Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts. 2023/08/17 04:48:20 ignoring optional flag "sandboxArg"="0" 2023/08/17 04:48:20 parsed 1 programs 2023/08/17 04:48:20 executed programs: 0 [ 46.267825][ T2014] loop0: detected capacity change from 0 to 8192 [ 46.277243][ T2014] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.286730][ T2014] REISERFS (device loop0): using ordered data mode [ 46.293239][ T2014] reiserfs: using flush barriers [ 46.299003][ T2014] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.315505][ T2014] REISERFS (device loop0): checking transaction log (loop0) [ 46.323501][ T2014] REISERFS (device loop0): Using r5 hash to sort names [ 46.330562][ T2014] ================================================================== [ 46.338871][ T2014] BUG: KASAN: use-after-free in search_by_entry_key+0xb94/0xec0 [ 46.346478][ T2014] Read of size 4 at addr ffff88806ba36004 by task syz-executor.0/2014 [ 46.354922][ T2014] [ 46.357233][ T2014] CPU: 0 PID: 2014 Comm: syz-executor.0 Not tainted 5.15.127-syzkaller #0 [ 46.365787][ T2014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 46.376076][ T2014] Call Trace: [ 46.379330][ T2014] [ 46.382244][ T2014] dump_stack_lvl+0x41/0x5e [ 46.386752][ T2014] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.393931][ T2014] ? search_by_entry_key+0xb94/0xec0 [ 46.399365][ T2014] ? search_by_entry_key+0xb94/0xec0 [ 46.404963][ T2014] kasan_report.cold+0x83/0xdf [ 46.409699][ T2014] ? search_by_entry_key+0xb94/0xec0 [ 46.415117][ T2014] search_by_entry_key+0xb94/0xec0 [ 46.420242][ T2014] reiserfs_find_entry.part.0+0x13c/0x12e0 [ 46.426561][ T2014] ? find_held_lock+0x2d/0x110 [ 46.431571][ T2014] ? search_by_entry_key+0xec0/0xec0 [ 46.436838][ T2014] reiserfs_lookup+0x1ff/0x3e0 [ 46.441678][ T2014] ? reiserfs_unlink+0x6e0/0x6e0 [ 46.446587][ T2014] __lookup_slow+0x1fe/0x3c0 [ 46.451233][ T2014] ? hashlen_string+0xa0/0xa0 [ 46.455876][ T2014] ? d_lookup+0x68/0x90 [ 46.459996][ T2014] lookup_one_len+0x125/0x150 [ 46.464639][ T2014] ? try_lookup_one_len+0x130/0x130 [ 46.469891][ T2014] ? down_write_killable+0x160/0x160 [ 46.475145][ T2014] reiserfs_lookup_privroot+0x8d/0x260 [ 46.480667][ T2014] reiserfs_fill_super+0x15cc/0x26d0 [ 46.486180][ T2014] ? reiserfs_remount+0x15c0/0x15c0 [ 46.491356][ T2014] ? pointer+0x700/0x700 [ 46.495568][ T2014] ? snprintf+0x9e/0xd0 [ 46.499789][ T2014] ? vsprintf+0x10/0x10 [ 46.504088][ T2014] ? up_write+0x131/0x1e0 [ 46.508480][ T2014] ? sget+0x390/0x470 [ 46.512430][ T2014] mount_bdev+0x2c3/0x3a0 [ 46.516734][ T2014] ? reiserfs_remount+0x15c0/0x15c0 [ 46.521911][ T2014] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 46.526993][ T2014] legacy_get_tree+0xfa/0x1f0 [ 46.531669][ T2014] ? security_capable+0x4c/0x90 [ 46.536837][ T2014] vfs_get_tree+0x83/0x1b0 [ 46.541224][ T2014] path_mount+0x41e/0x19f0 [ 46.545696][ T2014] ? finish_automount+0x7d0/0x7d0 [ 46.550859][ T2014] ? user_path_at_empty+0x40/0x50 [ 46.555940][ T2014] ? kmem_cache_free+0x7e/0x470 [ 46.560777][ T2014] ? rcu_is_watching+0x11/0xa0 [ 46.565518][ T2014] __x64_sys_mount+0x1f5/0x260 [ 46.570434][ T2014] ? copy_mnt_ns+0xd20/0xd20 [ 46.575011][ T2014] do_syscall_64+0x35/0x80 [ 46.579408][ T2014] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.585367][ T2014] RIP: 0033:0x7fa9260b905a [ 46.590018][ T2014] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.609957][ T2014] RSP: 002b:00007fa925c39ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 46.618554][ T2014] RAX: ffffffffffffffda RBX: 00007fa925c39f80 RCX: 00007fa9260b905a [ 46.626498][ T2014] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007fa925c39f40 [ 46.634538][ T2014] RBP: 0000000020000140 R08: 00007fa925c39f80 R09: 000000000120c083 [ 46.642568][ T2014] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 46.650509][ T2014] R13: 00007fa925c39f40 R14: 0000000000001120 R15: 0000000020000380 [ 46.658463][ T2014] [ 46.661550][ T2014] [ 46.663847][ T2014] The buggy address belongs to the page: [ 46.669443][ T2014] page:ffffea0001ae8d80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ba36 [ 46.680012][ T2014] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 46.687129][ T2014] raw: 00fff00000000000 ffffea0001ae8dc8 ffff8880bad3e120 0000000000000000 [ 46.695865][ T2014] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.704462][ T2014] page dumped because: kasan: bad access detected [ 46.710860][ T2014] page_owner tracks the page as freed [ 46.716208][ T2014] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 1577, ts 37878941690, free_ts 37883794777 [ 46.732547][ T2014] get_page_from_freelist+0x1334/0x2dc0 [ 46.738333][ T2014] __alloc_pages+0x1b2/0x440 [ 46.743413][ T2014] alloc_pages_vma+0xe0/0x650 [ 46.748161][ T2014] __handle_mm_fault+0x1ce9/0x3400 [ 46.753365][ T2014] handle_mm_fault+0x1c5/0x5b0 [ 46.758115][ T2014] do_user_addr_fault+0x298/0xcb0 [ 46.763209][ T2014] exc_page_fault+0x5a/0xb0 [ 46.767867][ T2014] asm_exc_page_fault+0x22/0x30 [ 46.772822][ T2014] page last free stack trace: [ 46.777468][ T2014] free_pcp_prepare+0x379/0x850 [ 46.782487][ T2014] free_unref_page_list+0x16f/0xca0 [ 46.787660][ T2014] release_pages+0xb3a/0x1480 [ 46.792508][ T2014] tlb_finish_mmu+0x127/0x790 [ 46.797159][ T2014] unmap_region+0x298/0x390 [ 46.801717][ T2014] __do_munmap+0x481/0x10c0 [ 46.806189][ T2014] __vm_munmap+0xd2/0x1a0 [ 46.810491][ T2014] __x64_sys_munmap+0x5d/0x80 [ 46.815143][ T2014] do_syscall_64+0x35/0x80 [ 46.819620][ T2014] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.825484][ T2014] [ 46.827783][ T2014] Memory state around the buggy address: [ 46.833485][ T2014] ffff88806ba35f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.841603][ T2014] ffff88806ba35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.849635][ T2014] >ffff88806ba36000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.857878][ T2014] ^ [ 46.861951][ T2014] ffff88806ba36080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.869994][ T2014] ffff88806ba36100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.878719][ T2014] ================================================================== [ 46.886749][ T2014] Disabling lock debugging due to kernel taint [ 46.893288][ T2014] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.900775][ T2014] Kernel Offset: disabled [ 46.905175][ T2014] Rebooting in 86400 seconds..