Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. 2023/11/18 10:47:26 ignoring optional flag "sandboxArg"="0" 2023/11/18 10:47:26 parsed 1 programs 2023/11/18 10:47:26 executed programs: 0 [ 45.652348][ T2016] loop0: detected capacity change from 0 to 8192 [ 45.660727][ T2016] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.671189][ T2016] REISERFS (device loop0): using ordered data mode [ 45.678278][ T2016] reiserfs: using flush barriers [ 45.684264][ T2016] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.701149][ T2016] REISERFS (device loop0): checking transaction log (loop0) [ 45.709005][ T2016] REISERFS (device loop0): Using r5 hash to sort names [ 45.816295][ T2019] loop0: detected capacity change from 0 to 8192 [ 45.824248][ T2019] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.833983][ T2019] REISERFS (device loop0): using ordered data mode [ 45.840883][ T2019] reiserfs: using flush barriers [ 45.846758][ T2019] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.863308][ T2019] REISERFS (device loop0): checking transaction log (loop0) [ 45.871601][ T2019] REISERFS (device loop0): Using r5 hash to sort names [ 45.879138][ T2019] ================================================================== [ 45.887188][ T2019] BUG: KASAN: use-after-free in search_by_entry_key+0xb94/0xec0 [ 45.895259][ T2019] Read of size 4 at addr ffff88806ea4d004 by task syz-executor.0/2019 [ 45.903666][ T2019] [ 45.906055][ T2019] CPU: 1 PID: 2019 Comm: syz-executor.0 Not tainted 5.15.138-syzkaller #0 [ 45.914930][ T2019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 45.925555][ T2019] Call Trace: [ 45.928846][ T2019] [ 45.931785][ T2019] dump_stack_lvl+0x41/0x5e [ 45.936281][ T2019] print_address_description.constprop.0.cold+0x6c/0x309 [ 45.944070][ T2019] ? search_by_entry_key+0xb94/0xec0 [ 45.949732][ T2019] ? search_by_entry_key+0xb94/0xec0 [ 45.955218][ T2019] kasan_report.cold+0x83/0xdf [ 45.960137][ T2019] ? search_by_entry_key+0xb94/0xec0 [ 45.965861][ T2019] search_by_entry_key+0xb94/0xec0 [ 45.971213][ T2019] reiserfs_find_entry.part.0+0x13c/0x12e0 [ 45.977404][ T2019] ? find_held_lock+0x2d/0x110 [ 45.982171][ T2019] ? search_by_entry_key+0xec0/0xec0 [ 45.987521][ T2019] ? d_alloc_parallel+0x484/0x1050 [ 45.992607][ T2019] reiserfs_lookup+0x1ff/0x3e0 [ 45.997458][ T2019] ? reiserfs_unlink+0x6e0/0x6e0 [ 46.002475][ T2019] __lookup_slow+0x1fe/0x3c0 [ 46.007133][ T2019] ? hashlen_string+0xa0/0xa0 [ 46.011945][ T2019] ? d_lookup+0x68/0x90 [ 46.016369][ T2019] lookup_one_len+0x125/0x150 [ 46.021145][ T2019] ? try_lookup_one_len+0x130/0x130 [ 46.026430][ T2019] ? down_write_killable+0x160/0x160 [ 46.031702][ T2019] reiserfs_lookup_privroot+0x8d/0x260 [ 46.037158][ T2019] reiserfs_fill_super+0x15cc/0x26d0 [ 46.042661][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 46.048108][ T2019] ? pointer+0x700/0x700 [ 46.052461][ T2019] ? snprintf+0x9e/0xd0 [ 46.056825][ T2019] ? vsprintf+0x10/0x10 [ 46.061117][ T2019] ? up_write+0x131/0x1e0 [ 46.065753][ T2019] ? sget+0x390/0x470 [ 46.069808][ T2019] mount_bdev+0x2c3/0x3a0 [ 46.074228][ T2019] ? reiserfs_remount+0x15c0/0x15c0 [ 46.079402][ T2019] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 46.084751][ T2019] legacy_get_tree+0xfa/0x1f0 [ 46.089413][ T2019] ? security_capable+0x4c/0x90 [ 46.094365][ T2019] vfs_get_tree+0x83/0x1b0 [ 46.099061][ T2019] path_mount+0x41e/0x19f0 [ 46.103473][ T2019] ? finish_automount+0x7d0/0x7d0 [ 46.108630][ T2019] ? kasan_set_free_info+0x20/0x30 [ 46.113980][ T2019] ? user_path_at_empty+0x40/0x50 [ 46.119147][ T2019] ? kmem_cache_free+0x7e/0x470 [ 46.123986][ T2019] __x64_sys_mount+0x1f5/0x260 [ 46.128723][ T2019] ? copy_mnt_ns+0xd20/0xd20 [ 46.133369][ T2019] ? vtime_user_exit+0xde/0x180 [ 46.138286][ T2019] do_syscall_64+0x35/0x80 [ 46.142762][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.148918][ T2019] RIP: 0033:0x7f731666505a [ 46.153361][ T2019] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.173809][ T2019] RSP: 002b:00007f73161e5ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.182560][ T2019] RAX: ffffffffffffffda RBX: 00007f73161e5f80 RCX: 00007f731666505a [ 46.190694][ T2019] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007f73161e5f40 [ 46.199094][ T2019] RBP: 0000000020000140 R08: 00007f73161e5f80 R09: 000000000120c083 [ 46.207246][ T2019] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 46.215295][ T2019] R13: 00007f73161e5f40 R14: 0000000000001120 R15: 0000000020000380 [ 46.223351][ T2019] [ 46.226364][ T2019] [ 46.228752][ T2019] The buggy address belongs to the page: [ 46.234453][ T2019] page:ffffea0001ba9340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ea4d [ 46.244836][ T2019] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 46.252226][ T2019] raw: 00fff00000000000 ffffea0001ba9388 ffff8880bad3e120 0000000000000000 [ 46.261064][ T2019] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.270098][ T2019] page dumped because: kasan: bad access detected [ 46.277410][ T2019] page_owner tracks the page as freed [ 46.282875][ T2019] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 1575, ts 36797292785, free_ts 36816709596 [ 46.299915][ T2019] get_page_from_freelist+0x12d1/0x2d40 [ 46.305853][ T2019] __alloc_pages+0x1b2/0x440 [ 46.310479][ T2019] alloc_pages_vma+0xe0/0x650 [ 46.315134][ T2019] __handle_mm_fault+0x1ce9/0x33c0 [ 46.320388][ T2019] handle_mm_fault+0x1c5/0x5b0 [ 46.325130][ T2019] do_user_addr_fault+0x298/0xcb0 [ 46.330225][ T2019] exc_page_fault+0x5a/0xb0 [ 46.334788][ T2019] asm_exc_page_fault+0x22/0x30 [ 46.339622][ T2019] page last free stack trace: [ 46.344280][ T2019] free_pcp_prepare+0x379/0x850 [ 46.349321][ T2019] free_unref_page_list+0x16f/0xbd0 [ 46.354777][ T2019] release_pages+0xb3a/0x1480 [ 46.359633][ T2019] tlb_finish_mmu+0x127/0x790 [ 46.364302][ T2019] unmap_region+0x298/0x390 [ 46.368870][ T2019] __do_munmap+0x481/0x10c0 [ 46.373751][ T2019] __vm_munmap+0xd2/0x1a0 [ 46.378247][ T2019] __x64_sys_munmap+0x5d/0x80 [ 46.382916][ T2019] do_syscall_64+0x35/0x80 [ 46.387341][ T2019] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.393420][ T2019] [ 46.395890][ T2019] Memory state around the buggy address: [ 46.401577][ T2019] ffff88806ea4cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.410366][ T2019] ffff88806ea4cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.418508][ T2019] >ffff88806ea4d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.426999][ T2019] ^ [ 46.431049][ T2019] ffff88806ea4d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.439169][ T2019] ffff88806ea4d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.447286][ T2019] ================================================================== [ 46.455409][ T2019] Disabling lock debugging due to kernel taint [ 46.463599][ T2019] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.471224][ T2019] Kernel Offset: disabled [ 46.476155][ T2019] Rebooting in 86400 seconds..