Warning: Permanently added '10.128.0.31' (ED25519) to the list of known hosts. 2024/10/16 01:41:21 ignoring optional flag "sandboxArg"="0" 2024/10/16 01:41:21 ignoring optional flag "type"="gce" 2024/10/16 01:41:21 parsed 1 programs 2024/10/16 01:41:21 executed programs: 0 [ 62.093640][ T1911] loop0: detected capacity change from 0 to 8192 [ 62.101664][ T1911] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 62.114676][ T1911] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 62.124049][ T1911] REISERFS (device loop0): using ordered data mode [ 62.130903][ T1911] reiserfs: using flush barriers [ 62.136554][ T1911] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 62.153135][ T1911] REISERFS (device loop0): checking transaction log (loop0) [ 62.161484][ T1911] REISERFS (device loop0): Using r5 hash to sort names [ 62.168512][ T1911] ================================================================== [ 62.176577][ T1911] BUG: KASAN: use-after-free in search_by_entry_key+0x3d7/0x1030 [ 62.184383][ T1911] Read of size 4 at addr ffff88806f06c004 by task syz-executor.0/1911 [ 62.192506][ T1911] [ 62.194868][ T1911] CPU: 0 PID: 1911 Comm: syz-executor.0 Not tainted 6.1.112-syzkaller #0 [ 62.203268][ T1911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 62.213517][ T1911] Call Trace: [ 62.216830][ T1911] [ 62.219760][ T1911] dump_stack_lvl+0xf4/0x251 [ 62.224456][ T1911] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 62.229898][ T1911] ? panic+0x3fe/0x3fe [ 62.233951][ T1911] ? _printk+0xca/0x10a [ 62.238102][ T1911] ? __virt_addr_valid+0x139/0x270 [ 62.243198][ T1911] ? __virt_addr_valid+0x221/0x270 [ 62.248360][ T1911] print_report+0x15f/0x4f0 [ 62.252846][ T1911] ? __virt_addr_valid+0x139/0x270 [ 62.257935][ T1911] ? __virt_addr_valid+0x221/0x270 [ 62.263022][ T1911] ? search_by_entry_key+0x3d7/0x1030 [ 62.268488][ T1911] kasan_report+0x136/0x160 [ 62.272987][ T1911] ? search_by_entry_key+0x3d7/0x1030 [ 62.278343][ T1911] search_by_entry_key+0x3d7/0x1030 [ 62.283529][ T1911] ? pathrelse+0x76/0xd0 [ 62.287749][ T1911] reiserfs_find_entry+0xe9c/0x1a30 [ 62.292932][ T1911] ? reiserfs_get_parent+0x270/0x270 [ 62.298222][ T1911] reiserfs_lookup+0x1ae/0x3d0 [ 62.302962][ T1911] ? reiserfs_find_entry+0x1a30/0x1a30 [ 62.308440][ T1911] ? lockdep_init_map_type+0x9d/0x700 [ 62.313893][ T1911] ? __init_waitqueue_head+0xaa/0x140 [ 62.319258][ T1911] __lookup_slow+0x1ff/0x2e0 [ 62.323886][ T1911] ? lookup_one_len+0x10e/0x230 [ 62.328826][ T1911] ? lookup_one_len+0x230/0x230 [ 62.333760][ T1911] ? d_lookup+0x16f/0x1d0 [ 62.338068][ T1911] ? inode_permission+0x151/0x320 [ 62.343078][ T1911] lookup_one_len+0x1f3/0x230 [ 62.347734][ T1911] ? lookup_one_common+0x330/0x330 [ 62.352820][ T1911] reiserfs_lookup_privroot+0x81/0x1d0 [ 62.358280][ T1911] reiserfs_fill_super+0x14e7/0x2070 [ 62.363541][ T1911] ? reiserfs_kill_sb+0x140/0x140 [ 62.368556][ T1911] ? snprintf+0xcc/0x110 [ 62.372785][ T1911] ? __up_read+0x360/0x360 [ 62.377191][ T1911] mount_bdev+0x26b/0x340 [ 62.381517][ T1911] ? reiserfs_kill_sb+0x140/0x140 [ 62.386562][ T1911] legacy_get_tree+0xe5/0x170 [ 62.391220][ T1911] ? remove_save_link+0x4e0/0x4e0 [ 62.396218][ T1911] vfs_get_tree+0x7a/0x170 [ 62.400612][ T1911] do_new_mount+0x21a/0x910 [ 62.405108][ T1911] ? do_move_mount_old+0x120/0x120 [ 62.410226][ T1911] __se_sys_mount+0x23e/0x2d0 [ 62.414877][ T1911] ? __x64_sys_mount+0xc0/0xc0 [ 62.419617][ T1911] ? fpregs_assert_state_consistent+0x43/0x50 [ 62.425682][ T1911] do_syscall_64+0x3b/0x80 [ 62.430079][ T1911] ? clear_bhb_loop+0x45/0xa0 [ 62.434813][ T1911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 62.440862][ T1911] RIP: 0033:0x7fa183c7e05a [ 62.445343][ T1911] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.464931][ T1911] RSP: 002b:00007fa184a46ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 62.473440][ T1911] RAX: ffffffffffffffda RBX: 00007fa184a46f80 RCX: 00007fa183c7e05a [ 62.481439][ T1911] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007fa184a46f40 [ 62.489498][ T1911] RBP: 0000000020000140 R08: 00007fa184a46f80 R09: 000000000120c083 [ 62.497543][ T1911] R10: 000000000120c083 R11: 0000000000000246 R12: 0000000020000340 [ 62.505746][ T1911] R13: 00007fa184a46f40 R14: 0000000000001120 R15: 0000000020000380 [ 62.513876][ T1911] [ 62.516884][ T1911] [ 62.519223][ T1911] The buggy address belongs to the physical page: [ 62.525621][ T1911] page:ffffea0001bc1b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6f06c [ 62.535757][ T1911] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 62.542847][ T1911] raw: 00fff00000000000 ffffea0001b8f908 ffffea0001b8d648 0000000000000000 [ 62.551410][ T1911] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 62.559979][ T1911] page dumped because: kasan: bad access detected [ 62.566441][ T1911] page_owner tracks the page as freed [ 62.571792][ T1911] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1801, tgid 1801 (modprobe), ts 60814132606, free_ts 60823708889 [ 62.589131][ T1911] post_alloc_hook+0x286/0x2b0 [ 62.593872][ T1911] get_page_from_freelist+0x2fe5/0x3170 [ 62.599393][ T1911] __alloc_pages+0x251/0x640 [ 62.603953][ T1911] __folio_alloc+0xf/0x30 [ 62.608265][ T1911] vma_alloc_folio+0x484/0x9e0 [ 62.613022][ T1911] wp_page_copy+0x226/0x1970 [ 62.617580][ T1911] handle_mm_fault+0x1f06/0x4290 [ 62.622487][ T1911] exc_page_fault+0x22a/0x5a0 [ 62.627138][ T1911] asm_exc_page_fault+0x22/0x30 [ 62.632044][ T1911] page last free stack trace: [ 62.636687][ T1911] free_unref_page_prepare+0xd6c/0xf00 [ 62.642138][ T1911] free_unref_page_list+0x54b/0x7e0 [ 62.647325][ T1911] release_pages+0x1e0a/0x1fe0 [ 62.652072][ T1911] tlb_flush_mmu+0xe5/0x1d0 [ 62.656561][ T1911] tlb_finish_mmu+0xb0/0x1b0 [ 62.661299][ T1911] exit_mmap+0x341/0x730 [ 62.665511][ T1911] __mmput+0x9b/0x2e0 [ 62.669557][ T1911] exit_mm+0x122/0x1b0 [ 62.673604][ T1911] do_exit+0x81e/0x23a0 [ 62.677816][ T1911] do_group_exit+0x1b5/0x280 [ 62.682376][ T1911] __x64_sys_exit_group+0x3b/0x40 [ 62.687369][ T1911] do_syscall_64+0x3b/0x80 [ 62.691759][ T1911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 62.697622][ T1911] [ 62.699935][ T1911] Memory state around the buggy address: [ 62.705543][ T1911] ffff88806f06bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.713592][ T1911] ffff88806f06bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.721635][ T1911] >ffff88806f06c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.729968][ T1911] ^ [ 62.734098][ T1911] ffff88806f06c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.742159][ T1911] ffff88806f06c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.750198][ T1911] ================================================================== [ 62.758775][ T1911] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.766357][ T1911] Kernel Offset: disabled [ 62.770695][ T1911] Rebooting in 86400 seconds..