Warning: Permanently added '10.128.1.131' (ED25519) to the list of known hosts. 2023/09/01 15:56:46 ignoring optional flag "sandboxArg"="0" 2023/09/01 15:56:46 parsed 1 programs 2023/09/01 15:56:46 executed programs: 0 [ 47.801182][ T1591] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.768889][ T2017] loop0: detected capacity change from 0 to 8192 [ 50.776816][ T2017] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.786344][ T2017] REISERFS (device loop0): using ordered data mode [ 50.793504][ T2017] reiserfs: using flush barriers [ 50.799170][ T2017] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 50.815748][ T2017] REISERFS (device loop0): checking transaction log (loop0) [ 50.823915][ T2017] REISERFS (device loop0): Using r5 hash to sort names [ 50.916618][ T2020] loop0: detected capacity change from 0 to 8192 [ 50.924821][ T2020] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.934253][ T2020] REISERFS (device loop0): using ordered data mode [ 50.940906][ T2020] reiserfs: using flush barriers [ 50.946477][ T2020] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 50.963446][ T2020] REISERFS (device loop0): checking transaction log (loop0) [ 50.971448][ T2020] REISERFS (device loop0): Using r5 hash to sort names [ 50.978616][ T2020] ================================================================== [ 50.986670][ T2020] BUG: KASAN: use-after-free in strlen+0x79/0x90 [ 50.993162][ T2020] Read of size 1 at addr ffff8880690797a3 by task syz-executor.0/2020 [ 51.001484][ T2020] [ 51.003808][ T2020] CPU: 0 PID: 2020 Comm: syz-executor.0 Not tainted 5.15.129-syzkaller #0 [ 51.012407][ T2020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 51.022447][ T2020] Call Trace: [ 51.025723][ T2020] [ 51.028640][ T2020] dump_stack_lvl+0x41/0x5e [ 51.033139][ T2020] print_address_description.constprop.0.cold+0x6c/0x309 [ 51.040319][ T2020] ? strlen+0x79/0x90 [ 51.044282][ T2020] ? strlen+0x79/0x90 [ 51.048251][ T2020] kasan_report.cold+0x83/0xdf [ 51.053001][ T2020] ? strlen+0x79/0x90 [ 51.056982][ T2020] strlen+0x79/0x90 [ 51.060765][ T2020] reiserfs_find_entry.part.0+0x4e6/0x12e0 [ 51.066659][ T2020] ? find_held_lock+0x2d/0x110 [ 51.071421][ T2020] ? search_by_entry_key+0xec0/0xec0 [ 51.077237][ T2020] reiserfs_lookup+0x1ff/0x3e0 [ 51.082272][ T2020] ? reiserfs_unlink+0x6e0/0x6e0 [ 51.087195][ T2020] __lookup_slow+0x1fe/0x3c0 [ 51.092265][ T2020] ? hashlen_string+0xa0/0xa0 [ 51.097202][ T2020] ? d_lookup+0x68/0x90 [ 51.101351][ T2020] lookup_one_len+0x125/0x150 [ 51.106019][ T2020] ? try_lookup_one_len+0x130/0x130 [ 51.111375][ T2020] ? down_write_killable+0x160/0x160 [ 51.116734][ T2020] reiserfs_lookup_privroot+0x8d/0x260 [ 51.122271][ T2020] reiserfs_fill_super+0x15cc/0x26d0 [ 51.127536][ T2020] ? reiserfs_remount+0x15c0/0x15c0 [ 51.133114][ T2020] ? pointer+0x700/0x700 [ 51.137342][ T2020] ? snprintf+0x9e/0xd0 [ 51.141860][ T2020] ? vsprintf+0x10/0x10 [ 51.146086][ T2020] ? up_write+0x131/0x1e0 [ 51.150397][ T2020] ? sget+0x390/0x470 [ 51.154391][ T2020] mount_bdev+0x2c3/0x3a0 [ 51.158719][ T2020] ? reiserfs_remount+0x15c0/0x15c0 [ 51.163983][ T2020] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 51.169035][ T2020] legacy_get_tree+0xfa/0x1f0 [ 51.173955][ T2020] ? security_capable+0x4c/0x90 [ 51.178879][ T2020] vfs_get_tree+0x83/0x1b0 [ 51.183284][ T2020] path_mount+0x41e/0x19f0 [ 51.187871][ T2020] ? finish_automount+0x7d0/0x7d0 [ 51.192966][ T2020] ? user_path_at_empty+0x40/0x50 [ 51.198174][ T2020] ? kmem_cache_free+0x7e/0x470 [ 51.203091][ T2020] ? rcu_is_watching+0x11/0xa0 [ 51.207839][ T2020] __x64_sys_mount+0x1f5/0x260 [ 51.212603][ T2020] ? copy_mnt_ns+0xd20/0xd20 [ 51.217348][ T2020] do_syscall_64+0x35/0x80 [ 51.221766][ T2020] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.227740][ T2020] RIP: 0033:0x7f4c0978122a [ 51.232133][ T2020] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 51.251947][ T2020] RSP: 002b:00007f4c09301ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.260649][ T2020] RAX: ffffffffffffffda RBX: 00007f4c09301f80 RCX: 00007f4c0978122a [ 51.268945][ T2020] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f4c09301f40 [ 51.276919][ T2020] RBP: 00000000200000c0 R08: 00007f4c09301f80 R09: 0000000000008001 [ 51.284966][ T2020] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 51.293090][ T2020] R13: 00007f4c09301f40 R14: 0000000000001122 R15: 0000000020000080 [ 51.301282][ T2020] [ 51.304376][ T2020] [ 51.306748][ T2020] The buggy address belongs to the page: [ 51.312537][ T2020] page:ffffea0001a41e40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69079 [ 51.322993][ T2020] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.330200][ T2020] raw: 00fff00000000000 ffffea0001a41e88 ffff8880bac3e120 0000000000000000 [ 51.338853][ T2020] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 51.347416][ T2020] page dumped because: kasan: bad access detected [ 51.353801][ T2020] page_owner tracks the page as freed [ 51.359142][ T2020] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 4867701015, free_ts 5706194945 [ 51.372293][ T2020] split_map_pages+0x1b2/0x470 [ 51.377072][ T2020] isolate_freepages_range+0x251/0x2d0 [ 51.382509][ T2020] alloc_contig_range+0x505/0x690 [ 51.387695][ T2020] alloc_contig_pages+0x338/0x470 [ 51.392700][ T2020] debug_vm_pgtable+0x68c/0x178f [ 51.397658][ T2020] do_one_initcall+0xb4/0x320 [ 51.402353][ T2020] kernel_init_freeable+0x51b/0x57d [ 51.407530][ T2020] kernel_init+0x14/0x120 [ 51.411922][ T2020] ret_from_fork+0x1f/0x30 [ 51.416341][ T2020] page last free stack trace: [ 51.421037][ T2020] free_pcp_prepare+0x379/0x850 [ 51.426092][ T2020] free_unref_page+0x19/0x510 [ 51.430768][ T2020] free_contig_range+0x8b/0xb0 [ 51.435516][ T2020] destroy_args+0x7e/0x503 [ 51.440093][ T2020] debug_vm_pgtable+0x170d/0x178f [ 51.445213][ T2020] do_one_initcall+0xb4/0x320 [ 51.449873][ T2020] kernel_init_freeable+0x51b/0x57d [ 51.455045][ T2020] kernel_init+0x14/0x120 [ 51.459381][ T2020] ret_from_fork+0x1f/0x30 [ 51.463790][ T2020] [ 51.466108][ T2020] Memory state around the buggy address: [ 51.471880][ T2020] ffff888069079680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.480125][ T2020] ffff888069079700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.488212][ T2020] >ffff888069079780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.496429][ T2020] ^ [ 51.501541][ T2020] ffff888069079800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.509584][ T2020] ffff888069079880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.517876][ T2020] ================================================================== [ 51.526009][ T2020] Disabling lock debugging due to kernel taint [ 51.532521][ T2020] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.541212][ T2020] Kernel Offset: disabled [ 51.545625][ T2020] Rebooting in 86400 seconds..