Warning: Permanently added '10.128.10.28' (ED25519) to the list of known hosts. 2023/07/29 10:06:13 ignoring optional flag "sandboxArg"="0" 2023/07/29 10:06:13 parsed 1 programs 2023/07/29 10:06:13 executed programs: 0 [ 46.893616][ T2014] loop0: detected capacity change from 0 to 8192 [ 46.901630][ T2014] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.911137][ T2014] REISERFS (device loop0): using ordered data mode [ 46.917852][ T2014] reiserfs: using flush barriers [ 46.923601][ T2014] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.940061][ T2014] REISERFS (device loop0): checking transaction log (loop0) [ 46.947893][ T2014] REISERFS (device loop0): Using r5 hash to sort names [ 46.955245][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 46.970978][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 46.981788][ T2014] REISERFS (device loop0): Remounting filesystem read-only [ 46.989450][ T2014] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.002810][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.019131][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.029719][ T2014] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 47.038116][ T2014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.053656][ T2014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.064373][ T2014] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.077712][ T2014] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 47.175722][ T2017] loop0: detected capacity change from 0 to 8192 [ 47.183773][ T2017] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.193236][ T2017] REISERFS (device loop0): using ordered data mode [ 47.199750][ T2017] reiserfs: using flush barriers [ 47.205571][ T2017] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.222451][ T2017] REISERFS (device loop0): checking transaction log (loop0) [ 47.230551][ T2017] REISERFS (device loop0): Using r5 hash to sort names [ 47.237597][ T2017] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.254420][ T2017] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.265285][ T2017] REISERFS (device loop0): Remounting filesystem read-only [ 47.272621][ T2017] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.286263][ T2017] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.301770][ T2017] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.312373][ T2017] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error [ 47.320725][ T2017] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3985, free_space(entry_count) 2 [ 47.336101][ T2017] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 47.346768][ T2017] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 47.360021][ T2017] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 47.447769][ T2020] loop0: detected capacity change from 0 to 8192 [ 47.455722][ T2020] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.465400][ T2020] REISERFS (device loop0): using ordered data mode [ 47.472031][ T2020] reiserfs: using flush barriers [ 47.477670][ T2020] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.494162][ T2020] REISERFS (device loop0): checking transaction log (loop0) [ 47.502280][ T2020] REISERFS (device loop0): Using r5 hash to sort names [ 47.510526][ T2020] ================================================================== [ 47.518579][ T2020] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.527218][ T2020] Read of size 250888 at addr ffff888069fd7058 by task syz-executor.0/2020 [ 47.535865][ T2020] [ 47.538248][ T2020] CPU: 1 PID: 2020 Comm: syz-executor.0 Not tainted 5.15.123-syzkaller #0 [ 47.546799][ T2020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 47.557189][ T2020] Call Trace: [ 47.560446][ T2020] [ 47.563359][ T2020] dump_stack_lvl+0x41/0x5e [ 47.567893][ T2020] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.574892][ T2020] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.581018][ T2020] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.587341][ T2020] kasan_report.cold+0x83/0xdf [ 47.592086][ T2020] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.598152][ T2020] kasan_check_range+0x13d/0x180 [ 47.603166][ T2020] memmove+0x20/0x60 [ 47.607140][ T2020] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.613012][ T2020] reiserfs_new_inode+0x422/0x1ee0 [ 47.618177][ T2020] ? lock_downgrade+0x520/0x520 [ 47.623002][ T2020] ? reiserfs_fh_to_parent+0x160/0x160 [ 47.628433][ T2020] ? __mutex_unlock_slowpath+0x158/0x450 [ 47.634131][ T2020] ? wait_for_completion+0x220/0x220 [ 47.639391][ T2020] ? wait_for_completion+0x220/0x220 [ 47.644657][ T2020] ? find_held_lock+0x2d/0x110 [ 47.649402][ T2020] ? do_journal_begin_r+0x77c/0xef0 [ 47.654697][ T2020] ? do_raw_spin_lock+0x120/0x2b0 [ 47.659699][ T2020] ? dquot_initialize_needed+0x230/0x230 [ 47.665302][ T2020] ? rwlock_bug.part.0+0x90/0x90 [ 47.670224][ T2020] ? lock_acquire+0x132/0x270 [ 47.674889][ T2020] reiserfs_mkdir+0x40c/0x870 [ 47.679537][ T2020] ? reiserfs_mknod+0x670/0x670 [ 47.684352][ T2020] ? down_write+0xcd/0x140 [ 47.688755][ T2020] ? down_write_killable+0x160/0x160 [ 47.694402][ T2020] ? down_write_killable+0x160/0x160 [ 47.700291][ T2020] reiserfs_xattr_init+0x494/0xb10 [ 47.705749][ T2020] reiserfs_fill_super+0x1bbc/0x26d0 [ 47.711101][ T2020] ? reiserfs_remount+0x15c0/0x15c0 [ 47.716268][ T2020] ? pointer+0x700/0x700 [ 47.720772][ T2020] ? up_write+0x131/0x1e0 [ 47.725082][ T2020] ? sget+0x390/0x470 [ 47.729039][ T2020] mount_bdev+0x2c3/0x3a0 [ 47.733429][ T2020] ? reiserfs_remount+0x15c0/0x15c0 [ 47.738694][ T2020] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 47.743681][ T2020] legacy_get_tree+0xfa/0x1f0 [ 47.748339][ T2020] ? security_capable+0x4c/0x90 [ 47.753422][ T2020] vfs_get_tree+0x83/0x1b0 [ 47.757805][ T2020] path_mount+0x41e/0x19f0 [ 47.762450][ T2020] ? finish_automount+0x7d0/0x7d0 [ 47.767466][ T2020] ? user_path_at_empty+0x40/0x50 [ 47.772573][ T2020] ? kmem_cache_free+0x7e/0x470 [ 47.777479][ T2020] ? rcu_is_watching+0x11/0xa0 [ 47.782568][ T2020] __x64_sys_mount+0x1f5/0x260 [ 47.787320][ T2020] ? copy_mnt_ns+0xd20/0xd20 [ 47.791891][ T2020] do_syscall_64+0x35/0x80 [ 47.796316][ T2020] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.802269][ T2020] RIP: 0033:0x7f17211b005a [ 47.806663][ T2020] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.827078][ T2020] RSP: 002b:00007f1720d30ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.835470][ T2020] RAX: ffffffffffffffda RBX: 00007f1720d30f80 RCX: 00007f17211b005a [ 47.843437][ T2020] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f1720d30f40 [ 47.851484][ T2020] RBP: 0000000020000080 R08: 00007f1720d30f80 R09: 0000000000008008 [ 47.859625][ T2020] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 47.867784][ T2020] R13: 00007f1720d30f40 R14: 0000000000001138 R15: 00000000200000c0 [ 47.875918][ T2020] [ 47.879267][ T2020] [ 47.881679][ T2020] The buggy address belongs to the page: [ 47.887829][ T2020] page:ffffea0001a7f5c0 refcount:3 mapcount:0 mapping:ffff888140801308 index:0x10 pfn:0x69fd7 [ 47.898625][ T2020] memcg:ffff88807f564000 [ 47.902927][ T2020] aops:def_blk_aops ino:700000 [ 47.907683][ T2020] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 47.917165][ T2020] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888140801308 [ 47.926104][ T2020] raw: 0000000000000010 ffff88800dea31d0 00000003ffffffff ffff88807f564000 [ 47.934756][ T2020] page dumped because: kasan: bad access detected [ 47.941307][ T2020] page_owner tracks the page as allocated [ 47.947778][ T2020] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2020, ts 47455663230, free_ts 47447551804 [ 47.965098][ T2020] get_page_from_freelist+0x1334/0x2dc0 [ 47.970625][ T2020] __alloc_pages+0x1b2/0x440 [ 47.975527][ T2020] pagecache_get_page+0x299/0xdd0 [ 47.980553][ T2020] __getblk_slow+0x1a6/0x7a0 [ 47.985109][ T2020] __bread_gfp+0x1e6/0x2f0 [ 47.991252][ T2020] read_super_block+0x7c/0x840 [ 47.996273][ T2020] reiserfs_fill_super+0xa41/0x26d0 [ 48.001433][ T2020] mount_bdev+0x2c3/0x3a0 [ 48.005828][ T2020] legacy_get_tree+0xfa/0x1f0 [ 48.010834][ T2020] vfs_get_tree+0x83/0x1b0 [ 48.015228][ T2020] path_mount+0x41e/0x19f0 [ 48.019635][ T2020] __x64_sys_mount+0x1f5/0x260 [ 48.024447][ T2020] do_syscall_64+0x35/0x80 [ 48.028830][ T2020] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.034691][ T2020] page last free stack trace: [ 48.039339][ T2020] free_pcp_prepare+0x379/0x850 [ 48.044156][ T2020] free_unref_page_list+0x16f/0xca0 [ 48.049340][ T2020] release_pages+0xb3a/0x1480 [ 48.054253][ T2020] tlb_finish_mmu+0x127/0x790 [ 48.058898][ T2020] unmap_region+0x298/0x390 [ 48.063451][ T2020] __do_munmap+0x481/0x10c0 [ 48.068010][ T2020] __vm_munmap+0xd2/0x1a0 [ 48.072402][ T2020] __x64_sys_munmap+0x5d/0x80 [ 48.077045][ T2020] do_syscall_64+0x35/0x80 [ 48.081614][ T2020] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.087820][ T2020] [ 48.090119][ T2020] Memory state around the buggy address: [ 48.095917][ T2020] ffff888069fddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.103953][ T2020] ffff888069fddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.112263][ T2020] >ffff888069fde000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.120372][ T2020] ^ [ 48.124403][ T2020] ffff888069fde080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.132443][ T2020] ffff888069fde100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.141002][ T2020] ================================================================== [ 48.149046][ T2020] Disabling lock debugging due to kernel taint [ 48.155498][ T2020] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.163030][ T2020] Kernel Offset: disabled [ 48.167351][ T2020] Rebooting in 86400 seconds..