Warning: Permanently added '10.128.1.158' (ED25519) to the list of known hosts. 2024/09/09 08:48:59 ignoring optional flag "sandboxArg"="0" 2024/09/09 08:49:00 parsed 1 programs 2024/09/09 08:49:00 executed programs: 0 [ 53.661584][ T1911] loop0: detected capacity change from 0 to 8192 [ 53.669359][ T1911] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.682459][ T1911] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.691686][ T1911] REISERFS (device loop0): using ordered data mode [ 53.698173][ T1911] reiserfs: using flush barriers [ 53.703891][ T1911] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.720264][ T1911] REISERFS (device loop0): checking transaction log (loop0) [ 53.750404][ T1911] REISERFS (device loop0): Using r5 hash to sort names [ 53.808429][ T1915] loop0: detected capacity change from 0 to 8192 [ 53.816191][ T1915] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.829342][ T1915] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.838717][ T1915] REISERFS (device loop0): using ordered data mode [ 53.845336][ T1915] reiserfs: using flush barriers [ 53.851212][ T1915] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.867818][ T1915] REISERFS (device loop0): checking transaction log (loop0) [ 53.895920][ T1915] REISERFS (device loop0): Using r5 hash to sort names [ 53.903469][ T1915] ================================================================== [ 53.911535][ T1915] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 53.919526][ T1915] Read of size 8 at addr ffff88806b151000 by task syz-executor.0/1915 [ 53.927661][ T1915] [ 53.929989][ T1915] CPU: 0 PID: 1915 Comm: syz-executor.0 Not tainted 6.1.109-syzkaller #0 [ 53.938379][ T1915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 53.948418][ T1915] Call Trace: [ 53.951791][ T1915] [ 53.954697][ T1915] dump_stack_lvl+0xf4/0x251 [ 53.959268][ T1915] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.964717][ T1915] ? panic+0x3fe/0x3fe [ 53.968766][ T1915] ? __virt_addr_valid+0x139/0x270 [ 53.973853][ T1915] ? __virt_addr_valid+0x221/0x270 [ 53.978936][ T1915] print_report+0x15f/0x4f0 [ 53.983416][ T1915] ? __virt_addr_valid+0x139/0x270 [ 53.988505][ T1915] ? __virt_addr_valid+0x221/0x270 [ 53.993601][ T1915] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 53.999215][ T1915] kasan_report+0x136/0x160 [ 54.003696][ T1915] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 54.009309][ T1915] kasan_check_range+0x27f/0x290 [ 54.014303][ T1915] reiserfs_readdir_inode+0x5a0/0x1490 [ 54.019737][ T1915] ? reiserfs_dir_fsync+0xe0/0xe0 [ 54.024817][ T1915] ? __fdget_pos+0x204/0x2b0 [ 54.029412][ T1915] ? down_read_interruptible+0x1010/0x1010 [ 54.035218][ T1915] ? common_file_perm+0x130/0x1e0 [ 54.040209][ T1915] ? fsnotify_perm+0x120/0x440 [ 54.045029][ T1915] ? reiserfs_sync_file+0x1f0/0x1f0 [ 54.050201][ T1915] iterate_dir+0x1fa/0x500 [ 54.054586][ T1915] __se_sys_getdents64+0x1af/0x3e0 [ 54.059665][ T1915] ? __x64_sys_getdents64+0x80/0x80 [ 54.064838][ T1915] ? filldir+0x570/0x570 [ 54.069050][ T1915] ? switch_fpu_return+0xc9/0x130 [ 54.074045][ T1915] do_syscall_64+0x3b/0x80 [ 54.078429][ T1915] ? clear_bhb_loop+0x45/0xa0 [ 54.083074][ T1915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.088952][ T1915] RIP: 0033:0x7feabd87c959 [ 54.093344][ T1915] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.112925][ T1915] RSP: 002b:00007feabe5780c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 54.121327][ T1915] RAX: ffffffffffffffda RBX: 00007feabd99bf80 RCX: 00007feabd87c959 [ 54.129281][ T1915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 54.137224][ T1915] RBP: 00007feabd8d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 54.145251][ T1915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.153195][ T1915] R13: 0000000000000016 R14: 00007feabd99bf80 R15: 00007ffda351f318 [ 54.161405][ T1915] [ 54.164400][ T1915] [ 54.166694][ T1915] The buggy address belongs to the physical page: [ 54.173085][ T1915] page:ffffea0001ac5440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b151 [ 54.183214][ T1915] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.190300][ T1915] raw: 00fff00000000000 ffffea0001ac5488 ffff8880bad3e5a0 0000000000000000 [ 54.198852][ T1915] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.207411][ T1915] page dumped because: kasan: bad access detected [ 54.213799][ T1915] page_owner tracks the page as freed [ 54.219142][ T1915] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1912, tgid 1912 (udevd), ts 53914411105, free_ts 53915271615 [ 54.236207][ T1915] post_alloc_hook+0x286/0x2b0 [ 54.240947][ T1915] get_page_from_freelist+0x2fe5/0x3170 [ 54.246569][ T1915] __alloc_pages+0x251/0x640 [ 54.251228][ T1915] __folio_alloc+0xf/0x30 [ 54.255529][ T1915] vma_alloc_folio+0x484/0x9e0 [ 54.260260][ T1915] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 54.266055][ T1915] shmem_get_folio_gfp+0x1197/0x25e0 [ 54.271304][ T1915] shmem_write_begin+0x159/0x400 [ 54.276211][ T1915] generic_perform_write+0x2f1/0x530 [ 54.281471][ T1915] __generic_file_write_iter+0x13e/0x2f0 [ 54.287168][ T1915] generic_file_write_iter+0x99/0x230 [ 54.292515][ T1915] vfs_write+0x99b/0xcf0 [ 54.296810][ T1915] ksys_write+0x15f/0x240 [ 54.301107][ T1915] do_syscall_64+0x3b/0x80 [ 54.305578][ T1915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.311455][ T1915] page last free stack trace: [ 54.316127][ T1915] free_unref_page_prepare+0xd6c/0xf00 [ 54.321564][ T1915] free_unref_page_list+0x54b/0x7e0 [ 54.326727][ T1915] release_pages+0x1e0a/0x1fe0 [ 54.331464][ T1915] __pagevec_release+0x62/0xd0 [ 54.336192][ T1915] shmem_undo_range+0x66b/0x1b00 [ 54.341096][ T1915] shmem_evict_inode+0x354/0x860 [ 54.346001][ T1915] evict+0x486/0x8c0 [ 54.349862][ T1915] __dentry_kill+0x380/0x5d0 [ 54.354418][ T1915] dentry_kill+0xbb/0x1e0 [ 54.358741][ T1915] dput+0x154/0x2d0 [ 54.362518][ T1915] do_renameat2+0xad7/0x10a0 [ 54.367082][ T1915] __x64_sys_rename+0x7d/0x90 [ 54.371733][ T1915] do_syscall_64+0x3b/0x80 [ 54.376122][ T1915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.381982][ T1915] [ 54.384279][ T1915] Memory state around the buggy address: [ 54.389908][ T1915] ffff88806b150f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.397946][ T1915] ffff88806b150f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.406064][ T1915] >ffff88806b151000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.414191][ T1915] ^ [ 54.418230][ T1915] ffff88806b151080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.426259][ T1915] ffff88806b151100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.434292][ T1915] ================================================================== [ 54.444106][ T1915] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.451582][ T1915] Kernel Offset: disabled [ 54.455886][ T1915] Rebooting in 86400 seconds..