Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. 2023/11/27 03:13:29 ignoring optional flag "sandboxArg"="0" 2023/11/27 03:13:29 parsed 1 programs 2023/11/27 03:13:29 executed programs: 0 [ 53.798359][ T1995] loop0: detected capacity change from 0 to 8192 [ 53.807141][ T1995] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.820553][ T1995] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.831154][ T1995] REISERFS (device loop0): using ordered data mode [ 53.837876][ T1995] reiserfs: using flush barriers [ 53.843595][ T1995] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.860230][ T1995] REISERFS (device loop0): checking transaction log (loop0) [ 53.888970][ T1995] REISERFS (device loop0): Using r5 hash to sort names [ 53.959622][ T1999] loop0: detected capacity change from 0 to 8192 [ 53.967453][ T1999] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.981003][ T1999] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.990423][ T1999] REISERFS (device loop0): using ordered data mode [ 53.997242][ T1999] reiserfs: using flush barriers 2023/11/27 03:13:34 executed programs: 2 [ 54.003064][ T1999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.019730][ T1999] REISERFS (device loop0): checking transaction log (loop0) [ 54.047299][ T1999] REISERFS (device loop0): Using r5 hash to sort names [ 54.113423][ T2002] loop0: detected capacity change from 0 to 8192 [ 54.121220][ T2002] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.134709][ T2002] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.144537][ T2002] REISERFS (device loop0): using ordered data mode [ 54.151994][ T2002] reiserfs: using flush barriers [ 54.157864][ T2002] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.174706][ T2002] REISERFS (device loop0): checking transaction log (loop0) [ 54.206683][ T2002] REISERFS (device loop0): Using r5 hash to sort names [ 54.267137][ T2005] loop0: detected capacity change from 0 to 8192 [ 54.274818][ T2005] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.288841][ T2005] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.298410][ T2005] REISERFS (device loop0): using ordered data mode [ 54.305499][ T2005] reiserfs: using flush barriers [ 54.311206][ T2005] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.327908][ T2005] REISERFS (device loop0): checking transaction log (loop0) [ 54.363159][ T2005] REISERFS (device loop0): Using r5 hash to sort names [ 54.375569][ T2005] ================================================================== [ 54.383660][ T2005] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 54.391724][ T2005] Read of size 8 at addr ffff888069922000 by task syz-executor.0/2005 [ 54.400115][ T2005] [ 54.402439][ T2005] CPU: 1 PID: 2005 Comm: syz-executor.0 Not tainted 6.1.63-syzkaller #0 [ 54.411196][ T2005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 54.421243][ T2005] Call Trace: [ 54.424514][ T2005] [ 54.427426][ T2005] dump_stack_lvl+0xf4/0x251 [ 54.432106][ T2005] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.437659][ T2005] ? panic+0x3f7/0x3f7 [ 54.441719][ T2005] ? _printk+0xca/0x10a [ 54.446016][ T2005] print_report+0x15f/0x4f0 [ 54.450741][ T2005] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 54.456358][ T2005] kasan_report+0x136/0x160 [ 54.460936][ T2005] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 54.466637][ T2005] kasan_check_range+0x27f/0x290 [ 54.471655][ T2005] reiserfs_readdir_inode+0x5a0/0x1490 [ 54.477181][ T2005] ? reiserfs_dir_fsync+0xe0/0xe0 [ 54.482200][ T2005] ? __fdget_pos+0x204/0x2b0 [ 54.486988][ T2005] ? down_read_interruptible+0x1010/0x1010 [ 54.492913][ T2005] ? common_file_perm+0x130/0x1e0 [ 54.497912][ T2005] ? fsnotify_perm+0x29e/0x450 [ 54.502738][ T2005] ? reiserfs_sync_file+0x1f0/0x1f0 [ 54.507960][ T2005] iterate_dir+0x1fa/0x4f0 [ 54.512357][ T2005] __se_sys_getdents64+0x1af/0x3e0 [ 54.517532][ T2005] ? __x64_sys_getdents64+0x80/0x80 [ 54.522720][ T2005] ? filldir+0x570/0x570 [ 54.527215][ T2005] ? switch_fpu_return+0xc9/0x130 [ 54.532224][ T2005] do_syscall_64+0x3d/0x80 [ 54.536710][ T2005] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.542668][ T2005] RIP: 0033:0x7fd8e0e7c959 [ 54.547231][ T2005] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.567088][ T2005] RSP: 002b:00007fd8e1c4b0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 54.575774][ T2005] RAX: ffffffffffffffda RBX: 00007fd8e0f9bf80 RCX: 00007fd8e0e7c959 [ 54.583845][ T2005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 54.591811][ T2005] RBP: 00007fd8e0ed8c88 R08: 0000000000000000 R09: 0000000000000000 [ 54.599762][ T2005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.608686][ T2005] R13: 0000000000000006 R14: 00007fd8e0f9bf80 R15: 00007ffea3192a38 [ 54.616821][ T2005] [ 54.620175][ T2005] [ 54.622586][ T2005] The buggy address belongs to the physical page: [ 54.629245][ T2005] page:ffffea0001a64880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69922 [ 54.639718][ T2005] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 54.646940][ T2005] raw: 00fff00000000000 ffffea0001a648c8 ffff8880bac3e5e0 0000000000000000 [ 54.655935][ T2005] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.664841][ T2005] page dumped because: kasan: bad access detected [ 54.671778][ T2005] page_owner tracks the page as freed [ 54.677222][ T2005] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1996, tgid 1996 (udevd), ts 54382718109, free_ts 54383582567 [ 54.695615][ T2005] post_alloc_hook+0x286/0x2b0 [ 54.700537][ T2005] get_page_from_freelist+0x2fdd/0x3170 [ 54.706702][ T2005] __alloc_pages+0x251/0x640 [ 54.711911][ T2005] __folio_alloc+0xf/0x30 [ 54.716938][ T2005] vma_alloc_folio+0x484/0x9e0 [ 54.721864][ T2005] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 54.727649][ T2005] shmem_get_folio_gfp+0x1197/0x25e0 [ 54.733462][ T2005] shmem_write_begin+0x159/0x400 [ 54.738739][ T2005] generic_perform_write+0x2f1/0x530 [ 54.744431][ T2005] __generic_file_write_iter+0x13e/0x2f0 [ 54.750642][ T2005] generic_file_write_iter+0x99/0x230 [ 54.756878][ T2005] vfs_write+0x9c2/0xcf0 [ 54.761641][ T2005] ksys_write+0x15f/0x240 [ 54.765966][ T2005] do_syscall_64+0x3d/0x80 [ 54.770537][ T2005] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.776488][ T2005] page last free stack trace: [ 54.781308][ T2005] free_unref_page_prepare+0xd4b/0xee0 [ 54.786826][ T2005] free_unref_page_list+0x54b/0x7e0 [ 54.792003][ T2005] release_pages+0x175c/0x1900 [ 54.796738][ T2005] __pagevec_release+0x62/0xd0 [ 54.801482][ T2005] shmem_undo_range+0x677/0x1890 [ 54.806420][ T2005] shmem_evict_inode+0x354/0x860 [ 54.811506][ T2005] evict+0x263/0x630 [ 54.815670][ T2005] __dentry_kill+0x380/0x5d0 [ 54.820341][ T2005] dentry_kill+0xbb/0x1e0 [ 54.824667][ T2005] dput+0x138/0x2b0 [ 54.828468][ T2005] do_renameat2+0x9d1/0xf70 [ 54.832967][ T2005] __x64_sys_rename+0x7d/0x90 [ 54.837635][ T2005] do_syscall_64+0x3d/0x80 [ 54.842222][ T2005] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.848097][ T2005] [ 54.850509][ T2005] Memory state around the buggy address: [ 54.856224][ T2005] ffff888069921f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.864350][ T2005] ffff888069921f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.872470][ T2005] >ffff888069922000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.880677][ T2005] ^ [ 54.884720][ T2005] ffff888069922080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.892864][ T2005] ffff888069922100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.900999][ T2005] ================================================================== [ 54.909953][ T2005] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.917851][ T2005] Kernel Offset: disabled [ 54.922292][ T2005] Rebooting in 86400 seconds..