Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts. 2024/07/10 11:23:42 ignoring optional flag "sandboxArg"="0" 2024/07/10 11:23:42 parsed 1 programs 2024/07/10 11:23:42 executed programs: 0 [ 67.559853][ T1495] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.477503][ T1914] loop0: detected capacity change from 0 to 8192 [ 73.485655][ T1914] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.498648][ T1914] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 73.508102][ T1914] REISERFS (device loop0): using ordered data mode [ 73.514864][ T1914] reiserfs: using flush barriers [ 73.520671][ T1914] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.537119][ T1914] REISERFS (device loop0): checking transaction log (loop0) [ 73.545468][ T1914] REISERFS (device loop0): Using r5 hash to sort names [ 73.552512][ T1914] ================================================================== [ 73.560582][ T1914] BUG: KASAN: use-after-free in strlen+0x54/0x60 [ 73.566913][ T1914] Read of size 1 at addr ffff88806e18a7a3 by task syz-executor.0/1914 [ 73.575204][ T1914] [ 73.577537][ T1914] CPU: 0 PID: 1914 Comm: syz-executor.0 Not tainted 6.1.97-syzkaller #0 [ 73.585863][ T1914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 73.595921][ T1914] Call Trace: [ 73.599194][ T1914] [ 73.602110][ T1914] dump_stack_lvl+0xf4/0x251 [ 73.606868][ T1914] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 73.612327][ T1914] ? panic+0x3fe/0x3fe [ 73.616382][ T1914] ? __virt_addr_valid+0x139/0x260 [ 73.621577][ T1914] ? __virt_addr_valid+0x211/0x260 [ 73.626703][ T1914] print_report+0x15f/0x4f0 [ 73.631258][ T1914] ? __virt_addr_valid+0x139/0x260 [ 73.636357][ T1914] ? __virt_addr_valid+0x211/0x260 [ 73.641473][ T1914] ? strlen+0x54/0x60 [ 73.645535][ T1914] kasan_report+0x136/0x160 [ 73.650038][ T1914] ? strlen+0x54/0x60 [ 73.654020][ T1914] strlen+0x54/0x60 [ 73.657813][ T1914] reiserfs_find_entry+0x8c4/0x1a30 [ 73.663113][ T1914] ? reiserfs_get_parent+0x270/0x270 [ 73.668401][ T1914] reiserfs_lookup+0x1ae/0x3d0 [ 73.673258][ T1914] ? reiserfs_find_entry+0x1a30/0x1a30 [ 73.678792][ T1914] ? lockdep_init_map_type+0x9d/0x700 [ 73.684161][ T1914] ? __init_waitqueue_head+0xaa/0x140 [ 73.689527][ T1914] __lookup_slow+0x1ff/0x2e0 [ 73.694109][ T1914] ? lookup_one_len+0x10e/0x230 [ 73.698953][ T1914] ? lookup_one_len+0x230/0x230 [ 73.703795][ T1914] ? d_lookup+0x16f/0x1d0 [ 73.708200][ T1914] ? inode_permission+0x151/0x320 [ 73.713234][ T1914] lookup_one_len+0x1f3/0x230 [ 73.717918][ T1914] ? lookup_one_common+0x330/0x330 [ 73.723045][ T1914] reiserfs_lookup_privroot+0x81/0x1d0 [ 73.728500][ T1914] reiserfs_fill_super+0x14e7/0x2070 [ 73.733869][ T1914] ? reiserfs_kill_sb+0x140/0x140 [ 73.738908][ T1914] ? __down_write_common+0x12a/0x1e0 [ 73.744191][ T1914] ? snprintf+0xcc/0x110 [ 73.748417][ T1914] ? __up_read+0x360/0x360 [ 73.752810][ T1914] mount_bdev+0x26b/0x340 [ 73.757122][ T1914] ? reiserfs_kill_sb+0x140/0x140 [ 73.762132][ T1914] legacy_get_tree+0xe5/0x170 [ 73.766993][ T1914] ? remove_save_link+0x4e0/0x4e0 [ 73.772098][ T1914] vfs_get_tree+0x7a/0x170 [ 73.776532][ T1914] do_new_mount+0x21a/0x910 [ 73.781035][ T1914] ? do_move_mount_old+0x120/0x120 [ 73.786306][ T1914] __se_sys_mount+0x23e/0x2d0 [ 73.790985][ T1914] ? __x64_sys_mount+0xc0/0xc0 [ 73.795821][ T1914] ? fpregs_assert_state_consistent+0x43/0x50 [ 73.801960][ T1914] do_syscall_64+0x3b/0x80 [ 73.806375][ T1914] ? clear_bhb_loop+0x45/0xa0 [ 73.811037][ T1914] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 73.817163][ T1914] RIP: 0033:0x7f44f067e22a [ 73.821566][ T1914] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 73.841182][ T1914] RSP: 002b:00007f44f1416ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 73.849578][ T1914] RAX: ffffffffffffffda RBX: 00007f44f1416f80 RCX: 00007f44f067e22a [ 73.857540][ T1914] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f44f1416f40 [ 73.865587][ T1914] RBP: 00000000200000c0 R08: 00007f44f1416f80 R09: 0000000000008001 [ 73.873561][ T1914] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 73.881514][ T1914] R13: 00007f44f1416f40 R14: 0000000000001122 R15: 0000000020000080 [ 73.889471][ T1914] [ 73.892488][ T1914] [ 73.894837][ T1914] The buggy address belongs to the physical page: [ 73.901244][ T1914] page:ffffea0001b86280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6e18a [ 73.911380][ T1914] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 73.918485][ T1914] raw: 00fff00000000000 ffffea0001b862c8 ffff8880bac3e5e0 0000000000000000 [ 73.927053][ T1914] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 73.935617][ T1914] page dumped because: kasan: bad access detected [ 73.942020][ T1914] page_owner tracks the page as freed [ 73.947387][ T1914] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1052, tgid 1052 (syz-execprog), ts 32449373576, free_ts 38913500212 [ 73.966040][ T1914] post_alloc_hook+0x286/0x2b0 [ 73.970793][ T1914] get_page_from_freelist+0x2fe5/0x3170 [ 73.976361][ T1914] __alloc_pages+0x251/0x640 [ 73.980934][ T1914] __folio_alloc+0xf/0x30 [ 73.985257][ T1914] vma_alloc_folio+0x484/0x9e0 [ 73.990003][ T1914] handle_mm_fault+0x232f/0x4260 [ 73.994923][ T1914] exc_page_fault+0x22a/0x5a0 [ 73.999609][ T1914] asm_exc_page_fault+0x22/0x30 [ 74.004471][ T1914] page last free stack trace: [ 74.009154][ T1914] free_unref_page_prepare+0xd4b/0xee0 [ 74.014777][ T1914] free_unref_page_list+0x54b/0x7e0 [ 74.020061][ T1914] release_pages+0x175c/0x1900 [ 74.024819][ T1914] tlb_flush_mmu+0xe5/0x1d0 [ 74.029336][ T1914] unmap_page_range+0x1408/0x1770 [ 74.034370][ T1914] unmap_vmas+0x42a/0x5a0 [ 74.038693][ T1914] exit_mmap+0x22d/0x730 [ 74.042928][ T1914] __mmput+0x9b/0x2d0 [ 74.046897][ T1914] exit_mm+0x122/0x1b0 [ 74.050980][ T1914] do_exit+0x81e/0x23a0 [ 74.055122][ T1914] do_group_exit+0x1b5/0x280 [ 74.059702][ T1914] __x64_sys_exit_group+0x3b/0x40 [ 74.064807][ T1914] do_syscall_64+0x3b/0x80 [ 74.069345][ T1914] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 74.075235][ T1914] [ 74.077547][ T1914] Memory state around the buggy address: [ 74.083168][ T1914] ffff88806e18a680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.091225][ T1914] ffff88806e18a700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.099274][ T1914] >ffff88806e18a780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.107416][ T1914] ^ [ 74.112527][ T1914] ffff88806e18a800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.120580][ T1914] ffff88806e18a880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.128640][ T1914] ================================================================== [ 74.136835][ T1914] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 74.144455][ T1914] Kernel Offset: disabled [ 74.148807][ T1914] Rebooting in 86400 seconds..