Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. 2023/11/29 10:14:26 ignoring optional flag "sandboxArg"="0" 2023/11/29 10:14:26 parsed 1 programs 2023/11/29 10:14:26 executed programs: 0 [ 50.008612][ T1580] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.734714][ T1997] loop0: detected capacity change from 0 to 8192 [ 54.742704][ T1997] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.756552][ T1997] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.766068][ T1997] REISERFS (device loop0): using ordered data mode [ 54.773286][ T1997] reiserfs: using flush barriers [ 54.779992][ T1997] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.797949][ T1997] REISERFS (device loop0): checking transaction log (loop0) [ 54.808395][ T1997] REISERFS (device loop0): Using r5 hash to sort names [ 54.816034][ T1997] ================================================================== [ 54.824444][ T1997] BUG: KASAN: use-after-free in strlen+0x54/0x60 [ 54.830840][ T1997] Read of size 1 at addr ffff88806dba27a3 by task syz-executor.0/1997 [ 54.839587][ T1997] [ 54.841991][ T1997] CPU: 1 PID: 1997 Comm: syz-executor.0 Not tainted 6.1.64-syzkaller #0 [ 54.850429][ T1997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 54.860829][ T1997] Call Trace: [ 54.864301][ T1997] [ 54.867214][ T1997] dump_stack_lvl+0xf4/0x251 [ 54.872321][ T1997] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.877957][ T1997] ? panic+0x3f7/0x3f7 [ 54.882269][ T1997] ? _printk+0xca/0x10a [ 54.886419][ T1997] print_report+0x15f/0x4f0 [ 54.890998][ T1997] ? strlen+0x54/0x60 [ 54.895127][ T1997] kasan_report+0x136/0x160 [ 54.899796][ T1997] ? strlen+0x54/0x60 [ 54.903948][ T1997] strlen+0x54/0x60 [ 54.907910][ T1997] reiserfs_find_entry+0x8c4/0x1a30 [ 54.913451][ T1997] ? reiserfs_get_parent+0x270/0x270 [ 54.918895][ T1997] reiserfs_lookup+0x1ae/0x3d0 [ 54.923985][ T1997] ? reiserfs_find_entry+0x1a30/0x1a30 [ 54.929496][ T1997] ? lockdep_init_map_type+0x9d/0x700 [ 54.934841][ T1997] ? __init_waitqueue_head+0xaa/0x140 [ 54.940280][ T1997] __lookup_slow+0x1ff/0x2e0 [ 54.944929][ T1997] ? lookup_one_len+0x10e/0x230 [ 54.949929][ T1997] ? lookup_one_len+0x230/0x230 [ 54.955015][ T1997] ? d_lookup+0x16f/0x1d0 [ 54.959406][ T1997] ? inode_permission+0x151/0x320 [ 54.964768][ T1997] lookup_one_len+0x1f3/0x230 [ 54.969693][ T1997] ? lookup_one_common+0x330/0x330 [ 54.974822][ T1997] reiserfs_lookup_privroot+0x81/0x1d0 [ 54.980343][ T1997] reiserfs_fill_super+0x14e7/0x2070 [ 54.985785][ T1997] ? reiserfs_kill_sb+0x140/0x140 [ 54.990869][ T1997] ? __down_write_common+0x12a/0x1e0 [ 54.996583][ T1997] ? snprintf+0xcc/0x110 [ 55.000897][ T1997] ? __up_read+0x360/0x360 [ 55.005589][ T1997] mount_bdev+0x26b/0x340 [ 55.009909][ T1997] ? reiserfs_kill_sb+0x140/0x140 [ 55.015082][ T1997] legacy_get_tree+0xe5/0x170 [ 55.019995][ T1997] ? remove_save_link+0x4e0/0x4e0 [ 55.025366][ T1997] vfs_get_tree+0x7a/0x170 [ 55.030044][ T1997] do_new_mount+0x1e1/0x8f0 [ 55.034903][ T1997] ? do_move_mount_old+0x120/0x120 [ 55.040178][ T1997] __se_sys_mount+0x23e/0x2d0 [ 55.044918][ T1997] ? __x64_sys_mount+0xc0/0xc0 [ 55.049834][ T1997] ? fpregs_assert_state_consistent+0x43/0x50 [ 55.056492][ T1997] do_syscall_64+0x3d/0x80 [ 55.061059][ T1997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.066925][ T1997] RIP: 0033:0x7f88aa07e22a [ 55.071320][ T1997] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.091853][ T1997] RSP: 002b:00007f88aacfbee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.101283][ T1997] RAX: ffffffffffffffda RBX: 00007f88aacfbf80 RCX: 00007f88aa07e22a [ 55.109414][ T1997] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f88aacfbf40 [ 55.117804][ T1997] RBP: 00000000200000c0 R08: 00007f88aacfbf80 R09: 0000000000008001 [ 55.125966][ T1997] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 55.133932][ T1997] R13: 00007f88aacfbf40 R14: 0000000000001122 R15: 0000000020000080 [ 55.142929][ T1997] [ 55.145927][ T1997] [ 55.148737][ T1997] The buggy address belongs to the physical page: [ 55.156020][ T1997] page:ffffea0001b6e880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6dba2 [ 55.166494][ T1997] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.174012][ T1997] raw: 00fff00000000000 ffffea0001ff7508 ffffea0001b6ef08 0000000000000000 [ 55.183112][ T1997] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.192305][ T1997] page dumped because: kasan: bad access detected [ 55.198963][ T1997] page_owner tracks the page as freed [ 55.204666][ T1997] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1653, tgid 1653 (modprobe), ts 50817990576, free_ts 50821516784 [ 55.222973][ T1997] post_alloc_hook+0x286/0x2b0 [ 55.227866][ T1997] get_page_from_freelist+0x2fdd/0x3170 [ 55.233648][ T1997] __alloc_pages+0x251/0x640 [ 55.238817][ T1997] __folio_alloc+0xf/0x30 [ 55.243388][ T1997] vma_alloc_folio+0x484/0x9e0 [ 55.248315][ T1997] wp_page_copy+0x226/0x1970 [ 55.252979][ T1997] handle_mm_fault+0x1f58/0x4260 [ 55.258260][ T1997] exc_page_fault+0x22a/0x5e0 [ 55.263050][ T1997] asm_exc_page_fault+0x22/0x30 [ 55.268188][ T1997] page last free stack trace: [ 55.273121][ T1997] free_unref_page_prepare+0xd4b/0xee0 [ 55.279020][ T1997] free_unref_page_list+0x54b/0x7e0 [ 55.284305][ T1997] release_pages+0x175c/0x1900 [ 55.289169][ T1997] tlb_flush_mmu+0xe5/0x1d0 [ 55.293837][ T1997] tlb_finish_mmu+0xb0/0x1b0 [ 55.298644][ T1997] exit_mmap+0x341/0x730 [ 55.303230][ T1997] __mmput+0x9b/0x2d0 [ 55.307248][ T1997] exit_mm+0x122/0x1b0 [ 55.311401][ T1997] do_exit+0x81e/0x23a0 [ 55.316932][ T1997] do_group_exit+0x1b5/0x280 [ 55.321976][ T1997] __x64_sys_exit_group+0x3b/0x40 [ 55.327164][ T1997] do_syscall_64+0x3d/0x80 [ 55.331750][ T1997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.338141][ T1997] [ 55.340473][ T1997] Memory state around the buggy address: [ 55.346430][ T1997] ffff88806dba2680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.354744][ T1997] ffff88806dba2700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.363047][ T1997] >ffff88806dba2780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.373278][ T1997] ^ [ 55.378757][ T1997] ffff88806dba2800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.387064][ T1997] ffff88806dba2880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.395358][ T1997] ================================================================== [ 55.404282][ T1997] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.412533][ T1997] Kernel Offset: disabled [ 55.416855][ T1997] Rebooting in 86400 seconds..