Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts. 2024/08/21 11:15:57 ignoring optional flag "sandboxArg"="0" 2024/08/21 11:15:57 parsed 1 programs 2024/08/21 11:15:57 executed programs: 0 [ 53.071628][ T1495] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.818226][ T1911] loop0: detected capacity change from 0 to 8192 [ 57.826269][ T1911] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.839742][ T1911] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.849340][ T1911] REISERFS (device loop0): using ordered data mode [ 57.855929][ T1911] reiserfs: using flush barriers [ 57.861983][ T1911] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.878901][ T1911] REISERFS (device loop0): checking transaction log (loop0) [ 57.887382][ T1911] REISERFS (device loop0): Using r5 hash to sort names [ 57.894425][ T1911] ================================================================== [ 57.902553][ T1911] BUG: KASAN: use-after-free in strlen+0x54/0x60 [ 57.908874][ T1911] Read of size 1 at addr ffff88806dd537a3 by task syz-executor.0/1911 [ 57.917168][ T1911] [ 57.919477][ T1911] CPU: 0 PID: 1911 Comm: syz-executor.0 Not tainted 6.1.106-syzkaller #0 [ 57.928035][ T1911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 57.938287][ T1911] Call Trace: [ 57.941626][ T1911] [ 57.944531][ T1911] dump_stack_lvl+0xf4/0x251 [ 57.949311][ T1911] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 57.954831][ T1911] ? panic+0x3fe/0x3fe [ 57.959049][ T1911] ? __virt_addr_valid+0x139/0x270 [ 57.964138][ T1911] ? __virt_addr_valid+0x221/0x270 [ 57.969780][ T1911] print_report+0x15f/0x4f0 [ 57.974343][ T1911] ? __virt_addr_valid+0x139/0x270 [ 57.979424][ T1911] ? __virt_addr_valid+0x221/0x270 [ 57.984500][ T1911] ? strlen+0x54/0x60 [ 57.988542][ T1911] kasan_report+0x136/0x160 [ 57.993017][ T1911] ? strlen+0x54/0x60 [ 57.997061][ T1911] strlen+0x54/0x60 [ 58.000839][ T1911] reiserfs_find_entry+0x8c4/0x1a30 [ 58.006019][ T1911] ? reiserfs_get_parent+0x270/0x270 [ 58.011287][ T1911] reiserfs_lookup+0x1ae/0x3d0 [ 58.016019][ T1911] ? reiserfs_find_entry+0x1a30/0x1a30 [ 58.021535][ T1911] ? lockdep_init_map_type+0x9d/0x700 [ 58.026877][ T1911] ? __init_waitqueue_head+0xaa/0x140 [ 58.032389][ T1911] __lookup_slow+0x1ff/0x2e0 [ 58.037212][ T1911] ? lookup_one_len+0x10e/0x230 [ 58.042029][ T1911] ? lookup_one_len+0x230/0x230 [ 58.047023][ T1911] ? d_lookup+0x16f/0x1d0 [ 58.051324][ T1911] ? inode_permission+0x151/0x320 [ 58.056317][ T1911] lookup_one_len+0x1f3/0x230 [ 58.060982][ T1911] ? lookup_one_common+0x330/0x330 [ 58.066100][ T1911] reiserfs_lookup_privroot+0x81/0x1d0 [ 58.071644][ T1911] reiserfs_fill_super+0x14e7/0x2070 [ 58.076913][ T1911] ? reiserfs_kill_sb+0x140/0x140 [ 58.081919][ T1911] ? snprintf+0xcc/0x110 [ 58.086144][ T1911] ? __up_read+0x360/0x360 [ 58.090529][ T1911] mount_bdev+0x26b/0x340 [ 58.094829][ T1911] ? reiserfs_kill_sb+0x140/0x140 [ 58.099824][ T1911] legacy_get_tree+0xe5/0x170 [ 58.104477][ T1911] ? remove_save_link+0x4e0/0x4e0 [ 58.109468][ T1911] vfs_get_tree+0x7a/0x170 [ 58.113866][ T1911] do_new_mount+0x21a/0x910 [ 58.118337][ T1911] ? do_move_mount_old+0x120/0x120 [ 58.123434][ T1911] __se_sys_mount+0x23e/0x2d0 [ 58.128083][ T1911] ? __x64_sys_mount+0xc0/0xc0 [ 58.132821][ T1911] ? fpregs_assert_state_consistent+0x43/0x50 [ 58.138860][ T1911] do_syscall_64+0x3b/0x80 [ 58.143246][ T1911] ? clear_bhb_loop+0x45/0xa0 [ 58.147985][ T1911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.153947][ T1911] RIP: 0033:0x7f19bd47e22a [ 58.158335][ T1911] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.177996][ T1911] RSP: 002b:00007f19be2adee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 58.186377][ T1911] RAX: ffffffffffffffda RBX: 00007f19be2adf80 RCX: 00007f19bd47e22a [ 58.194323][ T1911] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f19be2adf40 [ 58.202264][ T1911] RBP: 00000000200000c0 R08: 00007f19be2adf80 R09: 0000000000008001 [ 58.210469][ T1911] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040 [ 58.218411][ T1911] R13: 00007f19be2adf40 R14: 0000000000001122 R15: 0000000020000080 [ 58.226359][ T1911] [ 58.229357][ T1911] [ 58.231651][ T1911] The buggy address belongs to the physical page: [ 58.238037][ T1911] page:ffffea0001b754c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6dd53 [ 58.248151][ T1911] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 58.255229][ T1911] raw: 00fff00000000000 ffffea0001b755c8 ffffea0001b75508 0000000000000000 [ 58.263776][ T1911] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 58.272324][ T1911] page dumped because: kasan: bad access detected [ 58.278891][ T1911] page_owner tracks the page as freed [ 58.284504][ T1911] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1495, tgid 1495 (syz-executor), ts 52998702502, free_ts 53081412884 [ 58.302358][ T1911] post_alloc_hook+0x286/0x2b0 [ 58.307094][ T1911] get_page_from_freelist+0x2fe5/0x3170 [ 58.312608][ T1911] __alloc_pages+0x251/0x640 [ 58.317168][ T1911] __folio_alloc+0xf/0x30 [ 58.321464][ T1911] vma_alloc_folio+0x484/0x9e0 [ 58.326193][ T1911] handle_mm_fault+0x1faf/0x42c0 [ 58.331528][ T1911] exc_page_fault+0x22a/0x5a0 [ 58.336259][ T1911] asm_exc_page_fault+0x22/0x30 [ 58.341112][ T1911] page last free stack trace: [ 58.345945][ T1911] free_unref_page_prepare+0xd6c/0xf00 [ 58.351384][ T1911] free_unref_page_list+0x54b/0x7e0 [ 58.356551][ T1911] release_pages+0x1e0a/0x1fe0 [ 58.361281][ T1911] tlb_flush_mmu+0xe5/0x1d0 [ 58.365765][ T1911] tlb_finish_mmu+0xb0/0x1b0 [ 58.370320][ T1911] exit_mmap+0x341/0x730 [ 58.374530][ T1911] __mmput+0x9b/0x2e0 [ 58.378493][ T1911] exit_mm+0x122/0x1b0 [ 58.382530][ T1911] do_exit+0x81e/0x23a0 [ 58.386658][ T1911] do_group_exit+0x1b5/0x280 [ 58.391224][ T1911] __x64_sys_exit_group+0x3b/0x40 [ 58.396301][ T1911] do_syscall_64+0x3b/0x80 [ 58.400685][ T1911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.406548][ T1911] [ 58.408851][ T1911] Memory state around the buggy address: [ 58.414449][ T1911] ffff88806dd53680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.422652][ T1911] ffff88806dd53700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.430766][ T1911] >ffff88806dd53780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.438797][ T1911] ^ [ 58.443874][ T1911] ffff88806dd53800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.451904][ T1911] ffff88806dd53880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.459932][ T1911] ================================================================== [ 58.468195][ T1911] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.475762][ T1911] Kernel Offset: disabled [ 58.480081][ T1911] Rebooting in 86400 seconds..