Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. 2023/10/27 01:00:43 ignoring optional flag "sandboxArg"="0" 2023/10/27 01:00:43 parsed 1 programs 2023/10/27 01:00:43 executed programs: 0 [ 55.337992][ T1995] loop0: detected capacity change from 0 to 8192 [ 55.345822][ T1995] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.359173][ T1995] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.368959][ T1995] REISERFS (device loop0): using ordered data mode [ 55.375460][ T1995] reiserfs: using flush barriers [ 55.381229][ T1995] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.397666][ T1995] REISERFS (device loop0): checking transaction log (loop0) [ 55.424804][ T1995] REISERFS (device loop0): Using r5 hash to sort names [ 55.480545][ T1999] loop0: detected capacity change from 0 to 8192 [ 55.488648][ T1999] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 55.502063][ T1999] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 55.511975][ T1999] REISERFS (device loop0): using ordered data mode [ 55.518840][ T1999] reiserfs: using flush barriers [ 55.525157][ T1999] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 55.541719][ T1999] REISERFS (device loop0): checking transaction log (loop0) [ 55.569761][ T1999] REISERFS (device loop0): Using r5 hash to sort names [ 55.577492][ T1999] ================================================================== [ 55.586347][ T1999] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 55.594333][ T1999] Read of size 8 at addr ffff88806aab1000 by task syz-executor.0/1999 [ 55.602985][ T1999] [ 55.605298][ T1999] CPU: 0 PID: 1999 Comm: syz-executor.0 Not tainted 6.1.60-syzkaller #0 [ 55.613851][ T1999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 55.623983][ T1999] Call Trace: [ 55.627264][ T1999] [ 55.630262][ T1999] dump_stack_lvl+0xf4/0x251 [ 55.634848][ T1999] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.640364][ T1999] ? panic+0x3f7/0x3f7 [ 55.644402][ T1999] ? _printk+0xca/0x10a [ 55.648767][ T1999] print_report+0x15f/0x4f0 [ 55.653254][ T1999] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.658949][ T1999] kasan_report+0x136/0x160 [ 55.663605][ T1999] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 55.669205][ T1999] kasan_check_range+0x27f/0x290 [ 55.674473][ T1999] reiserfs_readdir_inode+0x5a0/0x1490 [ 55.680004][ T1999] ? reiserfs_dir_fsync+0xe0/0xe0 [ 55.685047][ T1999] ? __fdget_pos+0x204/0x2b0 [ 55.689823][ T1999] ? down_read_interruptible+0x1010/0x1010 [ 55.696058][ T1999] ? common_file_perm+0x130/0x1e0 [ 55.701086][ T1999] ? fsnotify_perm+0x29e/0x450 [ 55.705961][ T1999] ? reiserfs_sync_file+0x1f0/0x1f0 [ 55.711698][ T1999] iterate_dir+0x1fa/0x4f0 [ 55.716784][ T1999] __se_sys_getdents64+0x1af/0x3e0 [ 55.721874][ T1999] ? __x64_sys_getdents64+0x80/0x80 [ 55.727217][ T1999] ? filldir+0x570/0x570 [ 55.731430][ T1999] ? switch_fpu_return+0xc9/0x130 [ 55.736427][ T1999] do_syscall_64+0x3d/0x80 [ 55.740834][ T1999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.747048][ T1999] RIP: 0033:0x7fa33687c959 [ 55.751711][ T1999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.771683][ T1999] RSP: 002b:00007fa33764e0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 55.780884][ T1999] RAX: ffffffffffffffda RBX: 00007fa33699bf80 RCX: 00007fa33687c959 [ 55.789185][ T1999] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.797289][ T1999] RBP: 00007fa3368d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 55.805617][ T1999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.813816][ T1999] R13: 0000000000000016 R14: 00007fa33699bf80 R15: 00007ffe3fcd5f18 [ 55.821781][ T1999] [ 55.824909][ T1999] [ 55.827356][ T1999] The buggy address belongs to the physical page: [ 55.834203][ T1999] page:ffffea0001aaac40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6aab1 [ 55.844604][ T1999] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.852043][ T1999] raw: 00fff00000000000 ffffea0001aaac88 ffff8880bad3e5e0 0000000000000000 [ 55.860662][ T1999] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.869320][ T1999] page dumped because: kasan: bad access detected [ 55.875797][ T1999] page_owner tracks the page as freed [ 55.881354][ T1999] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1996, tgid 1996 (udevd), ts 55588628777, free_ts 55589488288 [ 55.898604][ T1999] post_alloc_hook+0x286/0x2b0 [ 55.903461][ T1999] get_page_from_freelist+0x2fdd/0x3170 [ 55.908998][ T1999] __alloc_pages+0x251/0x640 [ 55.913567][ T1999] __folio_alloc+0xf/0x30 [ 55.917876][ T1999] vma_alloc_folio+0x484/0x9e0 [ 55.922730][ T1999] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 55.928533][ T1999] shmem_get_folio_gfp+0x1197/0x25e0 [ 55.933877][ T1999] shmem_write_begin+0x159/0x400 [ 55.938783][ T1999] generic_perform_write+0x2f1/0x530 [ 55.944057][ T1999] __generic_file_write_iter+0x13e/0x2f0 [ 55.949833][ T1999] generic_file_write_iter+0x99/0x230 [ 55.955282][ T1999] vfs_write+0x9c2/0xcf0 [ 55.959509][ T1999] ksys_write+0x15f/0x240 [ 55.964015][ T1999] do_syscall_64+0x3d/0x80 [ 55.968506][ T1999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.974406][ T1999] page last free stack trace: [ 55.979163][ T1999] free_unref_page_prepare+0xd4b/0xee0 [ 55.984598][ T1999] free_unref_page_list+0x54b/0x7e0 [ 55.989942][ T1999] release_pages+0x175c/0x1900 [ 55.994801][ T1999] __pagevec_release+0x62/0xd0 [ 55.999726][ T1999] shmem_undo_range+0x677/0x1890 [ 56.004738][ T1999] shmem_evict_inode+0x354/0x860 [ 56.009663][ T1999] evict+0x263/0x630 [ 56.013632][ T1999] __dentry_kill+0x380/0x5d0 [ 56.018246][ T1999] dentry_kill+0xbb/0x1e0 [ 56.022616][ T1999] dput+0x138/0x2b0 [ 56.026408][ T1999] do_renameat2+0x9d1/0xf70 [ 56.030901][ T1999] __x64_sys_rename+0x7d/0x90 [ 56.035551][ T1999] do_syscall_64+0x3d/0x80 [ 56.039967][ T1999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.045923][ T1999] [ 56.048248][ T1999] Memory state around the buggy address: [ 56.053851][ T1999] ffff88806aab0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.062075][ T1999] ffff88806aab0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.070378][ T1999] >ffff88806aab1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.078587][ T1999] ^ [ 56.082637][ T1999] ffff88806aab1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.090973][ T1999] ffff88806aab1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.099020][ T1999] ================================================================== [ 56.107676][ T1999] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.115287][ T1999] Kernel Offset: disabled [ 56.119600][ T1999] Rebooting in 86400 seconds..