Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.180321][ T5970] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5970 'syz-executor120' [ 35.222004][ T5970] loop0: detected capacity change from 0 to 8192 [ 35.227297][ T5970] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 35.230105][ T5970] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 35.232119][ T5970] REISERFS (device loop0): using ordered data mode [ 35.233470][ T5970] reiserfs: using flush barriers [ 35.235386][ T5970] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.238922][ T5970] REISERFS (device loop0): checking transaction log (loop0) [ 35.272433][ T5970] REISERFS (device loop0): Using r5 hash to sort names [ 35.274021][ T5970] REISERFS (device loop0): using 3.5.x disk format [ 35.276023][ T5970] ================================================================== [ 35.277744][ T5970] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 35.279358][ T5970] Read of size 18446744073709551600 at addr ffff0000e2325f94 by task syz-executor120/5970 [ 35.281345][ T5970] [ 35.281778][ T5970] CPU: 1 PID: 5970 Comm: syz-executor120 Not tainted 6.4.0-rc7-syzkaller-g42234a752679 #0 [ 35.283950][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 35.285946][ T5970] Call trace: [ 35.286653][ T5970] dump_backtrace+0x1b8/0x1e4 [ 35.287676][ T5970] show_stack+0x2c/0x44 [ 35.288553][ T5970] dump_stack_lvl+0xd0/0x124 [ 35.289550][ T5970] print_report+0x174/0x514 [ 35.290483][ T5970] kasan_report+0xd4/0x130 [ 35.291440][ T5970] kasan_check_range+0x264/0x2a4 [ 35.292560][ T5970] __asan_memmove+0x3c/0x84 [ 35.293518][ T5970] leaf_paste_entries+0x698/0xb10 [ 35.294635][ T5970] balance_leaf+0xa0d4/0xe860 [ 35.295621][ T5970] do_balance+0x27c/0x788 [ 35.296500][ T5970] reiserfs_paste_into_item+0x630/0x744 [ 35.297746][ T5970] reiserfs_add_entry+0x8ec/0xcc4 [ 35.298822][ T5970] reiserfs_mkdir+0x588/0x77c [ 35.299701][ T5970] reiserfs_xattr_init+0x2b4/0x638 [ 35.300719][ T5970] reiserfs_fill_super+0x1bfc/0x2028 [ 35.301828][ T5970] mount_bdev+0x274/0x370 [ 35.302772][ T5970] get_super_block+0x44/0x58 [ 35.303755][ T5970] legacy_get_tree+0xd4/0x16c [ 35.304822][ T5970] vfs_get_tree+0x90/0x274 [ 35.305726][ T5970] do_new_mount+0x25c/0x8c4 [ 35.306719][ T5970] path_mount+0x590/0xe04 [ 35.307594][ T5970] __arm64_sys_mount+0x45c/0x594 [ 35.308682][ T5970] invoke_syscall+0x98/0x2c0 [ 35.309671][ T5970] el0_svc_common+0x138/0x244 [ 35.310730][ T5970] do_el0_svc+0x64/0x198 [ 35.311694][ T5970] el0_svc+0x4c/0x160 [ 35.312506][ T5970] el0t_64_sync_handler+0x84/0xfc [ 35.313600][ T5970] el0t_64_sync+0x190/0x194 [ 35.314561][ T5970] [ 35.315038][ T5970] The buggy address belongs to the physical page: [ 35.316436][ T5970] page:00000000c2b7cbc0 refcount:3 mapcount:0 mapping:00000000c610dce6 index:0x213 pfn:0x122325 [ 35.318293][ T5970] memcg:ffff0000c1972000 [ 35.318967][ T5970] aops:def_blk_aops ino:700000 [ 35.319747][ T5970] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 35.321698][ T5970] page_type: 0xffffffff() [ 35.322596][ T5970] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c1491300 [ 35.324333][ T5970] raw: 0000000000000213 ffff0000e0a509f8 00000003ffffffff ffff0000c1972000 [ 35.326081][ T5970] page dumped because: kasan: bad access detected [ 35.327416][ T5970] [ 35.327919][ T5970] Memory state around the buggy address: [ 35.329017][ T5970] ffff0000e2325e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.330633][ T5970] ffff0000e2325f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.332346][ T5970] >ffff0000e2325f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.334004][ T5970] ^ [ 35.334982][ T5970] ffff0000e2326000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.336747][ T5970] ffff0000e2326080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.338438][ T5970] ================================================================== [ 35.340264][ T5970] Disabling lock debugging due to kernel taint [ 35.341511][ T5970] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.