Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. 2023/07/18 20:14:24 ignoring optional flag "sandboxArg"="0" 2023/07/18 20:14:24 parsed 1 programs 2023/07/18 20:14:24 executed programs: 0 [ 56.589880][ T2640] loop0: detected capacity change from 0 to 8192 [ 56.597899][ T2640] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.611673][ T2640] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.621519][ T2640] REISERFS (device loop0): using ordered data mode [ 56.628257][ T2640] reiserfs: using flush barriers [ 56.634446][ T2640] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.651807][ T2640] REISERFS (device loop0): checking transaction log (loop0) [ 56.660569][ T2640] REISERFS (device loop0): Using r5 hash to sort names [ 56.667758][ T2640] ================================================================== [ 56.676263][ T2640] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 56.684947][ T2640] Read of size 250888 at addr ffff88806d16e058 by task syz-executor.0/2640 [ 56.693723][ T2640] [ 56.696042][ T2640] CPU: 1 PID: 2640 Comm: syz-executor.0 Not tainted 6.5.0-rc2-syzkaller #0 [ 56.705079][ T2640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 56.715302][ T2640] Call Trace: [ 56.718574][ T2640] [ 56.721557][ T2640] dump_stack_lvl+0xf8/0x260 [ 56.726430][ T2640] ? nf_tcp_handle_invalid+0x300/0x300 [ 56.732047][ T2640] ? panic+0x410/0x410 [ 56.736112][ T2640] ? vprintk_emit+0x119/0x1f0 [ 56.740859][ T2640] ? _printk+0xce/0x110 [ 56.744999][ T2640] print_report+0x163/0x540 [ 56.749603][ T2640] ? reiserfs_write_lock_nested+0x4a/0xb0 [ 56.755500][ T2640] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 56.761570][ T2640] kasan_report+0x175/0x1b0 [ 56.766151][ T2640] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 56.772238][ T2640] kasan_check_range+0x27e/0x290 [ 56.777248][ T2640] ? reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 56.783378][ T2640] __asan_memmove+0x29/0x70 [ 56.787946][ T2640] reiserfs_get_unused_objectid+0x1e7/0x3f0 [ 56.793813][ T2640] reiserfs_new_inode+0x298/0x1a20 [ 56.798904][ T2640] ? reiserfs_write_inode+0x260/0x260 [ 56.804253][ T2640] ? do_journal_begin_r+0xbad/0xdd0 [ 56.809931][ T2640] ? journal_begin+0x13f/0x2f0 [ 56.814886][ T2640] reiserfs_mkdir+0x543/0x870 [ 56.820697][ T2640] ? reiserfs_symlink+0x690/0x690 [ 56.826053][ T2640] ? down_write+0x12d/0x190 [ 56.830706][ T2640] ? up_write+0x143/0x300 [ 56.835102][ T2640] ? __up_read+0x360/0x360 [ 56.839735][ T2640] reiserfs_xattr_init+0x2c9/0x5a0 [ 56.845069][ T2640] reiserfs_fill_super+0x1b9a/0x2070 [ 56.850531][ T2640] ? reiserfs_kill_sb+0x140/0x140 [ 56.855813][ T2640] ? snprintf+0xd0/0x120 [ 56.860145][ T2640] ? sb_set_blocksize+0x46/0xd0 [ 56.865246][ T2640] mount_bdev+0x225/0x320 [ 56.869766][ T2640] ? reiserfs_kill_sb+0x140/0x140 [ 56.874944][ T2640] legacy_get_tree+0xe9/0x170 [ 56.879775][ T2640] ? remove_save_link+0x4f0/0x4f0 [ 56.884904][ T2640] vfs_get_tree+0x7e/0x180 [ 56.889390][ T2640] do_new_mount+0x1e5/0x8f0 [ 56.894140][ T2640] ? do_move_mount_old+0x120/0x120 [ 56.899315][ T2640] ? user_path_at_empty+0xf1/0x140 [ 56.904561][ T2640] __se_sys_mount+0x242/0x2d0 [ 56.909323][ T2640] ? __x64_sys_mount+0xc0/0xc0 [ 56.914158][ T2640] ? fpregs_assert_state_consistent+0x47/0x60 [ 56.920310][ T2640] do_syscall_64+0x41/0x90 [ 56.924804][ T2640] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.930856][ T2640] RIP: 0033:0x7fa00b07dfda [ 56.935435][ T2640] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.955645][ T2640] RSP: 002b:00007fa00be63ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.964490][ T2640] RAX: ffffffffffffffda RBX: 00007fa00be63f80 RCX: 00007fa00b07dfda [ 56.973339][ T2640] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007fa00be63f40 [ 56.981662][ T2640] RBP: 0000000020000080 R08: 00007fa00be63f80 R09: 0000000000008008 [ 56.989709][ T2640] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 57.000455][ T2640] R13: 00007fa00be63f40 R14: 0000000000001138 R15: 00000000200000c0 [ 57.008783][ T2640] [ 57.011787][ T2640] [ 57.014357][ T2640] The buggy address belongs to the physical page: [ 57.021313][ T2640] page:ffffea0001b45b80 refcount:3 mapcount:0 mapping:ffff8880110813f8 index:0x10 pfn:0x6d16e [ 57.032630][ T2640] memcg:ffff88807c240000 [ 57.037475][ T2640] aops:def_blk_aops ino:700000 [ 57.042484][ T2640] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 57.053039][ T2640] page_type: 0xffffffff() [ 57.057705][ T2640] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff8880110813f8 [ 57.067081][ T2640] raw: 0000000000000010 ffff888073f950e8 00000003ffffffff ffff88807c240000 [ 57.076645][ T2640] page dumped because: kasan: bad access detected [ 57.083575][ T2640] page_owner tracks the page as allocated [ 57.089445][ T2640] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 2640, tgid 2639 (syz-executor.0), ts 56597722776, free_ts 56589272482 [ 57.110545][ T2640] post_alloc_hook+0x26e/0x290 [ 57.115843][ T2640] get_page_from_freelist+0x3238/0x33d0 [ 57.121822][ T2640] __alloc_pages+0x255/0x650 [ 57.126409][ T2640] folio_alloc+0x13/0x30 [ 57.130732][ T2640] filemap_alloc_folio+0xc6/0x3a0 [ 57.135813][ T2640] __filemap_get_folio+0x1e4/0x540 [ 57.141093][ T2640] __getblk_gfp+0x1a4/0x460 [ 57.145837][ T2640] __bread_gfp+0xe/0x1d0 [ 57.150230][ T2640] read_super_block+0x84/0x700 [ 57.155241][ T2640] reiserfs_fill_super+0xa22/0x2070 [ 57.160590][ T2640] mount_bdev+0x225/0x320 [ 57.164893][ T2640] legacy_get_tree+0xe9/0x170 [ 57.169892][ T2640] vfs_get_tree+0x7e/0x180 [ 57.174281][ T2640] do_new_mount+0x1e5/0x8f0 [ 57.178982][ T2640] __se_sys_mount+0x242/0x2d0 [ 57.183745][ T2640] do_syscall_64+0x41/0x90 [ 57.188232][ T2640] page last free stack trace: [ 57.193097][ T2640] free_unref_page_prepare+0x817/0x940 [ 57.198792][ T2640] free_unref_page_list+0x54b/0x7e0 [ 57.204137][ T2640] release_pages+0x195e/0x1b00 [ 57.208974][ T2640] tlb_flush_mmu+0xe9/0x1d0 [ 57.213576][ T2640] tlb_finish_mmu+0xb6/0x1c0 [ 57.218509][ T2640] unmap_region+0x247/0x2a0 [ 57.223014][ T2640] do_vmi_align_munmap+0xd76/0x11b0 [ 57.228458][ T2640] do_vmi_munmap+0x1b1/0x210 [ 57.233145][ T2640] __vm_munmap+0x1ef/0x380 [ 57.237549][ T2640] __x64_sys_munmap+0x5b/0x70 [ 57.242374][ T2640] do_syscall_64+0x41/0x90 [ 57.247114][ T2640] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.253158][ T2640] [ 57.255463][ T2640] Memory state around the buggy address: [ 57.261240][ T2640] ffff88806d174f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.269360][ T2640] ffff88806d174f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.277833][ T2640] >ffff88806d175000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.287949][ T2640] ^ [ 57.292076][ T2640] ffff88806d175080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.300459][ T2640] ffff88806d175100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.308580][ T2640] ================================================================== [ 57.317105][ T2640] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.325363][ T2640] Kernel Offset: disabled [ 57.329931][ T2640] Rebooting in 86400 seconds..