Warning: Permanently added '10.128.1.90' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.388317][ T4222] loop0: detected capacity change from 0 to 8192 [ 42.392889][ T4222] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 42.395693][ T4222] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 42.397630][ T4222] REISERFS (device loop0): using ordered data mode [ 42.398980][ T4222] reiserfs: using flush barriers [ 42.400634][ T4222] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 42.404103][ T4222] REISERFS (device loop0): checking transaction log (loop0) [ 42.440011][ T4222] REISERFS (device loop0): Using r5 hash to sort names [ 42.441654][ T4222] REISERFS (device loop0): using 3.5.x disk format [ 42.443437][ T4222] ================================================================== [ 42.445102][ T4222] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 42.446591][ T4222] Read of size 18446744073709551600 at addr ffff0000e1698f94 by task syz-executor166/4222 [ 42.448591][ T4222] [ 42.449110][ T4222] CPU: 0 PID: 4222 Comm: syz-executor166 Not tainted 6.1.35-syzkaller #0 [ 42.450887][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 42.452897][ T4222] Call trace: [ 42.453578][ T4222] dump_backtrace+0x1c8/0x1f4 [ 42.454514][ T4222] show_stack+0x2c/0x3c [ 42.455401][ T4222] dump_stack_lvl+0x108/0x170 [ 42.456362][ T4222] print_report+0x174/0x4c0 [ 42.457338][ T4222] kasan_report+0xd4/0x130 [ 42.458224][ T4222] kasan_check_range+0x264/0x2a4 [ 42.459242][ T4222] memmove+0x48/0x90 [ 42.460112][ T4222] leaf_paste_entries+0x698/0xb10 [ 42.461139][ T4222] balance_leaf+0xa0d4/0xe860 [ 42.462172][ T4222] do_balance+0x27c/0x788 [ 42.463077][ T4222] reiserfs_paste_into_item+0x630/0x744 [ 42.464298][ T4222] reiserfs_add_entry+0x8ec/0xcc4 [ 42.465321][ T4222] reiserfs_mkdir+0x588/0x77c [ 42.466292][ T4222] reiserfs_xattr_init+0x2b0/0x6bc [ 42.467319][ T4222] reiserfs_fill_super+0x1bfc/0x2028 [ 42.468384][ T4222] mount_bdev+0x274/0x370 [ 42.469299][ T4222] get_super_block+0x44/0x58 [ 42.470185][ T4222] legacy_get_tree+0xd4/0x16c [ 42.471200][ T4222] vfs_get_tree+0x90/0x274 [ 42.472098][ T4222] do_new_mount+0x25c/0x8c4 [ 42.473123][ T4222] path_mount+0x590/0xe58 [ 42.474016][ T4222] __arm64_sys_mount+0x45c/0x594 [ 42.474976][ T4222] invoke_syscall+0x98/0x2c0 [ 42.475969][ T4222] el0_svc_common+0x138/0x258 [ 42.476946][ T4222] do_el0_svc+0x64/0x218 [ 42.477836][ T4222] el0_svc+0x58/0x168 [ 42.478575][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 42.479567][ T4222] el0t_64_sync+0x18c/0x190 [ 42.480539][ T4222] [ 42.481023][ T4222] The buggy address belongs to the physical page: [ 42.482332][ T4222] page:0000000031640cef refcount:3 mapcount:0 mapping:00000000447c2a0f index:0x213 pfn:0x121698 [ 42.484499][ T4222] memcg:ffff0000c0930000 [ 42.485410][ T4222] aops:def_blk_aops ino:700000 [ 42.486356][ T4222] flags: 0x5ffc60000002042(referenced|workingset|private|node=0|zone=2|lastcpupid=0x7ff) [ 42.488348][ T4222] raw: 05ffc60000002042 0000000000000000 dead000000000122 ffff0000c054bf10 [ 42.490115][ T4222] raw: 0000000000000213 ffff0000e1c8f658 00000003ffffffff ffff0000c0930000 [ 42.491892][ T4222] page dumped because: kasan: bad access detected [ 42.493230][ T4222] [ 42.493725][ T4222] Memory state around the buggy address: [ 42.494971][ T4222] ffff0000e1698e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.496628][ T4222] ffff0000e1698f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.498286][ T4222] >ffff0000e1698f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.499958][ T4222] ^ [ 42.500909][ T4222] ffff0000e1699000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.502656][ T4222] ffff0000e1699080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.504412][ T4222] ================================================================== [ 42.506248][ T4222] Disabling lock debugging due to kernel taint [ 42.507556][ T4222] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.