Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. 2025/01/18 20:22:07 ignoring optional flag "sandboxArg"="0" 2025/01/18 20:22:07 ignoring optional flag "type"="gce" 2025/01/18 20:22:07 parsed 1 programs 2025/01/18 20:22:07 executed programs: 0 [ 59.426419][ T1497] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.423537][ T1915] loop0: detected capacity change from 0 to 8192 [ 65.431745][ T1915] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.444849][ T1915] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 65.454136][ T1915] REISERFS (device loop0): using ordered data mode [ 65.460791][ T1915] reiserfs: using flush barriers [ 65.466742][ T1915] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 65.483519][ T1915] REISERFS (device loop0): checking transaction log (loop0) [ 65.492385][ T1915] REISERFS (device loop0): Using r5 hash to sort names [ 65.499776][ T1915] ================================================================== [ 65.508112][ T1915] BUG: KASAN: use-after-free in strlen+0x54/0x60 [ 65.514452][ T1915] Read of size 1 at addr ffff88806d7077a3 by task syz-executor.0/1915 [ 65.522654][ T1915] [ 65.525094][ T1915] CPU: 1 PID: 1915 Comm: syz-executor.0 Not tainted 6.1.125-syzkaller #0 [ 65.533487][ T1915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.543893][ T1915] Call Trace: [ 65.547303][ T1915] [ 65.550319][ T1915] dump_stack_lvl+0xf4/0x251 [ 65.554902][ T1915] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 65.560346][ T1915] ? panic+0x3fe/0x3fe [ 65.564397][ T1915] ? __virt_addr_valid+0x139/0x270 [ 65.570017][ T1915] ? __virt_addr_valid+0x221/0x270 [ 65.575226][ T1915] print_report+0x15f/0x4f0 [ 65.579908][ T1915] ? __virt_addr_valid+0x139/0x270 [ 65.585057][ T1915] ? __virt_addr_valid+0x221/0x270 [ 65.590163][ T1915] ? strlen+0x54/0x60 [ 65.594131][ T1915] kasan_report+0x136/0x160 [ 65.599060][ T1915] ? strlen+0x54/0x60 [ 65.603043][ T1915] strlen+0x54/0x60 [ 65.606853][ T1915] reiserfs_find_entry+0x8c4/0x1a30 [ 65.612299][ T1915] ? reiserfs_get_parent+0x270/0x270 [ 65.617646][ T1915] reiserfs_lookup+0x1ae/0x3d0 [ 65.622408][ T1915] ? reiserfs_find_entry+0x1a30/0x1a30 [ 65.627954][ T1915] ? lockdep_init_map_type+0x9d/0x700 [ 65.633416][ T1915] ? __init_waitqueue_head+0xaa/0x140 [ 65.638875][ T1915] __lookup_slow+0x1ff/0x2e0 [ 65.643470][ T1915] ? lookup_one_len+0x10e/0x230 [ 65.648315][ T1915] ? lookup_one_len+0x230/0x230 [ 65.653249][ T1915] ? d_lookup+0x16f/0x1d0 [ 65.657848][ T1915] ? inode_permission+0x151/0x320 [ 65.662861][ T1915] lookup_one_len+0x1f3/0x230 [ 65.667700][ T1915] ? lookup_one_common+0x340/0x340 [ 65.672827][ T1915] reiserfs_lookup_privroot+0x81/0x1d0 [ 65.678284][ T1915] reiserfs_fill_super+0x14e7/0x2070 [ 65.683652][ T1915] ? reiserfs_kill_sb+0x140/0x140 [ 65.688682][ T1915] ? snprintf+0xcc/0x110 [ 65.692956][ T1915] ? __up_read+0x360/0x360 [ 65.697361][ T1915] mount_bdev+0x26b/0x340 [ 65.701705][ T1915] ? reiserfs_kill_sb+0x140/0x140 [ 65.706885][ T1915] legacy_get_tree+0xe5/0x170 [ 65.711696][ T1915] ? remove_save_link+0x4e0/0x4e0 [ 65.716981][ T1915] vfs_get_tree+0x7a/0x170 [ 65.721402][ T1915] do_new_mount+0x21a/0x910 [ 65.726086][ T1915] ? do_move_mount_old+0x120/0x120 [ 65.731213][ T1915] __se_sys_mount+0x23e/0x2d0 [ 65.735991][ T1915] ? __x64_sys_mount+0xc0/0xc0 [ 65.740749][ T1915] ? fpregs_assert_state_consistent+0x43/0x50 [ 65.746813][ T1915] do_syscall_64+0x3b/0x80 [ 65.751331][ T1915] ? clear_bhb_loop+0x45/0xa0 [ 65.756195][ T1915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 65.762192][ T1915] RIP: 0033:0x7f13fca7e22a [ 65.766623][ T1915] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.786444][ T1915] RSP: 002b:00007f13fd7f5ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 65.795145][ T1915] RAX: ffffffffffffffda RBX: 00007f13fd7f5f80 RCX: 00007f13fca7e22a [ 65.803107][ T1915] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f13fd7f5f40 [ 65.811241][ T1915] RBP: 00000000200000c0 R08: 00007f13fd7f5f80 R09: 0000000000008001 [ 65.819421][ T1915] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 65.827727][ T1915] R13: 00007f13fd7f5f40 R14: 0000000000001122 R15: 0000000020000080 [ 65.835775][ T1915] [ 65.838783][ T1915] [ 65.841102][ T1915] The buggy address belongs to the physical page: [ 65.847631][ T1915] page:ffffea0001b5c1c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6d707 [ 65.858034][ T1915] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 65.865338][ T1915] raw: 00fff00000000000 ffffea0001b5c208 ffffea0001b5bc88 0000000000000000 [ 65.873925][ T1915] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 65.882773][ T1915] page dumped because: kasan: bad access detected [ 65.889178][ T1915] page_owner tracks the page as freed [ 65.894615][ T1915] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1057, tgid 1055 (syz-execprog), ts 34260196423, free_ts 40737146611 [ 65.913447][ T1915] post_alloc_hook+0x286/0x2b0 [ 65.918571][ T1915] get_page_from_freelist+0x340b/0x35b0 [ 65.924300][ T1915] __alloc_pages+0x251/0x640 [ 65.928994][ T1915] __folio_alloc+0xf/0x30 [ 65.933493][ T1915] vma_alloc_folio+0x484/0x9e0 [ 65.938362][ T1915] wp_page_copy+0x1f9/0x1970 [ 65.942952][ T1915] handle_mm_fault+0x1f06/0x4290 [ 65.947889][ T1915] exc_page_fault+0x22a/0x5a0 [ 65.953063][ T1915] asm_exc_page_fault+0x22/0x30 [ 65.957905][ T1915] page last free stack trace: [ 65.962635][ T1915] free_unref_page_prepare+0x10b7/0x13b0 [ 65.968354][ T1915] free_unref_page_list+0x54b/0x7e0 [ 65.973761][ T1915] release_pages+0x1c13/0x1dc0 [ 65.978599][ T1915] tlb_flush_mmu+0xe5/0x1d0 [ 65.983189][ T1915] unmap_page_range+0x1408/0x1770 [ 65.988208][ T1915] unmap_vmas+0x42a/0x5a0 [ 65.992960][ T1915] exit_mmap+0x225/0x6f0 [ 65.997314][ T1915] __mmput+0x9b/0x2e0 [ 66.001337][ T1915] exit_mm+0x122/0x1b0 [ 66.005414][ T1915] do_exit+0x819/0x23a0 [ 66.009646][ T1915] do_group_exit+0x1b5/0x280 [ 66.014233][ T1915] __x64_sys_exit_group+0x3b/0x40 [ 66.019249][ T1915] do_syscall_64+0x3b/0x80 [ 66.023703][ T1915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.029940][ T1915] [ 66.032249][ T1915] Memory state around the buggy address: [ 66.037887][ T1915] ffff88806d707680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.045935][ T1915] ffff88806d707700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.054086][ T1915] >ffff88806d707780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.062182][ T1915] ^ [ 66.067302][ T1915] ffff88806d707800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.075530][ T1915] ffff88806d707880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.084106][ T1915] ================================================================== [ 66.092841][ T1915] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 66.101039][ T1915] Kernel Offset: disabled [ 66.105764][ T1915] Rebooting in 86400 seconds..