Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. 2023/09/29 04:06:55 ignoring optional flag "sandboxArg"="0" 2023/09/29 04:06:55 parsed 1 programs 2023/09/29 04:06:55 executed programs: 0 [ 47.015233][ T2016] loop0: detected capacity change from 0 to 8192 [ 47.023344][ T2016] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.032590][ T2016] REISERFS (device loop0): using ordered data mode [ 47.039163][ T2016] reiserfs: using flush barriers [ 47.045054][ T2016] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.061675][ T2016] REISERFS (device loop0): checking transaction log (loop0) [ 47.069838][ T2016] REISERFS (device loop0): Using r5 hash to sort names [ 47.076911][ T2016] ================================================================== [ 47.085067][ T2016] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.094173][ T2016] Read of size 250888 at addr ffff88806a97e058 by task syz-executor.0/2016 [ 47.102729][ T2016] [ 47.105030][ T2016] CPU: 0 PID: 2016 Comm: syz-executor.0 Not tainted 5.15.133-syzkaller #0 [ 47.113506][ T2016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 47.123844][ T2016] Call Trace: [ 47.127212][ T2016] [ 47.130131][ T2016] dump_stack_lvl+0x41/0x5e [ 47.134709][ T2016] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.141797][ T2016] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.147972][ T2016] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.154121][ T2016] kasan_report.cold+0x83/0xdf [ 47.158862][ T2016] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.164906][ T2016] kasan_check_range+0x13d/0x180 [ 47.169821][ T2016] memmove+0x20/0x60 [ 47.173778][ T2016] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.179730][ T2016] reiserfs_new_inode+0x422/0x1ee0 [ 47.184821][ T2016] ? lock_downgrade+0x520/0x520 [ 47.189656][ T2016] ? reiserfs_fh_to_parent+0x160/0x160 [ 47.195094][ T2016] ? __mutex_unlock_slowpath+0x158/0x450 [ 47.200796][ T2016] ? wait_for_completion+0x220/0x220 [ 47.206057][ T2016] ? wait_for_completion+0x220/0x220 [ 47.211415][ T2016] ? find_held_lock+0x2d/0x110 [ 47.216246][ T2016] ? do_journal_begin_r+0x77c/0xef0 [ 47.221429][ T2016] ? do_raw_spin_lock+0x120/0x2b0 [ 47.226434][ T2016] ? dquot_initialize_needed+0x230/0x230 [ 47.232152][ T2016] ? rwlock_bug.part.0+0x90/0x90 [ 47.237063][ T2016] ? lock_acquire+0x132/0x270 [ 47.241711][ T2016] reiserfs_mkdir+0x40c/0x870 [ 47.246361][ T2016] ? reiserfs_mknod+0x670/0x670 [ 47.251186][ T2016] ? down_write+0xcd/0x140 [ 47.255584][ T2016] ? down_write_killable+0x160/0x160 [ 47.260853][ T2016] ? down_write_killable+0x160/0x160 [ 47.266123][ T2016] reiserfs_xattr_init+0x494/0xb10 [ 47.271226][ T2016] reiserfs_fill_super+0x1bbc/0x26d0 [ 47.276662][ T2016] ? reiserfs_remount+0x15c0/0x15c0 [ 47.281834][ T2016] ? pointer+0x700/0x700 [ 47.286050][ T2016] ? up_write+0x131/0x1e0 [ 47.290356][ T2016] ? sget+0x390/0x470 [ 47.294312][ T2016] mount_bdev+0x2c3/0x3a0 [ 47.298645][ T2016] ? reiserfs_remount+0x15c0/0x15c0 [ 47.303905][ T2016] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 47.308915][ T2016] legacy_get_tree+0xfa/0x1f0 [ 47.313569][ T2016] ? security_capable+0x4c/0x90 [ 47.318393][ T2016] vfs_get_tree+0x83/0x1b0 [ 47.322792][ T2016] path_mount+0x41e/0x19f0 [ 47.327198][ T2016] ? finish_automount+0x7d0/0x7d0 [ 47.332358][ T2016] ? user_path_at_empty+0x40/0x50 [ 47.337363][ T2016] ? kmem_cache_free+0x7e/0x470 [ 47.342198][ T2016] ? rcu_is_watching+0x11/0xa0 [ 47.346962][ T2016] __x64_sys_mount+0x1f5/0x260 [ 47.351705][ T2016] ? copy_mnt_ns+0xd20/0xd20 [ 47.356356][ T2016] do_syscall_64+0x35/0x80 [ 47.360750][ T2016] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.366730][ T2016] RIP: 0033:0x7fc1d9cae05a [ 47.371137][ T2016] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.392168][ T2016] RSP: 002b:00007fc1d982eee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.400964][ T2016] RAX: ffffffffffffffda RBX: 00007fc1d982ef80 RCX: 00007fc1d9cae05a [ 47.408919][ T2016] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007fc1d982ef40 [ 47.417251][ T2016] RBP: 0000000020000080 R08: 00007fc1d982ef80 R09: 0000000000008008 [ 47.425381][ T2016] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 47.433531][ T2016] R13: 00007fc1d982ef40 R14: 0000000000001138 R15: 00000000200000c0 [ 47.441711][ T2016] [ 47.445091][ T2016] [ 47.447409][ T2016] The buggy address belongs to the page: [ 47.454051][ T2016] page:ffffea0001aa5f80 refcount:3 mapcount:0 mapping:ffff888145340808 index:0x10 pfn:0x6a97e [ 47.464785][ T2016] memcg:ffff88807548c000 [ 47.469099][ T2016] aops:def_blk_aops ino:700000 [ 47.473860][ T2016] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 47.483500][ T2016] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888145340808 [ 47.492146][ T2016] raw: 0000000000000010 ffff88806f24bae0 00000003ffffffff ffff88807548c000 [ 47.500905][ T2016] page dumped because: kasan: bad access detected [ 47.507402][ T2016] page_owner tracks the page as allocated [ 47.513622][ T2016] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2016, ts 47023095496, free_ts 5982896477 [ 47.530812][ T2016] get_page_from_freelist+0x1334/0x2dc0 [ 47.536753][ T2016] __alloc_pages+0x1b2/0x440 [ 47.541820][ T2016] pagecache_get_page+0x299/0xdd0 [ 47.547177][ T2016] __getblk_slow+0x1a6/0x7a0 [ 47.551858][ T2016] __bread_gfp+0x1e6/0x2f0 [ 47.556343][ T2016] read_super_block+0x7c/0x840 [ 47.561117][ T2016] reiserfs_fill_super+0xa41/0x26d0 [ 47.566318][ T2016] mount_bdev+0x2c3/0x3a0 [ 47.570644][ T2016] legacy_get_tree+0xfa/0x1f0 [ 47.575297][ T2016] vfs_get_tree+0x83/0x1b0 [ 47.579948][ T2016] path_mount+0x41e/0x19f0 [ 47.584529][ T2016] __x64_sys_mount+0x1f5/0x260 [ 47.589369][ T2016] do_syscall_64+0x35/0x80 [ 47.593761][ T2016] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.599812][ T2016] page last free stack trace: [ 47.604542][ T2016] free_pcp_prepare+0x379/0x850 [ 47.609366][ T2016] free_unref_page+0x19/0x510 [ 47.614015][ T2016] free_contig_range+0x8b/0xb0 [ 47.618756][ T2016] destroy_args+0x7e/0x503 [ 47.623284][ T2016] debug_vm_pgtable+0x170d/0x178f [ 47.628292][ T2016] do_one_initcall+0xb4/0x320 [ 47.632947][ T2016] kernel_init_freeable+0x51b/0x57d [ 47.638293][ T2016] kernel_init+0x14/0x120 [ 47.642681][ T2016] ret_from_fork+0x1f/0x30 [ 47.647080][ T2016] [ 47.649465][ T2016] Memory state around the buggy address: [ 47.655075][ T2016] ffff88806a981f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.663304][ T2016] ffff88806a981f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.671695][ T2016] >ffff88806a982000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.679815][ T2016] ^ [ 47.683857][ T2016] ffff88806a982080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.691979][ T2016] ffff88806a982100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.700013][ T2016] ================================================================== [ 47.708147][ T2016] Disabling lock debugging due to kernel taint [ 47.714934][ T2016] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.722374][ T2016] Kernel Offset: disabled [ 47.726950][ T2016] Rebooting in 86400 seconds..