[ 15.299105][ T5645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.302330][ T5645] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.350950][ T27] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.353846][ T1604] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.270343][ T5969] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5969 'syz-executor209' [ 33.314017][ T5969] loop0: detected capacity change from 0 to 8192 [ 33.319792][ T5969] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 33.322335][ T5969] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.324525][ T5969] REISERFS (device loop0): using ordered data mode [ 33.325840][ T5969] reiserfs: using flush barriers [ 33.327611][ T5969] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 33.331011][ T5969] REISERFS (device loop0): checking transaction log (loop0) [ 33.365348][ T5969] REISERFS (device loop0): Using r5 hash to sort names [ 33.366932][ T5969] REISERFS (device loop0): using 3.5.x disk format [ 33.368785][ T5969] ================================================================== [ 33.370501][ T5969] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 33.372150][ T5969] Read of size 18446744073709551584 at addr ffff0000e20b7fa4 by task syz-executor209/5969 [ 33.374223][ T5969] [ 33.374687][ T5969] CPU: 1 PID: 5969 Comm: syz-executor209 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0 [ 33.376602][ T5969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 33.378781][ T5969] Call trace: [ 33.379513][ T5969] dump_backtrace+0x1b8/0x1e4 [ 33.380514][ T5969] show_stack+0x2c/0x44 [ 33.381346][ T5969] dump_stack_lvl+0xd0/0x124 [ 33.382251][ T5969] print_report+0x174/0x514 [ 33.383181][ T5969] kasan_report+0xd4/0x130 [ 33.384173][ T5969] kasan_check_range+0x264/0x2a4 [ 33.385218][ T5969] __asan_memmove+0x3c/0x84 [ 33.386166][ T5969] leaf_paste_entries+0x698/0xb10 [ 33.387196][ T5969] balance_leaf+0xa0d4/0xe860 [ 33.388167][ T5969] do_balance+0x27c/0x788 [ 33.389022][ T5969] reiserfs_paste_into_item+0x630/0x744 [ 33.390194][ T5969] reiserfs_add_entry+0x8ec/0xcc4 [ 33.391175][ T5969] reiserfs_mkdir+0x588/0x77c [ 33.392175][ T5969] reiserfs_xattr_init+0x2b4/0x638 [ 33.393196][ T5969] reiserfs_fill_super+0x1bfc/0x2028 [ 33.394280][ T5969] mount_bdev+0x274/0x370 [ 33.395104][ T5969] get_super_block+0x44/0x58 [ 33.395985][ T5969] legacy_get_tree+0xd4/0x16c [ 33.396939][ T5969] vfs_get_tree+0x90/0x274 [ 33.397900][ T5969] do_new_mount+0x25c/0x8c4 [ 33.398857][ T5969] path_mount+0x590/0xe04 [ 33.399730][ T5969] __arm64_sys_mount+0x45c/0x594 [ 33.400726][ T5969] invoke_syscall+0x98/0x2c0 [ 33.401680][ T5969] el0_svc_common+0x138/0x244 [ 33.402647][ T5969] do_el0_svc+0x64/0x198 [ 33.403499][ T5969] el0_svc+0x4c/0x160 [ 33.404380][ T5969] el0t_64_sync_handler+0x84/0xfc [ 33.405340][ T5969] el0t_64_sync+0x190/0x194 [ 33.406276][ T5969] [ 33.406743][ T5969] The buggy address belongs to the physical page: [ 33.408029][ T5969] page:00000000e3a15a23 refcount:3 mapcount:0 mapping:00000000fafcd55d index:0x213 pfn:0x1220b7 [ 33.410157][ T5969] memcg:ffff0000c1972000 [ 33.410996][ T5969] aops:def_blk_aops ino:700000 [ 33.411908][ T5969] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 33.413867][ T5969] page_type: 0xffffffff() [ 33.414699][ T5969] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c153bf00 [ 33.416503][ T5969] raw: 0000000000000213 ffff0000defa29f8 00000003ffffffff ffff0000c1972000 [ 33.418224][ T5969] page dumped because: kasan: bad access detected [ 33.419516][ T5969] [ 33.419963][ T5969] Memory state around the buggy address: [ 33.421106][ T5969] ffff0000e20b7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.422826][ T5969] ffff0000e20b7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.424450][ T5969] >ffff0000e20b7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.426086][ T5969] ^ [ 33.427104][ T5969] ffff0000e20b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.428685][ T5969] ffff0000e20b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.430354][ T5969] ================================================================== [ 33.432274][ T5969] Disabling lock debugging due to kernel taint [ 33.433516][ T5969] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 33.437572][ T5969] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 33.439717][ T5969] REISERFS (device loop0): Remounting filesystem read-only [ 33.441179][ T5969] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 33.444001][ T5969] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 33.446832][ T5969] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 33.451206][ T5969] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 33.453504][ T5969] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error