Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. 2023/07/16 20:35:54 ignoring optional flag "sandboxArg"="0" 2023/07/16 20:35:54 parsed 1 programs 2023/07/16 20:35:54 executed programs: 0 [ 56.618349][ T1996] loop0: detected capacity change from 0 to 8192 [ 56.626381][ T1996] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.640096][ T1996] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.649663][ T1996] REISERFS (device loop0): using ordered data mode [ 56.656384][ T1996] reiserfs: using flush barriers [ 56.662421][ T1996] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.679365][ T1996] REISERFS (device loop0): checking transaction log (loop0) [ 56.688068][ T1996] REISERFS (device loop0): Using r5 hash to sort names [ 56.696465][ T1996] ================================================================== [ 56.704561][ T1996] BUG: KASAN: use-after-free in search_by_entry_key+0x3d7/0x1030 [ 56.712425][ T1996] Read of size 4 at addr ffff88806c4a6004 by task syz-executor.0/1996 [ 56.720721][ T1996] [ 56.723060][ T1996] CPU: 1 PID: 1996 Comm: syz-executor.0 Not tainted 6.1.38-syzkaller #0 [ 56.731740][ T1996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 56.743118][ T1996] Call Trace: [ 56.746384][ T1996] [ 56.749423][ T1996] dump_stack_lvl+0xf4/0x251 [ 56.754009][ T1996] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 56.759555][ T1996] ? panic+0x3f7/0x3f7 [ 56.763612][ T1996] ? _printk+0xca/0x10a [ 56.767845][ T1996] print_report+0x15f/0x4f0 [ 56.772514][ T1996] ? search_by_entry_key+0x3d7/0x1030 [ 56.777876][ T1996] kasan_report+0x136/0x160 [ 56.782360][ T1996] ? search_by_entry_key+0x3d7/0x1030 [ 56.787883][ T1996] search_by_entry_key+0x3d7/0x1030 [ 56.793247][ T1996] ? pathrelse+0x76/0xd0 [ 56.797994][ T1996] reiserfs_find_entry+0xe9c/0x1a30 [ 56.803370][ T1996] ? reiserfs_get_parent+0x270/0x270 [ 56.808674][ T1996] reiserfs_lookup+0x1ae/0x3d0 [ 56.813517][ T1996] ? reiserfs_find_entry+0x1a30/0x1a30 [ 56.819067][ T1996] ? lockdep_init_map_type+0x9d/0x6d0 [ 56.824609][ T1996] ? __init_waitqueue_head+0xaa/0x140 [ 56.830154][ T1996] __lookup_slow+0x1ff/0x2e0 [ 56.835080][ T1996] ? lookup_one_len+0x10e/0x230 [ 56.840084][ T1996] ? lookup_one_len+0x230/0x230 [ 56.844908][ T1996] ? d_lookup+0x16f/0x1d0 [ 56.849225][ T1996] ? inode_permission+0x151/0x320 [ 56.854497][ T1996] lookup_one_len+0x1f3/0x230 [ 56.859498][ T1996] ? lookup_one_common+0x330/0x330 [ 56.864762][ T1996] reiserfs_lookup_privroot+0x81/0x1d0 [ 56.870707][ T1996] reiserfs_fill_super+0x14e7/0x2070 [ 56.876084][ T1996] ? reiserfs_kill_sb+0x140/0x140 [ 56.881208][ T1996] ? __down_write_common+0x12a/0x1e0 [ 56.886574][ T1996] ? snprintf+0xcc/0x110 [ 56.890931][ T1996] ? __up_read+0x360/0x360 [ 56.895506][ T1996] mount_bdev+0x26b/0x340 [ 56.899931][ T1996] ? reiserfs_kill_sb+0x140/0x140 [ 56.904944][ T1996] legacy_get_tree+0xe5/0x170 [ 56.909712][ T1996] ? remove_save_link+0x4e0/0x4e0 [ 56.915563][ T1996] vfs_get_tree+0x7a/0x170 [ 56.920133][ T1996] do_new_mount+0x1e1/0x8f0 [ 56.924818][ T1996] ? do_move_mount_old+0x120/0x120 [ 56.930446][ T1996] ? user_path_at_empty+0xed/0x140 [ 56.935834][ T1996] __se_sys_mount+0x23e/0x2d0 [ 56.940905][ T1996] ? __x64_sys_mount+0xc0/0xc0 [ 56.945877][ T1996] ? fpregs_assert_state_consistent+0x43/0x50 [ 56.952369][ T1996] do_syscall_64+0x3d/0x80 [ 56.956964][ T1996] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.963101][ T1996] RIP: 0033:0x7f4e7cc7e05a [ 56.967773][ T1996] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.987576][ T1996] RSP: 002b:00007f4e7dab2ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.996159][ T1996] RAX: ffffffffffffffda RBX: 00007f4e7dab2f80 RCX: 00007f4e7cc7e05a [ 57.004819][ T1996] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007f4e7dab2f40 [ 57.013662][ T1996] RBP: 0000000020000140 R08: 00007f4e7dab2f80 R09: 000000000120c083 [ 57.023301][ T1996] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 57.031701][ T1996] R13: 00007f4e7dab2f40 R14: 0000000000001120 R15: 0000000020000380 [ 57.040765][ T1996] [ 57.043786][ T1996] [ 57.046272][ T1996] The buggy address belongs to the physical page: [ 57.053655][ T1996] page:ffffea0001b12980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6c4a6 [ 57.064840][ T1996] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 57.072549][ T1996] raw: 00fff00000000000 ffffea0001b129c8 ffff8880bac3e5a0 0000000000000000 [ 57.081214][ T1996] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 57.090136][ T1996] page dumped because: kasan: bad access detected [ 57.096973][ T1996] page_owner tracks the page as freed [ 57.102454][ T1996] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 1052, tgid 1049 (syz-fuzzer), ts 31329694424, free_ts 32663918223 [ 57.121798][ T1996] post_alloc_hook+0x286/0x2b0 [ 57.126555][ T1996] get_page_from_freelist+0x3100/0x32a0 [ 57.132526][ T1996] __alloc_pages+0x251/0x640 [ 57.137234][ T1996] __folio_alloc+0xf/0x30 [ 57.141912][ T1996] __folio_alloc_node+0xed/0x160 [ 57.147125][ T1996] vma_alloc_folio+0x710/0x9e0 [ 57.152173][ T1996] do_huge_pmd_anonymous_page+0x275/0x1740 [ 57.158924][ T1996] handle_mm_fault+0xfb8/0x4340 [ 57.164815][ T1996] exc_page_fault+0x22a/0x5e0 [ 57.169616][ T1996] asm_exc_page_fault+0x22/0x30 [ 57.175130][ T1996] page last free stack trace: [ 57.180151][ T1996] free_unref_page_prepare+0xd4b/0xee0 [ 57.185885][ T1996] free_unref_page+0x9a/0x500 [ 57.190629][ T1996] release_pages+0x45d/0x1900 [ 57.195642][ T1996] tlb_flush_mmu+0xe5/0x1d0 [ 57.200867][ T1996] tlb_finish_mmu+0xb0/0x1b0 [ 57.205822][ T1996] exit_mmap+0x341/0x730 [ 57.210229][ T1996] __mmput+0x9b/0x2d0 [ 57.215181][ T1996] exit_mm+0x122/0x1b0 [ 57.219269][ T1996] do_exit+0x81e/0x23a0 [ 57.223577][ T1996] do_group_exit+0x1b5/0x280 [ 57.228524][ T1996] get_signal+0x1117/0x1260 [ 57.233202][ T1996] arch_do_signal_or_restart+0xb3/0x1240 [ 57.239006][ T1996] exit_to_user_mode_loop+0x61/0xb0 [ 57.244550][ T1996] exit_to_user_mode_prepare+0x64/0xb0 [ 57.250873][ T1996] syscall_exit_to_user_mode+0x27/0x1c0 [ 57.256599][ T1996] do_syscall_64+0x49/0x80 [ 57.261042][ T1996] [ 57.263716][ T1996] Memory state around the buggy address: [ 57.269438][ T1996] ffff88806c4a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.277839][ T1996] ffff88806c4a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.285886][ T1996] >ffff88806c4a6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.294587][ T1996] ^ [ 57.298728][ T1996] ffff88806c4a6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.307443][ T1996] ffff88806c4a6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.316215][ T1996] ================================================================== [ 57.325066][ T1996] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.333878][ T1996] Kernel Offset: disabled [ 57.338234][ T1996] Rebooting in 86400 seconds..