4216] memcg:ffff0000c0930000 [ 38.422884][ T4216] aops:def_blk_aops ino:700000 [ 38.423911][ T4216] flags: 0x5ffc60000002042(referenced|workingset|private|node=0|zone=2|lastcpupid=0x7ff) [ 38.425938][ T4216] raw: 05ffc60000002042 0000000000000000 dead000000000122 ffff0000c049ca10 [ 38.427747][ T4216] raw: 0000000000000213 ffff0000df3ac488 00000003ffffffff ffff0000c0930000 [ 38.429574][ T4216] page dumped because: kasan: bad access detected [ 38.430911][ T4216] [ 38.431408][ T4216] Memory state around the buggy address: [ 38.432557][ T4216] ffff0000e2926e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.434322][ T4216] ffff0000e2926f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.436060][ T4216] >ffff0000e2926f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.437737][ T4216] ^ [ 38.438788][ T4216] ffff0000e2927000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.440501][ T4216] ffff0000e2927080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.442181][ T4216] ================================================================== [ 38.445103][ T4216] Disabling lock debugging due to kernel taint [ 38.446734][ T4216] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 38.450929][ T4216] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 38.453099][ T4216] REISERFS (device loop0): Remounting filesystem read-only [ 38.454550][ T4216] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 38.457382][ T4216] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 38.460361][ T4216] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 38.464480][ T4216] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 38.466606][ T4216] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error