Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. 2024/08/22 11:35:57 ignoring optional flag "sandboxArg"="0" 2024/08/22 11:35:57 parsed 1 programs 2024/08/22 11:35:57 executed programs: 0 [ 49.801260][ T1928] loop0: detected capacity change from 0 to 8192 [ 49.809063][ T1928] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 49.818663][ T1928] REISERFS (device loop0): using ordered data mode [ 49.825144][ T1928] reiserfs: using flush barriers [ 49.831067][ T1928] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 49.847735][ T1928] REISERFS (device loop0): checking transaction log (loop0) [ 49.870072][ T1928] REISERFS (device loop0): Using r5 hash to sort names [ 49.927604][ T1932] loop0: detected capacity change from 0 to 8192 [ 49.936423][ T1932] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 49.945751][ T1932] REISERFS (device loop0): using ordered data mode [ 49.952347][ T1932] reiserfs: using flush barriers [ 49.958519][ T1932] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 49.975220][ T1932] REISERFS (device loop0): checking transaction log (loop0) [ 49.996870][ T1932] REISERFS (device loop0): Using r5 hash to sort names [ 50.088160][ T1935] loop0: detected capacity change from 0 to 8192 [ 50.095723][ T1935] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.105214][ T1935] REISERFS (device loop0): using ordered data mode [ 50.112061][ T1935] reiserfs: using flush barriers [ 50.117572][ T1935] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 50.133829][ T1935] REISERFS (device loop0): checking transaction log (loop0) [ 50.154661][ T1935] REISERFS (device loop0): Using r5 hash to sort names [ 50.165656][ T1935] ================================================================== [ 50.173721][ T1935] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0xa13/0x1330 [ 50.181786][ T1935] Read of size 8 at addr ffff88806c18d000 by task syz-executor.0/1935 [ 50.189996][ T1935] [ 50.192435][ T1935] CPU: 0 PID: 1935 Comm: syz-executor.0 Not tainted 5.15.165-syzkaller #0 [ 50.200916][ T1935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 50.211147][ T1935] Call Trace: [ 50.214405][ T1935] [ 50.217328][ T1935] dump_stack_lvl+0x41/0x5e [ 50.221811][ T1935] print_address_description.constprop.0.cold+0x6c/0x309 [ 50.228814][ T1935] ? reiserfs_readdir_inode+0xa13/0x1330 [ 50.234514][ T1935] ? reiserfs_readdir_inode+0xa13/0x1330 [ 50.240205][ T1935] kasan_report.cold+0x83/0xdf [ 50.245042][ T1935] ? reiserfs_readdir_inode+0xa13/0x1330 [ 50.250720][ T1935] kasan_check_range+0x13d/0x180 [ 50.255620][ T1935] reiserfs_readdir_inode+0xa13/0x1330 [ 50.261040][ T1935] ? do_raw_spin_unlock+0x171/0x230 [ 50.266290][ T1935] ? reiserfs_dir_fsync+0x140/0x140 [ 50.271470][ T1935] ? lock_downgrade+0x4f0/0x4f0 [ 50.276281][ T1935] ? lock_acquire+0x11a/0x250 [ 50.280917][ T1935] ? aa_file_perm+0xea/0xd00 [ 50.285470][ T1935] ? aa_file_perm+0xea/0xd00 [ 50.290018][ T1935] ? __lock_acquire.constprop.0+0x478/0xb30 [ 50.296066][ T1935] ? aa_path_link+0x2e0/0x2e0 [ 50.300722][ T1935] ? down_read_killable+0x1be/0x380 [ 50.305896][ T1935] ? down_read_interruptible+0x380/0x380 [ 50.311495][ T1935] ? fsnotify_perm.part.0+0x118/0x4c0 [ 50.316954][ T1935] iterate_dir+0x48a/0x6d0 [ 50.321334][ T1935] __x64_sys_getdents64+0x122/0x220 [ 50.326678][ T1935] ? __ia32_sys_getdents+0x220/0x220 [ 50.331923][ T1935] ? compat_fillonedir+0x300/0x300 [ 50.336995][ T1935] ? vtime_user_exit+0xde/0x180 [ 50.341804][ T1935] do_syscall_64+0x33/0x80 [ 50.346221][ T1935] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 50.352106][ T1935] RIP: 0033:0x7f4964734959 [ 50.356489][ T1935] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.376063][ T1935] RSP: 002b:00007f49642b70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 50.384968][ T1935] RAX: ffffffffffffffda RBX: 00007f4964853f80 RCX: 00007f4964734959 [ 50.392903][ T1935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 50.400848][ T1935] RBP: 00007f4964790c88 R08: 0000000000000000 R09: 0000000000000000 [ 50.408885][ T1935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.416873][ T1935] R13: 0000000000000006 R14: 00007f4964853f80 R15: 00007ffd67e62c58 [ 50.424912][ T1935] [ 50.427909][ T1935] [ 50.430208][ T1935] The buggy address belongs to the page: [ 50.436194][ T1935] page:ffffea0001b06340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6c18d [ 50.446625][ T1935] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.453699][ T1935] raw: 00fff00000000000 ffffea0001b06388 ffff8880bad3e060 0000000000000000 [ 50.462351][ T1935] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 50.470921][ T1935] page dumped because: kasan: bad access detected [ 50.477314][ T1935] page_owner tracks the page as freed [ 50.483003][ T1935] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 1929, ts 50219256653, free_ts 50219927037 [ 50.497643][ T1935] get_page_from_freelist+0x12d1/0x2d40 [ 50.503168][ T1935] __alloc_pages+0x1b2/0x440 [ 50.507871][ T1935] alloc_pages_vma+0xe0/0x650 [ 50.512529][ T1935] shmem_alloc_page+0x104/0x1b0 [ 50.517428][ T1935] shmem_alloc_and_acct_page+0xff/0x730 [ 50.522939][ T1935] shmem_getpage_gfp.constprop.0+0x42a/0x1790 [ 50.528968][ T1935] generic_perform_write+0x1d6/0x430 [ 50.534316][ T1935] __generic_file_write_iter+0x2f0/0x560 [ 50.540001][ T1935] generic_file_write_iter+0xb9/0x1c0 [ 50.545332][ T1935] new_sync_write+0x35d/0x5f0 [ 50.549974][ T1935] vfs_write+0x577/0x7e0 [ 50.554204][ T1935] ksys_write+0xf4/0x1d0 [ 50.558418][ T1935] do_syscall_64+0x33/0x80 [ 50.562811][ T1935] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 50.568882][ T1935] page last free stack trace: [ 50.573519][ T1935] free_pcp_prepare+0x379/0x850 [ 50.578360][ T1935] free_unref_page_list+0x16f/0xbd0 [ 50.583658][ T1935] release_pages+0xb3a/0x1480 [ 50.588318][ T1935] __pagevec_release+0x59/0xe0 [ 50.593135][ T1935] shmem_undo_range+0x505/0xeb0 [ 50.598037][ T1935] shmem_evict_inode+0x313/0xa40 [ 50.602943][ T1935] evict+0x296/0x5d0 [ 50.606811][ T1935] __dentry_kill+0x315/0x5e0 [ 50.611409][ T1935] dput+0x34a/0x7e0 [ 50.615563][ T1935] do_renameat2+0x4e0/0xa20 [ 50.620042][ T1935] __x64_sys_rename+0x78/0x90 [ 50.624685][ T1935] do_syscall_64+0x33/0x80 [ 50.629090][ T1935] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 50.635249][ T1935] [ 50.637642][ T1935] Memory state around the buggy address: [ 50.643601][ T1935] ffff88806c18cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.651722][ T1935] ffff88806c18cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.659776][ T1935] >ffff88806c18d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.667818][ T1935] ^ [ 50.671861][ T1935] ffff88806c18d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.680007][ T1935] ffff88806c18d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.688144][ T1935] ================================================================== [ 50.696262][ T1935] Disabling lock debugging due to kernel taint [ 50.703461][ T1935] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 50.710917][ T1935] Kernel Offset: disabled [ 50.715258][ T1935] Rebooting in 86400 seconds..