Warning: Permanently added '10.128.0.131' (ED25519) to the list of known hosts. executing program [ 170.293079][ T4039] loop0: detected capacity change from 0 to 8192 [ 170.387060][ T4039] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 170.389834][ T4039] REISERFS (device loop0): using ordered data mode [ 170.391512][ T4039] reiserfs: using flush barriers [ 170.393798][ T4039] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 170.398741][ T4039] REISERFS (device loop0): checking transaction log (loop0) [ 170.450448][ T4039] REISERFS (device loop0): Using tea hash to sort names [ 170.453038][ T4039] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 170.461096][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.466880][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.470647][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.474237][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.478100][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.481777][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.485462][ T4039] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 170.699407][ T4042] loop0: detected capacity change from 0 to 8192 [ 170.786298][ T4042] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 170.788823][ T4042] REISERFS (device loop0): using ordered data mode [ 170.790440][ T4042] reiserfs: using flush barriers [ 170.792533][ T4042] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 170.797536][ T4042] REISERFS (device loop0): checking transaction log (loop0) [ 170.841923][ T4042] REISERFS (device loop0): Using tea hash to sort names [ 170.844071][ T4042] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 170.850228][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.854510][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.858581][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.862234][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.866165][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.869530][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 170.873074][ T4042] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 171.068146][ T4044] loop0: detected capacity change from 0 to 8192 [ 171.146412][ T4044] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 171.148895][ T4044] REISERFS (device loop0): using ordered data mode [ 171.150590][ T4044] reiserfs: using flush barriers [ 171.152691][ T4044] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 171.157395][ T4044] REISERFS (device loop0): checking transaction log (loop0) [ 171.201516][ T4044] REISERFS (device loop0): Using tea hash to sort names [ 171.203475][ T4044] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 171.208719][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.212771][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.216691][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.220421][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.223775][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.227697][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.231249][ T4044] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 171.487401][ T4046] loop0: detected capacity change from 0 to 8192 [ 171.576244][ T4046] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 171.578706][ T4046] REISERFS (device loop0): using ordered data mode [ 171.580349][ T4046] reiserfs: using flush barriers [ 171.582403][ T4046] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 171.587169][ T4046] REISERFS (device loop0): checking transaction log (loop0) [ 171.632980][ T4046] REISERFS (device loop0): Using tea hash to sort names [ 171.635057][ T4046] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 171.639810][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.643862][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.647908][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.651587][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.655319][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.658858][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 171.662372][ T4046] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 171.887795][ T4048] loop0: detected capacity change from 0 to 8192 [ 171.986378][ T4048] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 171.988813][ T4048] REISERFS (device loop0): using ordered data mode [ 171.990406][ T4048] reiserfs: using flush barriers [ 171.992407][ T4048] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 171.997127][ T4048] REISERFS (device loop0): checking transaction log (loop0) [ 172.041171][ T4048] REISERFS (device loop0): Using tea hash to sort names [ 172.043173][ T4048] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 172.048418][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.052356][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.056130][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.059647][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.062916][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.066600][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.070079][ T4048] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 172.250837][ T4050] loop0: detected capacity change from 0 to 8192 [ 172.326519][ T4050] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 172.329090][ T4050] REISERFS (device loop0): using ordered data mode [ 172.330697][ T4050] reiserfs: using flush barriers [ 172.332659][ T4050] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 172.337525][ T4050] REISERFS (device loop0): checking transaction log (loop0) [ 172.388955][ T4050] REISERFS (device loop0): Using tea hash to sort names [ 172.390978][ T4050] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 172.397590][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.401532][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.405678][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.409526][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.412988][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.416843][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.420455][ T4050] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) executing program [ 172.591908][ T4052] loop0: detected capacity change from 0 to 8192 [ 172.676488][ T4052] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 172.678907][ T4052] REISERFS (device loop0): using ordered data mode [ 172.680478][ T4052] reiserfs: using flush barriers [ 172.682498][ T4052] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 172.687600][ T4052] REISERFS (device loop0): checking transaction log (loop0) [ 172.733429][ T4052] REISERFS (device loop0): Using tea hash to sort names [ 172.735633][ T4052] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 172.742736][ T4052] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 172.747220][ T4052] ================================================================== [ 172.749240][ T4052] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0x1a8/0x9f0 [ 172.751197][ T4052] Write of size 3936 at addr ffff0000e222f140 by task syz-executor338/4052 [ 172.753433][ T4052] [ 172.754069][ T4052] CPU: 1 PID: 4052 Comm: syz-executor338 Not tainted 5.15.167-syzkaller #0 [ 172.756282][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 172.758890][ T4052] Call trace: [ 172.759710][ T4052] dump_backtrace+0x0/0x530 [ 172.760849][ T4052] show_stack+0x2c/0x3c [ 172.761838][ T4052] dump_stack_lvl+0x108/0x170 [ 172.763066][ T4052] print_address_description+0x7c/0x3f0 [ 172.764467][ T4052] kasan_report+0x174/0x1e4 [ 172.765704][ T4052] kasan_check_range+0x274/0x2b4 [ 172.766984][ T4052] memmove+0xb4/0xe8 [ 172.767932][ T4052] leaf_paste_in_buffer+0x1a8/0x9f0 [ 172.769379][ T4052] leaf_copy_boundary_item+0x96c/0x1a34 [ 172.770824][ T4052] leaf_move_items+0xa0c/0x1f7c [ 172.772140][ T4052] leaf_shift_left+0xc8/0x39c [ 172.773380][ T4052] balance_leaf+0x41c0/0xe860 [ 172.774611][ T4052] do_balance+0x27c/0x790 [ 172.775801][ T4052] reiserfs_paste_into_item+0x630/0x744 [ 172.777313][ T4052] reiserfs_get_block+0x1820/0x3fd0 [ 172.778724][ T4052] __block_write_begin_int+0x3ec/0x1608 [ 172.780206][ T4052] __block_write_begin+0x40/0x54 [ 172.781491][ T4052] reiserfs_write_begin+0x3c8/0x654 [ 172.782848][ T4052] pagecache_write_begin+0xa0/0xc0 [ 172.784348][ T4052] generic_cont_expand_simple+0x12c/0x208 [ 172.785800][ T4052] reiserfs_setattr+0x37c/0xd94 [ 172.786997][ T4052] notify_change+0xa34/0xcf8 [ 172.788034][ T4052] do_truncate+0x1c0/0x28c [ 172.789182][ T4052] do_sys_ftruncate+0x288/0x31c [ 172.790431][ T4052] __arm64_sys_ftruncate+0x60/0x74 [ 172.791742][ T4052] invoke_syscall+0x98/0x2b8 [ 172.792903][ T4052] el0_svc_common+0x138/0x258 [ 172.794023][ T4052] do_el0_svc+0x58/0x14c [ 172.795072][ T4052] el0_svc+0x7c/0x1f0 [ 172.796148][ T4052] el0t_64_sync_handler+0x84/0xe4 [ 172.797451][ T4052] el0t_64_sync+0x1a0/0x1a4 [ 172.798606][ T4052] [ 172.799218][ T4052] The buggy address belongs to the page: [ 172.800693][ T4052] page:0000000088d1e25b refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12222f [ 172.803427][ T4052] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 172.805301][ T4052] raw: 05ffc00000000000 fffffc00038b2948 fffffc0003761b88 0000000000000000 [ 172.807579][ T4052] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 172.809779][ T4052] page dumped because: kasan: bad access detected [ 172.811483][ T4052] [ 172.812051][ T4052] Memory state around the buggy address: [ 172.813468][ T4052] ffff0000e222f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 172.815639][ T4052] ffff0000e222f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 172.817770][ T4052] >ffff0000e222f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 172.819872][ T4052] ^ [ 172.821524][ T4052] ffff0000e222f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 172.823659][ T4052] ffff0000e222f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 172.825868][ T4052] ================================================================== [ 172.827933][ T4052] Disabling lock debugging due to kernel taint [ 173.023530][ T4052] Unable to handle kernel write to read-only memory at virtual address ffff000161c20000 [ 173.025928][ T4052] Mem abort info: [ 173.026838][ T4052] ESR = 0x000000009600004f [ 173.027980][ T4052] EC = 0x25: DABT (current EL), IL = 32 bits [ 173.029495][ T4052] SET = 0, FnV = 0 [ 173.030484][ T4052] EA = 0, S1PTW = 0 [ 173.031526][ T4052] FSC = 0x0f: level 3 permission fault [ 173.032956][ T4052] Data abort info: [ 173.034016][ T4052] ISV = 0, ISS = 0x0000004f [ 173.035318][ T4052] CM = 0, WnR = 1 Connection to 10.128.0.131 closed by remote host. [ 173.036361][ T4052] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ae2ee000 [ 173.038160][ T4052] [ffff000161c20000] pgd=180000023fff7003, p4d=180000023fff7003, pud=180000023f211003, pmd=180000023f102003, pte=00600001a1c20783 [ 173.041546][ T4052] Internal error: Oops: 000000009600004f [#1] PREEMPT SMP [ 173.043445][ T4052] Modules linked in: [ 173.044484][ T4052] CPU: 1 PID: 4052 Comm: syz-executor338 Tainted: G B 5.15.167-syzkaller #0 [ 173.047167][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 173.049810][ T4052] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 173.051886][ T4052] pc : __memcpy+0x150/0x260 [ 173.053093][ T4052] lr : memmove+0xc8/0xe8 [ 173.054260][ T4052] sp : ffff80001f0461a0 [ 173.055334][ T4052] x29: ffff80001f0461a0 x28: 0000000000000000 x27: ffff0000e2230000 [ 173.057579][ T4052] x26: 0000000000000001 x25: 000000000000f140 x24: ffff0000e196b2e0 [ 173.059732][ T4052] x23: ffff800017103000 x22: ffff800008cd67f4 x21: ffff0000e223f0d0 [ 173.061945][ T4052] x20: ffff0000e223f140 x19: ffffffffffff1ec0 x18: 0000000000000002 [ 173.063940][ T4052] x17: 0000000000000000 x16: ffff800011ac1408 x15: 0000000000000000 [ 173.066060][ T4052] x14: 0000000000000000 x13: a9014ff4a9be7bfd x12: d503233fd65f03c0 [ 173.068248][ T4052] x11: d50323bfa8c37bfd x10: f9400bf5a9424ff4 x9 : f94201082a1f03e0 [ 173.070509][ T4052] x8 : 531e740990065508 x7 : 95fc2e5b94129788 x6 : aa0003f3910003fd [ 173.072739][ T4052] x5 : ffff0000e2230f90 x4 : ffff0000e2231000 x3 : ffff000161c1ffd0 [ 173.074761][ T4052] x2 : ffffffff80610f30 x1 : ffff000161c20080 x0 : ffff0000e223f0d0 [ 173.077002][ T4052] Call trace: [ 173.077829][ T4052] __memcpy+0x150/0x260 [ 173.079021][ T4052] leaf_paste_in_buffer+0x1a8/0x9f0 [ 173.080441][ T4052] balance_leaf+0x4dc0/0xe860 [ 173.081682][ T4052] do_balance+0x27c/0x790 [ 173.082799][ T4052] reiserfs_paste_into_item+0x630/0x744 [ 173.084290][ T4052] reiserfs_get_block+0x1820/0x3fd0 [ 173.085736][ T4052] __block_write_begin_int+0x3ec/0x1608 [ 173.087202][ T4052] __block_write_begin+0x40/0x54 [ 173.088385][ T4052] reiserfs_write_begin+0x3c8/0x654 [ 173.089765][ T4052] pagecache_write_begin+0xa0/0xc0 [ 173.091147][ T4052] generic_cont_expand_simple+0x12c/0x208 [ 173.092601][ T4052] reiserfs_setattr+0x37c/0xd94 [ 173.093925][ T4052] notify_change+0xa34/0xcf8 [ 173.095177][ T4052] do_truncate+0x1c0/0x28c [ 173.096388][ T4052] do_sys_ftruncate+0x288/0x31c [ 173.097649][ T4052] __arm64_sys_ftruncate+0x60/0x74 [ 173.099075][ T4052] invoke_syscall+0x98/0x2b8 [ 173.100245][ T4052] el0_svc_common+0x138/0x258 [ 173.101333][ T4052] do_el0_svc+0x58/0x14c [ 173.102376][ T4052] el0_svc+0x7c/0x1f0 [ 173.103441][ T4052] el0t_64_sync_handler+0x84/0xe4 [ 173.104770][ T4052] el0t_64_sync+0x1a0/0x1a4 [ 173.106004][ T4052] Code: a9011c66 a9411c26 a9022468 a9422428 (a9032c6a) [ 173.107857][ T4052] ---[ end trace d9205af69ed6a860 ]--- [ 173.495023][ T4052] Kernel panic - not syncing: Oops: Fatal exception [ 173.496822][ T4052] SMP: stopping secondary CPUs [ 173.498131][ T4052] Kernel Offset: disabled [ 173.499325][ T4052] CPU features: 0x8,000081c1,21302e40 [ 173.500761][ T4052] Memory Limit: none [ 173.861967][ T4052] Rebooting in 86400 seconds..