[ 15.126867][ T3893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.131741][ T3893] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.171934][ T521] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.174716][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. syzkaller login: [ 37.739387][ T521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.741117][ T521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.743480][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.755191][ T521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.757017][ T521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.759343][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 37.805154][ T4316] loop0: detected capacity change from 0 to 8192 [ 37.810393][ T4316] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 37.813094][ T4316] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 37.815050][ T4316] REISERFS (device loop0): using ordered data mode [ 37.816471][ T4316] reiserfs: using flush barriers [ 37.818221][ T4316] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.822065][ T4316] REISERFS (device loop0): checking transaction log (loop0) [ 37.825374][ T4316] REISERFS (device loop0): Using r5 hash to sort names [ 37.827211][ T4316] ================================================================== [ 37.828880][ T4316] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x1c4/0x3bc [ 37.830710][ T4316] Read of size 250888 at addr ffff0000e0104058 by task syz-executor356/4316 [ 37.832525][ T4316] [ 37.833047][ T4316] CPU: 0 PID: 4316 Comm: syz-executor356 Not tainted 6.1.21-syzkaller #0 [ 37.834782][ T4316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 37.836849][ T4316] Call trace: [ 37.837617][ T4316] dump_backtrace+0x1c8/0x1f4 [ 37.838616][ T4316] show_stack+0x2c/0x3c [ 37.839552][ T4316] dump_stack_lvl+0x108/0x170 [ 37.840529][ T4316] print_report+0x174/0x4c0 [ 37.841510][ T4316] kasan_report+0xd4/0x130 [ 37.842475][ T4316] kasan_check_range+0x264/0x2a4 [ 37.843503][ T4316] memmove+0x48/0x90 [ 37.844408][ T4316] reiserfs_get_unused_objectid+0x1c4/0x3bc [ 37.845646][ T4316] reiserfs_new_inode+0x238/0x1724 [ 37.846759][ T4316] reiserfs_mkdir+0x4ac/0x77c [ 37.847818][ T4316] reiserfs_xattr_init+0x2b0/0x6bc [ 37.848891][ T4316] reiserfs_fill_super+0x1bfc/0x2028 [ 37.850137][ T4316] mount_bdev+0x26c/0x368 [ 37.851094][ T4316] get_super_block+0x44/0x58 [ 37.852090][ T4316] legacy_get_tree+0xd4/0x16c [ 37.853138][ T4316] vfs_get_tree+0x90/0x274 [ 37.854077][ T4316] do_new_mount+0x25c/0x8c8 [ 37.855027][ T4316] path_mount+0x590/0xe58 [ 37.855933][ T4316] __arm64_sys_mount+0x45c/0x594 [ 37.856958][ T4316] invoke_syscall+0x98/0x2c0 [ 37.857932][ T4316] el0_svc_common+0x138/0x258 [ 37.858943][ T4316] do_el0_svc+0x64/0x218 [ 37.859821][ T4316] el0_svc+0x58/0x168 [ 37.860671][ T4316] el0t_64_sync_handler+0x84/0xf0 [ 37.861715][ T4316] el0t_64_sync+0x18c/0x190 [ 37.862748][ T4316] [ 37.863272][ T4316] The buggy address belongs to the physical page: [ 37.864615][ T4316] page:000000001b38b64e refcount:3 mapcount:0 mapping:000000005de5117f index:0x10 pfn:0x120104 [ 37.866828][ T4316] memcg:ffff0000c0930000 [ 37.867701][ T4316] aops:def_blk_aops ino:700000 [ 37.868718][ T4316] flags: 0x5ffc20000002042(referenced|workingset|private|node=0|zone=2|lastcpupid=0x7ff) [ 37.870730][ T4316] raw: 05ffc20000002042 0000000000000000 dead000000000122 ffff0000c0481310 [ 37.872618][ T4316] raw: 0000000000000010 ffff0000dd1e5740 00000003ffffffff ffff0000c0930000 [ 37.874489][ T4316] page dumped because: kasan: bad access detected [ 37.875812][ T4316] [ 37.876293][ T4316] Memory state around the buggy address: [ 37.877568][ T4316] ffff0000e0107f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.879307][ T4316] ffff0000e0107f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.880939][ T4316] >ffff0000e0108000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.882725][ T4316] ^ [ 37.883629][ T4316] ffff0000e0108080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.885337][ T4316] ffff0000e0108100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.886983][ T4316] ================================================================== [ 37.889393][ T4316] Disabling lock debugging due to kernel taint [ 37.890780][ T4316] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 37.893992][ T4316] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 37.896200][ T4316] REISERFS (device loop0): Remounting filesystem read-only [ 37.897669][ T4316] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 37.900529][ T4316] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 37.903730][ T4316] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 37.905911][ T4316] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 37.907820][ T4316] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 37.911504][ T4316] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 37.913634][ T4316] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 37.916334][ T4316] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount.