Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts. 2023/10/31 01:41:13 ignoring optional flag "sandboxArg"="0" 2023/10/31 01:41:13 parsed 1 programs 2023/10/31 01:41:13 executed programs: 0 [ 46.938393][ T2013] loop0: detected capacity change from 0 to 8192 [ 46.947684][ T2013] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.957596][ T2013] REISERFS (device loop0): using ordered data mode [ 46.965109][ T2013] reiserfs: using flush barriers [ 46.971028][ T2013] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.988872][ T2013] REISERFS (device loop0): checking transaction log (loop0) [ 46.997121][ T2013] REISERFS (device loop0): Using r5 hash to sort names [ 47.004417][ T2013] ================================================================== [ 47.012560][ T2013] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.021458][ T2013] Read of size 250888 at addr ffff88806b411058 by task syz-executor.0/2013 [ 47.030167][ T2013] [ 47.032475][ T2013] CPU: 0 PID: 2013 Comm: syz-executor.0 Not tainted 5.15.137-syzkaller #0 [ 47.041123][ T2013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 47.051452][ T2013] Call Trace: [ 47.054805][ T2013] [ 47.057848][ T2013] dump_stack_lvl+0x41/0x5e [ 47.062446][ T2013] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.069949][ T2013] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.076088][ T2013] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.082404][ T2013] kasan_report.cold+0x83/0xdf [ 47.087539][ T2013] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.093664][ T2013] kasan_check_range+0x13d/0x180 [ 47.098758][ T2013] memmove+0x20/0x60 [ 47.102732][ T2013] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 47.108632][ T2013] reiserfs_new_inode+0x422/0x1ee0 [ 47.113745][ T2013] ? lock_downgrade+0x4f0/0x4f0 [ 47.118598][ T2013] ? reiserfs_fh_to_parent+0x160/0x160 [ 47.124725][ T2013] ? __mutex_unlock_slowpath+0x158/0x450 [ 47.130563][ T2013] ? wait_for_completion+0x220/0x220 [ 47.136008][ T2013] ? wait_for_completion+0x220/0x220 [ 47.141839][ T2013] ? find_held_lock+0x2d/0x110 [ 47.146948][ T2013] ? do_journal_begin_r+0x77c/0xef0 [ 47.152321][ T2013] ? do_raw_spin_lock+0x120/0x2b0 [ 47.157502][ T2013] ? dquot_initialize_needed+0x230/0x230 [ 47.163477][ T2013] ? rwlock_bug.part.0+0x90/0x90 [ 47.168615][ T2013] ? lock_acquire+0x11a/0x250 [ 47.173313][ T2013] reiserfs_mkdir+0x40c/0x870 [ 47.178086][ T2013] ? reiserfs_mknod+0x670/0x670 [ 47.182950][ T2013] ? down_write+0xcd/0x140 [ 47.187602][ T2013] ? down_write_killable+0x160/0x160 [ 47.192876][ T2013] ? down_write_killable+0x160/0x160 [ 47.198228][ T2013] reiserfs_xattr_init+0x494/0xb10 [ 47.203656][ T2013] reiserfs_fill_super+0x1bbc/0x26d0 [ 47.208945][ T2013] ? reiserfs_remount+0x15c0/0x15c0 [ 47.214129][ T2013] ? pointer+0x700/0x700 [ 47.218347][ T2013] ? up_write+0x131/0x1e0 [ 47.222773][ T2013] ? sget+0x390/0x470 [ 47.226768][ T2013] mount_bdev+0x2c3/0x3a0 [ 47.231087][ T2013] ? reiserfs_remount+0x15c0/0x15c0 [ 47.236547][ T2013] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 47.242774][ T2013] legacy_get_tree+0xfa/0x1f0 [ 47.250714][ T2013] ? security_capable+0x4c/0x90 [ 47.256718][ T2013] vfs_get_tree+0x83/0x1b0 [ 47.261722][ T2013] path_mount+0x41e/0x19f0 [ 47.266370][ T2013] ? finish_automount+0x7d0/0x7d0 [ 47.271505][ T2013] ? kasan_set_free_info+0x20/0x30 [ 47.276818][ T2013] ? user_path_at_empty+0x40/0x50 [ 47.282130][ T2013] ? kmem_cache_free+0x7e/0x470 [ 47.287143][ T2013] __x64_sys_mount+0x1f5/0x260 [ 47.292082][ T2013] ? copy_mnt_ns+0xd20/0xd20 [ 47.296835][ T2013] ? vtime_user_exit+0xde/0x180 [ 47.301881][ T2013] do_syscall_64+0x35/0x80 [ 47.306275][ T2013] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.312159][ T2013] RIP: 0033:0x7f1beaebc05a [ 47.317621][ T2013] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.337597][ T2013] RSP: 002b:00007f1beaa3cee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 47.346514][ T2013] RAX: ffffffffffffffda RBX: 00007f1beaa3cf80 RCX: 00007f1beaebc05a [ 47.354480][ T2013] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f1beaa3cf40 [ 47.364276][ T2013] RBP: 0000000020000080 R08: 00007f1beaa3cf80 R09: 0000000000008008 [ 47.372577][ T2013] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 47.380610][ T2013] R13: 00007f1beaa3cf40 R14: 0000000000001138 R15: 00000000200000c0 [ 47.388687][ T2013] [ 47.391845][ T2013] [ 47.394262][ T2013] The buggy address belongs to the page: [ 47.399907][ T2013] page:ffffea0001ad0440 refcount:3 mapcount:0 mapping:ffff888008880808 index:0x10 pfn:0x6b411 [ 47.410883][ T2013] memcg:ffff8880760a8000 [ 47.415337][ T2013] aops:def_blk_aops ino:700000 [ 47.420203][ T2013] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 47.429966][ T2013] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888008880808 [ 47.438793][ T2013] raw: 0000000000000010 ffff8880725073a0 00000003ffffffff ffff8880760a8000 [ 47.447696][ T2013] page dumped because: kasan: bad access detected [ 47.454111][ T2013] page_owner tracks the page as allocated [ 47.459990][ T2013] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2013, ts 46947575651, free_ts 45741270889 [ 47.477820][ T2013] get_page_from_freelist+0x12d1/0x2d40 [ 47.483529][ T2013] __alloc_pages+0x1b2/0x440 [ 47.488312][ T2013] pagecache_get_page+0x299/0xdd0 [ 47.493329][ T2013] __getblk_slow+0x1a6/0x7a0 [ 47.497987][ T2013] __bread_gfp+0x1e6/0x2f0 [ 47.502813][ T2013] read_super_block+0x7c/0x840 [ 47.507692][ T2013] reiserfs_fill_super+0xa41/0x26d0 [ 47.513202][ T2013] mount_bdev+0x2c3/0x3a0 [ 47.517520][ T2013] legacy_get_tree+0xfa/0x1f0 [ 47.522543][ T2013] vfs_get_tree+0x83/0x1b0 [ 47.527373][ T2013] path_mount+0x41e/0x19f0 [ 47.531772][ T2013] __x64_sys_mount+0x1f5/0x260 [ 47.536603][ T2013] do_syscall_64+0x35/0x80 [ 47.541080][ T2013] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.546953][ T2013] page last free stack trace: [ 47.551688][ T2013] free_pcp_prepare+0x379/0x850 [ 47.556510][ T2013] free_unref_page_list+0x16f/0xbd0 [ 47.561782][ T2013] release_pages+0xb3a/0x1480 [ 47.566523][ T2013] tlb_finish_mmu+0x127/0x790 [ 47.571349][ T2013] exit_mmap+0x1b7/0x530 [ 47.575567][ T2013] mmput+0xd6/0x400 [ 47.579352][ T2013] do_exit+0x884/0x2200 [ 47.583562][ T2013] do_group_exit+0xe7/0x290 [ 47.588236][ T2013] __x64_sys_exit_group+0x35/0x40 [ 47.593236][ T2013] do_syscall_64+0x35/0x80 [ 47.597807][ T2013] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.603801][ T2013] [ 47.606117][ T2013] Memory state around the buggy address: [ 47.611740][ T2013] ffff88806b419f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.619780][ T2013] ffff88806b419f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.627916][ T2013] >ffff88806b41a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.636040][ T2013] ^ [ 47.640086][ T2013] ffff88806b41a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.648295][ T2013] ffff88806b41a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.656473][ T2013] ================================================================== [ 47.664683][ T2013] Disabling lock debugging due to kernel taint [ 47.671448][ T2013] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.679070][ T2013] Kernel Offset: disabled [ 47.683466][ T2013] Rebooting in 86400 seconds..