Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   56.887049][ T3499] loop0: detected capacity change from 0 to 8192
[   56.898280][ T3499] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.908007][ T3499] REISERFS (device loop0): using ordered data mode
[   56.914696][ T3499] reiserfs: using flush barriers
[   56.921060][ T3499] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.937751][ T3499] REISERFS (device loop0): checking transaction log (loop0)
[   56.947792][ T3499] REISERFS (device loop0): Using r5 hash to sort names
[   56.956110][ T3499] ==================================================================
[   56.964299][ T3499] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x22d/0x480
[   56.972735][ T3499] Read of size 250888 at addr ffff8880708c8058 by task syz-executor834/3499
[   56.981511][ T3499] 
[   56.983841][ T3499] CPU: 0 PID: 3499 Comm: syz-executor834 Not tainted 5.15.111-syzkaller #0
[   56.992423][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   57.002473][ T3499] Call Trace:
[   57.005751][ T3499]  <TASK>
[   57.008679][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   57.013371][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   57.018997][ T3499]  ? _printk+0xd1/0x111
[   57.023159][ T3499]  ? __wake_up_klogd+0xcc/0x100
[   57.028031][ T3499]  ? panic+0x84d/0x84d
[   57.032105][ T3499]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   57.037582][ T3499]  ? __mutex_lock_common+0x444/0x25a0
[   57.042968][ T3499]  print_address_description+0x63/0x3b0
[   57.048524][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.054609][ T3499]  kasan_report+0x16b/0x1c0
[   57.059244][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.065313][ T3499]  kasan_check_range+0x27e/0x290
[   57.070254][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.076363][ T3499]  memmove+0x25/0x60
[   57.080262][ T3499]  reiserfs_get_unused_objectid+0x22d/0x480
[   57.086166][ T3499]  reiserfs_new_inode+0x2b8/0x1d90
[   57.091280][ T3499]  ? __mutex_trylock_common+0x17e/0x2e0
[   57.096833][ T3499]  ? reiserfs_write_inode+0x2e0/0x2e0
[   57.102203][ T3499]  ? do_journal_begin_r+0xdad/0x1000
[   57.107583][ T3499]  ? mb_cache_destroy+0x280/0x280
[   57.112617][ T3499]  ? journal_begin+0x1ef/0x350
[   57.117383][ T3499]  reiserfs_mkdir+0x5ac/0x8f0
[   57.122070][ T3499]  ? __might_sleep+0xc0/0xc0
[   57.126663][ T3499]  ? reiserfs_symlink+0x720/0x720
[   57.131691][ T3499]  ? down_write+0x10e/0x170
[   57.136196][ T3499]  ? __up_read+0x690/0x690
[   57.140616][ T3499]  reiserfs_xattr_init+0x348/0x730
[   57.145755][ T3499]  reiserfs_fill_super+0x226a/0x2690
[   57.151069][ T3499]  ? reiserfs_kill_sb+0x150/0x150
[   57.156117][ T3499]  ? snprintf+0xd6/0x120
[   57.160373][ T3499]  mount_bdev+0x26d/0x3a0
[   57.164735][ T3499]  ? reiserfs_kill_sb+0x150/0x150
[   57.169770][ T3499]  legacy_get_tree+0xeb/0x180
[   57.174635][ T3499]  ? remove_save_link+0x540/0x540
[   57.179672][ T3499]  vfs_get_tree+0x88/0x270
[   57.184118][ T3499]  do_new_mount+0x28b/0xad0
[   57.188627][ T3499]  ? do_move_mount_old+0x160/0x160
[   57.193750][ T3499]  ? user_path_at_empty+0x12b/0x180
[   57.198954][ T3499]  __se_sys_mount+0x2d5/0x3c0
[   57.203649][ T3499]  ? __x64_sys_mount+0xc0/0xc0
[   57.208428][ T3499]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.214428][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   57.219642][ T3499]  ? __x64_sys_mount+0x1c/0xc0
[   57.224504][ T3499]  do_syscall_64+0x3d/0xb0
[   57.228932][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.234837][ T3499] RIP: 0033:0x7fa5438775fa
[   57.239254][ T3499] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.258858][ T3499] RSP: 002b:00007ffd668e6c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   57.267303][ T3499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5438775fa
[   57.275374][ T3499] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffd668e6cb0
[   57.283347][ T3499] RBP: 00007ffd668e6cb0 R08: 00007ffd668e6cf0 R09: 0000000000000000
[   57.291336][ T3499] R10: 0000000000008008 R11: 0000000000000286 R12: 0000000000000004
[   57.299342][ T3499] R13: 00005555565e62c0 R14: 0000000000008008 R15: 00007ffd668e6cf0
[   57.307447][ T3499]  </TASK>
[   57.310485][ T3499] 
[   57.312980][ T3499] The buggy address belongs to the page:
[   57.318784][ T3499] page:ffffea0001c23200 refcount:3 mapcount:0 mapping:ffff88801ac37270 index:0x10 pfn:0x708c8
[   57.329228][ T3499] memcg:ffff8881407a4000
[   57.333480][ T3499] aops:def_blk_aops ino:700000
[   57.338244][ T3499] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[   57.347741][ T3499] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88801ac37270
[   57.356592][ T3499] raw: 0000000000000010 ffff88807437a000 00000003ffffffff ffff8881407a4000
[   57.365183][ T3499] page dumped because: kasan: bad access detected
[   57.371683][ T3499] page_owner tracks the page as allocated
[   57.377601][ T3499] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 3499, ts 56897973903, free_ts 56885936708
[   57.394882][ T3499]  get_page_from_freelist+0x322a/0x33c0
[   57.400478][ T3499]  __alloc_pages+0x272/0x700
[   57.405093][ T3499]  __page_cache_alloc+0xd4/0x4a0
[   57.410131][ T3499]  pagecache_get_page+0xa91/0x1010
[   57.415267][ T3499]  __getblk_gfp+0x22a/0xaf0
[   57.419883][ T3499]  __bread_gfp+0x2a/0x390
[   57.424219][ T3499]  read_super_block+0x91/0x7e0
[   57.429076][ T3499]  reiserfs_fill_super+0x90a/0x2690
[   57.434284][ T3499]  mount_bdev+0x26d/0x3a0
[   57.438822][ T3499]  legacy_get_tree+0xeb/0x180
[   57.443591][ T3499]  vfs_get_tree+0x88/0x270
[   57.448028][ T3499]  do_new_mount+0x28b/0xad0
[   57.452532][ T3499]  __se_sys_mount+0x2d5/0x3c0
[   57.457225][ T3499]  do_syscall_64+0x3d/0xb0
[   57.461650][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.467543][ T3499] page last free stack trace:
[   57.472211][ T3499]  free_unref_page_prepare+0xc34/0xcf0
[   57.477683][ T3499]  free_unref_page_list+0x1f7/0x8e0
[   57.482887][ T3499]  release_pages+0x1bb9/0x1f40
[   57.487664][ T3499]  tlb_finish_mmu+0x177/0x320
[   57.492371][ T3499]  unmap_region+0x304/0x350
[   57.496888][ T3499]  __do_munmap+0x12db/0x1740
[   57.501489][ T3499]  __vm_munmap+0x134/0x230
[   57.505915][ T3499]  __x64_sys_munmap+0x67/0x70
[   57.510811][ T3499]  do_syscall_64+0x3d/0xb0
[   57.515238][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.521230][ T3499] 
[   57.523556][ T3499] Memory state around the buggy address:
[   57.529211][ T3499]  ffff8880708ccf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.537366][ T3499]  ffff8880708ccf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.545453][ T3499] >ffff8880708cd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.553513][ T3499]                    ^
[   57.557676][ T3499]  ffff8880708cd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.565744][ T3499]  ffff8880708cd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.573814][ T3499] ==================================================================
[   57.582133][ T3499] Disabling lock debugging due to kernel taint
[   57.588538][ T3499] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.595928][ T3499] CPU: 0 PID: 3499 Comm: syz-executor834 Tainted: G    B             5.15.111-syzkaller #0
[   57.605926][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   57.615981][ T3499] Call Trace:
[   57.619273][ T3499]  <TASK>
[   57.622205][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   57.626979][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   57.632615][ T3499]  ? panic+0x84d/0x84d
[   57.636681][ T3499]  ? rcu_is_watching+0x11/0xa0
[   57.641438][ T3499]  ? preempt_schedule_common+0xa6/0xd0
[   57.646906][ T3499]  panic+0x318/0x84d
[   57.650813][ T3499]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   57.656961][ T3499]  ? check_panic_on_warn+0x1d/0xa0
[   57.662068][ T3499]  ? fb_is_primary_device+0xcc/0xcc
[   57.667268][ T3499]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   57.673270][ T3499]  ? _raw_spin_unlock+0x40/0x40
[   57.678136][ T3499]  check_panic_on_warn+0x7e/0xa0
[   57.683074][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.689162][ T3499]  end_report+0x6d/0xf0
[   57.693322][ T3499]  kasan_report+0x18e/0x1c0
[   57.697818][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.703886][ T3499]  kasan_check_range+0x27e/0x290
[   57.709011][ T3499]  ? reiserfs_get_unused_objectid+0x22d/0x480
[   57.715085][ T3499]  memmove+0x25/0x60
[   57.718988][ T3499]  reiserfs_get_unused_objectid+0x22d/0x480
[   57.724901][ T3499]  reiserfs_new_inode+0x2b8/0x1d90
[   57.730252][ T3499]  ? __mutex_trylock_common+0x17e/0x2e0
[   57.735807][ T3499]  ? reiserfs_write_inode+0x2e0/0x2e0
[   57.741184][ T3499]  ? do_journal_begin_r+0xdad/0x1000
[   57.746512][ T3499]  ? mb_cache_destroy+0x280/0x280
[   57.751555][ T3499]  ? journal_begin+0x1ef/0x350
[   57.756340][ T3499]  reiserfs_mkdir+0x5ac/0x8f0
[   57.761028][ T3499]  ? __might_sleep+0xc0/0xc0
[   57.765639][ T3499]  ? reiserfs_symlink+0x720/0x720
[   57.770667][ T3499]  ? down_write+0x10e/0x170
[   57.775175][ T3499]  ? __up_read+0x690/0x690
[   57.779588][ T3499]  reiserfs_xattr_init+0x348/0x730
[   57.784701][ T3499]  reiserfs_fill_super+0x226a/0x2690
[   57.789985][ T3499]  ? reiserfs_kill_sb+0x150/0x150
[   57.795002][ T3499]  ? snprintf+0xd6/0x120
[   57.799246][ T3499]  mount_bdev+0x26d/0x3a0
[   57.803578][ T3499]  ? reiserfs_kill_sb+0x150/0x150
[   57.808620][ T3499]  legacy_get_tree+0xeb/0x180
[   57.813293][ T3499]  ? remove_save_link+0x540/0x540
[   57.818310][ T3499]  vfs_get_tree+0x88/0x270
[   57.822721][ T3499]  do_new_mount+0x28b/0xad0
[   57.827244][ T3499]  ? do_move_mount_old+0x160/0x160
[   57.832350][ T3499]  ? user_path_at_empty+0x12b/0x180
[   57.837554][ T3499]  __se_sys_mount+0x2d5/0x3c0
[   57.842238][ T3499]  ? __x64_sys_mount+0xc0/0xc0
[   57.846997][ T3499]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.852974][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   57.858305][ T3499]  ? __x64_sys_mount+0x1c/0xc0
[   57.863101][ T3499]  do_syscall_64+0x3d/0xb0
[   57.867545][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.873442][ T3499] RIP: 0033:0x7fa5438775fa
[   57.877857][ T3499] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.897456][ T3499] RSP: 002b:00007ffd668e6c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   57.905865][ T3499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5438775fa
[   57.913832][ T3499] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffd668e6cb0
[   57.921795][ T3499] RBP: 00007ffd668e6cb0 R08: 00007ffd668e6cf0 R09: 0000000000000000
[   57.929777][ T3499] R10: 0000000000008008 R11: 0000000000000286 R12: 0000000000000004
[   57.937743][ T3499] R13: 00005555565e62c0 R14: 0000000000008008 R15: 00007ffd668e6cf0
[   57.945726][ T3499]  </TASK>
[   57.948920][ T3499] Kernel Offset: disabled
[   57.953251][ T3499] Rebooting in 86400 seconds..