[ 15.306312][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.309387][ T5643] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.359241][ T585] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.364657][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.133' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.437532][ T5968] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5968 'syz-executor395' [ 34.479569][ T5968] loop0: detected capacity change from 0 to 8192 [ 34.484765][ T5968] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 34.487541][ T5968] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 34.489453][ T5968] REISERFS (device loop0): using ordered data mode [ 34.490842][ T5968] reiserfs: using flush barriers [ 34.492483][ T5968] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 34.496230][ T5968] REISERFS (device loop0): checking transaction log (loop0) [ 34.499727][ T5968] REISERFS (device loop0): Using r5 hash to sort names [ 34.502508][ T5968] reiserfs: enabling write barrier flush mode [ 34.508541][ T5968] ================================================================== [ 34.510324][ T5968] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 34.511889][ T5968] Read of size 18446744073709551584 at addr ffff0000e0010fa4 by task syz-executor395/5968 [ 34.514041][ T5968] [ 34.514535][ T5968] CPU: 0 PID: 5968 Comm: syz-executor395 Not tainted 6.4.0-rc5-syzkaller-g177239177378 #0 [ 34.516751][ T5968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 34.518908][ T5968] Call trace: [ 34.519595][ T5968] dump_backtrace+0x1b8/0x1e4 [ 34.520619][ T5968] show_stack+0x2c/0x44 [ 34.521499][ T5968] dump_stack_lvl+0xd0/0x124 [ 34.522444][ T5968] print_report+0x174/0x514 [ 34.523345][ T5968] kasan_report+0xd4/0x130 [ 34.524334][ T5968] kasan_check_range+0x264/0x2a4 [ 34.525319][ T5968] __asan_memmove+0x3c/0x84 [ 34.526224][ T5968] leaf_paste_entries+0x698/0xb10 [ 34.527455][ T5968] balance_leaf+0xa0d4/0xe860 [ 34.528442][ T5968] do_balance+0x27c/0x788 [ 34.529356][ T5968] reiserfs_paste_into_item+0x630/0x744 [ 34.530570][ T5968] reiserfs_add_entry+0x8ec/0xcc4 [ 34.531600][ T5968] reiserfs_mkdir+0x588/0x77c [ 34.532601][ T5968] reiserfs_xattr_init+0x2b4/0x638 [ 34.533687][ T5968] reiserfs_remount+0x78c/0x13f4 [ 34.534768][ T5968] legacy_reconfigure+0xfc/0x114 [ 34.535866][ T5968] reconfigure_super+0x328/0x738 [ 34.536973][ T5968] path_mount+0xc0c/0xe04 [ 34.537934][ T5968] __arm64_sys_mount+0x45c/0x594 [ 34.539026][ T5968] invoke_syscall+0x98/0x2c0 [ 34.539996][ T5968] el0_svc_common+0x138/0x244 [ 34.540945][ T5968] do_el0_svc+0x64/0x198 [ 34.541832][ T5968] el0_svc+0x4c/0x160 [ 34.542668][ T5968] el0t_64_sync_handler+0x84/0xfc [ 34.543868][ T5968] el0t_64_sync+0x190/0x194 [ 34.544892][ T5968] [ 34.545391][ T5968] The buggy address belongs to the physical page: [ 34.546890][ T5968] page:0000000027550553 refcount:3 mapcount:0 mapping:00000000f9d37bf2 index:0x213 pfn:0x120010 [ 34.549087][ T5968] memcg:ffff0000c1972000 [ 34.549976][ T5968] aops:def_blk_aops ino:700000 [ 34.551056][ T5968] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 34.553099][ T5968] page_type: 0xffffffff() [ 34.554018][ T5968] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c154bf00 [ 34.555750][ T5968] raw: 0000000000000213 ffff0000defd9740 00000003ffffffff ffff0000c1972000 [ 34.557699][ T5968] page dumped because: kasan: bad access detected [ 34.559026][ T5968] [ 34.559527][ T5968] Memory state around the buggy address: [ 34.560712][ T5968] ffff0000e0010e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.562405][ T5968] ffff0000e0010f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.564078][ T5968] >ffff0000e0010f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.565822][ T5968] ^ [ 34.566992][ T5968] ffff0000e0011000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.568676][ T5968] ffff0000e0011080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.570465][ T5968] ================================================================== [ 34.572861][ T5968] Disabling lock debugging due to kernel taint [ 34.574303][ T5968] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 34.578583][ T5968] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 34.580805][ T5968] REISERFS (device loop0): Remounting filesystem read-only [ 34.582233][ T5968] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 34.585117][ T5968] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 34.588204][ T5968] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 34.592453][ T5968] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 34.594893][ T5968] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error