Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts. 2023/08/20 22:37:56 ignoring optional flag "sandboxArg"="0" 2023/08/20 22:37:56 parsed 1 programs 2023/08/20 22:37:56 executed programs: 0 [ 45.336342][ T2648] loop0: detected capacity change from 0 to 8192 [ 45.343641][ T2648] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.356577][ T2648] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.365722][ T2648] REISERFS (device loop0): using ordered data mode [ 45.372198][ T2648] reiserfs: using flush barriers [ 45.377579][ T2648] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.393797][ T2648] REISERFS (device loop0): checking transaction log (loop0) [ 45.413268][ T2648] REISERFS (device loop0): Using r5 hash to sort names [ 45.457359][ T2651] loop0: detected capacity change from 0 to 8192 [ 45.464505][ T2651] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.477691][ T2651] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.487142][ T2651] REISERFS (device loop0): using ordered data mode [ 45.493611][ T2651] reiserfs: using flush barriers [ 45.499041][ T2651] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.515294][ T2651] REISERFS (device loop0): checking transaction log (loop0) [ 45.532746][ T2651] REISERFS (device loop0): Using r5 hash to sort names [ 45.540283][ T2651] ================================================================== [ 45.548332][ T2651] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0xb8f/0x1460 [ 45.556282][ T2651] Read of size 8 at addr ffff88806b614000 by task syz-executor.0/2651 [ 45.564393][ T2651] [ 45.566684][ T2651] CPU: 0 PID: 2651 Comm: syz-executor.0 Not tainted 6.5.0-rc7-syzkaller #0 [ 45.575238][ T2651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 45.585252][ T2651] Call Trace: [ 45.588495][ T2651] [ 45.591390][ T2651] dump_stack_lvl+0x3d/0x60 [ 45.595854][ T2651] print_report+0xc4/0x620 [ 45.600229][ T2651] kasan_report+0xda/0x110 [ 45.604612][ T2651] ? reiserfs_readdir_inode+0xb8f/0x1460 [ 45.610205][ T2651] ? reiserfs_readdir_inode+0xb8f/0x1460 [ 45.615795][ T2651] kasan_check_range+0xef/0x190 [ 45.620607][ T2651] reiserfs_readdir_inode+0xb8f/0x1460 [ 45.626028][ T2651] ? register_lock_class+0xbb/0x16a0 [ 45.631272][ T2651] ? reiserfs_dir_fsync+0x140/0x140 [ 45.636517][ T2651] ? aa_file_perm+0x39d/0xc90 [ 45.641152][ T2651] ? __mutex_lock+0x2a0/0x1590 [ 45.645874][ T2651] ? down_read_killable+0x1d4/0x380 [ 45.651028][ T2651] ? kmem_cache_free+0xe9/0x460 [ 45.655847][ T2651] ? fsnotify_perm.part.0+0x141/0x4e0 [ 45.661175][ T2651] iterate_dir+0x1a7/0x510 [ 45.665565][ T2651] __x64_sys_getdents64+0x131/0x230 [ 45.670722][ T2651] ? __ia32_sys_getdents+0x230/0x230 [ 45.675964][ T2651] ? kernel_fpu_begin_mask+0x1c0/0x1c0 [ 45.681380][ T2651] ? fillonedir+0x320/0x320 [ 45.685839][ T2651] ? fpregs_restore_userregs+0x121/0x220 [ 45.691429][ T2651] do_syscall_64+0x38/0x80 [ 45.695805][ T2651] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.701656][ T2651] RIP: 0033:0x7f5285c7c959 [ 45.706033][ T2651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.725600][ T2651] RSP: 002b:00007f52869870c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 45.733975][ T2651] RAX: ffffffffffffffda RBX: 00007f5285d9bf80 RCX: 00007f5285c7c959 [ 45.741907][ T2651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 45.749840][ T2651] RBP: 00007f5285cd8c88 R08: 0000000000000000 R09: 0000000000000000 [ 45.757783][ T2651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.765720][ T2651] R13: 0000000000000016 R14: 00007f5285d9bf80 R15: 00007ffc57af1818 [ 45.773661][ T2651] [ 45.776642][ T2651] [ 45.778928][ T2651] The buggy address belongs to the physical page: [ 45.785310][ T2651] page:ffffea0001ad8500 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b614 [ 45.795434][ T2651] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 45.802497][ T2651] page_type: 0xffffffff() [ 45.806784][ T2651] raw: 00fff00000000000 ffffea0001ad7708 ffffea0001ad7b08 0000000000000000 [ 45.815325][ T2651] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 45.823861][ T2651] page dumped because: kasan: bad access detected [ 45.830234][ T2651] page_owner tracks the page as freed [ 45.835658][ T2651] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 2648, tgid 2647 (syz-executor.0), ts 45329896519, free_ts 45444516943 [ 45.853493][ T2651] post_alloc_hook+0x281/0x2f0 [ 45.858218][ T2651] get_page_from_freelist+0xfcb/0x31e0 [ 45.863635][ T2651] __alloc_pages+0x1d0/0x470 [ 45.868184][ T2651] __folio_alloc+0x16/0x40 [ 45.872558][ T2651] vma_alloc_folio+0x10e/0x610 [ 45.877281][ T2651] shmem_alloc_folio+0xa3/0x140 [ 45.882086][ T2651] shmem_alloc_and_acct_folio+0xf7/0x540 [ 45.887675][ T2651] shmem_get_folio_gfp.constprop.0+0x8ee/0x14c0 [ 45.893871][ T2651] shmem_write_begin+0x12e/0x2e0 [ 45.898764][ T2651] generic_perform_write+0x23a/0x570 [ 45.904005][ T2651] generic_file_write_iter+0xc5/0x2c0 [ 45.909334][ T2651] vfs_write+0x520/0xc80 [ 45.913532][ T2651] ksys_write+0xf6/0x1d0 [ 45.917730][ T2651] do_syscall_64+0x38/0x80 [ 45.922112][ T2651] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.927964][ T2651] page last free stack trace: [ 45.932599][ T2651] free_unref_page_prepare+0x5aa/0xc40 [ 45.938027][ T2651] free_unref_page_list+0xe6/0xaa0 [ 45.943093][ T2651] release_pages+0x2a8/0x1040 [ 45.947768][ T2651] __folio_batch_release+0x5d/0xb0 [ 45.952843][ T2651] shmem_undo_range+0x411/0xc10 [ 45.957652][ T2651] shmem_evict_inode+0x2a6/0x9b0 [ 45.962547][ T2651] evict+0x296/0x5d0 [ 45.966403][ T2651] __dentry_kill+0x30f/0x5e0 [ 45.970950][ T2651] __fput+0x432/0xa20 [ 45.974890][ T2651] task_work_run+0x114/0x1f0 [ 45.979439][ T2651] exit_to_user_mode_prepare+0x13f/0x150 [ 45.985031][ T2651] syscall_exit_to_user_mode+0x16/0x40 [ 45.990464][ T2651] do_syscall_64+0x44/0x80 [ 45.994836][ T2651] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.000686][ T2651] [ 46.002973][ T2651] Memory state around the buggy address: [ 46.008574][ T2651] ffff88806b613f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.016597][ T2651] ffff88806b613f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.024618][ T2651] >ffff88806b614000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.032636][ T2651] ^ [ 46.036674][ T2651] ffff88806b614080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.044707][ T2651] ffff88806b614100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.052726][ T2651] ================================================================== [ 46.061254][ T2651] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.069477][ T2651] Kernel Offset: disabled [ 46.073767][ T2651] Rebooting in 86400 seconds..