Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[   59.382218][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor282'
[   59.617243][ T5078] loop0: detected capacity change from 0 to 8192
[   59.636465][ T5077] loop5: detected capacity change from 0 to 8192
[   59.644248][ T5080] loop4: detected capacity change from 0 to 8192
[   59.652828][ T5081] loop3: detected capacity change from 0 to 8192
[   59.653368][ T5079] loop2: detected capacity change from 0 to 8192
[   59.677853][ T5081] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.701372][ T5078] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.705041][ T5077] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.716171][ T5078] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   59.737224][ T5077] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[   59.748096][ T5077] REISERFS (device loop5): using ordered data mode
[   59.754956][ T5077] reiserfs: using flush barriers
[   59.760232][ T5080] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.761127][ T5078] REISERFS (device loop0): using ordered data mode
[   59.776637][ T5080] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[   59.788378][ T5079] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.789839][ T5077] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.803503][ T5076] loop1: detected capacity change from 0 to 8192
[   59.830327][ T5080] REISERFS (device loop4): using ordered data mode
[   59.836888][ T5080] reiserfs: using flush barriers
[   59.845379][ T5076] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.848531][ T5081] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[   59.869660][ T5081] REISERFS (device loop3): using ordered data mode
[   59.876992][ T5081] reiserfs: using flush barriers
[   59.883760][ T5079] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[   59.885948][ T5076] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[   59.899958][ T5078] reiserfs: using flush barriers
[   59.903331][ T5081] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.909369][ T5076] REISERFS (device loop1): using ordered data mode
[   59.924604][ T5080] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.925194][ T5080] REISERFS (device loop4): checking transaction log (loop4)
[   59.931169][ T5076] reiserfs: using flush barriers
[   59.945786][ T5079] REISERFS (device loop2): using ordered data mode
[   59.948787][ T5077] REISERFS (device loop5): checking transaction log (loop5)
[   59.955449][ T5078] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.960597][ T5081] REISERFS (device loop3): checking transaction log (loop3)
[   59.966436][ T5076] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.977909][ T5077] REISERFS (device loop5): Using r5 hash to sort names
[   59.990424][ T5076] REISERFS (device loop1): checking transaction log (loop1)
[   60.022850][ T5078] REISERFS (device loop0): checking transaction log (loop0)
[   60.029676][ T5080] REISERFS (device loop4): Using r5 hash to sort names
[   60.036599][ T5079] reiserfs: using flush barriers
[   60.045566][ T5081] REISERFS (device loop3): Using r5 hash to sort names
[   60.055330][ T5076] REISERFS (device loop1): Using r5 hash to sort names
[   60.055974][ T5078] REISERFS (device loop0): Using r5 hash to sort names
[   60.064055][ T5081] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
malloc(): corrupted top size
executing program
malloc(): corrupted top size
[   60.079427][ T5076] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[   60.089767][ T5079] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   60.089988][ T5080] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[   60.118034][ T5078] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
executing program
executing program
[   60.130306][ T5077] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[   60.141109][ T5079] REISERFS (device loop2): checking transaction log (loop2)
[   60.179227][ T5079] REISERFS (device loop2): Using r5 hash to sort names
[   60.201555][ T5079] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[   60.213665][ T5080] ==================================================================
[   60.221962][ T5080] BUG: KASAN: use-after-free in reiserfs_release_objectid+0x50c/0x750
[   60.230253][ T5080] Read of size 14568 at addr ffff8880288af0d0 by task syz-executor282/5080
[   60.239383][ T5080] 
[   60.243466][ T5080] CPU: 1 PID: 5080 Comm: syz-executor282 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   60.253472][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.263718][ T5080] Call Trace:
[   60.267184][ T5080]  <TASK>
[   60.270205][ T5080]  dump_stack_lvl+0xd1/0x138
[   60.274911][ T5080]  print_report+0x15e/0x45d
[   60.279437][ T5080]  ? __phys_addr+0xc8/0x140
[   60.283980][ T5080]  ? reiserfs_release_objectid+0x50c/0x750
[   60.289812][ T5080]  kasan_report+0xc0/0xf0
[   60.294244][ T5080]  ? reiserfs_release_objectid+0x50c/0x750
[   60.300335][ T5080]  kasan_check_range+0x141/0x190
[   60.305378][ T5080]  memmove+0x24/0x60
[   60.309319][ T5080]  reiserfs_release_objectid+0x50c/0x750
[   60.315151][ T5080]  remove_save_link+0x220/0x3f0
[   60.320027][ T5080]  ? add_save_link+0x620/0x620
[   60.324808][ T5080]  ? wait_for_completion_io_timeout+0x20/0x20
[   60.330897][ T5080]  reiserfs_evict_inode+0x48d/0x540
[   60.336283][ T5080]  ? reiserfs_bmap+0x1b0/0x1b0
[   60.341063][ T5080]  ? lock_acquire+0x32/0xc0
[   60.345575][ T5080]  ? inode_wait_for_writeback+0x1e/0x40
[   60.351135][ T5080]  ? reiserfs_bmap+0x1b0/0x1b0
[   60.355918][ T5080]  evict+0x2ed/0x6b0
[   60.359839][ T5080]  iput+0x52b/0x8e0
[   60.363677][ T5080]  dentry_unlink_inode+0x2b1/0x460
[   60.368816][ T5080]  __dentry_kill+0x3c0/0x640
[   60.373443][ T5080]  ? dput+0x39/0xe10
[   60.377379][ T5080]  dput+0x6ac/0xe10
[   60.381232][ T5080]  do_renameat2+0xb32/0xc30
[   60.385850][ T5080]  ? __ia32_sys_link+0xa0/0xa0
[   60.390709][ T5080]  ? trace_lock_acquire+0x1f1/0x290
[   60.395921][ T5080]  ? __virt_addr_valid+0x61/0x2e0
[   60.401224][ T5080]  ? __phys_addr_symbol+0x30/0x70
[   60.406653][ T5080]  ? strncpy_from_user+0x28b/0x3c0
[   60.411786][ T5080]  __x64_sys_rename+0x81/0xa0
[   60.416468][ T5080]  do_syscall_64+0x39/0xb0
[   60.420896][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.426809][ T5080] RIP: 0033:0x7f3429d54369
[   60.431234][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.450850][ T5080] RSP: 002b:00007fff83c5a338 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   60.459272][ T5080] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f3429d54369
[   60.467263][ T5080] RDX: 00007f3429d54369 RSI: 0000000020000200 RDI: 0000000020000140
[   60.475242][ T5080] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[   60.483215][ T5080] R10: 000000000000000d R11: 0000000000000246 R12: 00007f3429d13540
[   60.491192][ T5080] R13: 00007fff83c5a360 R14: 00007fff83c5a34c R15: 00007fff83c5a350
[   60.499177][ T5080]  </TASK>
[   60.502196][ T5080] 
[   60.504517][ T5080] The buggy address belongs to the physical page:
[   60.510940][ T5080] page:ffffea0000a22bc0 refcount:2 mapcount:0 mapping:ffff88801e4bf5f8 index:0x10 pfn:0x288af
[   60.521215][ T5080] memcg:ffff88813ff40000
[   60.525546][ T5080] aops:def_blk_aops ino:700004
[   60.530649][ T5080] flags: 0xfff00000022036(referenced|uptodate|lru|active|private|mappedtodisk|node=0|zone=1|lastcpupid=0x7ff)
[   60.543159][ T5080] raw: 00fff00000022036 ffffea0000a22b88 ffffea0001f3bcc8 ffff88801e4bf5f8
[   60.552182][ T5080] raw: 0000000000000010 ffff888072c10d98 00000002ffffffff ffff88813ff40000
[   60.560784][ T5080] page dumped because: kasan: bad access detected
[   60.567209][ T5080] page_owner tracks the page as allocated
[   60.572917][ T5080] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5087, tgid 5087 (udevd), ts 59750613992, free_ts 49039027840
[   60.593713][ T5080]  get_page_from_freelist+0x11bb/0x2d50
[   60.599293][ T5080]  __alloc_pages+0x1cb/0x5c0
[   60.603986][ T5080]  alloc_pages+0x1aa/0x270
[   60.608410][ T5080]  folio_alloc+0x20/0x70
[   60.612676][ T5080]  filemap_alloc_folio+0x3a3/0x450
[   60.617799][ T5080]  page_cache_ra_unbounded+0x1ae/0x5e0
[   60.623272][ T5080]  force_page_cache_ra+0x333/0x470
[   60.628400][ T5080]  page_cache_sync_ra+0x105/0x200
[   60.633446][ T5080]  filemap_get_pages+0x2ca/0x16b0
[   60.638776][ T5080]  filemap_read+0x315/0xc00
[   60.644263][ T5080]  blkdev_read_iter+0x3eb/0x760
[   60.649228][ T5080]  vfs_read+0x681/0x930
[   60.653400][ T5080]  ksys_read+0x12b/0x250
[   60.657825][ T5080]  do_syscall_64+0x39/0xb0
[   60.662252][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.668161][ T5080] page last free stack trace:
[   60.672826][ T5080]  free_pcp_prepare+0x4d0/0x910
[   60.677807][ T5080]  free_unref_page+0x1d/0x490
[   60.682531][ T5080]  __unfreeze_partials+0x17c/0x1a0
[   60.687660][ T5080]  qlist_free_all+0x6a/0x170
[   60.692264][ T5080]  kasan_quarantine_reduce+0x192/0x220
[   60.697764][ T5080]  __kasan_slab_alloc+0x63/0x90
[   60.703126][ T5080]  kmem_cache_alloc+0x175/0x320
[   60.708170][ T5080]  jbd2__journal_start+0x18a/0x6b0
[   60.713456][ T5080]  __ext4_journal_start_sb+0x706/0x890
[   60.719138][ T5080]  ext4_dirty_inode+0xa5/0x130
[   60.723932][ T5080]  __mark_inode_dirty+0x247/0x1250
[   60.729053][ T5080]  generic_write_end+0x354/0x440
[   60.734023][ T5080]  ext4_da_write_end+0x1f5/0xa50
[   60.739016][ T5080]  generic_perform_write+0x316/0x570
[   60.744423][ T5080]  ext4_buffered_write_iter+0x15b/0x460
[   60.749994][ T5080]  ext4_file_write_iter+0x8bf/0x1710
[   60.755290][ T5080] 
[   60.757616][ T5080] Memory state around the buggy address:
[   60.763246][ T5080]  ffff8880288aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.771483][ T5080]  ffff8880288aff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.779564][ T5080] >ffff8880288b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.787678][ T5080]                    ^
[   60.791742][ T5080]  ffff8880288b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.799867][ T5080]  ffff8880288b0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.807942][ T5080] ==================================================================
[   60.837640][ T5080] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.845158][ T5080] CPU: 0 PID: 5080 Comm: syz-executor282 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   60.855079][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.865253][ T5080] Call Trace:
[   60.868555][ T5080]  <TASK>
[   60.871518][ T5080]  dump_stack_lvl+0xd1/0x138
[   60.876137][ T5080]  panic+0x2cc/0x626
[   60.880087][ T5080]  ? panic_print_sys_info.part.0+0x112/0x112
[   60.886300][ T5080]  ? preempt_schedule_thunk+0x1a/0x20
[   60.891720][ T5080]  ? preempt_schedule_common+0x59/0xc0
[   60.897490][ T5080]  check_panic_on_warn.cold+0x19/0x35
[   60.903098][ T5080]  end_report.part.0+0x36/0x73
[   60.907907][ T5080]  ? reiserfs_release_objectid+0x50c/0x750
[   60.913784][ T5080]  kasan_report.cold+0xa/0xf
[   60.918439][ T5080]  ? reiserfs_release_objectid+0x50c/0x750
[   60.924493][ T5080]  kasan_check_range+0x141/0x190
[   60.929503][ T5080]  memmove+0x24/0x60
[   60.933456][ T5080]  reiserfs_release_objectid+0x50c/0x750
[   60.939492][ T5080]  remove_save_link+0x220/0x3f0
[   60.944483][ T5080]  ? add_save_link+0x620/0x620
[   60.949304][ T5080]  ? wait_for_completion_io_timeout+0x20/0x20
[   60.955461][ T5080]  reiserfs_evict_inode+0x48d/0x540
[   60.961060][ T5080]  ? reiserfs_bmap+0x1b0/0x1b0
[   60.965872][ T5080]  ? lock_acquire+0x32/0xc0
[   60.970412][ T5080]  ? inode_wait_for_writeback+0x1e/0x40
[   60.976087][ T5080]  ? reiserfs_bmap+0x1b0/0x1b0
[   60.980898][ T5080]  evict+0x2ed/0x6b0
[   60.984844][ T5080]  iput+0x52b/0x8e0
[   60.988700][ T5080]  dentry_unlink_inode+0x2b1/0x460
[   60.993861][ T5080]  __dentry_kill+0x3c0/0x640
[   60.998501][ T5080]  ? dput+0x39/0xe10
[   61.002457][ T5080]  dput+0x6ac/0xe10
[   61.006444][ T5080]  do_renameat2+0xb32/0xc30
[   61.010986][ T5080]  ? __ia32_sys_link+0xa0/0xa0
[   61.015785][ T5080]  ? trace_lock_acquire+0x1f1/0x290
[   61.021039][ T5080]  ? __virt_addr_valid+0x61/0x2e0
[   61.026215][ T5080]  ? __phys_addr_symbol+0x30/0x70
[   61.031408][ T5080]  ? strncpy_from_user+0x28b/0x3c0
[   61.036568][ T5080]  __x64_sys_rename+0x81/0xa0
[   61.041292][ T5080]  do_syscall_64+0x39/0xb0
[   61.045750][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.051692][ T5080] RIP: 0033:0x7f3429d54369
[   61.056134][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   61.076043][ T5080] RSP: 002b:00007fff83c5a338 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   61.084493][ T5080] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f3429d54369
[   61.092501][ T5080] RDX: 00007f3429d54369 RSI: 0000000020000200 RDI: 0000000020000140
[   61.100505][ T5080] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[   61.108535][ T5080] R10: 000000000000000d R11: 0000000000000246 R12: 00007f3429d13540
[   61.116584][ T5080] R13: 00007fff83c5a360 R14: 00007fff83c5a34c R15: 00007fff83c5a350
[   61.124692][ T5080]  </TASK>
[   61.127898][ T5080] Kernel Offset: disabled
[   61.132339][ T5080] Rebooting in 86400 seconds..