Warning: Permanently added '10.128.1.77' (ED25519) to the list of known hosts. 2024/08/06 12:36:11 ignoring optional flag "sandboxArg"="0" 2024/08/06 12:36:11 parsed 1 programs 2024/08/06 12:36:11 executed programs: 0 [ 50.619326][ T1928] loop0: detected capacity change from 0 to 8192 [ 50.627830][ T1928] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.637283][ T1928] REISERFS (device loop0): using ordered data mode [ 50.644029][ T1928] reiserfs: using flush barriers [ 50.649752][ T1928] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 50.666723][ T1928] REISERFS (device loop0): checking transaction log (loop0) [ 50.675000][ T1928] REISERFS (device loop0): Using r5 hash to sort names [ 50.682158][ T1928] ================================================================== [ 50.690193][ T1928] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x26f/0x3c0 [ 50.698591][ T1928] Read of size 250888 at addr ffff88806d535058 by task syz-executor.0/1928 [ 50.707226][ T1928] [ 50.709520][ T1928] CPU: 0 PID: 1928 Comm: syz-executor.0 Not tainted 5.15.164-syzkaller #0 [ 50.717977][ T1928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 50.728013][ T1928] Call Trace: [ 50.731265][ T1928] [ 50.734171][ T1928] dump_stack_lvl+0x41/0x5e [ 50.738649][ T1928] print_address_description.constprop.0.cold+0x6c/0x309 [ 50.745637][ T1928] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 50.751680][ T1928] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 50.757886][ T1928] kasan_report.cold+0x83/0xdf [ 50.762620][ T1928] ? reiserfs_get_unused_objectid+0x26f/0x3c0 [ 50.768655][ T1928] kasan_check_range+0x13d/0x180 [ 50.773561][ T1928] memmove+0x20/0x60 [ 50.777421][ T1928] reiserfs_get_unused_objectid+0x26f/0x3c0 [ 50.783281][ T1928] reiserfs_new_inode+0x422/0x1ee0 [ 50.788428][ T1928] ? lock_downgrade+0x4f0/0x4f0 [ 50.793338][ T1928] ? reiserfs_fh_to_parent+0x160/0x160 [ 50.798883][ T1928] ? __mutex_unlock_slowpath+0x158/0x450 [ 50.804578][ T1928] ? wait_for_completion+0x220/0x220 [ 50.809844][ T1928] ? wait_for_completion+0x220/0x220 [ 50.815266][ T1928] ? find_held_lock+0x2d/0x110 [ 50.820083][ T1928] ? do_journal_begin_r+0x77c/0xef0 [ 50.825337][ T1928] ? do_raw_spin_lock+0x120/0x2b0 [ 50.830332][ T1928] ? dquot_initialize_needed+0x230/0x230 [ 50.836018][ T1928] ? rwlock_bug.part.0+0x90/0x90 [ 50.841451][ T1928] ? lock_acquire+0x11a/0x250 [ 50.846180][ T1928] reiserfs_mkdir+0x40c/0x870 [ 50.850947][ T1928] ? reiserfs_mknod+0x670/0x670 [ 50.855769][ T1928] ? lock_acquire+0x11a/0x250 [ 50.860692][ T1928] ? try_lookup_one_len+0x130/0x130 [ 50.865898][ T1928] reiserfs_xattr_init+0x494/0xb10 [ 50.871063][ T1928] reiserfs_fill_super+0x1bbc/0x26d0 [ 50.876318][ T1928] ? reiserfs_remount+0x15c0/0x15c0 [ 50.881570][ T1928] ? pointer+0x700/0x700 [ 50.885781][ T1928] ? up_write+0x138/0x200 [ 50.890079][ T1928] ? sget+0x390/0x470 [ 50.894027][ T1928] mount_bdev+0x2c3/0x3a0 [ 50.898322][ T1928] ? reiserfs_remount+0x15c0/0x15c0 [ 50.903613][ T1928] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 50.908609][ T1928] legacy_get_tree+0xfa/0x1f0 [ 50.913338][ T1928] ? security_capable+0x4c/0x90 [ 50.918212][ T1928] vfs_get_tree+0x83/0x1b0 [ 50.922724][ T1928] path_mount+0x44f/0x1a60 [ 50.928024][ T1928] ? finish_automount+0x7d0/0x7d0 [ 50.933130][ T1928] ? kasan_set_free_info+0x20/0x30 [ 50.938700][ T1928] ? user_path_at_empty+0x40/0x50 [ 50.943707][ T1928] ? kmem_cache_free+0x7e/0x470 [ 50.948709][ T1928] __x64_sys_mount+0x1f5/0x260 [ 50.953625][ T1928] ? copy_mnt_ns+0xd20/0xd20 [ 50.958184][ T1928] ? vtime_user_exit+0xde/0x180 [ 50.963113][ T1928] do_syscall_64+0x33/0x80 [ 50.967678][ T1928] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 50.973555][ T1928] RIP: 0033:0x7f33c0d7005a [ 50.977940][ T1928] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.997690][ T1928] RSP: 002b:00007f33c08f0ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.006261][ T1928] RAX: ffffffffffffffda RBX: 00007f33c08f0f80 RCX: 00007f33c0d7005a [ 51.014475][ T1928] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f33c08f0f40 [ 51.022430][ T1928] RBP: 0000000020000080 R08: 00007f33c08f0f80 R09: 0000000000008008 [ 51.030407][ T1928] R10: 0000000000008008 R11: 0000000000000246 R12: 0000000020000040 [ 51.039131][ T1928] R13: 00007f33c08f0f40 R14: 0000000000001138 R15: 00000000200000c0 [ 51.047086][ T1928] [ 51.050169][ T1928] [ 51.052549][ T1928] The buggy address belongs to the page: [ 51.058263][ T1928] page:ffffea0001b54d40 refcount:3 mapcount:0 mapping:ffff8880088d8808 index:0x10 pfn:0x6d535 [ 51.068477][ T1928] memcg:ffff888075474000 [ 51.072680][ T1928] aops:def_blk_aops ino:700000 [ 51.077408][ T1928] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 51.086736][ T1928] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff8880088d8808 [ 51.095289][ T1928] raw: 0000000000000010 ffff888076f8dbc8 00000003ffffffff ffff888075474000 [ 51.103831][ T1928] page dumped because: kasan: bad access detected [ 51.110296][ T1928] page_owner tracks the page as allocated [ 51.116064][ T1928] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 1928, ts 50627393753, free_ts 50106251607 [ 51.133213][ T1928] get_page_from_freelist+0x12d1/0x2d40 [ 51.138912][ T1928] __alloc_pages+0x1b2/0x440 [ 51.143642][ T1928] pagecache_get_page+0x299/0xdd0 [ 51.148647][ T1928] __getblk_slow+0x1a6/0x7a0 [ 51.153208][ T1928] __bread_gfp+0x1e6/0x2f0 [ 51.157598][ T1928] read_super_block+0x7c/0x840 [ 51.162499][ T1928] reiserfs_fill_super+0xa41/0x26d0 [ 51.167664][ T1928] mount_bdev+0x2c3/0x3a0 [ 51.172053][ T1928] legacy_get_tree+0xfa/0x1f0 [ 51.176777][ T1928] vfs_get_tree+0x83/0x1b0 [ 51.181158][ T1928] path_mount+0x44f/0x1a60 [ 51.185643][ T1928] __x64_sys_mount+0x1f5/0x260 [ 51.190911][ T1928] do_syscall_64+0x33/0x80 [ 51.195301][ T1928] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.201162][ T1928] page last free stack trace: [ 51.205806][ T1928] free_pcp_prepare+0x379/0x850 [ 51.210625][ T1928] free_unref_page_list+0x16f/0xbd0 [ 51.215785][ T1928] release_pages+0xb3a/0x1480 [ 51.220448][ T1928] tlb_finish_mmu+0x127/0x790 [ 51.225175][ T1928] exit_mmap+0x1b7/0x530 [ 51.229599][ T1928] mmput+0xd6/0x400 [ 51.233397][ T1928] do_exit+0x884/0x2200 [ 51.237525][ T1928] do_group_exit+0xe7/0x290 [ 51.242005][ T1928] __x64_sys_exit_group+0x35/0x40 [ 51.247007][ T1928] do_syscall_64+0x33/0x80 [ 51.251587][ T1928] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.257538][ T1928] [ 51.259856][ T1928] Memory state around the buggy address: [ 51.265456][ T1928] ffff88806d536f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.273491][ T1928] ffff88806d536f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.281522][ T1928] >ffff88806d537000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.289639][ T1928] ^ [ 51.293675][ T1928] ffff88806d537080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.301792][ T1928] ffff88806d537100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.309822][ T1928] ================================================================== [ 51.317906][ T1928] Disabling lock debugging due to kernel taint [ 51.324190][ T1928] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.331744][ T1928] Kernel Offset: disabled [ 51.336147][ T1928] Rebooting in 86400 seconds..