loop3: detected capacity change from 0 to 32768
==================================================================
BUG: KASAN: slab-out-of-bounds in reiserfs_xattr_get+0xd0/0x96c fs/reiserfs/xattr.c:674
Read of size 8 at addr ffff0000cd264d98 by task syz-executor.3/20834

CPU: 1 PID: 20834 Comm: syz-executor.3 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:319 [inline]
 print_report+0x174/0x514 mm/kasan/report.c:430
 kasan_report+0xd4/0x130 mm/kasan/report.c:536
 __asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:381
 reiserfs_xattr_get+0xd0/0x96c fs/reiserfs/xattr.c:674
 reiserfs_get_acl+0x94/0x624 fs/reiserfs/xattr_acl.c:215
 __get_acl+0x27c/0x4a8 fs/posix_acl.c:160
 get_inode_acl+0x34/0x44 fs/posix_acl.c:185
 check_acl+0x40/0x184 fs/namei.c:307
 acl_permission_check fs/namei.c:352 [inline]
 generic_permission+0x2f8/0x498 fs/namei.c:405
 reiserfs_permission+0x74/0xa8 fs/reiserfs/xattr.c:954
 do_inode_permission fs/namei.c:459 [inline]
 inode_permission+0x1d0/0x3b4 fs/namei.c:526
 may_open+0x290/0x3bc fs/namei.c:3188
 do_open fs/namei.c:3558 [inline]
 path_openat+0x1e04/0x2810 fs/namei.c:3715
 do_filp_open+0x1bc/0x3cc fs/namei.c:3742
 do_sys_openat2+0x128/0x3d8 fs/open.c:1348
 do_sys_open fs/open.c:1364 [inline]
 __do_sys_openat fs/open.c:1380 [inline]
 __se_sys_openat fs/open.c:1375 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1375
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591

Allocated by task 20834:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x7c mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:510
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:196 [inline]
 kmalloc_trace+0x7c/0x94 mm/slab_common.c:1066
 kmalloc include/linux/slab.h:580 [inline]
 kzalloc include/linux/slab.h:720 [inline]
 smk_fetch+0xa8/0x150 security/smack/smack_lsm.c:291
 smack_d_instantiate+0x6cc/0x938 security/smack/smack_lsm.c:3528
 security_d_instantiate+0x98/0xf0 security/security.c:2139
 d_instantiate_new+0x64/0x120 fs/dcache.c:2053
 ext4_mkdir+0x764/0xa64 fs/ext4/namei.c:3026
 vfs_mkdir+0x240/0x3a8 fs/namei.c:4038
 do_mkdirat+0x20c/0x610 fs/namei.c:4061
 __do_sys_mkdirat fs/namei.c:4076 [inline]
 __se_sys_mkdirat fs/namei.c:4074 [inline]
 __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4074
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591

Freed by task 20834:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x7c mm/kasan/common.c:52
 kasan_save_free_info+0x38/0x5c mm/kasan/generic.c:521
 ____kasan_slab_free+0x144/0x1c0 mm/kasan/common.c:236
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:244
 kasan_slab_free include/linux/kasan.h:162 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook mm/slub.c:1807 [inline]
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0x2c0/0x4b4 mm/slub.c:3800
 kfree+0x104/0x228 mm/slab_common.c:1019
 smk_fetch+0x12c/0x150 security/smack/smack_lsm.c:303
 smack_d_instantiate+0x6cc/0x938 security/smack/smack_lsm.c:3528
 security_d_instantiate+0x98/0xf0 security/security.c:2139
 d_instantiate_new+0x64/0x120 fs/dcache.c:2053
 ext4_mkdir+0x764/0xa64 fs/ext4/namei.c:3026
 vfs_mkdir+0x240/0x3a8 fs/namei.c:4038
 do_mkdirat+0x20c/0x610 fs/namei.c:4061
 __do_sys_mkdirat fs/namei.c:4076 [inline]
 __se_sys_mkdirat fs/namei.c:4074 [inline]
 __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4074
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591

The buggy address belongs to the object at ffff0000cd264c00
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 152 bytes to the right of
 allocated 256-byte region [ffff0000cd264c00, ffff0000cd264d00)

The buggy address belongs to the physical page:
page:00000000d33113db refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d264
head:00000000d33113db order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 ffff0000c0002480 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000cd264c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000cd264d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0000cd264d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                            ^
 ffff0000cd264e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000cd264e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================