Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. 2023/10/16 11:19:35 ignoring optional flag "sandboxArg"="0" 2023/10/16 11:19:35 parsed 1 programs 2023/10/16 11:19:36 executed programs: 0 [ 49.840594][ T2657] loop0: detected capacity change from 0 to 8192 [ 49.848269][ T2657] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 49.861240][ T2657] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 49.870470][ T2657] REISERFS (device loop0): using ordered data mode [ 49.877004][ T2657] reiserfs: using flush barriers [ 49.882634][ T2657] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 49.899548][ T2657] REISERFS (device loop0): checking transaction log (loop0) [ 49.907739][ T2657] REISERFS (device loop0): Using r5 hash to sort names [ 49.914837][ T2657] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 49.925400][ T2657] ================================================================== [ 49.933487][ T2657] BUG: KASAN: out-of-bounds in reiserfs_release_objectid+0x46f/0x850 [ 49.941533][ T2657] Read of size 14568 at addr ffff88807046a0d0 by task syz-executor.0/2657 [ 49.950013][ T2657] [ 49.952315][ T2657] CPU: 0 PID: 2657 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller #0 [ 49.960870][ T2657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 49.970985][ T2657] Call Trace: [ 49.974245][ T2657] [ 49.977158][ T2657] dump_stack_lvl+0xf8/0x260 [ 49.981742][ T2657] ? nf_tcp_handle_invalid+0x300/0x300 [ 49.987177][ T2657] ? panic+0x410/0x410 [ 49.991218][ T2657] ? _printk+0xce/0x110 [ 49.995359][ T2657] print_report+0x163/0x540 [ 50.000093][ T2657] ? reiserfs_release_objectid+0x46f/0x850 [ 50.005912][ T2657] kasan_report+0x175/0x1b0 [ 50.010471][ T2657] ? reiserfs_release_objectid+0x46f/0x850 [ 50.016259][ T2657] kasan_check_range+0x27e/0x290 [ 50.021185][ T2657] ? reiserfs_release_objectid+0x46f/0x850 [ 50.026975][ T2657] __asan_memmove+0x29/0x70 [ 50.031471][ T2657] reiserfs_release_objectid+0x46f/0x850 [ 50.037079][ T2657] remove_save_link+0x2e3/0x4f0 [ 50.041903][ T2657] ? add_save_link+0x750/0x750 [ 50.046646][ T2657] reiserfs_evict_inode+0x2ad/0x3a0 [ 50.051816][ T2657] ? entry_points_to_object+0x760/0x760 [ 50.057341][ T2657] ? do_raw_spin_unlock+0x13b/0x8b0 [ 50.062524][ T2657] ? do_raw_spin_unlock+0x13b/0x8b0 [ 50.067703][ T2657] evict+0x263/0x630 [ 50.071610][ T2657] __dentry_kill+0x380/0x5d0 [ 50.076193][ T2657] dentry_kill+0xbb/0x1e0 [ 50.080519][ T2657] ? dput+0x3c/0x2b0 [ 50.084392][ T2657] dput+0x13c/0x2b0 [ 50.088182][ T2657] do_renameat2+0xb8f/0x1300 [ 50.092743][ T2657] ? fsnotify_move+0x410/0x410 [ 50.097489][ T2657] ? __check_object_size+0x371/0x6a0 [ 50.102760][ T2657] ? strncpy_from_user+0x69/0x1b0 [ 50.107753][ T2657] ? getname_flags+0xe2/0x430 [ 50.112401][ T2657] __x64_sys_rename+0x81/0x90 [ 50.117059][ T2657] do_syscall_64+0x41/0x90 [ 50.121445][ T2657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.127401][ T2657] RIP: 0033:0x7f583bc7c859 [ 50.131787][ T2657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.151362][ T2657] RSP: 002b:00007f583cab50c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 50.160095][ T2657] RAX: ffffffffffffffda RBX: 00007f583bd9bf80 RCX: 00007f583bc7c859 [ 50.168054][ T2657] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000140 [ 50.176090][ T2657] RBP: 00007f583bcd8ad0 R08: 0000000000000000 R09: 0000000000000000 [ 50.184043][ T2657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.192082][ T2657] R13: 0000000000000006 R14: 00007f583bd9bf80 R15: 00007fff46a4c198 [ 50.200025][ T2657] [ 50.203041][ T2657] [ 50.205352][ T2657] The buggy address belongs to the physical page: [ 50.211754][ T2657] page:ffffea0001c11a80 refcount:2 mapcount:0 mapping:ffff888148c813f0 index:0x10 pfn:0x7046a [ 50.221960][ T2657] memcg:ffff888076af4000 [ 50.226175][ T2657] aops:def_blk_aops ino:700000 [ 50.230909][ T2657] flags: 0xfff0000002812c(referenced|uptodate|lru|active|private|mappedtodisk|node=0|zone=1|lastcpupid=0x7ff) [ 50.242498][ T2657] page_type: 0xffffffff() [ 50.246804][ T2657] raw: 00fff0000002812c ffffea0001b3d688 ffffea0001bde908 ffff888148c813f0 [ 50.255378][ T2657] raw: 0000000000000010 ffff8880712ac570 00000002ffffffff ffff888076af4000 [ 50.263959][ T2657] page dumped because: kasan: bad access detected [ 50.270428][ T2657] page_owner tracks the page as allocated [ 50.276117][ T2657] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 2657, tgid 2656 (syz-executor.0), ts 49848176621, free_ts 49748208672 [ 50.296746][ T2657] post_alloc_hook+0x26e/0x290 [ 50.301482][ T2657] get_page_from_freelist+0x3201/0x33a0 [ 50.307003][ T2657] __alloc_pages+0x255/0x650 [ 50.311585][ T2657] folio_alloc+0x13/0x30 [ 50.315799][ T2657] filemap_alloc_folio+0xc6/0x3a0 [ 50.320790][ T2657] __filemap_get_folio+0x28f/0x680 [ 50.325867][ T2657] __getblk_gfp+0x1a4/0x460 [ 50.330339][ T2657] __bread_gfp+0xe/0x1d0 [ 50.334550][ T2657] read_super_block+0x84/0x700 [ 50.339280][ T2657] reiserfs_fill_super+0xa22/0x2070 [ 50.344443][ T2657] mount_bdev+0x1d6/0x290 [ 50.348738][ T2657] legacy_get_tree+0xe9/0x170 [ 50.353471][ T2657] vfs_get_tree+0x7e/0x190 [ 50.357858][ T2657] do_new_mount+0x1e5/0x8f0 [ 50.362340][ T2657] __se_sys_mount+0x242/0x2d0 [ 50.366984][ T2657] do_syscall_64+0x41/0x90 [ 50.371383][ T2657] page last free stack trace: [ 50.376040][ T2657] free_unref_page_prepare+0x7cd/0x8f0 [ 50.381469][ T2657] free_unref_page_list+0x54b/0x7e0 [ 50.386636][ T2657] release_pages+0x194a/0x1af0 [ 50.391367][ T2657] tlb_flush_mmu+0x273/0x3d0 [ 50.395925][ T2657] tlb_finish_mmu+0xb6/0x1c0 [ 50.400481][ T2657] exit_mmap+0x43e/0x990 [ 50.404693][ T2657] __mmput+0x9b/0x2d0 [ 50.408659][ T2657] exit_mm+0x113/0x1b0 [ 50.412703][ T2657] do_exit+0x7cf/0x2350 [ 50.416826][ T2657] do_group_exit+0x1b9/0x280 [ 50.421399][ T2657] __x64_sys_exit_group+0x3f/0x40 [ 50.426396][ T2657] do_syscall_64+0x41/0x90 [ 50.430783][ T2657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.436649][ T2657] [ 50.438948][ T2657] Memory state around the buggy address: [ 50.444548][ T2657] ffff88807046d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.452586][ T2657] ffff88807046d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.460620][ T2657] >ffff88807046d980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.468648][ T2657] ^ [ 50.474614][ T2657] ffff88807046da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.482652][ T2657] ffff88807046da80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.490703][ T2657] ================================================================== [ 50.499109][ T2657] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 50.506487][ T2657] Kernel Offset: disabled [ 50.510879][ T2657] Rebooting in 86400 seconds..