Warning: Permanently added '10.128.1.74' (ECDSA) to the list of known hosts. executing program [ 33.867817][ T5966] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5966 'syz-executor166' [ 33.908510][ T5966] loop0: detected capacity change from 0 to 8192 [ 33.913637][ T5966] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 33.916569][ T5966] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.918598][ T5966] REISERFS (device loop0): using ordered data mode [ 33.919976][ T5966] reiserfs: using flush barriers [ 33.921835][ T5966] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 33.926044][ T5966] REISERFS (device loop0): checking transaction log (loop0) [ 33.929477][ T5966] REISERFS (device loop0): Using r5 hash to sort names [ 33.931115][ T5966] REISERFS (device loop0): using 3.5.x disk format [ 33.933255][ T5966] ================================================================== [ 33.935005][ T5966] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x698/0xb10 [ 33.936711][ T5966] Read of size 18446744073709551584 at addr ffff0000e12fefa4 by task syz-executor166/5966 [ 33.938935][ T5966] [ 33.939364][ T5966] CPU: 0 PID: 5966 Comm: syz-executor166 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0 [ 33.941451][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 33.943752][ T5966] Call trace: [ 33.944553][ T5966] dump_backtrace+0x1b8/0x1e4 [ 33.945753][ T5966] show_stack+0x2c/0x44 [ 33.946699][ T5966] dump_stack_lvl+0xd0/0x124 [ 33.947767][ T5966] print_report+0x174/0x514 [ 33.948911][ T5966] kasan_report+0xd4/0x130 [ 33.949941][ T5966] kasan_check_range+0x264/0x2a4 [ 33.951100][ T5966] __asan_memmove+0x3c/0x84 [ 33.952225][ T5966] leaf_paste_entries+0x698/0xb10 [ 33.953285][ T5966] balance_leaf+0xa0d4/0xe860 [ 33.954318][ T5966] do_balance+0x27c/0x788 [ 33.955413][ T5966] reiserfs_paste_into_item+0x630/0x744 [ 33.956785][ T5966] reiserfs_add_entry+0x8ec/0xcc4 [ 33.958005][ T5966] reiserfs_mkdir+0x588/0x77c [ 33.959172][ T5966] reiserfs_xattr_init+0x2b4/0x638 [ 33.960457][ T5966] reiserfs_fill_super+0x1bfc/0x2028 [ 33.961733][ T5966] mount_bdev+0x26c/0x368 [ 33.962766][ T5966] get_super_block+0x44/0x58 [ 33.963732][ T5966] legacy_get_tree+0xd4/0x16c [ 33.964869][ T5966] vfs_get_tree+0x90/0x274 [ 33.965924][ T5966] do_new_mount+0x25c/0x8c8 [ 33.966985][ T5966] path_mount+0x590/0xe04 [ 33.968033][ T5966] __arm64_sys_mount+0x45c/0x594 [ 33.969227][ T5966] invoke_syscall+0x98/0x2c0 [ 33.970274][ T5966] el0_svc_common+0x138/0x258 [ 33.971376][ T5966] do_el0_svc+0x64/0x198 [ 33.972309][ T5966] el0_svc+0x4c/0x15c [ 33.973312][ T5966] el0t_64_sync_handler+0x84/0xf0 [ 33.974536][ T5966] el0t_64_sync+0x190/0x194 [ 33.975489][ T5966] [ 33.976041][ T5966] The buggy address belongs to the physical page: [ 33.977532][ T5966] page:00000000c3e81345 refcount:3 mapcount:0 mapping:00000000e529d0da index:0x213 pfn:0x1212fe [ 33.980145][ T5966] memcg:ffff0000c1572000 [ 33.981218][ T5966] aops:def_blk_aops ino:700000 [ 33.982410][ T5966] flags: 0x5ffc00000002022(referenced|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 33.984589][ T5966] page_type: 0xffffffff() [ 33.985646][ T5966] raw: 05ffc00000002022 0000000000000000 dead000000000122 ffff0000c1890800 [ 33.987574][ T5966] raw: 0000000000000213 ffff0000df5e3d98 00000003ffffffff ffff0000c1572000 [ 33.989656][ T5966] page dumped because: kasan: bad access detected [ 33.991209][ T5966] [ 33.991735][ T5966] Memory state around the buggy address: [ 33.993115][ T5966] ffff0000e12fee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.995029][ T5966] ffff0000e12fef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.996918][ T5966] >ffff0000e12fef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.998882][ T5966] ^ [ 34.000080][ T5966] ffff0000e12ff000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.001994][ T5966] ffff0000e12ff080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.003934][ T5966] ================================================================== [ 34.006034][ T5966] Disabling lock debugging due to kernel taint [ 34.007460][ T5966] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 34.011919][ T5966] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 34.014308][ T5966] REISERFS (device loop0): Remounting filesystem read-only [ 34.015842][ T5966] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 34.018737][ T5966] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 34.021946][ T5966] REISERFS warning: reiserfs-5094 has_valid_deh_location: directory entry location seems wrong *3.5*[1768256046 1718773107 0x72705f73 UNKNOWN], item_len 16872, item_location 2, free_space(entry_count) 21376 [ 34.026840][ T5966] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 34.029116][ T5966] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error