Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts. 2024/11/19 14:38:28 ignoring optional flag "sandboxArg"="0" 2024/11/19 14:38:28 ignoring optional flag "type"="gce" 2024/11/19 14:38:28 parsed 1 programs 2024/11/19 14:38:28 executed programs: 0 [ 59.152718][ T1912] loop0: detected capacity change from 0 to 8192 [ 59.161239][ T1912] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 59.174354][ T1912] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 59.183661][ T1912] REISERFS (device loop0): using ordered data mode [ 59.190221][ T1912] reiserfs: using flush barriers [ 59.196057][ T1912] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 59.212690][ T1912] REISERFS (device loop0): checking transaction log (loop0) [ 59.221075][ T1912] REISERFS (device loop0): Using r5 hash to sort names [ 59.228092][ T1912] ================================================================== [ 59.236233][ T1912] BUG: KASAN: use-after-free in search_by_entry_key+0x3d7/0x1030 [ 59.243953][ T1912] Read of size 4 at addr ffff88806c5a6004 by task syz-executor.0/1912 [ 59.252111][ T1912] [ 59.254447][ T1912] CPU: 0 PID: 1912 Comm: syz-executor.0 Not tainted 6.1.118-syzkaller #0 [ 59.262853][ T1912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 59.273085][ T1912] Call Trace: [ 59.276536][ T1912] [ 59.279494][ T1912] dump_stack_lvl+0xf4/0x251 [ 59.284252][ T1912] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 59.289779][ T1912] ? panic+0x3fe/0x3fe [ 59.293837][ T1912] ? _printk+0xca/0x10a [ 59.298150][ T1912] ? __virt_addr_valid+0x139/0x270 [ 59.303240][ T1912] ? __virt_addr_valid+0x221/0x270 [ 59.308335][ T1912] print_report+0x15f/0x4f0 [ 59.312833][ T1912] ? __virt_addr_valid+0x139/0x270 [ 59.318011][ T1912] ? __virt_addr_valid+0x221/0x270 [ 59.323126][ T1912] ? search_by_entry_key+0x3d7/0x1030 [ 59.328579][ T1912] kasan_report+0x136/0x160 [ 59.333069][ T1912] ? search_by_entry_key+0x3d7/0x1030 [ 59.338424][ T1912] search_by_entry_key+0x3d7/0x1030 [ 59.343606][ T1912] ? pathrelse+0x76/0xd0 [ 59.347842][ T1912] reiserfs_find_entry+0xe9c/0x1a30 [ 59.353129][ T1912] ? reiserfs_get_parent+0x270/0x270 [ 59.358436][ T1912] reiserfs_lookup+0x1ae/0x3d0 [ 59.363308][ T1912] ? reiserfs_find_entry+0x1a30/0x1a30 [ 59.368776][ T1912] ? lockdep_init_map_type+0x9d/0x700 [ 59.374137][ T1912] ? __init_waitqueue_head+0xaa/0x140 [ 59.379492][ T1912] __lookup_slow+0x1ff/0x2e0 [ 59.384091][ T1912] ? lookup_one_len+0x10e/0x230 [ 59.389445][ T1912] ? lookup_one_len+0x230/0x230 [ 59.394280][ T1912] ? d_lookup+0x16f/0x1d0 [ 59.398611][ T1912] ? inode_permission+0x151/0x320 [ 59.403722][ T1912] lookup_one_len+0x1f3/0x230 [ 59.408393][ T1912] ? lookup_one_common+0x340/0x340 [ 59.413496][ T1912] reiserfs_lookup_privroot+0x81/0x1d0 [ 59.418944][ T1912] reiserfs_fill_super+0x14e7/0x2070 [ 59.424216][ T1912] ? reiserfs_kill_sb+0x140/0x140 [ 59.429259][ T1912] ? snprintf+0xcc/0x110 [ 59.433590][ T1912] ? __up_read+0x360/0x360 [ 59.438003][ T1912] mount_bdev+0x26b/0x340 [ 59.442765][ T1912] ? reiserfs_kill_sb+0x140/0x140 [ 59.447778][ T1912] legacy_get_tree+0xe5/0x170 [ 59.452471][ T1912] ? remove_save_link+0x4e0/0x4e0 [ 59.457657][ T1912] vfs_get_tree+0x7a/0x170 [ 59.462064][ T1912] do_new_mount+0x21a/0x910 [ 59.466564][ T1912] ? do_move_mount_old+0x120/0x120 [ 59.471678][ T1912] __se_sys_mount+0x23e/0x2d0 [ 59.476371][ T1912] ? __x64_sys_mount+0xc0/0xc0 [ 59.481133][ T1912] ? fpregs_assert_state_consistent+0x43/0x50 [ 59.487289][ T1912] do_syscall_64+0x3b/0x80 [ 59.491825][ T1912] ? clear_bhb_loop+0x45/0xa0 [ 59.496598][ T1912] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.502703][ T1912] RIP: 0033:0x7f4ad2a7e05a [ 59.507229][ T1912] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.527086][ T1912] RSP: 002b:00007f4ad3710ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 59.535669][ T1912] RAX: ffffffffffffffda RBX: 00007f4ad3710f80 RCX: 00007f4ad2a7e05a [ 59.543649][ T1912] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007f4ad3710f40 [ 59.551699][ T1912] RBP: 0000000020000140 R08: 00007f4ad3710f80 R09: 000000000120c083 [ 59.559906][ T1912] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 59.567980][ T1912] R13: 00007f4ad3710f40 R14: 0000000000001120 R15: 0000000020000380 [ 59.575953][ T1912] [ 59.578967][ T1912] [ 59.581293][ T1912] The buggy address belongs to the physical page: [ 59.587737][ T1912] page:ffffea0001b16980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6c5a6 [ 59.597895][ T1912] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 59.605077][ T1912] raw: 00fff00000000000 ffffea0001b169c8 ffff8880bac3e5a0 0000000000000000 [ 59.613670][ T1912] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 59.622326][ T1912] page dumped because: kasan: bad access detected [ 59.628746][ T1912] page_owner tracks the page as freed [ 59.634121][ T1912] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 5735808882, free_ts 7012096247 [ 59.648859][ T1912] post_alloc_hook+0x286/0x2b0 [ 59.653610][ T1912] split_map_pages+0x22a/0x480 [ 59.658382][ T1912] isolate_freepages_range+0x2a4/0x460 [ 59.663859][ T1912] alloc_contig_range+0x60a/0x930 [ 59.668950][ T1912] alloc_contig_pages+0x3ef/0x4f0 [ 59.673963][ T1912] debug_vm_pgtable_alloc_huge_page+0x7d/0xd7 [ 59.680390][ T1912] init_args+0x96a/0xbb5 [ 59.684644][ T1912] debug_vm_pgtable+0xa5/0x5ad [ 59.689657][ T1912] do_one_initcall+0x19f/0x4c0 [ 59.694418][ T1912] do_initcall_level+0x11e/0x1cd [ 59.699350][ T1912] do_initcalls+0x46/0x74 [ 59.703663][ T1912] kernel_init_freeable+0x375/0x4e4 [ 59.708849][ T1912] kernel_init+0x14/0x190 [ 59.713166][ T1912] ret_from_fork+0x1f/0x30 [ 59.717561][ T1912] page last free stack trace: [ 59.722211][ T1912] free_unref_page_prepare+0xd6c/0xf00 [ 59.727652][ T1912] free_unref_page+0x33/0x390 [ 59.732332][ T1912] free_contig_range+0x8d/0x130 [ 59.737161][ T1912] destroy_args+0xde/0x79f [ 59.741748][ T1912] debug_vm_pgtable+0x373/0x5ad [ 59.746612][ T1912] do_one_initcall+0x19f/0x4c0 [ 59.751449][ T1912] do_initcall_level+0x11e/0x1cd [ 59.756388][ T1912] do_initcalls+0x46/0x74 [ 59.760739][ T1912] kernel_init_freeable+0x375/0x4e4 [ 59.766010][ T1912] kernel_init+0x14/0x190 [ 59.770430][ T1912] ret_from_fork+0x1f/0x30 [ 59.774838][ T1912] [ 59.777150][ T1912] Memory state around the buggy address: [ 59.782764][ T1912] ffff88806c5a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.790826][ T1912] ffff88806c5a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.798877][ T1912] >ffff88806c5a6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.806922][ T1912] ^ [ 59.810971][ T1912] ffff88806c5a6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.819012][ T1912] ffff88806c5a6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.827064][ T1912] ================================================================== [ 59.835463][ T1912] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.842900][ T1912] Kernel Offset: disabled [ 59.847208][ T1912] Rebooting in 86400 seconds..