Warning: Permanently added '10.128.1.203' (ED25519) to the list of known hosts. 2024/09/10 00:55:38 ignoring optional flag "sandboxArg"="0" 2024/09/10 00:55:38 parsed 1 programs 2024/09/10 00:55:38 executed programs: 0 [ 52.676395][ T1925] loop0: detected capacity change from 0 to 8192 [ 52.685029][ T1925] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 52.694301][ T1925] REISERFS (device loop0): using ordered data mode [ 52.701042][ T1925] reiserfs: using flush barriers [ 52.707062][ T1925] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 52.723665][ T1925] REISERFS (device loop0): checking transaction log (loop0) [ 52.732635][ T1925] REISERFS (device loop0): Using r5 hash to sort names [ 52.740319][ T1925] ================================================================== [ 52.748558][ T1925] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 52.756983][ T1925] Read of size 250888 at addr ffff88806c6b8058 by task syz-executor.0/1925 [ 52.765545][ T1925] [ 52.767851][ T1925] CPU: 1 PID: 1925 Comm: syz-executor.0 Not tainted 5.15.166-syzkaller #0 [ 52.776318][ T1925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 52.786357][ T1925] Call Trace: [ 52.789648][ T1925] [ 52.792600][ T1925] dump_stack_lvl+0x41/0x5e [ 52.797087][ T1925] print_address_description.constprop.0.cold+0x6c/0x309 [ 52.804629][ T1925] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 52.810731][ T1925] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 52.816888][ T1925] kasan_report.cold+0x83/0xdf [ 52.821738][ T1925] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 52.827778][ T1925] kasan_check_range+0x13d/0x180 [ 52.832777][ T1925] memmove+0x20/0x60 [ 52.836725][ T1925] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 52.842676][ T1925] reiserfs_new_inode+0x422/0x1ee0 [ 52.847841][ T1925] ? lock_downgrade+0x4f0/0x4f0 [ 52.852661][ T1925] ? reiserfs_fh_to_parent+0x160/0x160 [ 52.858106][ T1925] ? __mutex_unlock_slowpath+0x158/0x450 [ 52.864020][ T1925] ? wait_for_completion+0x220/0x220 [ 52.869333][ T1925] ? wait_for_completion+0x220/0x220 [ 52.874606][ T1925] ? find_held_lock+0x2d/0x110 [ 52.879345][ T1925] ? do_journal_begin_r+0x77c/0xef0 [ 52.884533][ T1925] ? do_raw_spin_lock+0x120/0x2b0 [ 52.889619][ T1925] ? dquot_initialize_needed+0x230/0x230 [ 52.895305][ T1925] ? rwlock_bug.part.0+0x90/0x90 [ 52.900208][ T1925] ? lock_acquire+0x11a/0x250 [ 52.904853][ T1925] reiserfs_mkdir+0x40c/0x870 [ 52.909601][ T1925] ? reiserfs_mknod+0x670/0x670 [ 52.914430][ T1925] ? lock_acquire+0x11a/0x250 [ 52.919078][ T1925] ? try_lookup_one_len+0x130/0x130 [ 52.924330][ T1925] reiserfs_xattr_init+0x494/0xb10 [ 52.929409][ T1925] reiserfs_fill_super+0x1bbc/0x26d0 [ 52.934690][ T1925] ? reiserfs_remount+0x15c0/0x15c0 [ 52.939864][ T1925] ? pointer+0x700/0x700 [ 52.944091][ T1925] ? up_write+0x138/0x200 [ 52.948393][ T1925] ? sget+0x390/0x470 [ 52.952359][ T1925] mount_bdev+0x2c3/0x3a0 [ 52.956669][ T1925] ? reiserfs_remount+0x15c0/0x15c0 [ 52.962003][ T1925] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 52.966996][ T1925] legacy_get_tree+0xfa/0x1f0 [ 52.971657][ T1925] ? security_capable+0x4c/0x90 [ 52.976479][ T1925] vfs_get_tree+0x83/0x1b0 [ 52.980864][ T1925] path_mount+0x44f/0x1a60 [ 52.985340][ T1925] ? finish_automount+0x7d0/0x7d0 [ 52.990357][ T1925] ? kasan_set_free_info+0x20/0x30 [ 52.995460][ T1925] ? user_path_at_empty+0x40/0x50 [ 53.000459][ T1925] ? kmem_cache_free+0x7e/0x470 [ 53.005274][ T1925] __x64_sys_mount+0x1f5/0x260 [ 53.010006][ T1925] ? copy_mnt_ns+0xd20/0xd20 [ 53.014559][ T1925] ? vtime_user_exit+0xde/0x180 [ 53.019458][ T1925] do_syscall_64+0x33/0x80 [ 53.023866][ T1925] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.029775][ T1925] RIP: 0033:0x7f27ff4fd05a [ 53.034212][ T1925] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.054891][ T1925] RSP: 002b:00007f27ff07dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 53.063566][ T1925] RAX: ffffffffffffffda RBX: 00007f27ff07df80 RCX: 00007f27ff4fd05a [ 53.071726][ T1925] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f27ff07df40 [ 53.079765][ T1925] RBP: 0000000020000080 R08: 00007f27ff07df80 R09: 0000000000008008 [ 53.087802][ T1925] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 53.095749][ T1925] R13: 00007f27ff07df40 R14: 0000000000001138 R15: 00000000200000c0 [ 53.103810][ T1925] [ 53.106886][ T1925] [ 53.109182][ T1925] The buggy address belongs to the page: [ 53.114898][ T1925] page:ffffea0001b1ae00 refcount:3 mapcount:0 mapping:ffff888008809308 index:0x10 pfn:0x6c6b8 [ 53.125106][ T1925] memcg:ffff88807664c000 [ 53.129314][ T1925] aops:def_blk_aops ino:700000 [ 53.134076][ T1925] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 53.143419][ T1925] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888008809308 [ 53.151988][ T1925] raw: 0000000000000010 ffff8880701cbcb0 00000003ffffffff ffff88807664c000 [ 53.160803][ T1925] page dumped because: kasan: bad access detected [ 53.167281][ T1925] page_owner tracks the page as allocated [ 53.173055][ T1925] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 1925, ts 52684851072, free_ts 4663312933 [ 53.190029][ T1925] get_page_from_freelist+0x12d1/0x2d40 [ 53.195645][ T1925] __alloc_pages+0x1b2/0x440 [ 53.200374][ T1925] pagecache_get_page+0x299/0xdd0 [ 53.205363][ T1925] __getblk_slow+0x1a6/0x7a0 [ 53.209918][ T1925] __bread_gfp+0x1e6/0x2f0 [ 53.214300][ T1925] read_super_block+0x7c/0x840 [ 53.219046][ T1925] reiserfs_fill_super+0xa41/0x26d0 [ 53.224296][ T1925] mount_bdev+0x2c3/0x3a0 [ 53.228701][ T1925] legacy_get_tree+0xfa/0x1f0 [ 53.233340][ T1925] vfs_get_tree+0x83/0x1b0 [ 53.237984][ T1925] path_mount+0x44f/0x1a60 [ 53.242470][ T1925] __x64_sys_mount+0x1f5/0x260 [ 53.247219][ T1925] do_syscall_64+0x33/0x80 [ 53.251712][ T1925] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.257791][ T1925] page last free stack trace: [ 53.262443][ T1925] free_pcp_prepare+0x379/0x850 [ 53.267504][ T1925] free_unref_page+0x19/0x4b0 [ 53.272160][ T1925] free_contig_range+0x8b/0xb0 [ 53.276900][ T1925] destroy_args+0x7e/0x503 [ 53.281654][ T1925] debug_vm_pgtable+0x1773/0x17f5 [ 53.286649][ T1925] do_one_initcall+0xb4/0x320 [ 53.291293][ T1925] kernel_init_freeable+0x51e/0x580 [ 53.296465][ T1925] kernel_init+0x14/0x120 [ 53.300782][ T1925] ret_from_fork+0x1f/0x30 [ 53.305179][ T1925] [ 53.307526][ T1925] Memory state around the buggy address: [ 53.313142][ T1925] ffff88806c6b8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.321176][ T1925] ffff88806c6b8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.329201][ T1925] >ffff88806c6b9000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.337241][ T1925] ^ [ 53.341274][ T1925] ffff88806c6b9080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.349317][ T1925] ffff88806c6b9100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.357482][ T1925] ================================================================== [ 53.365779][ T1925] Disabling lock debugging due to kernel taint [ 53.372301][ T1925] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.379734][ T1925] Kernel Offset: disabled [ 53.384149][ T1925] Rebooting in 86400 seconds..