Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts.
syzkaller login: [   66.976341][ T4990] cgroup: Unknown subsys name 'net'
[   67.126497][ T4990] cgroup: Unknown subsys name 'rlimit'
executing program
executing program
executing program
[   67.462417][ T5007] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5007 'syz-executor361'
executing program
executing program
executing program
[   68.251480][ T5015] loop1: detected capacity change from 0 to 32768
[   68.429694][ T5023] find_entry called with index = 0
[   68.460694][ T5023] find_entry called with index = 0
[   68.569354][ T5021] loop4: detected capacity change from 0 to 32768
[   68.580516][ T5007] loop0: detected capacity change from 0 to 32768
[   68.585557][ T5013] loop5: detected capacity change from 0 to 32768
[   68.676109][ T5024] find_entry called with index = 0
[   68.700741][ T5018] loop2: detected capacity change from 0 to 32768
[   68.719953][ T5019] loop3: detected capacity change from 0 to 32768
[   68.727849][ T5024] find_entry called with index = 0
[   68.728480][ T5025] find_entry called with index = 0
[   68.762354][ T5026] find_entry called with index = 0
[   68.767546][ T5026] find_entry called with index = 0
[   68.832337][ T5025] find_entry called with index = 0
[   68.850002][ T5028] find_entry called with index = 0
[   68.870118][ T5018] find_entry called with index = 0
[   68.907341][ T5018] find_entry called with index = 0
executing program
executing program
executing program
executing program
executing program
executing program
[   70.257455][ T5034] loop3: detected capacity change from 0 to 32768
[   70.274557][ T5033] loop1: detected capacity change from 0 to 32768
[   70.340028][ T5037] loop0: detected capacity change from 0 to 32768
[   70.362353][ T5043] find_entry called with index = 0
[   70.385693][ T5044] find_entry called with index = 0
[   70.404479][ T5043] find_entry called with index = 0
[   70.434349][ T5044] find_entry called with index = 0
[   70.481330][ T5038] loop4: detected capacity change from 0 to 32768
[   70.485724][ T5045] find_entry called with index = 0
[   70.502860][ T5042] loop5: detected capacity change from 0 to 32768
[   70.535059][ T5045] find_entry called with index = 0
[   70.585806][ T5041] loop2: detected capacity change from 0 to 32768
[   70.643159][ T5047] find_entry called with index = 0
[   70.648585][ T5046] find_entry called with index = 0
[   70.653752][ T5046] find_entry called with index = 0
[   70.678265][ T5047] find_entry called with index = 0
[   70.702280][ T5048] find_entry called with index = 0
[   70.736123][ T5048] find_entry called with index = 0
executing program
executing program
executing program
executing program
executing program
executing program
[   71.865344][ T5050] loop1: detected capacity change from 0 to 32768
[   71.912935][ T5052] loop3: detected capacity change from 0 to 32768
[   71.994038][ T5061] find_entry called with index = 0
[   72.026596][ T5062] find_entry called with index = 0
[   72.037864][ T5061] find_entry called with index = 0
[   72.057886][ T5062] find_entry called with index = 0
[   72.075478][ T5054] loop4: detected capacity change from 0 to 32768
[   72.175705][ T5063] find_entry called with index = 0
[   72.211329][ T5057] loop5: detected capacity change from 0 to 32768
[   72.216816][ T5060] loop0: detected capacity change from 0 to 32768
[   72.234807][ T5058] loop2: detected capacity change from 0 to 32768
[   72.241808][ T5063] find_entry called with index = 0
[   72.320772][ T5065] find_entry called with index = 0
[   72.329885][ T5064] find_entry called with index = 0
[   72.335072][ T5064] find_entry called with index = 0
[   72.378384][ T5066] find_entry called with index = 0
[   72.383581][ T5066] find_entry called with index = 0
[   72.406377][ T5065] find_entry called with index = 0
executing program
executing program
executing program
executing program
executing program
executing program
[   73.469171][ T5069] loop1: detected capacity change from 0 to 32768
[   73.589581][ T5079] find_entry called with index = 0
[   73.597028][ T5070] loop3: detected capacity change from 0 to 32768
[   73.624070][ T5079] find_entry called with index = 0
[   73.702968][ T5080] find_entry called with index = 0
[   73.754733][ T5080] find_entry called with index = 0
[   73.799815][ T5072] loop4: detected capacity change from 0 to 32768
[   73.871729][ T5074] loop0: detected capacity change from 0 to 32768
[   73.882536][ T5078] loop2: detected capacity change from 0 to 32768
[   73.944989][ T5076] loop5: detected capacity change from 0 to 32768
[   73.946702][ T5081] find_entry called with index = 0
[   73.995382][ T5081] find_entry called with index = 0
[   74.026018][ T5082] ==================================================================
[   74.034151][ T5082] BUG: KASAN: slab-use-after-free in release_metapage+0x5a7/0x870
[   74.042030][ T5082] Read of size 8 at addr ffff888029b76218 by task syz-executor361/5082
[   74.050303][ T5082] 
[   74.052656][ T5082] CPU: 1 PID: 5082 Comm: syz-executor361 Not tainted 6.4.0-rc2-syzkaller-00018-g4d6d4c7f541d #0
[   74.063102][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   74.073192][ T5082] Call Trace:
[   74.074091][ T5083] find_entry called with index = 0
[   74.076476][ T5082]  <TASK>
[   74.076487][ T5082]  dump_stack_lvl+0x1e7/0x2d0
[   74.076526][ T5082]  ? nf_tcp_handle_invalid+0x650/0x650
[   74.094760][ T5082]  ? panic+0x770/0x770
[   74.098892][ T5082]  ? _printk+0xd5/0x120
[   74.103094][ T5082]  print_report+0x163/0x540
[   74.107654][ T5082]  ? force_metapage+0x330/0x330
[   74.112544][ T5082]  ? __virt_addr_valid+0x22f/0x2e0
[   74.117691][ T5082]  ? __phys_addr+0xba/0x170
[   74.122212][ T5082]  ? release_metapage+0x5a7/0x870
[   74.127341][ T5082]  kasan_report+0x176/0x1b0
[   74.131865][ T5082]  ? release_metapage+0x5a7/0x870
[   74.136914][ T5082]  release_metapage+0x5a7/0x870
[   74.141782][ T5082]  ? __jfs_setxattr+0x75b/0x11d0
[   74.146734][ T5082]  __jfs_setxattr+0xad9/0x11d0
[   74.151522][ T5082]  ? jfs_extendfs+0x1e30/0x1e30
[   74.156395][ T5082]  ? jfs_initxattrs+0x76/0x1d0
[   74.161166][ T5082]  ? jfs_initxattrs+0x76/0x1d0
[   74.165930][ T5082]  ? jfs_initxattrs+0x96/0x1d0
[   74.170701][ T5082]  jfs_initxattrs+0x128/0x1d0
[   74.175397][ T5082]  security_inode_init_security+0x2df/0x3f0
[   74.181311][ T5082]  ? jfs_init_security+0x110/0x110
[   74.186442][ T5082]  ? security_dentry_create_files_as+0xc0/0xc0
[   74.192609][ T5082]  ? __mutex_lock_common+0x42d/0x2530
[   74.197998][ T5082]  ? posix_acl_create+0x162/0x420
[   74.203039][ T5082]  jfs_init_security+0xa9/0x110
[   74.207903][ T5082]  ? __jfs_set_acl+0x1b0/0x1b0
[   74.212682][ T5082]  ? jfs_listxattr+0x810/0x810
[   74.217544][ T5082]  ? txBegin+0x4f9/0x6c0
[   74.221818][ T5082]  jfs_mkdir+0x2c7/0xbb0
[   74.226068][ T5082]  ? smk_access+0x477/0x4b0
[   74.230591][ T5082]  ? jfs_symlink+0x10f0/0x10f0
[   74.235373][ T5082]  ? generic_permission+0x1df/0x550
[   74.240578][ T5082]  ? bpf_lsm_inode_mkdir+0x9/0x10
[   74.245609][ T5082]  ? security_inode_mkdir+0xb8/0x100
[   74.250909][ T5082]  vfs_mkdir+0x29d/0x450
[   74.255181][ T5082]  do_mkdirat+0x264/0x520
[   74.259550][ T5082]  ? vfs_mkdir+0x450/0x450
[   74.263985][ T5082]  ? getname_flags+0x1f0/0x4e0
[   74.268769][ T5082]  ? lockdep_hardirqs_on+0x98/0x140
[   74.273982][ T5082]  __x64_sys_mkdir+0x6e/0x80
[   74.278581][ T5082]  do_syscall_64+0x41/0xc0
[   74.283098][ T5082]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.289003][ T5082] RIP: 0033:0x7fce4779cec9
[   74.293445][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.313161][ T5082] RSP: 002b:00007fce40327318 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   74.321597][ T5082] RAX: ffffffffffffffda RBX: 00007fce478287b8 RCX: 00007fce4779cec9
[   74.329577][ T5082] RDX: 00007fce40327700 RSI: 0000000000000000 RDI: 0000000020000040
[   74.337550][ T5082] RBP: 00007fce478287b0 R08: 00007fce40327700 R09: 0000000000000000
[   74.345533][ T5082] R10: 00007fce40327700 R11: 0000000000000246 R12: 0030656c69662f2e
[   74.353509][ T5082] R13: 00007ffcc2233f3f R14: 00007fce40327400 R15: 0000000000022000
[   74.361501][ T5082]  </TASK>
[   74.364532][ T5082] 
[   74.366862][ T5082] Allocated by task 5082:
[   74.371187][ T5082]  kasan_set_track+0x4f/0x70
[   74.375789][ T5082]  __kasan_slab_alloc+0x66/0x70
[   74.380688][ T5082]  slab_post_alloc_hook+0x68/0x3a0
[   74.385819][ T5082]  kmem_cache_alloc+0x11f/0x2e0
[   74.390671][ T5082]  mempool_alloc+0x194/0x580
[   74.395292][ T5082]  __get_metapage+0x574/0x10e0
[   74.400069][ T5082]  ea_get+0xb3f/0x1280
[   74.404149][ T5082]  __jfs_setxattr+0x4ba/0x11d0
[   74.408927][ T5082]  jfs_initxattrs+0x128/0x1d0
[   74.413605][ T5082]  security_inode_init_security+0x2df/0x3f0
[   74.419505][ T5082]  jfs_init_security+0xa9/0x110
[   74.424366][ T5082]  jfs_mkdir+0x2c7/0xbb0
[   74.428617][ T5082]  vfs_mkdir+0x29d/0x450
[   74.432864][ T5082]  do_mkdirat+0x264/0x520
[   74.437193][ T5082]  __x64_sys_mkdir+0x6e/0x80
[   74.441788][ T5082]  do_syscall_64+0x41/0xc0
[   74.446229][ T5082]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.452168][ T5082] 
[   74.454500][ T5082] Freed by task 5074:
[   74.458491][ T5082]  kasan_set_track+0x4f/0x70
[   74.463096][ T5082]  kasan_save_free_info+0x2b/0x40
[   74.468136][ T5082]  ____kasan_slab_free+0xd6/0x120
[   74.473180][ T5082]  kmem_cache_free+0x297/0x520
[   74.477946][ T5082]  metapage_release_folio+0x5cc/0x730
[   74.483417][ T5082]  shrink_folio_list+0x26f1/0x8940
[   74.488540][ T5082]  shrink_lruvec+0x16e6/0x2d30
[   74.493312][ T5082]  shrink_node+0x115c/0x2790
[   74.497913][ T5082]  do_try_to_free_pages+0x67e/0x1900
[   74.503225][ T5082]  try_to_free_mem_cgroup_pages+0x455/0xa50
[   74.509134][ T5082]  try_charge_memcg+0x5de/0x16d0
[   74.514089][ T5082]  mem_cgroup_charge_skmem+0xad/0x2b0
[   74.519486][ T5082]  sock_reserve_memory+0x101/0x610
[   74.524608][ T5082]  sk_setsockopt+0xc8e/0x3430
[   74.529315][ T5082]  __sys_setsockopt+0x47b/0x980
[   74.534171][ T5082]  __x64_sys_setsockopt+0xb5/0xd0
[   74.539200][ T5082]  do_syscall_64+0x41/0xc0
[   74.543626][ T5082]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.549525][ T5082] 
[   74.551858][ T5082] The buggy address belongs to the object at ffff888029b761f0
[   74.551858][ T5082]  which belongs to the cache jfs_mp of size 184
[   74.565481][ T5082] The buggy address is located 40 bytes inside of
[   74.565481][ T5082]  freed 184-byte region [ffff888029b761f0, ffff888029b762a8)
[   74.579200][ T5082] 
[   74.581529][ T5082] The buggy address belongs to the physical page:
[   74.587945][ T5082] page:ffffea0000a6dd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29b76
[   74.598100][ T5082] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   74.605650][ T5082] page_type: 0xffffffff()
[   74.609984][ T5082] raw: 00fff00000000200 ffff888142ae6000 dead000000000122 0000000000000000
[   74.618570][ T5082] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   74.627152][ T5082] page dumped because: kasan: bad access detected
[   74.633559][ T5082] page_owner tracks the page as allocated
[   74.639291][ T5082] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5082, tgid 5073 (syz-executor361), ts 74009954920, free_ts 73972179887
[   74.660846][ T5082]  post_alloc_hook+0x1e6/0x210
[   74.665633][ T5082]  get_page_from_freelist+0x321c/0x33a0
[   74.671198][ T5082]  __alloc_pages+0x255/0x670
[   74.675806][ T5082]  alloc_slab_page+0x6a/0x160
[   74.680493][ T5082]  new_slab+0x84/0x2f0
[   74.684671][ T5082]  ___slab_alloc+0xa85/0x10a0
[   74.689374][ T5082]  kmem_cache_alloc+0x1b9/0x2e0
[   74.694239][ T5082]  mempool_alloc+0x194/0x580
[   74.698839][ T5082]  __get_metapage+0x574/0x10e0
[   74.703622][ T5082]  diNewExt+0xbe0/0x4000
[   74.707870][ T5082]  diAllocAG+0xbe8/0x1e50
[   74.712207][ T5082]  diAlloc+0x3e1/0x1720
[   74.716367][ T5082]  ialloc+0x8f/0x980
[   74.720275][ T5082]  jfs_mkdir+0x1c5/0xbb0
[   74.724534][ T5082]  vfs_mkdir+0x29d/0x450
[   74.728779][ T5082]  do_mkdirat+0x264/0x520
[   74.733112][ T5082] page last free stack trace:
[   74.737780][ T5082]  free_unref_page_prepare+0x903/0xa30
[   74.743259][ T5082]  free_unref_page+0x37/0x3f0
[   74.747945][ T5082]  qlist_free_all+0x22/0x60
[   74.752462][ T5082]  kasan_quarantine_reduce+0x14b/0x160
[   74.757930][ T5082]  __kasan_slab_alloc+0x23/0x70
[   74.762787][ T5082]  slab_post_alloc_hook+0x68/0x3a0
[   74.767926][ T5082]  __kmem_cache_alloc_node+0x14c/0x290
[   74.773385][ T5082]  __kmalloc_node+0xa7/0x230
[   74.777983][ T5082]  kvmalloc_node+0x72/0x180
[   74.782496][ T5082]  seq_read_iter+0x202/0xd10
[   74.787109][ T5082]  vfs_read+0x788/0xb00
[   74.791272][ T5082]  ksys_read+0x1a0/0x2c0
[   74.795526][ T5082]  do_syscall_64+0x41/0xc0
[   74.799954][ T5082]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.805876][ T5082] 
[   74.808215][ T5082] Memory state around the buggy address:
[   74.813843][ T5082]  ffff888029b76100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.822094][ T5082]  ffff888029b76180: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb
[   74.830155][ T5082] >ffff888029b76200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.838226][ T5082]                             ^
[   74.843074][ T5082]  ffff888029b76280: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   74.851134][ T5082]  ffff888029b76300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.859202][ T5082] ==================================================================
[   74.869323][ T5083] find_entry called with index = 0
[   74.889380][ T5081] read_mapping_page failed!
[   74.892571][ T5082] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.892587][ T5082] CPU: 1 PID: 5082 Comm: syz-executor361 Not tainted 6.4.0-rc2-syzkaller-00018-g4d6d4c7f541d #0
[   74.892612][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   74.892624][ T5082] Call Trace:
[   74.892631][ T5082]  <TASK>
[   74.892639][ T5082]  dump_stack_lvl+0x1e7/0x2d0
[   74.892679][ T5082]  ? nf_tcp_handle_invalid+0x650/0x650
[   74.892712][ T5082]  ? panic+0x770/0x770
[   74.892747][ T5082]  ? vscnprintf+0x5d/0x80
[   74.892775][ T5082]  panic+0x30f/0x770
[   74.892797][ T5082]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   74.892826][ T5082]  ? check_panic_on_warn+0x21/0xa0
[   74.892857][ T5082]  ? __memcpy_flushcache+0x2b0/0x2b0
[   74.892885][ T5082]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   74.892908][ T5082]  ? _raw_spin_unlock+0x40/0x40
[   74.892932][ T5082]  check_panic_on_warn+0x82/0xa0
[   74.892961][ T5082]  ? release_metapage+0x5a7/0x870
executing program
[   74.893018][ T5082]  end_report+0x63/0x110
[   74.893046][ T5082]  kasan_report+0x183/0x1b0
[   74.893073][ T5082]  ? release_metapage+0x5a7/0x870
[   74.893108][ T5082]  release_metapage+0x5a7/0x870
[   74.893140][ T5082]  ? __jfs_setxattr+0x75b/0x11d0
[   74.893174][ T5082]  __jfs_setxattr+0xad9/0x11d0
[   74.893216][ T5082]  ? jfs_extendfs+0x1e30/0x1e30
[   74.893251][ T5082]  ? jfs_initxattrs+0x76/0x1d0
[   74.893274][ T5082]  ? jfs_initxattrs+0x76/0x1d0
[   74.893291][ T5082]  ? jfs_initxattrs+0x96/0x1d0
[   74.893313][ T5082]  jfs_initxattrs+0x128/0x1d0
[   74.893335][ T5082]  security_inode_init_security+0x2df/0x3f0
[   74.893362][ T5082]  ? jfs_init_security+0x110/0x110
[   74.893397][ T5082]  ? security_dentry_create_files_as+0xc0/0xc0
[   74.893423][ T5082]  ? __mutex_lock_common+0x42d/0x2530
[   74.893457][ T5082]  ? posix_acl_create+0x162/0x420
[   74.893485][ T5082]  jfs_init_security+0xa9/0x110
[   74.893517][ T5082]  ? __jfs_set_acl+0x1b0/0x1b0
[   74.893536][ T5082]  ? jfs_listxattr+0x810/0x810
[   74.893567][ T5082]  ? txBegin+0x4f9/0x6c0
[   74.893602][ T5082]  jfs_mkdir+0x2c7/0xbb0
[   74.893627][ T5082]  ? smk_access+0x477/0x4b0
[   74.893657][ T5082]  ? jfs_symlink+0x10f0/0x10f0
[   74.893696][ T5082]  ? generic_permission+0x1df/0x550
[   74.893722][ T5082]  ? bpf_lsm_inode_mkdir+0x9/0x10
[   74.893751][ T5082]  ? security_inode_mkdir+0xb8/0x100
[   74.893780][ T5082]  vfs_mkdir+0x29d/0x450
[   74.893807][ T5082]  do_mkdirat+0x264/0x520
[   74.893833][ T5082]  ? vfs_mkdir+0x450/0x450
[   74.893858][ T5082]  ? getname_flags+0x1f0/0x4e0
[   74.893878][ T5082]  ? lockdep_hardirqs_on+0x98/0x140
[   74.893904][ T5082]  __x64_sys_mkdir+0x6e/0x80
[   74.893929][ T5082]  do_syscall_64+0x41/0xc0
[   74.893960][ T5082]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.893984][ T5082] RIP: 0033:0x7fce4779cec9
[   74.894002][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.894019][ T5082] RSP: 002b:00007fce40327318 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
executing program
[   74.894041][ T5082] RAX: ffffffffffffffda RBX: 00007fce478287b8 RCX: 00007fce4779cec9
[   74.894055][ T5082] RDX: 00007fce40327700 RSI: 0000000000000000 RDI: 0000000020000040
[   74.894069][ T5082] RBP: 00007fce478287b0 R08: 00007fce40327700 R09: 0000000000000000
[   74.899395][ T5084] find_entry called with index = 0
[   74.899413][ T5084] find_entry called with index = 0
[   74.901520][ T5081] ERROR: (device loop4): txCommit: 
[   74.901520][ T5081] 
[   74.903810][ T5081] ERROR: (device loop4): remounting filesystem as read-only
[   75.234596][ T5082] R10: 00007fce40327700 R11: 0000000000000246 R12: 0030656c69662f2e
[   75.242615][ T5082] R13: 00007ffcc2233f3f R14: 00007fce40327400 R15: 0000000000022000
[   75.250646][ T5082]  </TASK>
[   75.253986][ T5082] Kernel Offset: disabled
[   75.258340][ T5082] Rebooting in 86400 seconds..