Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts. 2024/08/12 20:16:13 ignoring optional flag "sandboxArg"="0" 2024/08/12 20:16:13 parsed 1 programs 2024/08/12 20:16:13 executed programs: 0 [ 54.402443][ T1909] loop0: detected capacity change from 0 to 8192 [ 54.410383][ T1909] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.423599][ T1909] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.433013][ T1909] REISERFS (device loop0): using ordered data mode [ 54.439526][ T1909] reiserfs: using flush barriers [ 54.445326][ T1909] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.461865][ T1909] REISERFS (device loop0): checking transaction log (loop0) [ 54.470031][ T1909] REISERFS (device loop0): Using r5 hash to sort names [ 54.523099][ T1913] loop0: detected capacity change from 0 to 8192 [ 54.531590][ T1913] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.545020][ T1913] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.554273][ T1913] REISERFS (device loop0): using ordered data mode [ 54.560870][ T1913] reiserfs: using flush barriers [ 54.566448][ T1913] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.582836][ T1913] REISERFS (device loop0): checking transaction log (loop0) [ 54.591205][ T1913] REISERFS (device loop0): Using r5 hash to sort names [ 54.598718][ T1913] ================================================================== [ 54.607109][ T1913] BUG: KASAN: use-after-free in search_by_entry_key+0x3d7/0x1030 [ 54.614824][ T1913] Read of size 4 at addr ffff88806b150004 by task syz-executor.0/1913 [ 54.623204][ T1913] [ 54.625525][ T1913] CPU: 1 PID: 1913 Comm: syz-executor.0 Not tainted 6.1.104-syzkaller #0 [ 54.634258][ T1913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 54.644823][ T1913] Call Trace: [ 54.648168][ T1913] [ 54.651075][ T1913] dump_stack_lvl+0xf4/0x251 [ 54.655924][ T1913] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.661459][ T1913] ? panic+0x3fe/0x3fe [ 54.665583][ T1913] ? _printk+0xca/0x10a [ 54.669703][ T1913] ? __virt_addr_valid+0x139/0x270 [ 54.674875][ T1913] ? __virt_addr_valid+0x221/0x270 [ 54.680230][ T1913] print_report+0x15f/0x4f0 [ 54.684706][ T1913] ? __virt_addr_valid+0x139/0x270 [ 54.689874][ T1913] ? __virt_addr_valid+0x221/0x270 [ 54.694956][ T1913] ? search_by_entry_key+0x3d7/0x1030 [ 54.700389][ T1913] kasan_report+0x136/0x160 [ 54.704953][ T1913] ? search_by_entry_key+0x3d7/0x1030 [ 54.710484][ T1913] search_by_entry_key+0x3d7/0x1030 [ 54.715748][ T1913] ? pathrelse+0x76/0xd0 [ 54.720201][ T1913] reiserfs_find_entry+0xe9c/0x1a30 [ 54.725372][ T1913] ? reiserfs_get_parent+0x270/0x270 [ 54.730887][ T1913] reiserfs_lookup+0x1ae/0x3d0 [ 54.735648][ T1913] ? reiserfs_find_entry+0x1a30/0x1a30 [ 54.741361][ T1913] ? lockdep_init_map_type+0x9d/0x700 [ 54.746899][ T1913] ? __init_waitqueue_head+0xaa/0x140 [ 54.752426][ T1913] __lookup_slow+0x1ff/0x2e0 [ 54.757114][ T1913] ? lookup_one_len+0x10e/0x230 [ 54.762285][ T1913] ? lookup_one_len+0x230/0x230 [ 54.767111][ T1913] ? d_lookup+0x16f/0x1d0 [ 54.771415][ T1913] ? inode_permission+0x151/0x320 [ 54.776668][ T1913] lookup_one_len+0x1f3/0x230 [ 54.781406][ T1913] ? lookup_one_common+0x330/0x330 [ 54.786656][ T1913] reiserfs_lookup_privroot+0x81/0x1d0 [ 54.792082][ T1913] reiserfs_fill_super+0x14e7/0x2070 [ 54.797429][ T1913] ? reiserfs_kill_sb+0x140/0x140 [ 54.802423][ T1913] ? snprintf+0xcc/0x110 [ 54.806722][ T1913] ? __up_read+0x360/0x360 [ 54.811102][ T1913] mount_bdev+0x26b/0x340 [ 54.815403][ T1913] ? reiserfs_kill_sb+0x140/0x140 [ 54.820396][ T1913] legacy_get_tree+0xe5/0x170 [ 54.825343][ T1913] ? remove_save_link+0x4e0/0x4e0 [ 54.831351][ T1913] vfs_get_tree+0x7a/0x170 [ 54.835738][ T1913] do_new_mount+0x21a/0x910 [ 54.840217][ T1913] ? do_move_mount_old+0x120/0x120 [ 54.845392][ T1913] __se_sys_mount+0x23e/0x2d0 [ 54.850131][ T1913] ? __x64_sys_mount+0xc0/0xc0 [ 54.854951][ T1913] ? fpregs_assert_state_consistent+0x43/0x50 [ 54.861076][ T1913] do_syscall_64+0x3b/0x80 [ 54.865643][ T1913] ? clear_bhb_loop+0x45/0xa0 [ 54.870554][ T1913] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.876419][ T1913] RIP: 0033:0x7ff57087e05a [ 54.880806][ T1913] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.900568][ T1913] RSP: 002b:00007ff571658ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 54.908971][ T1913] RAX: ffffffffffffffda RBX: 00007ff571658f80 RCX: 00007ff57087e05a [ 54.916913][ T1913] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007ff571658f40 [ 54.924864][ T1913] RBP: 0000000020000140 R08: 00007ff571658f80 R09: 000000000120c083 [ 54.932980][ T1913] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 54.940922][ T1913] R13: 00007ff571658f40 R14: 0000000000001120 R15: 0000000020000380 [ 54.948892][ T1913] [ 54.951883][ T1913] [ 54.954178][ T1913] The buggy address belongs to the physical page: [ 54.960739][ T1913] page:ffffea0001ac5400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b150 [ 54.971119][ T1913] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.978212][ T1913] raw: 00fff00000000000 ffffea0001ac5448 ffff8880bad3e5a0 0000000000000000 [ 54.986936][ T1913] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.995510][ T1913] page dumped because: kasan: bad access detected [ 55.001917][ T1913] page_owner tracks the page as freed [ 55.007603][ T1913] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1913, tgid 1912 (syz-executor.0), ts 54507082704, free_ts 54522888162 [ 55.026402][ T1913] post_alloc_hook+0x286/0x2b0 [ 55.031137][ T1913] get_page_from_freelist+0x2fe5/0x3170 [ 55.036744][ T1913] __alloc_pages+0x251/0x640 [ 55.041477][ T1913] __folio_alloc+0xf/0x30 [ 55.045793][ T1913] vma_alloc_folio+0x484/0x9e0 [ 55.050522][ T1913] handle_mm_fault+0x2611/0x42c0 [ 55.055429][ T1913] exc_page_fault+0x22a/0x5a0 [ 55.060195][ T1913] asm_exc_page_fault+0x22/0x30 [ 55.065019][ T1913] page last free stack trace: [ 55.069657][ T1913] free_unref_page_prepare+0xd6c/0xf00 [ 55.075099][ T1913] free_unref_page_list+0x54b/0x7e0 [ 55.080349][ T1913] release_pages+0x1e0a/0x1fe0 [ 55.085344][ T1913] tlb_flush_mmu+0xe5/0x1d0 [ 55.089992][ T1913] tlb_finish_mmu+0xb0/0x1b0 [ 55.094558][ T1913] unmap_region+0x265/0x2b0 [ 55.099030][ T1913] do_mas_align_munmap+0xa6c/0x11e0 [ 55.104194][ T1913] do_mas_munmap+0x195/0x1f0 [ 55.108862][ T1913] __vm_munmap+0x236/0x300 [ 55.113417][ T1913] __x64_sys_munmap+0x57/0x60 [ 55.118066][ T1913] do_syscall_64+0x3b/0x80 [ 55.122470][ T1913] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.128415][ T1913] [ 55.130884][ T1913] Memory state around the buggy address: [ 55.136613][ T1913] ffff88806b14ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.144765][ T1913] ffff88806b14ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.152903][ T1913] >ffff88806b150000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.161033][ T1913] ^ [ 55.165281][ T1913] ffff88806b150080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.173592][ T1913] ffff88806b150100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.181637][ T1913] ================================================================== [ 55.190093][ T1913] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.197701][ T1913] Kernel Offset: disabled [ 55.202007][ T1913] Rebooting in 86400 seconds..