Warning: Permanently added '10.128.1.203' (ED25519) to the list of known hosts. 2024/08/05 09:07:52 ignoring optional flag "sandboxArg"="0" 2024/08/05 09:07:52 parsed 1 programs 2024/08/05 09:07:52 executed programs: 0 [ 57.093380][ T1909] loop0: detected capacity change from 0 to 8192 [ 57.101544][ T1909] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.114765][ T1909] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.124084][ T1909] REISERFS (device loop0): using ordered data mode [ 57.130664][ T1909] reiserfs: using flush barriers [ 57.136254][ T1909] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.152918][ T1909] REISERFS (device loop0): checking transaction log (loop0) [ 57.183519][ T1909] REISERFS (device loop0): Using r5 hash to sort names [ 57.247580][ T1913] loop0: detected capacity change from 0 to 8192 [ 57.255251][ T1913] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.268259][ T1913] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.277490][ T1913] REISERFS (device loop0): using ordered data mode [ 57.284082][ T1913] reiserfs: using flush barriers 2024/08/05 09:07:57 executed programs: 2 [ 57.289863][ T1913] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.306121][ T1913] REISERFS (device loop0): checking transaction log (loop0) [ 57.333475][ T1913] REISERFS (device loop0): Using r5 hash to sort names [ 57.396605][ T1916] loop0: detected capacity change from 0 to 8192 [ 57.404368][ T1916] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.417808][ T1916] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.426993][ T1916] REISERFS (device loop0): using ordered data mode [ 57.433498][ T1916] reiserfs: using flush barriers [ 57.439204][ T1916] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.455883][ T1916] REISERFS (device loop0): checking transaction log (loop0) [ 57.482039][ T1916] REISERFS (device loop0): Using r5 hash to sort names [ 57.493043][ T1916] ================================================================== [ 57.501113][ T1916] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 57.509085][ T1916] Read of size 8 at addr ffff88806dd05000 by task syz-executor.0/1916 [ 57.517223][ T1916] [ 57.519548][ T1916] CPU: 0 PID: 1916 Comm: syz-executor.0 Not tainted 6.1.103-syzkaller #0 [ 57.527938][ T1916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 57.537967][ T1916] Call Trace: [ 57.541222][ T1916] [ 57.544219][ T1916] dump_stack_lvl+0xf4/0x251 [ 57.548884][ T1916] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 57.554311][ T1916] ? panic+0x3fe/0x3fe [ 57.558347][ T1916] ? __virt_addr_valid+0x139/0x270 [ 57.563427][ T1916] ? __virt_addr_valid+0x221/0x270 [ 57.568591][ T1916] print_report+0x15f/0x4f0 [ 57.573234][ T1916] ? __virt_addr_valid+0x139/0x270 [ 57.578358][ T1916] ? __virt_addr_valid+0x221/0x270 [ 57.583523][ T1916] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 57.589128][ T1916] kasan_report+0x136/0x160 [ 57.593606][ T1916] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 57.599214][ T1916] kasan_check_range+0x27f/0x290 [ 57.604118][ T1916] reiserfs_readdir_inode+0x5a0/0x1490 [ 57.609547][ T1916] ? reiserfs_dir_fsync+0xe0/0xe0 [ 57.614541][ T1916] ? __fdget_pos+0x204/0x2b0 [ 57.619105][ T1916] ? down_read_interruptible+0x1010/0x1010 [ 57.624897][ T1916] ? common_file_perm+0x130/0x1e0 [ 57.629902][ T1916] ? fsnotify_perm+0x120/0x440 [ 57.634722][ T1916] ? reiserfs_sync_file+0x1f0/0x1f0 [ 57.639892][ T1916] iterate_dir+0x1fa/0x500 [ 57.644282][ T1916] __se_sys_getdents64+0x1af/0x3e0 [ 57.649364][ T1916] ? __x64_sys_getdents64+0x80/0x80 [ 57.654529][ T1916] ? filldir+0x570/0x570 [ 57.658827][ T1916] ? switch_fpu_return+0xc9/0x130 [ 57.663832][ T1916] do_syscall_64+0x3b/0x80 [ 57.668221][ T1916] ? clear_bhb_loop+0x45/0xa0 [ 57.672891][ T1916] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.678764][ T1916] RIP: 0033:0x7fbbbbc7c959 [ 57.683170][ T1916] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.703624][ T1916] RSP: 002b:00007fbbbc9330c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 57.712010][ T1916] RAX: ffffffffffffffda RBX: 00007fbbbbd9bf80 RCX: 00007fbbbbc7c959 [ 57.720037][ T1916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 57.727974][ T1916] RBP: 00007fbbbbcd8c88 R08: 0000000000000000 R09: 0000000000000000 [ 57.735912][ T1916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.743850][ T1916] R13: 0000000000000006 R14: 00007fbbbbd9bf80 R15: 00007fff8cfdc2e8 [ 57.751811][ T1916] [ 57.754808][ T1916] [ 57.757104][ T1916] The buggy address belongs to the physical page: [ 57.763496][ T1916] page:ffffea0001b74140 refcount:1 mapcount:1 mapping:0000000000000000 index:0x560c5e527 pfn:0x6dd05 [ 57.774304][ T1916] memcg:ffff888140060000 [ 57.778514][ T1916] anon flags: 0xfff800000a0014(uptodate|lru|mappedtodisk|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 57.789240][ T1916] raw: 00fff800000a0014 ffffea0001b78188 ffffea0001b74188 ffff88807dcd8221 [ 57.797788][ T1916] raw: 0000000560c5e527 0000000000000000 0000000100000000 ffff888140060000 [ 57.806332][ T1916] page dumped because: kasan: bad access detected [ 57.812717][ T1916] page_owner tracks the page as allocated [ 57.818401][ T1916] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1910, tgid 1910 (udevd), ts 57509915022, free_ts 57206700997 [ 57.835463][ T1916] post_alloc_hook+0x286/0x2b0 [ 57.840198][ T1916] get_page_from_freelist+0x2fe5/0x3170 [ 57.845709][ T1916] __alloc_pages+0x251/0x640 [ 57.850278][ T1916] __folio_alloc+0xf/0x30 [ 57.854589][ T1916] vma_alloc_folio+0x484/0x9e0 [ 57.859326][ T1916] wp_page_copy+0x226/0x1970 [ 57.863887][ T1916] handle_mm_fault+0x1f0f/0x42c0 [ 57.868790][ T1916] exc_page_fault+0x22a/0x5a0 [ 57.873434][ T1916] asm_exc_page_fault+0x22/0x30 [ 57.878249][ T1916] page last free stack trace: [ 57.882890][ T1916] free_unref_page_prepare+0xd6c/0xf00 [ 57.888313][ T1916] free_unref_page_list+0x54b/0x7e0 [ 57.893480][ T1916] release_pages+0x1e0a/0x1fe0 [ 57.898208][ T1916] __pagevec_release+0x62/0xd0 [ 57.902935][ T1916] shmem_undo_range+0x66b/0x1b00 [ 57.907839][ T1916] shmem_evict_inode+0x354/0x860 [ 57.912740][ T1916] evict+0x263/0x630 [ 57.916601][ T1916] __dentry_kill+0x380/0x5d0 [ 57.921155][ T1916] dentry_kill+0xbb/0x1e0 [ 57.925451][ T1916] dput+0x154/0x2d0 [ 57.929225][ T1916] __fput+0x369/0x720 [ 57.933174][ T1916] task_work_run+0x206/0x280 [ 57.937731][ T1916] exit_to_user_mode_loop+0xa9/0xc0 [ 57.942897][ T1916] exit_to_user_mode_prepare+0x64/0xb0 [ 57.948320][ T1916] syscall_exit_to_user_mode+0x27/0x1b0 [ 57.953832][ T1916] do_syscall_64+0x47/0x80 [ 57.958215][ T1916] [ 57.960508][ T1916] Memory state around the buggy address: [ 57.966104][ T1916] ffff88806dd04f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.974129][ T1916] ffff88806dd04f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.982152][ T1916] >ffff88806dd05000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.990176][ T1916] ^ [ 57.994207][ T1916] ffff88806dd05080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.002231][ T1916] ffff88806dd05100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.010256][ T1916] ================================================================== [ 58.019446][ T1916] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.026919][ T1916] Kernel Offset: disabled [ 58.031222][ T1916] Rebooting in 86400 seconds..