Warning: Permanently added '10.128.10.4' (ED25519) to the list of known hosts. 2024/02/01 02:03:29 ignoring optional flag "sandboxArg"="0" 2024/02/01 02:03:29 parsed 1 programs 2024/02/01 02:03:29 executed programs: 0 [ 53.135275][ T1994] loop0: detected capacity change from 0 to 8192 [ 53.144057][ T1994] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.157768][ T1994] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.167762][ T1994] REISERFS (device loop0): using ordered data mode [ 53.174355][ T1994] reiserfs: using flush barriers [ 53.180447][ T1994] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.200307][ T1994] REISERFS (device loop0): checking transaction log (loop0) [ 53.230292][ T1994] REISERFS (device loop0): Using r5 hash to sort names [ 53.290231][ T1998] loop0: detected capacity change from 0 to 8192 [ 53.298047][ T1998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.312190][ T1998] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.321602][ T1998] REISERFS (device loop0): using ordered data mode [ 53.328213][ T1998] reiserfs: using flush barriers [ 53.334972][ T1998] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.352253][ T1998] REISERFS (device loop0): checking transaction log (loop0) [ 53.380675][ T1998] REISERFS (device loop0): Using r5 hash to sort names [ 53.389540][ T1998] ================================================================== [ 53.397711][ T1998] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5a0/0x1490 [ 53.405771][ T1998] Read of size 8 at addr ffff88806a811000 by task syz-executor.0/1998 [ 53.413918][ T1998] [ 53.416225][ T1998] CPU: 0 PID: 1998 Comm: syz-executor.0 Not tainted 6.1.76-syzkaller #0 [ 53.424627][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 53.435248][ T1998] Call Trace: [ 53.438515][ T1998] [ 53.441434][ T1998] dump_stack_lvl+0xf4/0x251 [ 53.446088][ T1998] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.451782][ T1998] ? panic+0x3f7/0x3f7 [ 53.456001][ T1998] ? __virt_addr_valid+0x137/0x210 [ 53.461091][ T1998] ? __virt_addr_valid+0x1d6/0x210 [ 53.467061][ T1998] print_report+0x15f/0x4f0 [ 53.471637][ T1998] ? __virt_addr_valid+0x137/0x210 [ 53.477074][ T1998] ? __virt_addr_valid+0x1d6/0x210 [ 53.482259][ T1998] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 53.487954][ T1998] kasan_report+0x136/0x160 [ 53.492432][ T1998] ? reiserfs_readdir_inode+0x5a0/0x1490 [ 53.499508][ T1998] kasan_check_range+0x27f/0x290 [ 53.504417][ T1998] reiserfs_readdir_inode+0x5a0/0x1490 [ 53.509861][ T1998] ? reiserfs_dir_fsync+0xe0/0xe0 [ 53.514966][ T1998] ? __fdget_pos+0x204/0x2b0 [ 53.519731][ T1998] ? down_read_interruptible+0x1010/0x1010 [ 53.525718][ T1998] ? common_file_perm+0x130/0x1e0 [ 53.530722][ T1998] ? fsnotify_perm+0x29e/0x450 [ 53.535722][ T1998] ? reiserfs_sync_file+0x1f0/0x1f0 [ 53.541327][ T1998] iterate_dir+0x1fa/0x4f0 [ 53.545810][ T1998] __se_sys_getdents64+0x1af/0x3e0 [ 53.550999][ T1998] ? __x64_sys_getdents64+0x80/0x80 [ 53.556255][ T1998] ? filldir+0x570/0x570 [ 53.560644][ T1998] ? switch_fpu_return+0xc9/0x130 [ 53.565913][ T1998] do_syscall_64+0x3d/0x80 [ 53.570386][ T1998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.576423][ T1998] RIP: 0033:0x7fb741e7c959 [ 53.580906][ T1998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.600666][ T1998] RSP: 002b:00007fb742b580c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 53.609155][ T1998] RAX: ffffffffffffffda RBX: 00007fb741f9bf80 RCX: 00007fb741e7c959 [ 53.617120][ T1998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 53.625193][ T1998] RBP: 00007fb741ed8c88 R08: 0000000000000000 R09: 0000000000000000 [ 53.633158][ T1998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.641554][ T1998] R13: 0000000000000016 R14: 00007fb741f9bf80 R15: 00007ffcafc7f558 [ 53.649806][ T1998] [ 53.652894][ T1998] [ 53.655192][ T1998] The buggy address belongs to the physical page: [ 53.661849][ T1998] page:ffffea0001aa0440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a811 [ 53.671991][ T1998] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 53.679180][ T1998] raw: 00fff00000000000 ffffea0001aa21c8 ffffea0001aa0b88 0000000000000000 [ 53.687929][ T1998] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 53.696583][ T1998] page dumped because: kasan: bad access detected [ 53.703203][ T1998] page_owner tracks the page as freed [ 53.708565][ T1998] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1994, tgid 1993 (syz-executor.0), ts 53127570471, free_ts 53267405236 [ 53.726879][ T1998] post_alloc_hook+0x286/0x2b0 [ 53.731835][ T1998] get_page_from_freelist+0x2fdd/0x3170 [ 53.737456][ T1998] __alloc_pages+0x251/0x640 [ 53.742016][ T1998] __folio_alloc+0xf/0x30 [ 53.746319][ T1998] vma_alloc_folio+0x484/0x9e0 [ 53.751055][ T1998] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 53.756882][ T1998] shmem_get_folio_gfp+0x1197/0x25e0 [ 53.762143][ T1998] shmem_write_begin+0x159/0x400 [ 53.767408][ T1998] generic_perform_write+0x2f1/0x530 [ 53.772674][ T1998] __generic_file_write_iter+0x13e/0x2f0 [ 53.778381][ T1998] generic_file_write_iter+0x99/0x230 [ 53.783912][ T1998] vfs_write+0x9c2/0xcf0 [ 53.788235][ T1998] ksys_write+0x15f/0x240 [ 53.792565][ T1998] do_syscall_64+0x3d/0x80 [ 53.796965][ T1998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.802847][ T1998] page last free stack trace: [ 53.807500][ T1998] free_unref_page_prepare+0xd4b/0xee0 [ 53.812933][ T1998] free_unref_page_list+0x54b/0x7e0 [ 53.818264][ T1998] release_pages+0x175c/0x1900 [ 53.823016][ T1998] __pagevec_release+0x62/0xd0 [ 53.827773][ T1998] shmem_undo_range+0x66b/0x1b00 [ 53.832682][ T1998] shmem_evict_inode+0x354/0x860 [ 53.837592][ T1998] evict+0x263/0x630 [ 53.841457][ T1998] __dentry_kill+0x380/0x5d0 [ 53.846125][ T1998] dentry_kill+0xbb/0x1e0 [ 53.850424][ T1998] dput+0x138/0x2b0 [ 53.854223][ T1998] __fput+0x4bd/0x700 [ 53.858195][ T1998] task_work_run+0x206/0x280 [ 53.862817][ T1998] exit_to_user_mode_loop+0xa9/0xc0 [ 53.867998][ T1998] exit_to_user_mode_prepare+0x64/0xb0 [ 53.873504][ T1998] syscall_exit_to_user_mode+0x27/0x1c0 [ 53.879130][ T1998] do_syscall_64+0x49/0x80 [ 53.883717][ T1998] [ 53.886804][ T1998] Memory state around the buggy address: [ 53.895128][ T1998] ffff88806a810f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.903933][ T1998] ffff88806a810f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.912237][ T1998] >ffff88806a811000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.920609][ T1998] ^ [ 53.924672][ T1998] ffff88806a811080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.932987][ T1998] ffff88806a811100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.942412][ T1998] ================================================================== [ 53.951599][ T1998] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.959151][ T1998] Kernel Offset: disabled [ 53.963545][ T1998] Rebooting in 86400 seconds..