Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. 2024/02/07 13:17:26 ignoring optional flag "sandboxArg"="0" 2024/02/07 13:17:26 parsed 1 programs 2024/02/07 13:17:26 executed programs: 0 [ 47.841244][ T2012] loop0: detected capacity change from 0 to 8192 [ 47.849326][ T2012] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.858853][ T2012] REISERFS (device loop0): using ordered data mode [ 47.865521][ T2012] reiserfs: using flush barriers [ 47.871511][ T2012] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.889519][ T2012] REISERFS (device loop0): checking transaction log (loop0) [ 47.898444][ T2012] REISERFS (device loop0): Using r5 hash to sort names [ 47.905994][ T2012] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.921828][ T2012] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.932560][ T2012] REISERFS (device loop0): Remounting filesystem read-only [ 47.939823][ T2012] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.953416][ T2012] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.970383][ T2012] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.981226][ T2012] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 47.989728][ T2012] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 48.005465][ T2012] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 48.016295][ T2012] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 48.030093][ T2012] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 48.239896][ T2016] loop0: detected capacity change from 0 to 8192 [ 48.247883][ T2016] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 48.257360][ T2016] REISERFS (device loop0): using ordered data mode [ 48.264582][ T2016] reiserfs: using flush barriers [ 48.270304][ T2016] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 48.286744][ T2016] REISERFS (device loop0): checking transaction log (loop0) [ 48.294649][ T2016] REISERFS (device loop0): Using r5 hash to sort names [ 48.301745][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 48.317505][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 48.328666][ T2016] REISERFS (device loop0): Remounting filesystem read-only [ 48.336073][ T2016] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 48.349760][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 48.365576][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 48.376567][ T2016] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 48.385111][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 48.400668][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 48.418928][ T2016] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 48.432287][ T2016] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 48.521744][ T2019] loop0: detected capacity change from 0 to 8192 [ 48.529664][ T2019] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 48.538953][ T2019] REISERFS (device loop0): using ordered data mode [ 48.545673][ T2019] reiserfs: using flush barriers [ 48.551212][ T2019] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 48.567958][ T2019] REISERFS (device loop0): checking transaction log (loop0) [ 48.575905][ T2019] REISERFS (device loop0): Using r5 hash to sort names [ 48.583023][ T2019] ================================================================== [ 48.591327][ T2019] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 48.599899][ T2019] Read of size 250888 at addr ffff8880695a1058 by task syz-executor.0/2019 [ 48.608719][ T2019] [ 48.611028][ T2019] CPU: 1 PID: 2019 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller #0 [ 48.619752][ T2019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 48.629876][ T2019] Call Trace: [ 48.633161][ T2019] [ 48.636156][ T2019] dump_stack_lvl+0x41/0x5e [ 48.641110][ T2019] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.648191][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 48.654227][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 48.660354][ T2019] kasan_report.cold+0x83/0xdf [ 48.665088][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 48.671206][ T2019] kasan_check_range+0x13d/0x180 [ 48.676112][ T2019] memmove+0x20/0x60 [ 48.680059][ T2019] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 48.686006][ T2019] reiserfs_new_inode+0x422/0x1ee0 [ 48.691181][ T2019] ? lock_downgrade+0x4f0/0x4f0 [ 48.695999][ T2019] ? reiserfs_fh_to_parent+0x160/0x160 [ 48.701435][ T2019] ? __mutex_unlock_slowpath+0x158/0x450 [ 48.708078][ T2019] ? wait_for_completion+0x220/0x220 [ 48.713342][ T2019] ? wait_for_completion+0x220/0x220 [ 48.718600][ T2019] ? find_held_lock+0x2d/0x110 [ 48.723347][ T2019] ? do_journal_begin_r+0x77c/0xef0 [ 48.728622][ T2019] ? do_raw_spin_lock+0x120/0x2b0 [ 48.733710][ T2019] ? dquot_initialize_needed+0x230/0x230 [ 48.739494][ T2019] ? rwlock_bug.part.0+0x90/0x90 [ 48.744436][ T2019] ? lock_acquire+0x11a/0x250 [ 48.749102][ T2019] reiserfs_mkdir+0x40c/0x870 [ 48.753764][ T2019] ? reiserfs_mknod+0x670/0x670 [ 48.758677][ T2019] ? down_write+0xcd/0x140 [ 48.763073][ T2019] ? down_write_killable+0x160/0x160 [ 48.768526][ T2019] ? down_write_killable+0x160/0x160 [ 48.773800][ T2019] reiserfs_xattr_init+0x494/0xb10 [ 48.778894][ T2019] reiserfs_fill_super+0x1bbc/0x26d0 [ 48.784156][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 48.789414][ T2019] ? pointer+0x700/0x700 [ 48.793636][ T2019] ? up_write+0x131/0x1e0 [ 48.798121][ T2019] ? sget+0x390/0x470 [ 48.802081][ T2019] mount_bdev+0x2c3/0x3a0 [ 48.806556][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 48.811754][ T2019] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 48.817041][ T2019] legacy_get_tree+0xfa/0x1f0 [ 48.821785][ T2019] ? security_capable+0x4c/0x90 [ 48.826915][ T2019] vfs_get_tree+0x83/0x1b0 [ 48.831441][ T2019] path_mount+0x44f/0x1a60 [ 48.835949][ T2019] ? finish_automount+0x7d0/0x7d0 [ 48.841127][ T2019] ? kasan_set_free_info+0x20/0x30 [ 48.846394][ T2019] ? user_path_at_empty+0x40/0x50 [ 48.851399][ T2019] ? kmem_cache_free+0x7e/0x470 [ 48.856248][ T2019] __x64_sys_mount+0x1f5/0x260 [ 48.861161][ T2019] ? copy_mnt_ns+0xd20/0xd20 [ 48.865715][ T2019] ? vtime_user_exit+0xde/0x180 [ 48.870530][ T2019] do_syscall_64+0x35/0x80 [ 48.874931][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.880804][ T2019] RIP: 0033:0x7f55669c405a [ 48.885188][ T2019] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.904771][ T2019] RSP: 002b:00007f5566544ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.913238][ T2019] RAX: ffffffffffffffda RBX: 00007f5566544f80 RCX: 00007f55669c405a [ 48.921189][ T2019] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f5566544f40 [ 48.929239][ T2019] RBP: 0000000020000080 R08: 00007f5566544f80 R09: 0000000000008008 [ 48.937205][ T2019] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 48.945237][ T2019] R13: 00007f5566544f40 R14: 0000000000001138 R15: 00000000200000c0 [ 48.953205][ T2019] [ 48.956198][ T2019] [ 48.958584][ T2019] The buggy address belongs to the page: [ 48.964188][ T2019] page:ffffea0001a56840 refcount:3 mapcount:0 mapping:ffff88800de18808 index:0x10 pfn:0x695a1 [ 48.974763][ T2019] memcg:ffff888076134000 [ 48.979146][ T2019] aops:def_blk_aops ino:700000 [ 48.983907][ T2019] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 48.993953][ T2019] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88800de18808 [ 49.002588][ T2019] raw: 0000000000000010 ffff8880797aa1d0 00000003ffffffff ffff888076134000 [ 49.011136][ T2019] page dumped because: kasan: bad access detected [ 49.017514][ T2019] page_owner tracks the page as allocated [ 49.023195][ T2019] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2019, ts 48529543055, free_ts 48486567502 [ 49.040605][ T2019] get_page_from_freelist+0x12d1/0x2d40 [ 49.046123][ T2019] __alloc_pages+0x1b2/0x440 [ 49.050677][ T2019] pagecache_get_page+0x299/0xdd0 [ 49.055697][ T2019] __getblk_slow+0x1a6/0x7a0 [ 49.060269][ T2019] __bread_gfp+0x1e6/0x2f0 [ 49.064648][ T2019] read_super_block+0x7c/0x840 [ 49.069381][ T2019] reiserfs_fill_super+0xa41/0x26d0 [ 49.074552][ T2019] mount_bdev+0x2c3/0x3a0 [ 49.078936][ T2019] legacy_get_tree+0xfa/0x1f0 [ 49.083700][ T2019] vfs_get_tree+0x83/0x1b0 [ 49.088079][ T2019] path_mount+0x44f/0x1a60 [ 49.092550][ T2019] __x64_sys_mount+0x1f5/0x260 [ 49.097278][ T2019] do_syscall_64+0x35/0x80 [ 49.101746][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.107614][ T2019] page last free stack trace: [ 49.112267][ T2019] free_pcp_prepare+0x379/0x850 [ 49.117085][ T2019] free_unref_page_list+0x16f/0xbd0 [ 49.122244][ T2019] release_pages+0xb3a/0x1480 [ 49.126984][ T2019] __pagevec_release+0x59/0xe0 [ 49.131806][ T2019] shmem_undo_range+0x505/0xeb0 [ 49.136888][ T2019] shmem_evict_inode+0x313/0xa40 [ 49.141969][ T2019] evict+0x296/0x5d0 [ 49.145834][ T2019] __dentry_kill+0x315/0x5e0 [ 49.151000][ T2019] __fput+0x2ef/0x9a0 [ 49.155148][ T2019] task_work_run+0xb8/0x140 [ 49.159629][ T2019] exit_to_user_mode_prepare+0x15a/0x160 [ 49.165631][ T2019] syscall_exit_to_user_mode+0x12/0x30 [ 49.172889][ T2019] do_syscall_64+0x42/0x80 [ 49.177272][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.183332][ T2019] [ 49.185663][ T2019] Memory state around the buggy address: [ 49.191276][ T2019] ffff8880695a4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.199314][ T2019] ffff8880695a4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.207525][ T2019] >ffff8880695a5000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.215638][ T2019] ^ [ 49.219708][ T2019] ffff8880695a5080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.227822][ T2019] ffff8880695a5100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.236051][ T2019] ================================================================== [ 49.244091][ T2019] Disabling lock debugging due to kernel taint [ 49.250523][ T2019] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.258514][ T2019] Kernel Offset: disabled [ 49.262816][ T2019] Rebooting in 86400 seconds..