Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. 2023/07/11 23:04:06 ignoring optional flag "sandboxArg"="0" 2023/07/11 23:04:06 parsed 1 programs 2023/07/11 23:04:06 executed programs: 0 [ 57.897425][ T1994] loop0: detected capacity change from 0 to 8192 [ 57.905730][ T1994] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.919625][ T1994] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.929039][ T1994] REISERFS (device loop0): using ordered data mode [ 57.935578][ T1994] reiserfs: using flush barriers [ 57.941693][ T1994] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.958610][ T1994] REISERFS (device loop0): checking transaction log (loop0) [ 57.987322][ T1994] REISERFS (device loop0): Using r5 hash to sort names [ 58.057878][ T1998] loop0: detected capacity change from 0 to 8192 [ 58.065311][ T1998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.079221][ T1998] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 58.088704][ T1998] REISERFS (device loop0): using ordered data mode [ 58.095564][ T1998] reiserfs: using flush barriers 2023/07/11 23:04:11 executed programs: 2 [ 58.101293][ T1998] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.118137][ T1998] REISERFS (device loop0): checking transaction log (loop0) [ 58.147469][ T1998] REISERFS (device loop0): Using r5 hash to sort names [ 58.206053][ T2001] loop0: detected capacity change from 0 to 8192 [ 58.213691][ T2001] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.227281][ T2001] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 58.238882][ T2001] REISERFS (device loop0): using ordered data mode [ 58.245671][ T2001] reiserfs: using flush barriers [ 58.251895][ T2001] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.268691][ T2001] REISERFS (device loop0): checking transaction log (loop0) [ 58.297625][ T2001] REISERFS (device loop0): Using r5 hash to sort names [ 58.358201][ T2004] loop0: detected capacity change from 0 to 8192 [ 58.365834][ T2004] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.379430][ T2004] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 58.389043][ T2004] REISERFS (device loop0): using ordered data mode [ 58.395917][ T2004] reiserfs: using flush barriers [ 58.401837][ T2004] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.419839][ T2004] REISERFS (device loop0): checking transaction log (loop0) [ 58.452622][ T2004] REISERFS (device loop0): Using r5 hash to sort names [ 58.462399][ T2004] ================================================================== [ 58.470670][ T2004] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 58.478861][ T2004] Read of size 8 at addr ffff888069414000 by task syz-executor.0/2004 [ 58.487266][ T2004] [ 58.489571][ T2004] CPU: 0 PID: 2004 Comm: syz-executor.0 Not tainted 6.1.38-syzkaller #0 [ 58.498046][ T2004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 58.508710][ T2004] Call Trace: [ 58.511985][ T2004] [ 58.515005][ T2004] dump_stack_lvl+0xf4/0x251 [ 58.519959][ T2004] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.525520][ T2004] ? panic+0x3f7/0x3f7 [ 58.529659][ T2004] ? vprintk_emit+0x115/0x1e0 [ 58.535859][ T2004] ? _printk+0xca/0x10a [ 58.540187][ T2004] print_report+0x15f/0x4f0 [ 58.544689][ T2004] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 58.550405][ T2004] kasan_report+0x136/0x160 [ 58.554979][ T2004] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 58.560592][ T2004] kasan_check_range+0x27f/0x290 [ 58.565595][ T2004] reiserfs_readdir_inode+0x5a0/0x1490 [ 58.571133][ T2004] ? reiserfs_dir_fsync+0xe0/0xe0 [ 58.576355][ T2004] ? __fdget_pos+0x1b6/0x240 [ 58.580937][ T2004] ? down_read_interruptible+0x1010/0x1010 [ 58.586942][ T2004] ? common_file_perm+0x130/0x1e0 [ 58.592063][ T2004] ? fsnotify_perm+0x29e/0x450 [ 58.596885][ T2004] ? reiserfs_sync_file+0x1f0/0x1f0 [ 58.602251][ T2004] iterate_dir+0x1fa/0x4f0 [ 58.606672][ T2004] __se_sys_getdents64+0x1af/0x3e0 [ 58.611802][ T2004] ? __x64_sys_getdents64+0x80/0x80 [ 58.617101][ T2004] ? filldir+0x570/0x570 [ 58.621421][ T2004] ? switch_fpu_return+0xc9/0x130 [ 58.626419][ T2004] do_syscall_64+0x3d/0x80 [ 58.630810][ T2004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.636956][ T2004] RIP: 0033:0x7fda2067c959 [ 58.641437][ T2004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.661146][ T2004] RSP: 002b:00007fda214150c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 58.669553][ T2004] RAX: ffffffffffffffda RBX: 00007fda2079bf80 RCX: 00007fda2067c959 [ 58.677604][ T2004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 58.685548][ T2004] RBP: 00007fda206d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 58.693825][ T2004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.701941][ T2004] R13: 0000000000000016 R14: 00007fda2079bf80 R15: 00007fff6b3bf958 [ 58.710059][ T2004] [ 58.713097][ T2004] [ 58.715403][ T2004] The buggy address belongs to the physical page: [ 58.721932][ T2004] page:ffffea0001a50500 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69414 [ 58.732144][ T2004] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 58.739260][ T2004] raw: 00fff00000000000 ffffea0001a50548 ffff8880bad3e5a0 0000000000000000 [ 58.748004][ T2004] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 58.756573][ T2004] page dumped because: kasan: bad access detected [ 58.762966][ T2004] page_owner tracks the page as freed [ 58.768439][ T2004] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1995, tgid 1995 (udevd), ts 58473428570, free_ts 58474456864 [ 58.786041][ T2004] post_alloc_hook+0x286/0x2b0 [ 58.790799][ T2004] get_page_from_freelist+0x3100/0x32a0 [ 58.796680][ T2004] __alloc_pages+0x251/0x640 [ 58.801713][ T2004] __folio_alloc+0xf/0x30 [ 58.806473][ T2004] vma_alloc_folio+0x484/0x9e0 [ 58.811486][ T2004] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 58.817532][ T2004] shmem_get_folio_gfp+0x1197/0x25e0 [ 58.823062][ T2004] shmem_write_begin+0x159/0x400 [ 58.828283][ T2004] generic_perform_write+0x2f1/0x530 [ 58.833650][ T2004] __generic_file_write_iter+0x13e/0x2f0 [ 58.839451][ T2004] generic_file_write_iter+0x99/0x230 [ 58.844914][ T2004] vfs_write+0x9c2/0xcf0 [ 58.849187][ T2004] ksys_write+0x15f/0x240 [ 58.853508][ T2004] do_syscall_64+0x3d/0x80 [ 58.857912][ T2004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.863798][ T2004] page last free stack trace: [ 58.868458][ T2004] free_unref_page_prepare+0xd4b/0xee0 [ 58.873985][ T2004] free_unref_page_list+0xf6/0x6d0 [ 58.879171][ T2004] release_pages+0x175c/0x1900 [ 58.883937][ T2004] __pagevec_release+0x62/0xd0 [ 58.888810][ T2004] shmem_undo_range+0x677/0x1890 [ 58.893834][ T2004] shmem_evict_inode+0x354/0x860 [ 58.898757][ T2004] evict+0x263/0x630 [ 58.902728][ T2004] __dentry_kill+0x380/0x5d0 [ 58.907310][ T2004] dentry_kill+0xbb/0x1e0 [ 58.911628][ T2004] dput+0x116/0x270 [ 58.915518][ T2004] do_renameat2+0x9ce/0x1140 [ 58.920088][ T2004] __x64_sys_rename+0x7d/0x90 [ 58.924836][ T2004] do_syscall_64+0x3d/0x80 [ 58.929240][ T2004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.935191][ T2004] [ 58.937724][ T2004] Memory state around the buggy address: [ 58.943340][ T2004] ffff888069413f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.951564][ T2004] ffff888069413f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.959727][ T2004] >ffff888069414000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.967948][ T2004] ^ [ 58.971995][ T2004] ffff888069414080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.980033][ T2004] ffff888069414100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.988087][ T2004] ================================================================== [ 58.996752][ T2004] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.004555][ T2004] Kernel Offset: disabled [ 59.008868][ T2004] Rebooting in 86400 seconds..