Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. 2024/04/29 00:34:55 ignoring optional flag "sandboxArg"="0" 2024/04/29 00:34:55 parsed 1 programs 2024/04/29 00:34:55 executed programs: 0 [ 50.129902][ T1578] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.802784][ T1996] loop0: detected capacity change from 0 to 8192 [ 54.810701][ T1996] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.823805][ T1996] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.832988][ T1996] REISERFS (device loop0): using ordered data mode [ 54.839579][ T1996] reiserfs: using flush barriers [ 54.845056][ T1996] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.861596][ T1996] REISERFS (device loop0): checking transaction log (loop0) [ 54.869637][ T1996] REISERFS (device loop0): Using r5 hash to sort names [ 54.927139][ T1999] loop0: detected capacity change from 0 to 8192 [ 54.934807][ T1999] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.948254][ T1999] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.957441][ T1999] REISERFS (device loop0): using ordered data mode [ 54.964040][ T1999] reiserfs: using flush barriers [ 54.969760][ T1999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.986194][ T1999] REISERFS (device loop0): checking transaction log (loop0) [ 54.994017][ T1999] REISERFS (device loop0): Using r5 hash to sort names [ 55.001532][ T1999] ================================================================== [ 55.009575][ T1999] BUG: KASAN: use-after-free in strlen+0x54/0x60 [ 55.015875][ T1999] Read of size 1 at addr ffff88806b8477a3 by task syz-executor.0/1999 [ 55.024004][ T1999] [ 55.026311][ T1999] CPU: 0 PID: 1999 Comm: syz-executor.0 Not tainted 6.1.88-syzkaller #0 [ 55.034612][ T1999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 55.044642][ T1999] Call Trace: [ 55.047899][ T1999] [ 55.050815][ T1999] dump_stack_lvl+0xf4/0x251 [ 55.055377][ T1999] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.060809][ T1999] ? panic+0x3fe/0x3fe [ 55.064847][ T1999] ? __virt_addr_valid+0x139/0x260 [ 55.069932][ T1999] ? __virt_addr_valid+0x211/0x260 [ 55.075013][ T1999] print_report+0x15f/0x4f0 [ 55.079484][ T1999] ? __virt_addr_valid+0x139/0x260 [ 55.084564][ T1999] ? __virt_addr_valid+0x211/0x260 [ 55.089649][ T1999] ? strlen+0x54/0x60 [ 55.093601][ T1999] kasan_report+0x136/0x160 [ 55.098168][ T1999] ? strlen+0x54/0x60 [ 55.102120][ T1999] strlen+0x54/0x60 [ 55.105905][ T1999] reiserfs_find_entry+0x8c4/0x1a30 [ 55.111088][ T1999] ? reiserfs_get_parent+0x270/0x270 [ 55.116349][ T1999] reiserfs_lookup+0x1ae/0x3d0 [ 55.121087][ T1999] ? reiserfs_find_entry+0x1a30/0x1a30 [ 55.126604][ T1999] ? lockdep_init_map_type+0x9d/0x700 [ 55.131950][ T1999] ? __init_waitqueue_head+0xaa/0x140 [ 55.137298][ T1999] __lookup_slow+0x1ff/0x2e0 [ 55.141884][ T1999] ? lookup_one_len+0x10e/0x230 [ 55.146712][ T1999] ? lookup_one_len+0x230/0x230 [ 55.151532][ T1999] ? d_lookup+0x16f/0x1d0 [ 55.155832][ T1999] ? inode_permission+0x151/0x320 [ 55.160825][ T1999] lookup_one_len+0x1f3/0x230 [ 55.165557][ T1999] ? lookup_one_common+0x330/0x330 [ 55.170648][ T1999] reiserfs_lookup_privroot+0x81/0x1d0 [ 55.176082][ T1999] reiserfs_fill_super+0x14e7/0x2070 [ 55.181339][ T1999] ? reiserfs_kill_sb+0x140/0x140 [ 55.186334][ T1999] ? __down_write_common+0x12a/0x1e0 [ 55.191606][ T1999] ? snprintf+0xcc/0x110 [ 55.195818][ T1999] ? __up_read+0x360/0x360 [ 55.200223][ T1999] mount_bdev+0x26b/0x340 [ 55.204541][ T1999] ? reiserfs_kill_sb+0x140/0x140 [ 55.209713][ T1999] legacy_get_tree+0xe5/0x170 [ 55.214446][ T1999] ? remove_save_link+0x4e0/0x4e0 [ 55.219451][ T1999] vfs_get_tree+0x7a/0x170 [ 55.223853][ T1999] do_new_mount+0x21a/0x910 [ 55.228337][ T1999] ? do_move_mount_old+0x120/0x120 [ 55.233421][ T1999] __se_sys_mount+0x23e/0x2d0 [ 55.238087][ T1999] ? __x64_sys_mount+0xc0/0xc0 [ 55.242865][ T1999] ? fpregs_assert_state_consistent+0x43/0x50 [ 55.248930][ T1999] do_syscall_64+0x3b/0x80 [ 55.253323][ T1999] ? clear_bhb_loop+0x45/0xa0 [ 55.257985][ T1999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.263862][ T1999] RIP: 0033:0x7fe17827e22a [ 55.268251][ T1999] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.287936][ T1999] RSP: 002b:00007fe178ffaee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.296333][ T1999] RAX: ffffffffffffffda RBX: 00007fe178ffaf80 RCX: 00007fe17827e22a [ 55.304277][ T1999] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007fe178ffaf40 [ 55.312219][ T1999] RBP: 00000000200000c0 R08: 00007fe178ffaf80 R09: 0000000000008001 [ 55.320161][ T1999] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 55.328191][ T1999] R13: 00007fe178ffaf40 R14: 0000000000001122 R15: 0000000020000080 [ 55.336934][ T1999] [ 55.339927][ T1999] [ 55.342223][ T1999] The buggy address belongs to the physical page: [ 55.348609][ T1999] page:ffffea0001ae11c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b847 [ 55.358726][ T1999] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff) [ 55.365823][ T1999] raw: 00fff80000000000 ffffea0001ae27c8 ffffea0001ae2f88 0000000000000000 [ 55.374375][ T1999] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.383032][ T1999] page dumped because: kasan: bad access detected [ 55.389419][ T1999] page_owner tracks the page as freed [ 55.394768][ T1999] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1996, tgid 1994 (syz-executor.0), ts 54797227638, free_ts 54898611121 [ 55.412610][ T1999] post_alloc_hook+0x286/0x2b0 [ 55.417343][ T1999] get_page_from_freelist+0x2fdd/0x3170 [ 55.422859][ T1999] __alloc_pages+0x251/0x640 [ 55.427417][ T1999] __folio_alloc+0xf/0x30 [ 55.431714][ T1999] vma_alloc_folio+0x484/0x9e0 [ 55.436445][ T1999] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 55.442139][ T1999] shmem_get_folio_gfp+0x1197/0x25e0 [ 55.447393][ T1999] shmem_write_begin+0x159/0x400 [ 55.452299][ T1999] generic_perform_write+0x2f1/0x530 [ 55.457548][ T1999] __generic_file_write_iter+0x13e/0x2f0 [ 55.463171][ T1999] generic_file_write_iter+0x99/0x230 [ 55.468512][ T1999] vfs_write+0x9c2/0xcf0 [ 55.472721][ T1999] ksys_write+0x15f/0x240 [ 55.477016][ T1999] do_syscall_64+0x3b/0x80 [ 55.481399][ T1999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.487266][ T1999] page last free stack trace: [ 55.491913][ T1999] free_unref_page_prepare+0xd4b/0xee0 [ 55.497343][ T1999] free_unref_page_list+0x54b/0x7e0 [ 55.502518][ T1999] release_pages+0x175c/0x1900 [ 55.507248][ T1999] __pagevec_release+0x62/0xd0 [ 55.511982][ T1999] shmem_undo_range+0x66b/0x1b00 [ 55.516903][ T1999] shmem_evict_inode+0x354/0x860 [ 55.522078][ T1999] evict+0x263/0x630 [ 55.525941][ T1999] __dentry_kill+0x380/0x5d0 [ 55.530505][ T1999] dentry_kill+0xbb/0x1e0 [ 55.534822][ T1999] dput+0x154/0x2d0 [ 55.538598][ T1999] __fput+0x4bd/0x700 [ 55.542551][ T1999] task_work_run+0x206/0x280 [ 55.547107][ T1999] exit_to_user_mode_loop+0xa9/0xc0 [ 55.552272][ T1999] exit_to_user_mode_prepare+0x64/0xb0 [ 55.557697][ T1999] syscall_exit_to_user_mode+0x27/0x1b0 [ 55.563210][ T1999] do_syscall_64+0x47/0x80 [ 55.567597][ T1999] [ 55.569899][ T1999] Memory state around the buggy address: [ 55.575508][ T1999] ffff88806b847680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.583535][ T1999] ffff88806b847700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.591564][ T1999] >ffff88806b847780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.599593][ T1999] ^ [ 55.604672][ T1999] ffff88806b847800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.612698][ T1999] ffff88806b847880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.620735][ T1999] ================================================================== [ 55.629568][ T1999] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.637083][ T1999] Kernel Offset: disabled [ 55.641384][ T1999] Rebooting in 86400 seconds..