Warning: Permanently added '10.128.10.14' (ED25519) to the list of known hosts. 2023/12/26 23:47:38 ignoring optional flag "sandboxArg"="0" 2023/12/26 23:47:39 parsed 1 programs 2023/12/26 23:47:39 executed programs: 0 [ 50.149657][ T2239] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.335002][ T2656] loop0: detected capacity change from 0 to 8192 [ 53.342785][ T2656] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.355952][ T2656] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.365394][ T2656] REISERFS (device loop0): using ordered data mode [ 53.372020][ T2656] reiserfs: using flush barriers [ 53.377725][ T2656] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.394367][ T2656] REISERFS (device loop0): checking transaction log (loop0) [ 53.402555][ T2656] REISERFS (device loop0): Using r5 hash to sort names [ 53.409730][ T2656] ================================================================== [ 53.417810][ T2656] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 53.426204][ T2656] Read of size 250888 at addr ffff88806fc11058 by task syz-executor.0/2656 [ 53.434761][ T2656] [ 53.437068][ T2656] CPU: 0 PID: 2656 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller #0 [ 53.445727][ T2656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 53.455778][ T2656] Call Trace: [ 53.459047][ T2656] [ 53.461961][ T2656] dump_stack_lvl+0xf8/0x260 [ 53.466539][ T2656] ? nf_tcp_handle_invalid+0x300/0x300 [ 53.471976][ T2656] ? panic+0x500/0x500 [ 53.476021][ T2656] ? _printk+0xce/0x110 [ 53.480153][ T2656] print_report+0x163/0x540 [ 53.484633][ T2656] ? reiserfs_write_lock_nested+0x4a/0xb0 [ 53.490335][ T2656] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 53.496374][ T2656] kasan_report+0x142/0x170 [ 53.500857][ T2656] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 53.506898][ T2656] kasan_check_range+0x27e/0x290 [ 53.511810][ T2656] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 53.517852][ T2656] __asan_memmove+0x29/0x70 [ 53.522333][ T2656] reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 53.528210][ T2656] reiserfs_new_inode+0x295/0x1990 [ 53.533297][ T2656] ? do_journal_begin_r+0xaca/0xdd0 [ 53.538485][ T2656] ? reiserfs_write_inode+0x260/0x260 [ 53.543828][ T2656] ? do_journal_begin_r+0xbad/0xdd0 [ 53.549000][ T2656] ? reiserfs_security_init+0x3c0/0x3c0 [ 53.554536][ T2656] ? journal_begin+0x13f/0x2f0 [ 53.559274][ T2656] reiserfs_mkdir+0x543/0x870 [ 53.563924][ T2656] ? reiserfs_symlink+0x690/0x690 [ 53.569099][ T2656] ? down_write+0x12d/0x190 [ 53.573585][ T2656] ? up_write+0x143/0x300 [ 53.577888][ T2656] ? __up_read+0x360/0x360 [ 53.582278][ T2656] reiserfs_xattr_init+0x2c9/0x5a0 [ 53.587370][ T2656] reiserfs_fill_super+0x1b9b/0x2070 [ 53.592628][ T2656] ? reiserfs_kill_sb+0x140/0x140 [ 53.597625][ T2656] ? vscnprintf+0x30/0x30 [ 53.601929][ T2656] ? down_write+0x12d/0x190 [ 53.606415][ T2656] ? sb_set_blocksize+0x46/0xd0 [ 53.611250][ T2656] ? setup_bdev_super+0x48a/0x530 [ 53.616247][ T2656] mount_bdev+0x1d6/0x290 [ 53.620554][ T2656] ? reiserfs_kill_sb+0x140/0x140 [ 53.625561][ T2656] ? get_tree_bdev+0x5b0/0x5b0 [ 53.630297][ T2656] ? vfs_parse_fs_string+0x17f/0x210 [ 53.635555][ T2656] ? vfs_parse_fs_param+0x380/0x380 [ 53.640726][ T2656] legacy_get_tree+0xe9/0x170 [ 53.645389][ T2656] ? remove_save_link+0x4f0/0x4f0 [ 53.650387][ T2656] vfs_get_tree+0x7e/0x190 [ 53.654778][ T2656] do_new_mount+0x1e5/0x930 [ 53.659256][ T2656] ? do_move_mount_old+0x120/0x120 [ 53.664345][ T2656] __se_sys_mount+0x242/0x2d0 [ 53.668996][ T2656] ? __x64_sys_mount+0xc0/0xc0 [ 53.673732][ T2656] ? fpregs_assert_state_consistent+0x47/0x60 [ 53.679774][ T2656] do_syscall_64+0x45/0xe0 [ 53.684166][ T2656] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 53.690034][ T2656] RIP: 0033:0x7f879d67e1ea [ 53.694424][ T2656] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.714004][ T2656] RSP: 002b:00007f879e2fbee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 53.722397][ T2656] RAX: ffffffffffffffda RBX: 00007f879e2fbf80 RCX: 00007f879d67e1ea [ 53.730344][ T2656] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f879e2fbf40 [ 53.738291][ T2656] RBP: 0000000020000080 R08: 00007f879e2fbf80 R09: 0000000000008008 [ 53.746236][ T2656] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 53.754180][ T2656] R13: 00007f879e2fbf40 R14: 0000000000001138 R15: 00000000200000c0 [ 53.762127][ T2656] [ 53.765126][ T2656] [ 53.767430][ T2656] The buggy address belongs to the physical page: [ 53.773832][ T2656] page:ffffea0001bf0440 refcount:3 mapcount:0 mapping:ffff888148c48870 index:0x10 pfn:0x6fc11 [ 53.784058][ T2656] memcg:ffff888075786000 [ 53.788292][ T2656] aops:def_blk_aops ino:700000 [ 53.793064][ T2656] flags: 0xfff00000008104(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 53.802403][ T2656] page_type: 0xffffffff() [ 53.806706][ T2656] raw: 00fff00000008104 0000000000000000 dead000000000122 ffff888148c48870 [ 53.815261][ T2656] raw: 0000000000000010 ffff888073079000 00000003ffffffff ffff888075786000 [ 53.823814][ T2656] page dumped because: kasan: bad access detected [ 53.830199][ T2656] page_owner tracks the page as allocated [ 53.835888][ T2656] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 2656, tgid 2655 (syz-executor.0), ts 53342654949, free_ts 53334559197 [ 53.856536][ T2656] post_alloc_hook+0x10b/0x130 [ 53.861285][ T2656] get_page_from_freelist+0x345c/0x35f0 [ 53.866806][ T2656] __alloc_pages+0x255/0x650 [ 53.871369][ T2656] alloc_pages_mpol+0x27f/0x4d0 [ 53.876207][ T2656] folio_alloc+0xd4/0x220 [ 53.880526][ T2656] filemap_alloc_folio+0xc6/0x3a0 [ 53.885536][ T2656] __filemap_get_folio+0x28f/0x690 [ 53.890624][ T2656] bdev_getblk+0x1b1/0x4c0 [ 53.895015][ T2656] __bread_gfp+0xa7/0x2a0 [ 53.899317][ T2656] read_super_block+0x84/0x700 [ 53.904054][ T2656] reiserfs_fill_super+0xa22/0x2070 [ 53.909227][ T2656] mount_bdev+0x1d6/0x290 [ 53.913529][ T2656] legacy_get_tree+0xe9/0x170 [ 53.918177][ T2656] vfs_get_tree+0x7e/0x190 [ 53.922563][ T2656] do_new_mount+0x1e5/0x930 [ 53.927123][ T2656] __se_sys_mount+0x242/0x2d0 [ 53.931770][ T2656] page last free stack trace: [ 53.936420][ T2656] free_unref_page_prepare+0x7f9/0x910 [ 53.941855][ T2656] free_unref_page_list+0x54b/0x7f0 [ 53.947025][ T2656] release_pages+0x194b/0x1b10 [ 53.951762][ T2656] tlb_flush_mmu+0x273/0x3d0 [ 53.956322][ T2656] tlb_finish_mmu+0xb6/0x1c0 [ 53.960893][ T2656] unmap_region+0x2d0/0x320 [ 53.965368][ T2656] do_vmi_align_munmap+0xd60/0x1390 [ 53.970540][ T2656] do_vmi_munmap+0x1b1/0x210 [ 53.975192][ T2656] __vm_munmap+0x1ef/0x380 [ 53.979583][ T2656] __x64_sys_munmap+0x5b/0x70 [ 53.984234][ T2656] do_syscall_64+0x45/0xe0 [ 53.988624][ T2656] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 53.994492][ T2656] [ 53.996794][ T2656] Memory state around the buggy address: [ 54.002394][ T2656] ffff88806fc3df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.010429][ T2656] ffff88806fc3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.018461][ T2656] >ffff88806fc3e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.026495][ T2656] ^ [ 54.030539][ T2656] ffff88806fc3e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.038572][ T2656] ffff88806fc3e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.046605][ T2656] ================================================================== [ 54.055785][ T2656] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.063266][ T2656] Kernel Offset: disabled [ 54.067594][ T2656] Rebooting in 86400 seconds..