Warning: Permanently added '10.128.0.240' (ECDSA) to the list of known hosts. executing program [ 35.550510][ T5967] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5967 'syz-executor295' [ 35.591697][ T5967] loop0: detected capacity change from 0 to 8192 [ 35.596646][ T5967] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 35.599496][ T5967] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 35.601432][ T5967] REISERFS (device loop0): using ordered data mode [ 35.602715][ T5967] reiserfs: using flush barriers [ 35.604516][ T5967] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.607988][ T5967] REISERFS (device loop0): checking transaction log (loop0) [ 35.644010][ T5967] REISERFS (device loop0): Using r5 hash to sort names [ 35.645551][ T5967] REISERFS (device loop0): using 3.5.x disk format [ 35.647577][ T5967] ================================================================== [ 35.649235][ T5967] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 35.650813][ T5967] Read of size 18446744073709551584 at addr ffff0000e0153fa4 by task syz-executor295/5967 [ 35.652935][ T5967] [ 35.653449][ T5967] CPU: 0 PID: 5967 Comm: syz-executor295 Not tainted 6.4.0-rc4-syzkaller-g3bb1a3e1674b #0 [ 35.655584][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 35.657652][ T5967] Call trace: [ 35.658351][ T5967] dump_backtrace+0x1b8/0x1e4 [ 35.659355][ T5967] show_stack+0x2c/0x44 [ 35.660213][ T5967] dump_stack_lvl+0xd0/0x124 [ 35.661185][ T5967] print_report+0x174/0x514 [ 35.662130][ T5967] kasan_report+0xd4/0x130 [ 35.663139][ T5967] kasan_check_range+0x264/0x2a4 [ 35.664115][ T5967] __asan_memmove+0x3c/0x84 [ 35.665020][ T5967] leaf_paste_entries+0x698/0xb10 [ 35.666037][ T5967] balance_leaf+0xa0d4/0xe860 [ 35.667068][ T5967] do_balance+0x27c/0x788 [ 35.667975][ T5967] reiserfs_paste_into_item+0x630/0x744 [ 35.669179][ T5967] reiserfs_add_entry+0x8ec/0xcc4 [ 35.670218][ T5967] reiserfs_mkdir+0x588/0x77c [ 35.671185][ T5967] reiserfs_xattr_init+0x2b4/0x638 [ 35.672215][ T5967] reiserfs_fill_super+0x1bfc/0x2028 [ 35.673373][ T5967] mount_bdev+0x274/0x370 [ 35.674306][ T5967] get_super_block+0x44/0x58 [ 35.675273][ T5967] legacy_get_tree+0xd4/0x16c [ 35.676290][ T5967] vfs_get_tree+0x90/0x274 [ 35.677231][ T5967] do_new_mount+0x25c/0x8c4 [ 35.678130][ T5967] path_mount+0x590/0xe04 [ 35.679051][ T5967] __arm64_sys_mount+0x45c/0x594 [ 35.680110][ T5967] invoke_syscall+0x98/0x2c0 [ 35.681067][ T5967] el0_svc_common+0x138/0x244 [ 35.682048][ T5967] do_el0_svc+0x64/0x198 [ 35.682941][ T5967] el0_svc+0x4c/0x160 [ 35.683847][ T5967] el0t_64_sync_handler+0x84/0xfc [ 35.684898][ T5967] el0t_64_sync+0x190/0x194 [ 35.685923][ T5967] [ 35.686442][ T5967] The buggy address belongs to the physical page: [ 35.687860][ T5967] page:00000000dad392be refcount:3 mapcount:0 mapping:00000000335e1e05 index:0x213 pfn:0x120153 [ 35.690031][ T5967] memcg:ffff0000c1972000 [ 35.690894][ T5967] aops:def_blk_aops ino:700000 [ 35.691949][ T5967] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 35.694103][ T5967] page_type: 0xffffffff() [ 35.695068][ T5967] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c1494a00 [ 35.697006][ T5967] raw: 0000000000000213 ffff0000e0673570 00000003ffffffff ffff0000c1972000 [ 35.698869][ T5967] page dumped because: kasan: bad access detected [ 35.700274][ T5967] [ 35.700795][ T5967] Memory state around the buggy address: [ 35.702009][ T5967] ffff0000e0153e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.703864][ T5967] ffff0000e0153f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.705561][ T5967] >ffff0000e0153f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.707323][ T5967] ^ [ 35.708505][ T5967] ffff0000e0154000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.710224][ T5967] ffff0000e0154080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.711995][ T5967] ================================================================== [ 35.714020][ T5967] Disabling lock debugging due to kernel taint [ 35.715335][ T5967] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.719696][ T5967] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.721913][ T5967] REISERFS (device loop0): Remounting filesystem read-only [ 35.723507][ T5967] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 35.726401][ T5967] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 35.729500][ T5967] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.733832][ T5967] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.736153][ T5967] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error