Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts.
2024/11/06 01:14:01 ignoring optional flag "sandboxArg"="0"
2024/11/06 01:14:01 ignoring optional flag "type"="gce"
2024/11/06 01:14:01 parsed 1 programs
2024/11/06 01:14:01 executed programs: 0
[   56.580538][ T1928] loop0: detected capacity change from 0 to 8192
[   56.588860][ T1928] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.598220][ T1928] REISERFS (device loop0): using ordered data mode
[   56.604752][ T1928] reiserfs: using flush barriers
[   56.610834][ T1928] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.627285][ T1928] REISERFS (device loop0): checking transaction log (loop0)
[   56.651524][ T1928] REISERFS (device loop0): Using r5 hash to sort names
[   56.726821][ T1932] loop0: detected capacity change from 0 to 8192
[   56.734998][ T1932] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.744227][ T1932] REISERFS (device loop0): using ordered data mode
[   56.750898][ T1932] reiserfs: using flush barriers
[   56.756524][ T1932] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.773115][ T1932] REISERFS (device loop0): checking transaction log (loop0)
[   56.797559][ T1932] REISERFS (device loop0): Using r5 hash to sort names
[   56.901501][ T1935] loop0: detected capacity change from 0 to 8192
[   56.909409][ T1935] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.919001][ T1935] REISERFS (device loop0): using ordered data mode
[   56.925586][ T1935] reiserfs: using flush barriers
[   56.931326][ T1935] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.947641][ T1935] REISERFS (device loop0): checking transaction log (loop0)
[   56.970393][ T1935] REISERFS (device loop0): Using r5 hash to sort names
[   57.087999][ T1938] loop0: detected capacity change from 0 to 8192
[   57.096254][ T1938] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   57.105591][ T1938] REISERFS (device loop0): using ordered data mode
[   57.112090][ T1938] reiserfs: using flush barriers
[   57.117834][ T1938] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   57.134603][ T1938] REISERFS (device loop0): checking transaction log (loop0)
[   57.159197][ T1938] REISERFS (device loop0): Using r5 hash to sort names
[   57.166741][ T1938] ==================================================================
[   57.174882][ T1938] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0xa13/0x1330
[   57.183249][ T1938] Read of size 8 at addr ffff88806d15a000 by task syz-executor.0/1938
[   57.191490][ T1938] 
[   57.193812][ T1938] CPU: 1 PID: 1938 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller #0
[   57.202376][ T1938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   57.212516][ T1938] Call Trace:
[   57.215786][ T1938]  <TASK>
[   57.218776][ T1938]  dump_stack_lvl+0x41/0x5e
[   57.223261][ T1938]  print_address_description.constprop.0.cold+0x6c/0x309
[   57.230350][ T1938]  ? reiserfs_readdir_inode+0xa13/0x1330
[   57.235963][ T1938]  ? reiserfs_readdir_inode+0xa13/0x1330
[   57.241666][ T1938]  kasan_report.cold+0x83/0xdf
[   57.246423][ T1938]  ? reiserfs_readdir_inode+0xa13/0x1330
[   57.252295][ T1938]  kasan_check_range+0x13d/0x180
[   57.257227][ T1938]  reiserfs_readdir_inode+0xa13/0x1330
[   57.262668][ T1938]  ? do_raw_spin_unlock+0x171/0x230
[   57.267847][ T1938]  ? reiserfs_dir_fsync+0x140/0x140
[   57.273110][ T1938]  ? lock_downgrade+0x4f0/0x4f0
[   57.278032][ T1938]  ? lock_acquire+0x11a/0x250
[   57.282711][ T1938]  ? aa_file_perm+0xea/0xd00
[   57.287459][ T1938]  ? aa_file_perm+0xea/0xd00
[   57.292124][ T1938]  ? __lock_acquire.constprop.0+0x478/0xb30
[   57.298361][ T1938]  ? aa_path_link+0x2e0/0x2e0
[   57.303449][ T1938]  ? down_read_killable+0x1be/0x380
[   57.308737][ T1938]  ? down_read_interruptible+0x380/0x380
[   57.314651][ T1938]  ? fsnotify_perm.part.0+0x118/0x4c0
[   57.320170][ T1938]  iterate_dir+0x48a/0x6d0
[   57.324683][ T1938]  __x64_sys_getdents64+0x122/0x220
[   57.330345][ T1938]  ? __ia32_sys_getdents+0x220/0x220
[   57.335622][ T1938]  ? compat_fillonedir+0x300/0x300
[   57.340867][ T1938]  ? vtime_user_exit+0xde/0x180
[   57.346015][ T1938]  do_syscall_64+0x33/0x80
[   57.350522][ T1938]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.357224][ T1938] RIP: 0033:0x7f2fdcdc9959
[   57.361799][ T1938] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.382487][ T1938] RSP: 002b:00007f2fdc94c0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   57.391125][ T1938] RAX: ffffffffffffffda RBX: 00007f2fdcee8f80 RCX: 00007f2fdcdc9959
[   57.399372][ T1938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   57.407417][ T1938] RBP: 00007f2fdce25c88 R08: 0000000000000000 R09: 0000000000000000
[   57.415376][ T1938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   57.423360][ T1938] R13: 0000000000000006 R14: 00007f2fdcee8f80 R15: 00007ffe4e053718
[   57.431426][ T1938]  </TASK>
[   57.434460][ T1938] 
[   57.436766][ T1938] The buggy address belongs to the page:
[   57.442385][ T1938] page:ffffea0001b45680 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6d15a
[   57.452579][ T1938] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   57.459767][ T1938] raw: 00fff00000000000 ffffea0001b45248 ffffea0001b451c8 0000000000000000
[   57.468432][ T1938] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   57.477011][ T1938] page dumped because: kasan: bad access detected
[   57.483414][ T1938] page_owner tracks the page as freed
[   57.488871][ T1938] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 1928, ts 56635183676, free_ts 56671429696
[   57.506121][ T1938]  get_page_from_freelist+0x12d1/0x2d40
[   57.511837][ T1938]  __alloc_pages+0x1b2/0x440
[   57.516495][ T1938]  pagecache_get_page+0x299/0xdd0
[   57.521713][ T1938]  __getblk_slow+0x1a6/0x7a0
[   57.526387][ T1938]  reiserfs_breada+0x138/0x310
[   57.531291][ T1938]  journal_init+0x1fda/0x5da0
[   57.535946][ T1938]  reiserfs_fill_super+0x9cb/0x26d0
[   57.541251][ T1938]  mount_bdev+0x2c3/0x3a0
[   57.545732][ T1938]  legacy_get_tree+0xfa/0x1f0
[   57.550391][ T1938]  vfs_get_tree+0x83/0x1b0
[   57.554799][ T1938]  path_mount+0x44f/0x1a60
[   57.559197][ T1938]  __x64_sys_mount+0x1f5/0x260
[   57.564297][ T1938]  do_syscall_64+0x33/0x80
[   57.568701][ T1938]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.574574][ T1938] page last free stack trace:
[   57.579226][ T1938]  free_pcp_prepare+0x379/0x850
[   57.584083][ T1938]  free_unref_page_list+0x16f/0xbd0
[   57.589362][ T1938]  release_pages+0xb3a/0x1480
[   57.594032][ T1938]  __pagevec_release+0x59/0xe0
[   57.598779][ T1938]  truncate_inode_pages_range+0x250/0x9f0
[   57.604504][ T1938]  blkdev_put_whole+0x19b/0x210
[   57.609512][ T1938]  blkdev_put+0x385/0x700
[   57.614252][ T1938]  blkdev_close+0x88/0xb0
[   57.618663][ T1938]  __fput+0x1f0/0x9a0
[   57.622725][ T1938]  task_work_run+0xb8/0x140
[   57.627268][ T1938]  exit_to_user_mode_prepare+0x15d/0x160
[   57.632883][ T1938]  syscall_exit_to_user_mode+0x12/0x30
[   57.638635][ T1938]  do_syscall_64+0x40/0x80
[   57.643057][ T1938]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   57.648967][ T1938] 
[   57.651273][ T1938] Memory state around the buggy address:
[   57.657067][ T1938]  ffff88806d159f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.665286][ T1938]  ffff88806d159f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.673498][ T1938] >ffff88806d15a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.681644][ T1938]                    ^
[   57.685791][ T1938]  ffff88806d15a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.693856][ T1938]  ffff88806d15a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.702001][ T1938] ==================================================================
[   57.710052][ T1938] Disabling lock debugging due to kernel taint
[   57.716357][ T1938] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.724184][ T1938] Kernel Offset: disabled
[   57.728497][ T1938] Rebooting in 86400 seconds..