[ 15.282681][ T5645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.287303][ T5645] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.334904][ T993] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.337677][ T5554] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.329717][ T5969] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5969 'syz-executor207' [ 35.371992][ T5969] loop0: detected capacity change from 0 to 8192 [ 35.376768][ T5969] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 35.379523][ T5969] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 35.381652][ T5969] REISERFS (device loop0): using ordered data mode [ 35.383032][ T5969] reiserfs: using flush barriers [ 35.384674][ T5969] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.388232][ T5969] REISERFS (device loop0): checking transaction log (loop0) [ 35.391460][ T5969] REISERFS (device loop0): Using r5 hash to sort names [ 35.394182][ T5969] reiserfs: enabling write barrier flush mode [ 35.399825][ T5969] ================================================================== [ 35.401539][ T5969] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 35.403088][ T5969] Read of size 18446744073709551584 at addr ffff0000e24ccfa4 by task syz-executor207/5969 [ 35.405171][ T5969] [ 35.405659][ T5969] CPU: 1 PID: 5969 Comm: syz-executor207 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0 [ 35.407694][ T5969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 35.409812][ T5969] Call trace: [ 35.410520][ T5969] dump_backtrace+0x1b8/0x1e4 [ 35.411471][ T5969] show_stack+0x2c/0x44 [ 35.412367][ T5969] dump_stack_lvl+0xd0/0x124 [ 35.413360][ T5969] print_report+0x174/0x514 [ 35.414347][ T5969] kasan_report+0xd4/0x130 [ 35.415274][ T5969] kasan_check_range+0x264/0x2a4 [ 35.416274][ T5969] __asan_memmove+0x3c/0x84 [ 35.417153][ T5969] leaf_paste_entries+0x698/0xb10 [ 35.418253][ T5969] balance_leaf+0xa0d4/0xe860 [ 35.419192][ T5969] do_balance+0x27c/0x788 [ 35.420064][ T5969] reiserfs_paste_into_item+0x630/0x744 [ 35.421190][ T5969] reiserfs_add_entry+0x8ec/0xcc4 [ 35.422257][ T5969] reiserfs_mkdir+0x588/0x77c [ 35.423272][ T5969] reiserfs_xattr_init+0x2b4/0x638 [ 35.424282][ T5969] reiserfs_remount+0x78c/0x13f4 [ 35.425275][ T5969] legacy_reconfigure+0xfc/0x114 [ 35.426330][ T5969] reconfigure_super+0x328/0x738 [ 35.427329][ T5969] path_mount+0xc0c/0xe04 [ 35.428255][ T5969] __arm64_sys_mount+0x45c/0x594 [ 35.429215][ T5969] invoke_syscall+0x98/0x2c0 [ 35.430124][ T5969] el0_svc_common+0x138/0x244 [ 35.431040][ T5969] do_el0_svc+0x64/0x198 [ 35.431911][ T5969] el0_svc+0x4c/0x160 [ 35.432769][ T5969] el0t_64_sync_handler+0x84/0xfc [ 35.433761][ T5969] el0t_64_sync+0x190/0x194 [ 35.434682][ T5969] [ 35.435140][ T5969] The buggy address belongs to the physical page: [ 35.436557][ T5969] page:0000000041e8b75f refcount:3 mapcount:0 mapping:00000000b4f87237 index:0x213 pfn:0x1224cc [ 35.438786][ T5969] memcg:ffff0000c1972000 [ 35.439665][ T5969] aops:def_blk_aops ino:700000 [ 35.440667][ T5969] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 35.442681][ T5969] page_type: 0xffffffff() [ 35.443551][ T5969] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c1491e00 [ 35.445337][ T5969] raw: 0000000000000213 ffff0000e063e3a0 00000003ffffffff ffff0000c1972000 [ 35.447163][ T5969] page dumped because: kasan: bad access detected [ 35.448450][ T5969] [ 35.448926][ T5969] Memory state around the buggy address: [ 35.450104][ T5969] ffff0000e24cce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.451824][ T5969] ffff0000e24ccf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.453496][ T5969] >ffff0000e24ccf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.455180][ T5969] ^ [ 35.456254][ T5969] ffff0000e24cd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.457920][ T5969] ffff0000e24cd080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.459630][ T5969] ================================================================== [ 35.461482][ T5969] Disabling lock debugging due to kernel taint [ 35.462868][ T5969] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.467129][ T5969] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.469393][ T5969] REISERFS (device loop0): Remounting filesystem read-only [ 35.470939][ T5969] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 35.473656][ T5969] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 35.476483][ T5969] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 35.480575][ T5969] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 35.482773][ T5969] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error