loop0: detected capacity change from 0 to 64 ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in fs/minix/inode.c:415:57 shift exponent 58757 is too large for 64-bit type 'unsigned long' CPU: 1 UID: 0 PID: 6740 Comm: syz.0.12 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233 __ubsan_handle_shift_out_of_bounds+0x2b0/0x34c lib/ubsan.c:494 minix_statfs+0x2c0/0x2ec fs/minix/inode.c:415 statfs_by_dentry fs/statfs.c:66 [inline] vfs_statfs+0x13c/0x2b0 fs/statfs.c:90 ovl_check_namelen fs/overlayfs/super.c:401 [inline] ovl_get_upper fs/overlayfs/super.c:519 [inline] ovl_fill_super_creds fs/overlayfs/super.c:1439 [inline] ovl_fill_super+0x6b0/0x4cdc fs/overlayfs/super.c:1567 vfs_get_super fs/super.c:1324 [inline] get_tree_nodev+0xb4/0x144 fs/super.c:1343 ovl_get_tree+0x28/0x38 fs/overlayfs/params.c:708 vfs_get_tree+0x90/0x28c fs/super.c:1751 fc_mount fs/namespace.c:1199 [inline] do_new_mount_fc fs/namespace.c:3636 [inline] do_new_mount+0x284/0x944 fs/namespace.c:3712 path_mount+0x5b4/0xdfc fs/namespace.c:4022 do_mount fs/namespace.c:4035 [inline] __do_sys_mount fs/namespace.c:4224 [inline] __se_sys_mount fs/namespace.c:4201 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4201 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 ---[ end trace ]--- ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in fs/minix/bitmap.c:103:3 shift exponent 58757 is too large for 32-bit type '__u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 6740 Comm: syz.0.12 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233 __ubsan_handle_shift_out_of_bounds+0x2b0/0x34c lib/ubsan.c:494 minix_count_free_blocks+0x234/0x238 fs/minix/bitmap.c:103 minix_statfs+0x19c/0x2ec fs/minix/inode.c:416 statfs_by_dentry fs/statfs.c:66 [inline] vfs_statfs+0x13c/0x2b0 fs/statfs.c:90 ovl_check_namelen fs/overlayfs/super.c:401 [inline] ovl_get_upper fs/overlayfs/super.c:519 [inline] ovl_fill_super_creds fs/overlayfs/super.c:1439 [inline] ovl_fill_super+0x6b0/0x4cdc fs/overlayfs/super.c:1567 vfs_get_super fs/super.c:1324 [inline] get_tree_nodev+0xb4/0x144 fs/super.c:1343 ovl_get_tree+0x28/0x38 fs/overlayfs/params.c:708 vfs_get_tree+0x90/0x28c fs/super.c:1751 fc_mount fs/namespace.c:1199 [inline] do_new_mount_fc fs/namespace.c:3636 [inline] do_new_mount+0x284/0x944 fs/namespace.c:3712 path_mount+0x5b4/0xdfc fs/namespace.c:4022 do_mount fs/namespace.c:4035 [inline] __do_sys_mount fs/namespace.c:4224 [inline] __se_sys_mount fs/namespace.c:4201 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4201 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 ---[ end trace ]--- syz.0.12: attempt to access beyond end of device loop0: rw=8388608, sector=268435468, nr_sectors = 2 limit=64 Buffer I/O error on dev loop0, logical block 134217734, async page read syz.0.12: attempt to access beyond end of device loop0: rw=8388608, sector=268435468, nr_sectors = 2 limit=64 Buffer I/O error on dev loop0, logical block 134217734, async page read overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.