[ 15.329666][ T5647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.340617][ T5647] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.389040][ T40] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.394672][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.74' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.058861][ T5971] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5971 'syz-executor101' [ 41.100504][ T5971] loop0: detected capacity change from 0 to 8192 [ 41.105532][ T5971] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 41.108350][ T5971] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 41.110367][ T5971] REISERFS (device loop0): using ordered data mode [ 41.111706][ T5971] reiserfs: using flush barriers [ 41.113566][ T5971] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.117023][ T5971] REISERFS (device loop0): checking transaction log (loop0) [ 41.120549][ T5971] REISERFS (device loop0): Using r5 hash to sort names [ 41.123426][ T5971] reiserfs: enabling write barrier flush mode [ 41.128774][ T5971] ================================================================== [ 41.130509][ T5971] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 41.132142][ T5971] Read of size 18446744073709551587 at addr ffff0000e0c16fa4 by task syz-executor101/5971 [ 41.134256][ T5971] [ 41.134745][ T5971] CPU: 1 PID: 5971 Comm: syz-executor101 Not tainted 6.4.0-rc7-syzkaller-g42234a752679 #0 [ 41.136794][ T5971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 41.138920][ T5971] Call trace: [ 41.139583][ T5971] dump_backtrace+0x1b8/0x1e4 [ 41.140594][ T5971] show_stack+0x2c/0x44 [ 41.141540][ T5971] dump_stack_lvl+0xd0/0x124 [ 41.142531][ T5971] print_report+0x174/0x514 [ 41.143553][ T5971] kasan_report+0xd4/0x130 [ 41.144526][ T5971] kasan_check_range+0x264/0x2a4 [ 41.145584][ T5971] __asan_memmove+0x3c/0x84 [ 41.146582][ T5971] leaf_paste_entries+0x698/0xb10 [ 41.147754][ T5971] balance_leaf+0xa0d4/0xe860 [ 41.148771][ T5971] do_balance+0x27c/0x788 [ 41.149717][ T5971] reiserfs_paste_into_item+0x630/0x744 [ 41.150964][ T5971] reiserfs_add_entry+0x8ec/0xcc4 [ 41.152025][ T5971] reiserfs_mkdir+0x588/0x77c [ 41.152962][ T5971] reiserfs_xattr_init+0x2b4/0x638 [ 41.154123][ T5971] reiserfs_remount+0x78c/0x13f4 [ 41.155218][ T5971] legacy_reconfigure+0xfc/0x114 [ 41.156287][ T5971] reconfigure_super+0x328/0x738 [ 41.157371][ T5971] path_mount+0xc0c/0xe04 [ 41.158300][ T5971] __arm64_sys_mount+0x45c/0x594 [ 41.159376][ T5971] invoke_syscall+0x98/0x2c0 [ 41.160376][ T5971] el0_svc_common+0x138/0x244 [ 41.161395][ T5971] do_el0_svc+0x64/0x198 [ 41.162269][ T5971] el0_svc+0x4c/0x160 [ 41.163120][ T5971] el0t_64_sync_handler+0x84/0xfc [ 41.164220][ T5971] el0t_64_sync+0x190/0x194 [ 41.165192][ T5971] [ 41.165732][ T5971] The buggy address belongs to the physical page: [ 41.167155][ T5971] page:00000000f15b38f1 refcount:3 mapcount:0 mapping:000000004973b554 index:0x213 pfn:0x120c16 [ 41.169393][ T5971] memcg:ffff0000c1972000 [ 41.170316][ T5971] aops:def_blk_aops ino:700000 [ 41.171249][ T5971] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 41.173254][ T5971] page_type: 0xffffffff() [ 41.174151][ T5971] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c154bf00 [ 41.176039][ T5971] raw: 0000000000000213 ffff0000e0595000 00000003ffffffff ffff0000c1972000 [ 41.177984][ T5971] page dumped because: kasan: bad access detected [ 41.179348][ T5971] [ 41.179810][ T5971] Memory state around the buggy address: [ 41.181045][ T5971] ffff0000e0c16e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.182715][ T5971] ffff0000e0c16f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.184493][ T5971] >ffff0000e0c16f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.186272][ T5971] ^ [ 41.187342][ T5971] ffff0000e0c17000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.189033][ T5971] ffff0000e0c17080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.190774][ T5971] ================================================================== [ 41.192641][ T5971] Disabling lock debugging due to kernel taint [ 41.194016][ T5971] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[771751938 1936287090 0x73667265 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 41.198273][ T5971] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 41.200399][ T5971] REISERFS (device loop0): Remounting filesystem read-only [ 41.201893][ T5971] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 41.204796][ T5971] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 41.207804][ T5971] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[771751938 1936287090 0x73667265 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 41.212212][ T5971] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 41.214324][ T5971] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error