Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts. executing program syzkaller login: [ 37.778867][ T4290] loop0: detected capacity change from 0 to 8192 [ 37.784704][ T4290] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 37.788360][ T4290] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.791085][ T4290] REISERFS (device loop0): using ordered data mode [ 37.792864][ T4290] reiserfs: using flush barriers [ 37.795986][ T4290] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.801202][ T4290] REISERFS (device loop0): checking transaction log (loop0) [ 37.805256][ T4290] REISERFS (device loop0): Using r5 hash to sort names [ 37.807812][ T4290] ================================================================== [ 37.810019][ T4290] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x678/0xaf0 [ 37.812065][ T4290] Read of size 18446744073709551600 at addr ffff0000e3ef3f94 by task syz-executor133/4290 [ 37.814782][ T4290] [ 37.815393][ T4290] CPU: 1 PID: 4290 Comm: syz-executor133 Not tainted 6.1.131-syzkaller #0 [ 37.817657][ T4290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 37.820402][ T4290] Call trace: [ 37.821262][ T4290] dump_backtrace+0x1c8/0x1f4 [ 37.822515][ T4290] show_stack+0x2c/0x3c [ 37.823640][ T4290] dump_stack_lvl+0x108/0x170 [ 37.824957][ T4290] print_report+0x174/0x4c0 [ 37.826147][ T4290] kasan_report+0xd4/0x130 [ 37.827341][ T4290] kasan_check_range+0x264/0x2a4 [ 37.828716][ T4290] memmove+0x48/0x90 [ 37.829769][ T4290] leaf_paste_entries+0x678/0xaf0 [ 37.831119][ T4290] balance_leaf+0xa0d4/0xe860 [ 37.832382][ T4290] do_balance+0x27c/0x788 [ 37.833574][ T4290] reiserfs_paste_into_item+0x630/0x744 [ 37.835084][ T4290] reiserfs_add_entry+0x8ec/0xcc4 [ 37.836409][ T4290] reiserfs_mkdir+0x588/0x77c [ 37.837701][ T4290] reiserfs_xattr_init+0x2b0/0x6bc [ 37.839072][ T4290] reiserfs_fill_super+0x1bfc/0x2028 [ 37.840469][ T4290] mount_bdev+0x274/0x370 [ 37.841677][ T4290] get_super_block+0x44/0x58 [ 37.842877][ T4290] legacy_get_tree+0xd4/0x16c [ 37.844112][ T4290] vfs_get_tree+0x90/0x274 [ 37.845292][ T4290] do_new_mount+0x278/0x8fc [ 37.846468][ T4290] path_mount+0x590/0xe5c [ 37.847644][ T4290] __arm64_sys_mount+0x498/0x588 [ 37.848957][ T4290] invoke_syscall+0x98/0x2bc [ 37.850218][ T4290] el0_svc_common+0x138/0x258 [ 37.851423][ T4290] do_el0_svc+0x58/0x13c [ 37.852796][ T4290] el0_svc+0x58/0x168 [ 37.853983][ T4290] el0t_64_sync_handler+0x84/0xf0 [ 37.855413][ T4290] el0t_64_sync+0x18c/0x190 [ 37.856586][ T4290] [ 37.857211][ T4290] The buggy address belongs to the physical page: [ 37.858976][ T4290] page:00000000917123fc refcount:3 mapcount:0 mapping:000000005db94012 index:0x213 pfn:0x123ef3 [ 37.861827][ T4290] memcg:ffff0000c0940000 [ 37.862957][ T4290] aops:def_blk_aops ino:700000 [ 37.864228][ T4290] flags: 0x5ffc60000002042(referenced|workingset|private|node=0|zone=2|lastcpupid=0x7ff) [ 37.866935][ T4290] raw: 05ffc60000002042 0000000000000000 dead000000000122 ffff0000c049ca10 [ 37.869500][ T4290] raw: 0000000000000213 ffff0000e1b3c570 00000003ffffffff ffff0000c0940000 [ 37.871891][ T4290] page dumped because: kasan: bad access detected [ 37.873645][ T4290] [ 37.874272][ T4290] Memory state around the buggy address: [ 37.875810][ T4290] ffff0000e3ef3e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.878089][ T4290] ffff0000e3ef3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.880345][ T4290] >ffff0000e3ef3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.882530][ T4290] ^ [ 37.883779][ T4290] ffff0000e3ef4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.885987][ T4290] ffff0000e3ef4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.888165][ T4290] ================================================================== [ 37.891002][ T4290] Disabling lock debugging due to kernel taint [ 37.892795][ T4290] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 37.896537][ T4290] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.