[ 18.487585][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.491018][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.533381][ T136] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.541392][ T1529] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.106' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.096672][ T3961] loop0: detected capacity change from 0 to 8192 [ 43.101846][ T3961] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 43.103799][ T3961] REISERFS (device loop0): using ordered data mode [ 43.105350][ T3961] reiserfs: using flush barriers [ 43.107416][ T3961] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 43.110942][ T3961] REISERFS (device loop0): checking transaction log (loop0) [ 43.156555][ T3961] REISERFS (device loop0): Using r5 hash to sort names [ 43.158150][ T3961] REISERFS (device loop0): using 3.5.x disk format [ 43.160093][ T3961] ================================================================== [ 43.161895][ T3961] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x504/0x944 [ 43.163490][ T3961] Read of size 18446744073709551584 at addr ffff0000ddf7efa4 by task syz-executor344/3961 [ 43.165555][ T3961] [ 43.166049][ T3961] CPU: 1 PID: 3961 Comm: syz-executor344 Not tainted 5.15.115-syzkaller #0 [ 43.167892][ T3961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 43.170069][ T3961] Call trace: [ 43.170781][ T3961] dump_backtrace+0x0/0x530 [ 43.171654][ T3961] show_stack+0x2c/0x3c [ 43.172529][ T3961] dump_stack_lvl+0x108/0x170 [ 43.173584][ T3961] print_address_description+0x7c/0x3f0 [ 43.174845][ T3961] kasan_report+0x174/0x1e4 [ 43.175801][ T3961] kasan_check_range+0x274/0x2b4 [ 43.176798][ T3961] memmove+0x90/0xe8 [ 43.177640][ T3961] leaf_paste_entries+0x504/0x944 [ 43.178767][ T3961] balance_leaf+0xa0d4/0xe860 [ 43.179742][ T3961] do_balance+0x27c/0x790 [ 43.180606][ T3961] reiserfs_paste_into_item+0x630/0x744 [ 43.181770][ T3961] reiserfs_add_entry+0x8c0/0xc8c [ 43.182812][ T3961] reiserfs_mkdir+0x588/0x77c [ 43.183719][ T3961] reiserfs_xattr_init+0x2b0/0x6dc [ 43.184816][ T3961] reiserfs_fill_super+0x1b28/0x1e8c [ 43.185952][ T3961] mount_bdev+0x274/0x370 [ 43.186832][ T3961] get_super_block+0x44/0x58 [ 43.187846][ T3961] legacy_get_tree+0xd4/0x16c [ 43.188800][ T3961] vfs_get_tree+0x90/0x274 [ 43.189674][ T3961] do_new_mount+0x25c/0x8c4 [ 43.190560][ T3961] path_mount+0x590/0x104c [ 43.191475][ T3961] __arm64_sys_mount+0x510/0x5e0 [ 43.192490][ T3961] invoke_syscall+0x98/0x2b8 [ 43.193413][ T3961] el0_svc_common+0x138/0x258 [ 43.194475][ T3961] do_el0_svc+0x58/0x14c [ 43.195312][ T3961] el0_svc+0x7c/0x1f0 [ 43.196167][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 43.197209][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 43.198201][ T3961] [ 43.198691][ T3961] The buggy address belongs to the page: [ 43.199935][ T3961] page:00000000a977a7bf refcount:3 mapcount:0 mapping:00000000efc0ea3e index:0x213 pfn:0x11df7e [ 43.202185][ T3961] memcg:ffff0000c0894000 [ 43.203057][ T3961] aops:def_blk_aops ino:700000 [ 43.204069][ T3961] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 43.205989][ T3961] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c049db08 [ 43.207761][ T3961] raw: 0000000000000213 ffff0000dc8f9828 00000003ffffffff ffff0000c0894000 [ 43.209635][ T3961] page dumped because: kasan: bad access detected [ 43.211005][ T3961] [ 43.211540][ T3961] Memory state around the buggy address: [ 43.212812][ T3961] ffff0000ddf7ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.214648][ T3961] ffff0000ddf7ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.216239][ T3961] >ffff0000ddf7ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.217883][ T3961] ^ [ 43.218902][ T3961] ffff0000ddf7f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.220598][ T3961] ffff0000ddf7f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.222298][ T3961] ================================================================== [ 43.224007][ T3961] Disabling lock debugging due to kernel taint [ 43.225374][ T3961] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 43.229398][ T3961] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 43.231523][ T3961] REISERFS (device loop0): Remounting filesystem read-only [ 43.232966][ T3961] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 43.235797][ T3961] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 43.238689][ T3961] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 43.242871][ T3961] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 43.244965][ T3961] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error