Warning: Permanently added '10.128.0.67' (ED25519) to the list of known hosts. 2023/12/31 12:47:32 ignoring optional flag "sandboxArg"="0" 2023/12/31 12:47:32 parsed 1 programs 2023/12/31 12:47:32 executed programs: 0 [ 45.413300][ T2013] loop0: detected capacity change from 0 to 8192 [ 45.421039][ T2013] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.430451][ T2013] REISERFS (device loop0): using ordered data mode [ 45.436968][ T2013] reiserfs: using flush barriers [ 45.442451][ T2013] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.459005][ T2013] REISERFS (device loop0): checking transaction log (loop0) [ 45.466745][ T2013] REISERFS (device loop0): Using r5 hash to sort names [ 45.474087][ T2013] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.489458][ T2013] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.500151][ T2013] REISERFS (device loop0): Remounting filesystem read-only [ 45.507344][ T2013] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 45.520898][ T2013] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.536380][ T2013] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.546889][ T2013] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 45.555510][ T2013] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.570772][ T2013] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.581536][ T2013] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 45.594997][ T2013] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 45.704371][ T2016] loop0: detected capacity change from 0 to 8192 [ 45.711732][ T2016] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.721054][ T2016] REISERFS (device loop0): using ordered data mode [ 45.727749][ T2016] reiserfs: using flush barriers [ 45.733122][ T2016] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.749550][ T2016] REISERFS (device loop0): checking transaction log (loop0) [ 45.757537][ T2016] REISERFS (device loop0): Using r5 hash to sort names [ 45.764692][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.779983][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.790662][ T2016] REISERFS (device loop0): Remounting filesystem read-only [ 45.798216][ T2016] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 45.811502][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.826774][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.837312][ T2016] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 45.845640][ T2016] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 45.860996][ T2016] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 45.871484][ T2016] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 45.885079][ T2016] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 45.978312][ T2019] loop0: detected capacity change from 0 to 8192 [ 45.985901][ T2019] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.995507][ T2019] REISERFS (device loop0): using ordered data mode [ 46.002053][ T2019] reiserfs: using flush barriers [ 46.007843][ T2019] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.024332][ T2019] REISERFS (device loop0): checking transaction log (loop0) [ 46.032078][ T2019] REISERFS (device loop0): Using r5 hash to sort names [ 46.039428][ T2019] ================================================================== [ 46.047474][ T2019] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.055860][ T2019] Read of size 250888 at addr ffff88806a4b5058 by task syz-executor.0/2019 [ 46.064684][ T2019] [ 46.066979][ T2019] CPU: 1 PID: 2019 Comm: syz-executor.0 Not tainted 5.15.145-syzkaller #0 [ 46.075631][ T2019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 46.085758][ T2019] Call Trace: [ 46.089016][ T2019] [ 46.091929][ T2019] dump_stack_lvl+0x41/0x5e [ 46.096415][ T2019] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.103409][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.109444][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.115475][ T2019] kasan_report.cold+0x83/0xdf [ 46.120205][ T2019] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.126234][ T2019] kasan_check_range+0x13d/0x180 [ 46.131443][ T2019] memmove+0x20/0x60 [ 46.135402][ T2019] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.141268][ T2019] reiserfs_new_inode+0x422/0x1ee0 [ 46.146390][ T2019] ? lock_downgrade+0x4f0/0x4f0 [ 46.151224][ T2019] ? reiserfs_fh_to_parent+0x160/0x160 [ 46.156649][ T2019] ? __mutex_unlock_slowpath+0x158/0x450 [ 46.162258][ T2019] ? wait_for_completion+0x220/0x220 [ 46.167726][ T2019] ? wait_for_completion+0x220/0x220 [ 46.173781][ T2019] ? find_held_lock+0x2d/0x110 [ 46.178516][ T2019] ? do_journal_begin_r+0x77c/0xef0 [ 46.183688][ T2019] ? do_raw_spin_lock+0x120/0x2b0 [ 46.188849][ T2019] ? dquot_initialize_needed+0x230/0x230 [ 46.194641][ T2019] ? rwlock_bug.part.0+0x90/0x90 [ 46.199826][ T2019] ? lock_acquire+0x11a/0x250 [ 46.204477][ T2019] reiserfs_mkdir+0x40c/0x870 [ 46.209220][ T2019] ? reiserfs_mknod+0x670/0x670 [ 46.214124][ T2019] ? down_write+0xcd/0x140 [ 46.218541][ T2019] ? down_write_killable+0x160/0x160 [ 46.223789][ T2019] ? down_write_killable+0x160/0x160 [ 46.229051][ T2019] reiserfs_xattr_init+0x494/0xb10 [ 46.234300][ T2019] reiserfs_fill_super+0x1bbc/0x26d0 [ 46.239727][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 46.244886][ T2019] ? pointer+0x700/0x700 [ 46.249107][ T2019] ? up_write+0x131/0x1e0 [ 46.253400][ T2019] ? sget+0x390/0x470 [ 46.257344][ T2019] mount_bdev+0x2c3/0x3a0 [ 46.261658][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 46.266876][ T2019] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 46.271954][ T2019] legacy_get_tree+0xfa/0x1f0 [ 46.276699][ T2019] ? security_capable+0x4c/0x90 [ 46.281704][ T2019] vfs_get_tree+0x83/0x1b0 [ 46.286260][ T2019] path_mount+0x41e/0x19f0 [ 46.290645][ T2019] ? finish_automount+0x7d0/0x7d0 [ 46.295632][ T2019] ? kasan_set_free_info+0x20/0x30 [ 46.300729][ T2019] ? user_path_at_empty+0x40/0x50 [ 46.305732][ T2019] ? kmem_cache_free+0x7e/0x470 [ 46.310549][ T2019] __x64_sys_mount+0x1f5/0x260 [ 46.315280][ T2019] ? copy_mnt_ns+0xd20/0xd20 [ 46.319928][ T2019] ? vtime_user_exit+0xde/0x180 [ 46.324761][ T2019] do_syscall_64+0x35/0x80 [ 46.329168][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.335029][ T2019] RIP: 0033:0x7f777781805a [ 46.339415][ T2019] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.359506][ T2019] RSP: 002b:00007f7777398ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.367900][ T2019] RAX: ffffffffffffffda RBX: 00007f7777398f80 RCX: 00007f777781805a [ 46.375841][ T2019] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f7777398f40 [ 46.383784][ T2019] RBP: 0000000020000080 R08: 00007f7777398f80 R09: 0000000000008008 [ 46.391729][ T2019] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 46.399670][ T2019] R13: 00007f7777398f40 R14: 0000000000001138 R15: 00000000200000c0 [ 46.407730][ T2019] [ 46.410730][ T2019] [ 46.413026][ T2019] The buggy address belongs to the page: [ 46.418710][ T2019] page:ffffea0001a92d40 refcount:3 mapcount:0 mapping:ffff888140801308 index:0x10 pfn:0x6a4b5 [ 46.429482][ T2019] memcg:ffff88807e784000 [ 46.433702][ T2019] aops:def_blk_aops ino:700000 [ 46.438536][ T2019] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 46.447873][ T2019] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888140801308 [ 46.456514][ T2019] raw: 0000000000000010 ffff8880703eb828 00000003ffffffff ffff88807e784000 [ 46.465149][ T2019] page dumped because: kasan: bad access detected [ 46.471790][ T2019] page_owner tracks the page as allocated [ 46.478346][ T2019] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2019, ts 45985845030, free_ts 45671893138 [ 46.496913][ T2019] get_page_from_freelist+0x12d1/0x2d40 [ 46.502435][ T2019] __alloc_pages+0x1b2/0x440 [ 46.506995][ T2019] pagecache_get_page+0x299/0xdd0 [ 46.512006][ T2019] __getblk_slow+0x1a6/0x7a0 [ 46.516563][ T2019] __bread_gfp+0x1e6/0x2f0 [ 46.520945][ T2019] read_super_block+0x7c/0x840 [ 46.525807][ T2019] reiserfs_fill_super+0xa41/0x26d0 [ 46.530968][ T2019] mount_bdev+0x2c3/0x3a0 [ 46.535461][ T2019] legacy_get_tree+0xfa/0x1f0 [ 46.540129][ T2019] vfs_get_tree+0x83/0x1b0 [ 46.544597][ T2019] path_mount+0x41e/0x19f0 [ 46.548983][ T2019] __x64_sys_mount+0x1f5/0x260 [ 46.553711][ T2019] do_syscall_64+0x35/0x80 [ 46.558092][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.564123][ T2019] page last free stack trace: [ 46.568857][ T2019] free_pcp_prepare+0x379/0x850 [ 46.573851][ T2019] free_unref_page_list+0x16f/0xbd0 [ 46.579161][ T2019] release_pages+0xb3a/0x1480 [ 46.583833][ T2019] tlb_finish_mmu+0x127/0x790 [ 46.588485][ T2019] exit_mmap+0x1b7/0x530 [ 46.592695][ T2019] mmput+0xd6/0x400 [ 46.596474][ T2019] do_exit+0x884/0x2200 [ 46.600597][ T2019] do_group_exit+0xe7/0x290 [ 46.605066][ T2019] get_signal+0x279/0x1f00 [ 46.609457][ T2019] arch_do_signal_or_restart+0x2b5/0x17b0 [ 46.615150][ T2019] exit_to_user_mode_prepare+0xef/0x160 [ 46.620663][ T2019] syscall_exit_to_user_mode+0x12/0x30 [ 46.626097][ T2019] do_syscall_64+0x42/0x80 [ 46.630478][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.636343][ T2019] [ 46.638638][ T2019] Memory state around the buggy address: [ 46.644233][ T2019] ffff88806a4cdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.652260][ T2019] ffff88806a4cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.660886][ T2019] >ffff88806a4ce000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.668999][ T2019] ^ [ 46.673116][ T2019] ffff88806a4ce080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.681314][ T2019] ffff88806a4ce100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.689338][ T2019] ================================================================== [ 46.697361][ T2019] Disabling lock debugging due to kernel taint [ 46.703588][ T2019] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.710982][ T2019] Kernel Offset: disabled [ 46.715278][ T2019] Rebooting in 86400 seconds..