Warning: Permanently added '10.128.10.4' (ED25519) to the list of known hosts. 2024/03/12 14:45:16 ignoring optional flag "sandboxArg"="0" 2024/03/12 14:45:17 parsed 1 programs 2024/03/12 14:45:17 executed programs: 0 [ 46.737556][ T2011] loop0: detected capacity change from 0 to 8192 [ 46.745128][ T2011] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.757520][ T2011] REISERFS (device loop0): using ordered data mode [ 46.764153][ T2011] reiserfs: using flush barriers [ 46.769743][ T2011] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.786786][ T2011] REISERFS (device loop0): checking transaction log (loop0) [ 46.794703][ T2011] REISERFS (device loop0): Using r5 hash to sort names [ 46.801912][ T2011] ================================================================== [ 46.810222][ T2011] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.818880][ T2011] Read of size 250888 at addr ffff88806ab8d058 by task syz-executor.0/2011 [ 46.827449][ T2011] [ 46.829756][ T2011] CPU: 1 PID: 2011 Comm: syz-executor.0 Not tainted 5.15.151-syzkaller #0 [ 46.838220][ T2011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 46.848245][ T2011] Call Trace: [ 46.851501][ T2011] [ 46.854404][ T2011] dump_stack_lvl+0x41/0x5e [ 46.858875][ T2011] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.865863][ T2011] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.871902][ T2011] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.877941][ T2011] kasan_report.cold+0x83/0xdf [ 46.882785][ T2011] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.888846][ T2011] kasan_check_range+0x13d/0x180 [ 46.893843][ T2011] memmove+0x20/0x60 [ 46.898075][ T2011] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 46.904029][ T2011] reiserfs_new_inode+0x422/0x1ee0 [ 46.909206][ T2011] ? lock_downgrade+0x4f0/0x4f0 [ 46.914029][ T2011] ? reiserfs_fh_to_parent+0x160/0x160 [ 46.919742][ T2011] ? __mutex_unlock_slowpath+0x158/0x450 [ 46.925385][ T2011] ? wait_for_completion+0x220/0x220 [ 46.930726][ T2011] ? wait_for_completion+0x220/0x220 [ 46.936327][ T2011] ? find_held_lock+0x2d/0x110 [ 46.941071][ T2011] ? do_journal_begin_r+0x77c/0xef0 [ 46.946264][ T2011] ? do_raw_spin_lock+0x120/0x2b0 [ 46.951437][ T2011] ? dquot_initialize_needed+0x230/0x230 [ 46.957143][ T2011] ? rwlock_bug.part.0+0x90/0x90 [ 46.962227][ T2011] ? lock_acquire+0x11a/0x250 [ 46.966964][ T2011] reiserfs_mkdir+0x40c/0x870 [ 46.971695][ T2011] ? reiserfs_mknod+0x670/0x670 [ 46.976611][ T2011] ? down_write+0xcd/0x140 [ 46.981169][ T2011] ? down_write_killable+0x160/0x160 [ 46.986568][ T2011] ? down_write_killable+0x160/0x160 [ 46.991840][ T2011] reiserfs_xattr_init+0x494/0xb10 [ 46.997128][ T2011] reiserfs_fill_super+0x1bbc/0x26d0 [ 47.002909][ T2011] ? reiserfs_remount+0x15c0/0x15c0 [ 47.008171][ T2011] ? pointer+0x700/0x700 [ 47.012653][ T2011] ? up_write+0x131/0x1e0 [ 47.017058][ T2011] ? sget+0x390/0x470 [ 47.021374][ T2011] mount_bdev+0x2c3/0x3a0 [ 47.025675][ T2011] ? reiserfs_remount+0x15c0/0x15c0 [ 47.030862][ T2011] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 47.035857][ T2011] legacy_get_tree+0xfa/0x1f0 [ 47.040768][ T2011] ? security_capable+0x4c/0x90 [ 47.045608][ T2011] vfs_get_tree+0x83/0x1b0 [ 47.050179][ T2011] path_mount+0x44f/0x1a60 [ 47.054679][ T2011] ? finish_automount+0x7d0/0x7d0 [ 47.059672][ T2011] ? kasan_set_free_info+0x20/0x30 [ 47.064851][ T2011] ? user_path_at_empty+0x40/0x50 [ 47.069957][ T2011] ? kmem_cache_free+0x7e/0x470 [ 47.074881][ T2011] __x64_sys_mount+0x1f5/0x260 [ 47.080142][ T2011] ? copy_mnt_ns+0xd20/0xd20 [ 47.084705][ T2011] ? vtime_user_exit+0xde/0x180 [ 47.089557][ T2011] do_syscall_64+0x35/0x80 [ 47.093947][ T2011] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.099832][ T2011] RIP: 0033:0x7f3efa7a305a [ 47.104406][ T2011] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.124101][ T2011] RSP: 002b:00007f3efa323ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.132487][ T2011] RAX: ffffffffffffffda RBX: 00007f3efa323f80 RCX: 00007f3efa7a305a [ 47.140732][ T2011] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f3efa323f40 [ 47.148783][ T2011] RBP: 0000000020000080 R08: 00007f3efa323f80 R09: 0000000000008008 [ 47.157059][ T2011] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 47.165381][ T2011] R13: 00007f3efa323f40 R14: 0000000000001138 R15: 00000000200000c0 [ 47.173437][ T2011] [ 47.176714][ T2011] [ 47.179359][ T2011] The buggy address belongs to the page: [ 47.185076][ T2011] page:ffffea0001aae340 refcount:3 mapcount:0 mapping:ffff888140878808 index:0x10 pfn:0x6ab8d [ 47.195279][ T2011] memcg:ffff8880729c4000 [ 47.199661][ T2011] aops:def_blk_aops ino:700000 [ 47.204434][ T2011] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 47.213946][ T2011] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888140878808 [ 47.222911][ T2011] raw: 0000000000000010 ffff888071ccb9f8 00000003ffffffff ffff8880729c4000 [ 47.231459][ T2011] page dumped because: kasan: bad access detected [ 47.237877][ T2011] page_owner tracks the page as allocated [ 47.243771][ T2011] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2011, ts 46745053757, free_ts 46737331286 [ 47.261103][ T2011] get_page_from_freelist+0x12d1/0x2d40 [ 47.266982][ T2011] __alloc_pages+0x1b2/0x440 [ 47.271745][ T2011] pagecache_get_page+0x299/0xdd0 [ 47.277010][ T2011] __getblk_slow+0x1a6/0x7a0 [ 47.281686][ T2011] __bread_gfp+0x1e6/0x2f0 [ 47.286348][ T2011] read_super_block+0x7c/0x840 [ 47.291087][ T2011] reiserfs_fill_super+0xa41/0x26d0 [ 47.296390][ T2011] mount_bdev+0x2c3/0x3a0 [ 47.301181][ T2011] legacy_get_tree+0xfa/0x1f0 [ 47.306044][ T2011] vfs_get_tree+0x83/0x1b0 [ 47.310523][ T2011] path_mount+0x44f/0x1a60 [ 47.314915][ T2011] __x64_sys_mount+0x1f5/0x260 [ 47.319774][ T2011] do_syscall_64+0x35/0x80 [ 47.324440][ T2011] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.330497][ T2011] page last free stack trace: [ 47.335142][ T2011] free_pcp_prepare+0x379/0x850 [ 47.340097][ T2011] free_unref_page_list+0x16f/0xbd0 [ 47.345264][ T2011] release_pages+0xb3a/0x1480 [ 47.350348][ T2011] tlb_finish_mmu+0x127/0x790 [ 47.355002][ T2011] unmap_region+0x298/0x390 [ 47.359576][ T2011] __do_munmap+0x481/0x10c0 [ 47.364343][ T2011] __vm_munmap+0xd2/0x1a0 [ 47.368703][ T2011] __x64_sys_munmap+0x5d/0x80 [ 47.373437][ T2011] do_syscall_64+0x35/0x80 [ 47.377822][ T2011] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.383688][ T2011] [ 47.386161][ T2011] Memory state around the buggy address: [ 47.391847][ T2011] ffff88806ab99f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.400139][ T2011] ffff88806ab99f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.408351][ T2011] >ffff88806ab9a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.416738][ T2011] ^ [ 47.421474][ T2011] ffff88806ab9a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.429650][ T2011] ffff88806ab9a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.437860][ T2011] ================================================================== [ 47.445980][ T2011] Disabling lock debugging due to kernel taint [ 47.453860][ T2011] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.461626][ T2011] Kernel Offset: disabled [ 47.467645][ T2011] Rebooting in 86400 seconds..