Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts. executing program [ 39.201615][ T4017] loop0: detected capacity change from 0 to 8192 [ 39.303141][ T4017] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 39.305678][ T4017] REISERFS (device loop0): using ordered data mode [ 39.307367][ T4017] reiserfs: using flush barriers [ 39.309959][ T4017] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.315041][ T4017] REISERFS (device loop0): checking transaction log (loop0) [ 39.319843][ T4017] REISERFS (device loop0): Using tea hash to sort names [ 39.323118][ T4017] ================================================================== [ 39.325280][ T4017] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944 [ 39.327196][ T4017] Read of size 18446744073709551584 at addr ffff0000e0e39fa4 by task syz-executor280/4017 [ 39.329737][ T4017] [ 39.330395][ T4017] CPU: 1 PID: 4017 Comm: syz-executor280 Not tainted 5.15.164-syzkaller #0 [ 39.332724][ T4017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 39.335490][ T4017] Call trace: [ 39.336381][ T4017] dump_backtrace+0x0/0x530 [ 39.337608][ T4017] show_stack+0x2c/0x3c [ 39.338723][ T4017] dump_stack_lvl+0x108/0x170 [ 39.340019][ T4017] print_address_description+0x7c/0x3f0 [ 39.341562][ T4017] kasan_report+0x174/0x1e4 [ 39.342824][ T4017] kasan_check_range+0x274/0x2b4 [ 39.344181][ T4017] memmove+0x90/0xe8 [ 39.345285][ T4017] leaf_paste_entries+0x504/0x944 [ 39.346643][ T4017] balance_leaf+0xa0d4/0xe860 [ 39.347954][ T4017] do_balance+0x27c/0x790 [ 39.349222][ T4017] reiserfs_paste_into_item+0x630/0x744 [ 39.350744][ T4017] reiserfs_add_entry+0x8c0/0xc8c [ 39.352144][ T4017] reiserfs_mkdir+0x588/0x77c [ 39.353364][ T4017] reiserfs_xattr_init+0x2b0/0x6dc [ 39.354764][ T4017] reiserfs_fill_super+0x1b28/0x1e8c [ 39.356243][ T4017] mount_bdev+0x274/0x370 [ 39.357476][ T4017] get_super_block+0x44/0x58 [ 39.358764][ T4017] legacy_get_tree+0xd4/0x16c [ 39.360015][ T4017] vfs_get_tree+0x90/0x274 [ 39.361209][ T4017] do_new_mount+0x278/0x8fc [ 39.362436][ T4017] path_mount+0x594/0x101c [ 39.363657][ T4017] __arm64_sys_mount+0x510/0x5e0 [ 39.364987][ T4017] invoke_syscall+0x98/0x2b8 [ 39.366271][ T4017] el0_svc_common+0x138/0x258 [ 39.367530][ T4017] do_el0_svc+0x58/0x14c [ 39.368639][ T4017] el0_svc+0x7c/0x1f0 [ 39.369720][ T4017] el0t_64_sync_handler+0x84/0xe4 [ 39.371062][ T4017] el0t_64_sync+0x1a0/0x1a4 [ 39.372339][ T4017] [ 39.372955][ T4017] The buggy address belongs to the page: [ 39.374522][ T4017] page:00000000189c7190 refcount:2 mapcount:0 mapping:0000000077e73558 index:0x213 pfn:0x120e39 [ 39.377370][ T4017] memcg:ffff0000c08ac000 [ 39.378494][ T4017] aops:def_blk_aops ino:700000 [ 39.379805][ T4017] flags: 0x5ffc00000002032(referenced|lru|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 39.382437][ T4017] raw: 05ffc00000002032 fffffc00032704c8 fffffc000358c948 ffff0000c51e4f48 [ 39.384778][ T4017] raw: 0000000000000213 ffff0000de3bfe80 00000002ffffffff ffff0000c08ac000 [ 39.387166][ T4017] page dumped because: kasan: bad access detected [ 39.388960][ T4017] [ 39.389587][ T4017] Memory state around the buggy address: [ 39.391095][ T4017] ffff0000e0e39e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.393244][ T4017] ffff0000e0e39f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.395467][ T4017] >ffff0000e0e39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.397626][ T4017] ^ [ 39.399049][ T4017] ffff0000e0e3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.401297][ T4017] ffff0000e0e3a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.403526][ T4017] ================================================================== [ 39.405705][ T4017] Disabling lock debugging due to kernel taint [ 39.407707][ T4017] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 29662, item_location 2, free_space(entry_count) 37376 [ 39.413511][ T4017] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 39.416275][ T4017] REISERFS (device loop0): Remounting filesystem read-only [ 39.418125][ T4017] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 39.421736][ T4017] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 39.425576][ T4017] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 29662, item_location 2, free_space(entry_count) 37376 [ 39.431086][ T4017] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 39.433957][ T4017] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error executing program [ 39.603160][ T4020] loop0: detected capacity change from 0 to 8192 [ 39.691679][ T4020] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 39.694269][ T4020] REISERFS (device loop0): using ordered data mode [ 39.696000][ T4020] reiserfs: using flush barriers [ 39.698257][ T4020] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.703053][ T4020] REISERFS (device loop0): checking transaction log (loop0) [ 39.706158][ T4020] REISERFS (device loop0): Using tea hash to sort names [ 39.720828][ C0] Unable to handle kernel paging request at virtual address dfff800000000038 [ 39.720928][ C1] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 39.723243][ C0] Mem abort info: [ 39.723249][ C0] ESR = 0x0000000096000006 [ 39.725899][ C1] Mem abort info: [ 39.726806][ C0] EC = 0x25: DABT (current EL), IL = 32 bits [ 39.726817][ C0] SET = 0, FnV = 0 [ 39.728058][ C1] ESR = 0x0000000086000004 [ 39.728990][ C0] EA = 0, S1PTW = 0 [ 39.730728][ C1] EC = 0x21: IABT (current EL), IL = 32 bits [ 39.731773][ C0] FSC = 0x06: level 2 translation fault [ 39.731782][ C0] Data abort info: [ 39.731785][ C0] ISV = 0, ISS = 0x00000006 [ 39.731789][ C0] CM = 0, WnR = 0 [ 39.731793][ C0] [dfff800000000038] address between user and kernel address ranges [ 39.731801][ C0] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 39.731811][ C0] Modules linked in: [ 39.731819][ C0] CPU: 0 PID: 4020 Comm: syz-executor280 Tainted: G B 5.15.164-syzkaller #0 [ 39.731831][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 39.733133][ C1] SET = 0, FnV = 0 [ 39.734210][ C0] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.735834][ C1] EA = 0, S1PTW = 0 [ 39.737441][ C0] pc : update_load_avg+0x44/0x1168 [ 39.738430][ C1] FSC = 0x04: level 0 translation fault [ 39.739741][ C0] lr : update_blocked_averages+0x8f8/0xeb8 [ 39.740834][ C1] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001123c1000 [ 39.743011][ C0] sp : ffff800008007c80 [ 39.744979][ C1] [0000000000000000] pgd=0000000000000000 [ 39.746043][ C0] x29: ffff800008007cc0 [ 39.748722][ C1] , p4d=0000000000000000 [ 39.751571][ C0] x28: dfff800000000000 x27: ffff0000da318800 [ 39.751592][ C0] x26: ffff0000c1a2e990 x25: ffff0000c1a2e800 x24: 0000000000000001 [ 39.751607][ C0] x23: 0000000000000000 x22: 00000000000001c4 [ 39.752616][ C1] [ 39.754763][ C0] x21: 1fffe00018345d28 [ 39.774612][ C0] x20: dfff800000000000 x19: 0000000000000000 x18: 0000000000010000 [ 39.776885][ C0] x17: 0000000000010000 x16: ffff800011ab8a28 x15: 0000000000000003 [ 39.779156][ C0] x14: ffff0000ca4f51c0 x13: 0000000000000000 x12: ffff700001000f84 [ 39.781415][ C0] x11: 0000000000000102 x10: 0000000000000003 x9 : 0000000000000007 [ 39.783639][ C0] x8 : 0000000000000038 x7 : 0000000000000000 x6 : ffff80000824de50 [ 39.785884][ C0] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000083049b8 [ 39.788137][ C0] x2 : 0000000000000001 x1 : ffff0000da318800 x0 : 0000000000000000 [ 39.790394][ C0] Call trace: [ 39.791317][ C0] update_load_avg+0x44/0x1168 [ 39.792654][ C0] update_blocked_averages+0x8f8/0xeb8 [ 39.794226][ C0] run_rebalance_domains+0x140/0x190 [ 39.795722][ C0] handle_softirqs+0x384/0xdbc [ 39.797092][ C0] __irq_exit_rcu+0x268/0x4d8 [ 39.798383][ C0] irq_exit+0x14/0x88 [ 39.799540][ C0] handle_domain_irq+0xf4/0x178 [ 39.801002][ C0] gic_handle_irq+0x78/0x1c8 [ 39.802344][ C0] call_on_irq_stack+0x24/0x4c [ 39.803662][ C0] do_interrupt_handler+0x74/0x94 [ 39.805084][ C0] el1_interrupt+0x30/0x58 [ 39.806316][ C0] el1h_64_irq_handler+0x18/0x24 [ 39.807668][ C0] el1h_64_irq+0x78/0x7c [ 39.808827][ C0] __memcpy+0x1d8/0x260 [ 39.809995][ C0] leaf_paste_entries+0x504/0x944 [ 39.811418][ C0] balance_leaf+0xa0d4/0xe860 [ 39.812721][ C0] do_balance+0x27c/0x790 [ 39.813948][ C0] reiserfs_paste_into_item+0x630/0x744 [ 39.815577][ C0] reiserfs_add_entry+0x8c0/0xc8c [ 39.817018][ C0] reiserfs_mkdir+0x588/0x77c [ 39.818310][ C0] reiserfs_xattr_init+0x2b0/0x6dc [ 39.819722][ C0] reiserfs_fill_super+0x1b28/0x1e8c [ 39.821257][ C0] mount_bdev+0x274/0x370 [ 39.822487][ C0] get_super_block+0x44/0x58 [ 39.823798][ C0] legacy_get_tree+0xd4/0x16c [ 39.825012][ C0] vfs_get_tree+0x90/0x274 [ 39.826219][ C0] do_new_mount+0x278/0x8fc [ 39.827438][ C0] path_mount+0x594/0x101c [ 39.828737][ C0] __arm64_sys_mount+0x510/0x5e0 [ 39.830072][ C0] invoke_syscall+0x98/0x2b8 [ 39.831387][ C0] el0_svc_common+0x138/0x258 [ 39.832731][ C0] do_el0_svc+0x58/0x14c [ 39.833923][ C0] el0_svc+0x7c/0x1f0 [ 39.834974][ C0] el0t_64_sync_handler+0x84/0xe4 [ 39.836381][ C0] el0t_64_sync+0x1a0/0x1a4 [ 39.837634][ C0] Code: 12000ac9 2a0203f8 11000d29 aa0003f3 (38fc6908) [ 39.839529][ C0] ---[ end trace 9699de35f9e2ca22 ]---