Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. 2023/12/01 10:37:53 ignoring optional flag "sandboxArg"="0" 2023/12/01 10:37:53 parsed 1 programs 2023/12/01 10:37:53 executed programs: 0 [ 47.020694][ T2014] loop0: detected capacity change from 0 to 8192 [ 47.028868][ T2014] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.039373][ T2014] REISERFS (device loop0): using ordered data mode [ 47.048262][ T2014] reiserfs: using flush barriers [ 47.055232][ T2014] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.076833][ T2014] REISERFS (device loop0): checking transaction log (loop0) [ 47.086992][ T2014] REISERFS (device loop0): Using r5 hash to sort names [ 47.095415][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.112721][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.124163][ T2014] REISERFS (device loop0): Remounting filesystem read-only [ 47.131564][ T2014] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.145853][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.163781][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.175622][ T2014] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 47.185449][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.203888][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.214860][ T2014] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.229055][ T2014] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 47.315956][ T2018] loop0: detected capacity change from 0 to 8192 [ 47.325153][ T2018] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.336007][ T2018] REISERFS (device loop0): using ordered data mode [ 47.342665][ T2018] reiserfs: using flush barriers [ 47.348720][ T2018] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.366231][ T2018] REISERFS (device loop0): checking transaction log (loop0) [ 47.374464][ T2018] REISERFS (device loop0): Using r5 hash to sort names [ 47.382667][ T2018] ================================================================== [ 47.392564][ T2018] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.401158][ T2018] Read of size 250888 at addr ffff88806a0dd058 by task syz-executor.0/2018 [ 47.410424][ T2018] [ 47.412737][ T2018] CPU: 0 PID: 2018 Comm: syz-executor.0 Not tainted 5.15.140-syzkaller #0 [ 47.421540][ T2018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 47.431982][ T2018] Call Trace: [ 47.435255][ T2018] [ 47.438347][ T2018] dump_stack_lvl+0x41/0x5e [ 47.442998][ T2018] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.455215][ T2018] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.461528][ T2018] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.467749][ T2018] kasan_report.cold+0x83/0xdf [ 47.472581][ T2018] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.478899][ T2018] kasan_check_range+0x13d/0x180 [ 47.484114][ T2018] memmove+0x20/0x60 [ 47.488155][ T2018] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.494641][ T2018] reiserfs_new_inode+0x422/0x1ee0 [ 47.499897][ T2018] ? lock_downgrade+0x4f0/0x4f0 [ 47.505392][ T2018] ? reiserfs_fh_to_parent+0x160/0x160 [ 47.512023][ T2018] ? __mutex_unlock_slowpath+0x158/0x450 [ 47.517806][ T2018] ? wait_for_completion+0x220/0x220 [ 47.523335][ T2018] ? wait_for_completion+0x220/0x220 [ 47.528599][ T2018] ? find_held_lock+0x2d/0x110 [ 47.533341][ T2018] ? do_journal_begin_r+0x77c/0xef0 [ 47.539020][ T2018] ? do_raw_spin_lock+0x120/0x2b0 [ 47.544171][ T2018] ? dquot_initialize_needed+0x230/0x230 [ 47.549772][ T2018] ? rwlock_bug.part.0+0x90/0x90 [ 47.554927][ T2018] ? lock_acquire+0x11a/0x250 [ 47.559571][ T2018] reiserfs_mkdir+0x40c/0x870 [ 47.564217][ T2018] ? reiserfs_mknod+0x670/0x670 [ 47.569071][ T2018] ? down_write+0xcd/0x140 [ 47.573464][ T2018] ? down_write_killable+0x160/0x160 [ 47.578735][ T2018] ? down_write_killable+0x160/0x160 [ 47.583986][ T2018] reiserfs_xattr_init+0x494/0xb10 [ 47.589074][ T2018] reiserfs_fill_super+0x1bbc/0x26d0 [ 47.594443][ T2018] ? reiserfs_remount+0x15c0/0x15c0 [ 47.599611][ T2018] ? pointer+0x700/0x700 [ 47.603822][ T2018] ? up_write+0x131/0x1e0 [ 47.608294][ T2018] ? sget+0x390/0x470 [ 47.612704][ T2018] mount_bdev+0x2c3/0x3a0 [ 47.617470][ T2018] ? reiserfs_remount+0x15c0/0x15c0 [ 47.623057][ T2018] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 47.628654][ T2018] legacy_get_tree+0xfa/0x1f0 [ 47.633442][ T2018] ? security_capable+0x4c/0x90 [ 47.638618][ T2018] vfs_get_tree+0x83/0x1b0 [ 47.643352][ T2018] path_mount+0x41e/0x19f0 [ 47.648110][ T2018] ? finish_automount+0x7d0/0x7d0 [ 47.653386][ T2018] ? kasan_set_free_info+0x20/0x30 [ 47.658752][ T2018] ? user_path_at_empty+0x40/0x50 [ 47.664360][ T2018] ? kmem_cache_free+0x7e/0x470 [ 47.669309][ T2018] __x64_sys_mount+0x1f5/0x260 [ 47.675004][ T2018] ? copy_mnt_ns+0xd20/0xd20 [ 47.680734][ T2018] ? vtime_user_exit+0xde/0x180 [ 47.686175][ T2018] do_syscall_64+0x35/0x80 [ 47.690690][ T2018] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.697769][ T2018] RIP: 0033:0x7f6e8878505a [ 47.702881][ T2018] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.724475][ T2018] RSP: 002b:00007f6e88305ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.733329][ T2018] RAX: ffffffffffffffda RBX: 00007f6e88305f80 RCX: 00007f6e8878505a [ 47.742071][ T2018] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f6e88305f40 [ 47.750710][ T2018] RBP: 0000000020000080 R08: 00007f6e88305f80 R09: 0000000000008008 [ 47.759363][ T2018] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 47.768271][ T2018] R13: 00007f6e88305f40 R14: 0000000000001138 R15: 00000000200000c0 [ 47.776301][ T2018] [ 47.779296][ T2018] [ 47.781613][ T2018] The buggy address belongs to the page: [ 47.787696][ T2018] page:ffffea0001a83740 refcount:3 mapcount:0 mapping:ffff888008809308 index:0x10 pfn:0x6a0dd [ 47.799577][ T2018] memcg:ffff888077668000 [ 47.804480][ T2018] aops:def_blk_aops ino:700000 [ 47.809228][ T2018] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 47.819586][ T2018] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888008809308 [ 47.828567][ T2018] raw: 0000000000000010 ffff8880700dbcb0 00000003ffffffff ffff888077668000 [ 47.838377][ T2018] page dumped because: kasan: bad access detected [ 47.845253][ T2018] page_owner tracks the page as allocated [ 47.851554][ T2018] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2018, ts 47325088581, free_ts 47294350516 [ 47.870632][ T2018] get_page_from_freelist+0x12d1/0x2d40 [ 47.877889][ T2018] __alloc_pages+0x1b2/0x440 [ 47.884106][ T2018] pagecache_get_page+0x299/0xdd0 [ 47.889649][ T2018] __getblk_slow+0x1a6/0x7a0 [ 47.895357][ T2018] __bread_gfp+0x1e6/0x2f0 [ 47.900570][ T2018] read_super_block+0x7c/0x840 [ 47.905646][ T2018] reiserfs_fill_super+0xa41/0x26d0 [ 47.911176][ T2018] mount_bdev+0x2c3/0x3a0 [ 47.916320][ T2018] legacy_get_tree+0xfa/0x1f0 [ 47.921901][ T2018] vfs_get_tree+0x83/0x1b0 [ 47.926403][ T2018] path_mount+0x41e/0x19f0 [ 47.930817][ T2018] __x64_sys_mount+0x1f5/0x260 [ 47.936125][ T2018] do_syscall_64+0x35/0x80 [ 47.940886][ T2018] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.947283][ T2018] page last free stack trace: [ 47.952097][ T2018] free_pcp_prepare+0x379/0x850 [ 47.957299][ T2018] free_unref_page_list+0x16f/0xbd0 [ 47.962586][ T2018] release_pages+0xb3a/0x1480 [ 47.967246][ T2018] tlb_flush_mmu+0xbb/0x590 [ 47.971820][ T2018] unmap_page_range+0x11b6/0x1b70 [ 47.977993][ T2018] unmap_vmas+0x13e/0x250 [ 47.982683][ T2018] exit_mmap+0x19d/0x530 [ 47.987289][ T2018] mmput+0xd6/0x400 [ 47.991181][ T2018] do_exit+0x884/0x2200 [ 47.995320][ T2018] do_group_exit+0xe7/0x290 [ 47.999890][ T2018] __x64_sys_exit_group+0x35/0x40 [ 48.005238][ T2018] do_syscall_64+0x35/0x80 [ 48.010232][ T2018] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.016726][ T2018] [ 48.019153][ T2018] Memory state around the buggy address: [ 48.026161][ T2018] ffff88806a0e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.034876][ T2018] ffff88806a0e8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.043412][ T2018] >ffff88806a0e9000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.051948][ T2018] ^ [ 48.056505][ T2018] ffff88806a0e9080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.066285][ T2018] ffff88806a0e9100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.076831][ T2018] ================================================================== [ 48.086961][ T2018] Disabling lock debugging due to kernel taint [ 48.094370][ T2018] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.103647][ T2018] Kernel Offset: disabled [ 48.107966][ T2018] Rebooting in 86400 seconds..