Warning: Permanently added '10.128.1.164' (ED25519) to the list of known hosts. 2024/03/10 07:57:42 ignoring optional flag "sandboxArg"="0" 2024/03/10 07:57:43 parsed 1 programs 2024/03/10 07:57:43 executed programs: 0 [ 54.746199][ T1995] loop0: detected capacity change from 0 to 8192 [ 54.754441][ T1995] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.768096][ T1995] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.777647][ T1995] REISERFS (device loop0): using ordered data mode [ 54.784402][ T1995] reiserfs: using flush barriers [ 54.790191][ T1995] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.806842][ T1995] REISERFS (device loop0): checking transaction log (loop0) [ 54.836196][ T1995] REISERFS (device loop0): Using r5 hash to sort names [ 54.910547][ T1998] loop0: detected capacity change from 0 to 8192 [ 54.918512][ T1998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.932464][ T1998] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.941855][ T1998] REISERFS (device loop0): using ordered data mode [ 54.948515][ T1998] reiserfs: using flush barriers [ 54.954436][ T1998] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.971158][ T1998] REISERFS (device loop0): checking transaction log (loop0) [ 55.001957][ T1998] REISERFS (device loop0): Using r5 hash to sort names [ 55.010408][ T1998] ================================================================== [ 55.018583][ T1998] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 55.026572][ T1998] Read of size 8 at addr ffff88806cdb3000 by task syz-executor.0/1998 [ 55.034696][ T1998] [ 55.036998][ T1998] CPU: 1 PID: 1998 Comm: syz-executor.0 Not tainted 6.1.81-syzkaller #0 [ 55.045299][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 55.055327][ T1998] Call Trace: [ 55.058585][ T1998] [ 55.061488][ T1998] dump_stack_lvl+0xf4/0x251 [ 55.066056][ T1998] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.071511][ T1998] ? panic+0x3f7/0x3f7 [ 55.075655][ T1998] ? __virt_addr_valid+0x139/0x260 [ 55.080736][ T1998] ? __virt_addr_valid+0x211/0x260 [ 55.085993][ T1998] print_report+0x15f/0x4f0 [ 55.090490][ T1998] ? __virt_addr_valid+0x139/0x260 [ 55.095662][ T1998] ? __virt_addr_valid+0x211/0x260 [ 55.100932][ T1998] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.106570][ T1998] kasan_report+0x136/0x160 [ 55.111193][ T1998] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.116820][ T1998] kasan_check_range+0x27f/0x290 [ 55.121744][ T1998] reiserfs_readdir_inode+0x5a0/0x1490 [ 55.127182][ T1998] ? reiserfs_dir_fsync+0xe0/0xe0 [ 55.132355][ T1998] ? __fdget_pos+0x204/0x2b0 [ 55.137005][ T1998] ? down_read_interruptible+0x1010/0x1010 [ 55.142789][ T1998] ? common_file_perm+0x130/0x1e0 [ 55.147899][ T1998] ? fsnotify_perm+0x29e/0x450 [ 55.152639][ T1998] ? reiserfs_sync_file+0x1f0/0x1f0 [ 55.157813][ T1998] iterate_dir+0x1fa/0x4f0 [ 55.162306][ T1998] __se_sys_getdents64+0x1af/0x3e0 [ 55.167421][ T1998] ? __x64_sys_getdents64+0x80/0x80 [ 55.172610][ T1998] ? filldir+0x570/0x570 [ 55.176829][ T1998] ? switch_fpu_return+0xc9/0x130 [ 55.181837][ T1998] do_syscall_64+0x3d/0x80 [ 55.186315][ T1998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.192208][ T1998] RIP: 0033:0x7f8adaa7c959 [ 55.196596][ T1998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.216176][ T1998] RSP: 002b:00007f8adb8700c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 55.224567][ T1998] RAX: ffffffffffffffda RBX: 00007f8adab9bf80 RCX: 00007f8adaa7c959 [ 55.232546][ T1998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.240492][ T1998] RBP: 00007f8adaad8c88 R08: 0000000000000000 R09: 0000000000000000 [ 55.248438][ T1998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.256387][ T1998] R13: 0000000000000006 R14: 00007f8adab9bf80 R15: 00007ffdca1c5ce8 [ 55.264336][ T1998] [ 55.267332][ T1998] [ 55.269730][ T1998] The buggy address belongs to the physical page: [ 55.276114][ T1998] page:ffffea0001b36cc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6cdb3 [ 55.286237][ T1998] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.293322][ T1998] raw: 00fff00000000000 ffffea0001b36d08 ffff8880bac3e5e0 0000000000000000 [ 55.301878][ T1998] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.310517][ T1998] page dumped because: kasan: bad access detected [ 55.316987][ T1998] page_owner tracks the page as freed [ 55.322324][ T1998] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1994, tgid 1994 (udevd), ts 55021189480, free_ts 55022190466 [ 55.339551][ T1998] post_alloc_hook+0x286/0x2b0 [ 55.344295][ T1998] get_page_from_freelist+0x2fdd/0x3170 [ 55.349813][ T1998] __alloc_pages+0x251/0x640 [ 55.354393][ T1998] __folio_alloc+0xf/0x30 [ 55.358782][ T1998] vma_alloc_folio+0x484/0x9e0 [ 55.363522][ T1998] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 55.369234][ T1998] shmem_get_folio_gfp+0x1197/0x25e0 [ 55.374491][ T1998] shmem_write_begin+0x159/0x400 [ 55.379396][ T1998] generic_perform_write+0x2f1/0x530 [ 55.384853][ T1998] __generic_file_write_iter+0x13e/0x2f0 [ 55.390496][ T1998] generic_file_write_iter+0x99/0x230 [ 55.395881][ T1998] vfs_write+0x9c2/0xcf0 [ 55.400096][ T1998] ksys_write+0x15f/0x240 [ 55.404394][ T1998] do_syscall_64+0x3d/0x80 [ 55.408877][ T1998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.414757][ T1998] page last free stack trace: [ 55.419403][ T1998] free_unref_page_prepare+0xd4b/0xee0 [ 55.425017][ T1998] free_unref_page_list+0x54b/0x7e0 [ 55.430274][ T1998] release_pages+0x175c/0x1900 [ 55.435184][ T1998] __pagevec_release+0x62/0xd0 [ 55.440118][ T1998] shmem_undo_range+0x66b/0x1b00 [ 55.445219][ T1998] shmem_evict_inode+0x354/0x860 [ 55.450140][ T1998] evict+0x263/0x630 [ 55.454017][ T1998] __dentry_kill+0x380/0x5d0 [ 55.458581][ T1998] dentry_kill+0xbb/0x1e0 [ 55.462959][ T1998] dput+0x154/0x2d0 [ 55.466736][ T1998] do_renameat2+0xad7/0x10a0 [ 55.471326][ T1998] __x64_sys_rename+0x7d/0x90 [ 55.475970][ T1998] do_syscall_64+0x3d/0x80 [ 55.480357][ T1998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.486304][ T1998] [ 55.488608][ T1998] Memory state around the buggy address: [ 55.494299][ T1998] ffff88806cdb2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.502343][ T1998] ffff88806cdb2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.510369][ T1998] >ffff88806cdb3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.518394][ T1998] ^ [ 55.522432][ T1998] ffff88806cdb3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.530475][ T1998] ffff88806cdb3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.538618][ T1998] ================================================================== [ 55.548397][ T1998] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.555901][ T1998] Kernel Offset: disabled [ 55.560214][ T1998] Rebooting in 86400 seconds..