[ 18.398907][ T3636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.402238][ T3636] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.454325][ T348] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.455892][ T1529] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.744805][ T3960] loop0: detected capacity change from 0 to 8192 [ 37.749986][ T3960] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 37.752131][ T3960] REISERFS (device loop0): using ordered data mode [ 37.753544][ T3960] reiserfs: using flush barriers [ 37.755859][ T3960] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.759543][ T3960] REISERFS (device loop0): checking transaction log (loop0) [ 37.763090][ T3960] REISERFS (device loop0): Using r5 hash to sort names [ 37.766138][ T3960] reiserfs: enabling write barrier flush mode [ 37.773114][ T3960] ================================================================== [ 37.774900][ T3960] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944 [ 37.776476][ T3960] Read of size 18446744073709551584 at addr ffff0000decdffa4 by task syz-executor205/3960 [ 37.778550][ T3960] [ 37.779044][ T3960] CPU: 0 PID: 3960 Comm: syz-executor205 Not tainted 5.15.118-syzkaller #0 [ 37.780903][ T3960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 37.783071][ T3960] Call trace: [ 37.783768][ T3960] dump_backtrace+0x0/0x530 [ 37.784766][ T3960] show_stack+0x2c/0x3c [ 37.785663][ T3960] dump_stack_lvl+0x108/0x170 [ 37.786634][ T3960] print_address_description+0x7c/0x3f0 [ 37.787799][ T3960] kasan_report+0x174/0x1e4 [ 37.788747][ T3960] kasan_check_range+0x274/0x2b4 [ 37.789797][ T3960] memmove+0x90/0xe8 [ 37.790632][ T3960] leaf_paste_entries+0x504/0x944 [ 37.791763][ T3960] balance_leaf+0xa0d4/0xe860 [ 37.792856][ T3960] do_balance+0x27c/0x790 [ 37.793823][ T3960] reiserfs_paste_into_item+0x630/0x744 [ 37.795086][ T3960] reiserfs_add_entry+0x8c0/0xc8c [ 37.796146][ T3960] reiserfs_mkdir+0x588/0x77c [ 37.797156][ T3960] reiserfs_xattr_init+0x2b0/0x6dc [ 37.798293][ T3960] reiserfs_remount+0x78c/0x13f4 [ 37.799359][ T3960] legacy_reconfigure+0xfc/0x114 [ 37.800372][ T3960] reconfigure_super+0x340/0x690 [ 37.801450][ T3960] path_mount+0xc94/0x104c [ 37.802436][ T3960] __arm64_sys_mount+0x510/0x5e0 [ 37.803464][ T3960] invoke_syscall+0x98/0x2b8 [ 37.804421][ T3960] el0_svc_common+0x138/0x258 [ 37.805366][ T3960] do_el0_svc+0x58/0x14c [ 37.806226][ T3960] el0_svc+0x7c/0x1f0 [ 37.807107][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 37.808157][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 37.809131][ T3960] [ 37.809592][ T3960] The buggy address belongs to the page: [ 37.810807][ T3960] page:00000000fa3f55eb refcount:3 mapcount:0 mapping:000000007c0f0276 index:0x213 pfn:0x11ecdf [ 37.813078][ T3960] memcg:ffff0000c0894000 [ 37.813977][ T3960] aops:def_blk_aops ino:700000 [ 37.814966][ T3960] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 37.817043][ T3960] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c0495b08 [ 37.818952][ T3960] raw: 0000000000000213 ffff0000df46c1d0 00000003ffffffff ffff0000c0894000 [ 37.820740][ T3960] page dumped because: kasan: bad access detected [ 37.822175][ T3960] [ 37.822697][ T3960] Memory state around the buggy address: [ 37.823899][ T3960] ffff0000decdfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.825626][ T3960] ffff0000decdff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.827345][ T3960] >ffff0000decdff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.829047][ T3960] ^ [ 37.830129][ T3960] ffff0000dece0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.831810][ T3960] ffff0000dece0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.833472][ T3960] ================================================================== [ 37.835132][ T3960] Disabling lock debugging due to kernel taint [ 37.836607][ T3960] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 37.840838][ T3960] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 37.842984][ T3960] REISERFS (device loop0): Remounting filesystem read-only [ 37.844490][ T3960] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 37.847468][ T3960] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 37.850376][ T3960] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 37.854570][ T3960] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 37.856895][ T3960] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error