Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts. 2024/06/26 09:01:02 ignoring optional flag "sandboxArg"="0" 2024/06/26 09:01:02 parsed 1 programs 2024/06/26 09:01:02 executed programs: 0 [ 54.314625][ T1912] loop0: detected capacity change from 0 to 8192 [ 54.322880][ T1912] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.335892][ T1912] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.345482][ T1912] REISERFS (device loop0): using ordered data mode [ 54.352029][ T1912] reiserfs: using flush barriers [ 54.358011][ T1912] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.379019][ T1912] REISERFS (device loop0): checking transaction log (loop0) 2024/06/26 09:01:07 executed programs: 1 [ 54.408801][ T1912] REISERFS (device loop0): Using r5 hash to sort names [ 54.477300][ T1915] loop0: detected capacity change from 0 to 8192 [ 54.485657][ T1915] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.498839][ T1915] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.508080][ T1915] REISERFS (device loop0): using ordered data mode [ 54.514718][ T1915] reiserfs: using flush barriers [ 54.520618][ T1915] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.537551][ T1915] REISERFS (device loop0): checking transaction log (loop0) [ 54.566228][ T1915] REISERFS (device loop0): Using r5 hash to sort names [ 54.625849][ T1918] loop0: detected capacity change from 0 to 8192 [ 54.633980][ T1918] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.647679][ T1918] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.657232][ T1918] REISERFS (device loop0): using ordered data mode [ 54.664231][ T1918] reiserfs: using flush barriers [ 54.670013][ T1918] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.686486][ T1918] REISERFS (device loop0): checking transaction log (loop0) [ 54.715389][ T1918] REISERFS (device loop0): Using r5 hash to sort names [ 54.774374][ T1921] loop0: detected capacity change from 0 to 8192 [ 54.782664][ T1921] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.796084][ T1921] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.805796][ T1921] REISERFS (device loop0): using ordered data mode [ 54.812627][ T1921] reiserfs: using flush barriers [ 54.818660][ T1921] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.835974][ T1921] REISERFS (device loop0): checking transaction log (loop0) [ 54.864357][ T1921] REISERFS (device loop0): Using r5 hash to sort names [ 54.929378][ T1924] loop0: detected capacity change from 0 to 8192 [ 54.937539][ T1924] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.950806][ T1924] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.960010][ T1924] REISERFS (device loop0): using ordered data mode [ 54.966941][ T1924] reiserfs: using flush barriers [ 54.972836][ T1924] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.989244][ T1924] REISERFS (device loop0): checking transaction log (loop0) [ 55.018377][ T1924] REISERFS (device loop0): Using r5 hash to sort names [ 55.077159][ T1927] loop0: detected capacity change from 0 to 8192 [ 55.084861][ T1927] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.097958][ T1927] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.107902][ T1927] REISERFS (device loop0): using ordered data mode [ 55.114773][ T1927] reiserfs: using flush barriers [ 55.120686][ T1927] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.137418][ T1927] REISERFS (device loop0): checking transaction log (loop0) [ 55.166822][ T1927] REISERFS (device loop0): Using r5 hash to sort names [ 55.231743][ T1930] loop0: detected capacity change from 0 to 8192 [ 55.240322][ T1930] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.253461][ T1930] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.263149][ T1930] REISERFS (device loop0): using ordered data mode [ 55.269752][ T1930] reiserfs: using flush barriers [ 55.275364][ T1930] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.291932][ T1930] REISERFS (device loop0): checking transaction log (loop0) [ 55.323860][ T1930] REISERFS (device loop0): Using r5 hash to sort names [ 55.388770][ T1933] loop0: detected capacity change from 0 to 8192 [ 55.396656][ T1933] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.409693][ T1933] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.418874][ T1933] REISERFS (device loop0): using ordered data mode [ 55.425770][ T1933] reiserfs: using flush barriers [ 55.431593][ T1933] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.447956][ T1933] REISERFS (device loop0): checking transaction log (loop0) [ 55.476860][ T1933] REISERFS (device loop0): Using r5 hash to sort names [ 55.484595][ T1933] ================================================================== [ 55.492678][ T1933] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 55.500722][ T1933] Read of size 8 at addr ffff88806b5ae000 by task syz-executor.0/1933 [ 55.509115][ T1933] [ 55.511427][ T1933] CPU: 0 PID: 1933 Comm: syz-executor.0 Not tainted 6.1.95-syzkaller #0 [ 55.519829][ T1933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 55.529886][ T1933] Call Trace: [ 55.533163][ T1933] [ 55.536073][ T1933] dump_stack_lvl+0xf4/0x251 [ 55.540731][ T1933] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.546265][ T1933] ? panic+0x3fe/0x3fe [ 55.550314][ T1933] ? __virt_addr_valid+0x139/0x260 [ 55.555396][ T1933] ? __virt_addr_valid+0x211/0x260 [ 55.560624][ T1933] print_report+0x15f/0x4f0 [ 55.565135][ T1933] ? __virt_addr_valid+0x139/0x260 [ 55.570231][ T1933] ? __virt_addr_valid+0x211/0x260 [ 55.575305][ T1933] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.580906][ T1933] kasan_report+0x136/0x160 [ 55.585393][ T1933] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.591353][ T1933] kasan_check_range+0x27f/0x290 [ 55.596353][ T1933] reiserfs_readdir_inode+0x5a0/0x1490 [ 55.601874][ T1933] ? reiserfs_dir_fsync+0xe0/0xe0 [ 55.606863][ T1933] ? __fdget_pos+0x204/0x2b0 [ 55.611435][ T1933] ? down_read_interruptible+0x1010/0x1010 [ 55.617238][ T1933] ? common_file_perm+0x130/0x1e0 [ 55.622262][ T1933] ? fsnotify_perm+0x29e/0x450 [ 55.626994][ T1933] ? reiserfs_sync_file+0x1f0/0x1f0 [ 55.632162][ T1933] iterate_dir+0x1fa/0x4f0 [ 55.636637][ T1933] __se_sys_getdents64+0x1af/0x3e0 [ 55.641715][ T1933] ? __x64_sys_getdents64+0x80/0x80 [ 55.646875][ T1933] ? filldir+0x570/0x570 [ 55.651081][ T1933] ? switch_fpu_return+0xc9/0x130 [ 55.656098][ T1933] do_syscall_64+0x3b/0x80 [ 55.660492][ T1933] ? clear_bhb_loop+0x45/0xa0 [ 55.665325][ T1933] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.671241][ T1933] RIP: 0033:0x7f55dbc7c959 [ 55.675666][ T1933] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.695616][ T1933] RSP: 002b:00007f55dca510c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 55.704001][ T1933] RAX: ffffffffffffffda RBX: 00007f55dbd9bf80 RCX: 00007f55dbc7c959 [ 55.712037][ T1933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.720081][ T1933] RBP: 00007f55dbcd8c88 R08: 0000000000000000 R09: 0000000000000000 [ 55.729078][ T1933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.737147][ T1933] R13: 0000000000000006 R14: 00007f55dbd9bf80 R15: 00007fff1a8dc058 [ 55.745113][ T1933] [ 55.748104][ T1933] [ 55.750401][ T1933] The buggy address belongs to the physical page: [ 55.756787][ T1933] page:ffffea0001ad6b80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b5ae [ 55.767074][ T1933] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.774151][ T1933] raw: 00fff00000000000 ffffea0001ae1348 ffff8880bad3e5e0 0000000000000000 [ 55.782734][ T1933] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.791379][ T1933] page dumped because: kasan: bad access detected [ 55.797874][ T1933] page_owner tracks the page as freed [ 55.803578][ T1933] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1911, tgid 1911 (udevd), ts 55495542303, free_ts 55497052456 [ 55.821261][ T1933] post_alloc_hook+0x286/0x2b0 [ 55.826398][ T1933] get_page_from_freelist+0x2fdd/0x3170 [ 55.831911][ T1933] __alloc_pages+0x251/0x640 [ 55.836514][ T1933] __folio_alloc+0xf/0x30 [ 55.840826][ T1933] vma_alloc_folio+0x484/0x9e0 [ 55.845587][ T1933] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 55.851277][ T1933] shmem_get_folio_gfp+0x1197/0x25e0 [ 55.856637][ T1933] shmem_write_begin+0x159/0x400 [ 55.861579][ T1933] generic_perform_write+0x2f1/0x530 [ 55.866846][ T1933] __generic_file_write_iter+0x13e/0x2f0 [ 55.872455][ T1933] generic_file_write_iter+0x99/0x230 [ 55.877874][ T1933] vfs_write+0x9c2/0xcf0 [ 55.882178][ T1933] ksys_write+0x15f/0x240 [ 55.886524][ T1933] do_syscall_64+0x3b/0x80 [ 55.891036][ T1933] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.897191][ T1933] page last free stack trace: [ 55.901935][ T1933] free_unref_page_prepare+0xd4b/0xee0 [ 55.907510][ T1933] free_unref_page_list+0x54b/0x7e0 [ 55.912772][ T1933] release_pages+0x175c/0x1900 [ 55.917540][ T1933] __pagevec_release+0x62/0xd0 [ 55.922418][ T1933] shmem_undo_range+0x66b/0x1b00 [ 55.927433][ T1933] shmem_evict_inode+0x354/0x860 [ 55.932586][ T1933] evict+0x263/0x630 [ 55.936483][ T1933] __dentry_kill+0x380/0x5d0 [ 55.941141][ T1933] dentry_kill+0xbb/0x1e0 [ 55.945448][ T1933] dput+0x154/0x2d0 [ 55.949343][ T1933] do_renameat2+0xad7/0x10a0 [ 55.953913][ T1933] __x64_sys_rename+0x7d/0x90 [ 55.958566][ T1933] do_syscall_64+0x3b/0x80 [ 55.962978][ T1933] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.968846][ T1933] [ 55.971142][ T1933] Memory state around the buggy address: [ 55.976739][ T1933] ffff88806b5adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.985131][ T1933] ffff88806b5adf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.993167][ T1933] >ffff88806b5ae000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.001196][ T1933] ^ [ 56.005267][ T1933] ffff88806b5ae080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.013840][ T1933] ffff88806b5ae100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.021871][ T1933] ================================================================== [ 56.030581][ T1933] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.038066][ T1933] Kernel Offset: disabled [ 56.042434][ T1933] Rebooting in 86400 seconds..