Warning: Permanently added '10.128.1.252' (ED25519) to the list of known hosts. 2024/09/15 23:26:47 ignoring optional flag "sandboxArg"="0" 2024/09/15 23:26:47 parsed 1 programs 2024/09/15 23:26:47 executed programs: 0 [ 58.372133][ T1908] loop0: detected capacity change from 0 to 8192 [ 58.379928][ T1908] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.393103][ T1908] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 58.402510][ T1908] REISERFS (device loop0): using ordered data mode [ 58.409051][ T1908] reiserfs: using flush barriers [ 58.414935][ T1908] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.431556][ T1908] REISERFS (device loop0): checking transaction log (loop0) [ 58.439766][ T1908] REISERFS (device loop0): Using r5 hash to sort names [ 58.446811][ T1908] ================================================================== [ 58.454872][ T1908] BUG: KASAN: use-after-free in search_by_entry_key+0x3d7/0x1030 [ 58.462566][ T1908] Read of size 4 at addr ffff88806cd89004 by task syz-executor.0/1908 [ 58.470677][ T1908] [ 58.472989][ T1908] CPU: 0 PID: 1908 Comm: syz-executor.0 Not tainted 6.1.110-syzkaller #0 [ 58.481363][ T1908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 58.491397][ T1908] Call Trace: [ 58.494649][ T1908] [ 58.497568][ T1908] dump_stack_lvl+0xf4/0x251 [ 58.502133][ T1908] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.507573][ T1908] ? panic+0x3fe/0x3fe [ 58.511615][ T1908] ? _printk+0xca/0x10a [ 58.515739][ T1908] ? __virt_addr_valid+0x139/0x270 [ 58.520901][ T1908] ? __virt_addr_valid+0x221/0x270 [ 58.525982][ T1908] print_report+0x15f/0x4f0 [ 58.530455][ T1908] ? __virt_addr_valid+0x139/0x270 [ 58.535572][ T1908] ? __virt_addr_valid+0x221/0x270 [ 58.540754][ T1908] ? search_by_entry_key+0x3d7/0x1030 [ 58.546098][ T1908] kasan_report+0x136/0x160 [ 58.550602][ T1908] ? search_by_entry_key+0x3d7/0x1030 [ 58.556033][ T1908] search_by_entry_key+0x3d7/0x1030 [ 58.561204][ T1908] ? pathrelse+0x76/0xd0 [ 58.565417][ T1908] reiserfs_find_entry+0xe9c/0x1a30 [ 58.570589][ T1908] ? reiserfs_get_parent+0x270/0x270 [ 58.575842][ T1908] reiserfs_lookup+0x1ae/0x3d0 [ 58.580569][ T1908] ? reiserfs_find_entry+0x1a30/0x1a30 [ 58.585997][ T1908] ? lockdep_init_map_type+0x9d/0x700 [ 58.591423][ T1908] ? __init_waitqueue_head+0xaa/0x140 [ 58.596761][ T1908] __lookup_slow+0x1ff/0x2e0 [ 58.601319][ T1908] ? lookup_one_len+0x10e/0x230 [ 58.606135][ T1908] ? lookup_one_len+0x230/0x230 [ 58.610950][ T1908] ? d_lookup+0x16f/0x1d0 [ 58.615244][ T1908] ? inode_permission+0x151/0x320 [ 58.620233][ T1908] lookup_one_len+0x1f3/0x230 [ 58.624881][ T1908] ? lookup_one_common+0x330/0x330 [ 58.629964][ T1908] reiserfs_lookup_privroot+0x81/0x1d0 [ 58.635388][ T1908] reiserfs_fill_super+0x14e7/0x2070 [ 58.640641][ T1908] ? reiserfs_kill_sb+0x140/0x140 [ 58.645637][ T1908] ? snprintf+0xcc/0x110 [ 58.649846][ T1908] ? __up_read+0x360/0x360 [ 58.654229][ T1908] mount_bdev+0x26b/0x340 [ 58.658526][ T1908] ? reiserfs_kill_sb+0x140/0x140 [ 58.663514][ T1908] legacy_get_tree+0xe5/0x170 [ 58.668157][ T1908] ? remove_save_link+0x4e0/0x4e0 [ 58.673234][ T1908] vfs_get_tree+0x7a/0x170 [ 58.677617][ T1908] do_new_mount+0x21a/0x910 [ 58.682089][ T1908] ? do_move_mount_old+0x120/0x120 [ 58.687166][ T1908] __se_sys_mount+0x23e/0x2d0 [ 58.691811][ T1908] ? __x64_sys_mount+0xc0/0xc0 [ 58.696537][ T1908] ? fpregs_assert_state_consistent+0x43/0x50 [ 58.702569][ T1908] do_syscall_64+0x3b/0x80 [ 58.706949][ T1908] ? clear_bhb_loop+0x45/0xa0 [ 58.711765][ T1908] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.717723][ T1908] RIP: 0033:0x7f431ba7e05a [ 58.722106][ T1908] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.741719][ T1908] RSP: 002b:00007f431c813ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 58.750108][ T1908] RAX: ffffffffffffffda RBX: 00007f431c813f80 RCX: 00007f431ba7e05a [ 58.758137][ T1908] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007f431c813f40 [ 58.766078][ T1908] RBP: 0000000020000140 R08: 00007f431c813f80 R09: 000000000120c083 [ 58.774024][ T1908] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 58.781968][ T1908] R13: 00007f431c813f40 R14: 0000000000001120 R15: 0000000020000380 [ 58.789915][ T1908] [ 58.792905][ T1908] [ 58.795201][ T1908] The buggy address belongs to the physical page: [ 58.801592][ T1908] page:ffffea0001b36240 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6cd89 [ 58.811714][ T1908] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 58.818792][ T1908] raw: 00fff00000000000 ffffea0001b36288 ffff8880bac3e5a0 0000000000000000 [ 58.827349][ T1908] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 58.835897][ T1908] page dumped because: kasan: bad access detected [ 58.842280][ T1908] page_owner tracks the page as freed [ 58.847616][ T1908] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1052, tgid 1052 (syz-execprog), ts 30563771108, free_ts 35671357775 [ 58.866327][ T1908] post_alloc_hook+0x286/0x2b0 [ 58.871061][ T1908] get_page_from_freelist+0x2fe5/0x3170 [ 58.876574][ T1908] __alloc_pages+0x251/0x640 [ 58.881136][ T1908] __folio_alloc+0xf/0x30 [ 58.885429][ T1908] vma_alloc_folio+0x484/0x9e0 [ 58.890162][ T1908] handle_mm_fault+0x2608/0x4290 [ 58.895065][ T1908] exc_page_fault+0x22a/0x5a0 [ 58.899706][ T1908] asm_exc_page_fault+0x22/0x30 [ 58.904526][ T1908] page last free stack trace: [ 58.909166][ T1908] free_unref_page_prepare+0xd6c/0xf00 [ 58.914592][ T1908] free_unref_page_list+0x54b/0x7e0 [ 58.919756][ T1908] release_pages+0x1e0a/0x1fe0 [ 58.924484][ T1908] tlb_flush_mmu+0xe5/0x1d0 [ 58.929048][ T1908] unmap_page_range+0x1408/0x1770 [ 58.934035][ T1908] unmap_vmas+0x42a/0x5a0 [ 58.938328][ T1908] exit_mmap+0x22d/0x730 [ 58.942549][ T1908] __mmput+0x9b/0x2e0 [ 58.946514][ T1908] exit_mm+0x122/0x1b0 [ 58.950557][ T1908] do_exit+0x81e/0x23a0 [ 58.954697][ T1908] do_group_exit+0x1b5/0x280 [ 58.959258][ T1908] get_signal+0x1117/0x1260 [ 58.963731][ T1908] arch_do_signal_or_restart+0xb3/0x1240 [ 58.969338][ T1908] exit_to_user_mode_loop+0x61/0xc0 [ 58.974530][ T1908] exit_to_user_mode_prepare+0x64/0xb0 [ 58.979958][ T1908] syscall_exit_to_user_mode+0x27/0x1b0 [ 58.985482][ T1908] [ 58.987776][ T1908] Memory state around the buggy address: [ 58.993371][ T1908] ffff88806cd88f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.001414][ T1908] ffff88806cd88f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.009445][ T1908] >ffff88806cd89000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.017472][ T1908] ^ [ 59.021688][ T1908] ffff88806cd89080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.029715][ T1908] ffff88806cd89100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.037763][ T1908] ================================================================== [ 59.046228][ T1908] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.053649][ T1908] Kernel Offset: disabled [ 59.057982][ T1908] Rebooting in 86400 seconds..