Warning: Permanently added '10.128.0.150' (ED25519) to the list of known hosts.
[ 68.697452][ T5023] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.714956][ T5023] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.722776][ T5023] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.731495][ T5023] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.739604][ T5023] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
executing program
[ 68.747069][ T5023] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.808983][ T5022] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5022 'syz-executor218'
[ 68.861429][ T5022] loop0: detected capacity change from 0 to 8192
[ 68.871989][ T5022] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 68.885237][ T5022] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 68.894784][ T5022] REISERFS (device loop0): using ordered data mode
[ 68.901300][ T5022] reiserfs: using flush barriers
[ 68.907673][ T5022] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 68.924330][ T5022] REISERFS (device loop0): checking transaction log (loop0)
[ 68.971810][ T5022] REISERFS (device loop0): Using r5 hash to sort names
[ 68.980490][ T5022] ==================================================================
[ 68.988593][ T5022] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0x5dc/0x14c0
[ 68.996632][ T5022] Read of size 8 at addr ffff88807424b000 by task syz-executor218/5022
[ 69.004900][ T5022]
[ 69.007255][ T5022] CPU: 0 PID: 5022 Comm: syz-executor218 Not tainted 6.5.0-syzkaller-01207-g1c59d383390f #0
[ 69.017349][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 69.027425][ T5022] Call Trace:
[ 69.030714][ T5022]
[ 69.033647][ T5022] dump_stack_lvl+0x1e7/0x2d0
[ 69.038346][ T5022] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.043831][ T5022] ? panic+0x770/0x770
[ 69.047914][ T5022] ? _printk+0xd5/0x120
[ 69.052077][ T5022] print_report+0x163/0x540
[ 69.056595][ T5022] ? __virt_addr_valid+0x22f/0x2e0
[ 69.061714][ T5022] ? __phys_addr+0xba/0x170
[ 69.066225][ T5022] ? reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.071859][ T5022] kasan_report+0x175/0x1b0
[ 69.076371][ T5022] ? reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.082016][ T5022] kasan_check_range+0x27e/0x290
[ 69.086977][ T5022] reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.092463][ T5022] ? reiserfs_dir_fsync+0x100/0x100
[ 69.097673][ T5022] ? __mutex_trylock_common+0x182/0x2e0
[ 69.103339][ T5022] ? print_irqtrace_events+0x220/0x220
[ 69.108824][ T5022] ? iterate_dir+0xd7/0x580
[ 69.113330][ T5022] ? down_read_killable+0x1d4/0x350
[ 69.118540][ T5022] ? fsnotify_perm+0x420/0x5a0
[ 69.123317][ T5022] iterate_dir+0x1cd/0x580
[ 69.127760][ T5022] __se_sys_getdents64+0x20d/0x4f0
[ 69.132903][ T5022] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 69.138910][ T5022] ? __x64_sys_getdents64+0x80/0x80
[ 69.144125][ T5022] ? filldir+0x6a0/0x6a0
[ 69.148395][ T5022] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.154392][ T5022] ? lockdep_hardirqs_on+0x98/0x140
[ 69.159599][ T5022] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.165590][ T5022] do_syscall_64+0x41/0xc0
[ 69.170027][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.175945][ T5022] RIP: 0033:0x7fe4b6d129b9
[ 69.180386][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 69.200017][ T5022] RSP: 002b:00007fffd098b6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 69.208442][ T5022] RAX: ffffffffffffffda RBX: 00007fe4b6d6709a RCX: 00007fe4b6d129b9
[ 69.216429][ T5022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 69.224409][ T5022] RBP: 00007fffd098b728 R08: 0000555500000000 R09: 0000555500000000
[ 69.232406][ T5022] R10: 0000000000001131 R11: 0000000000000246 R12: 00007fffd098b740
[ 69.240488][ T5022] R13: 00007fe4b6d955b0 R14: 0000000000000000 R15: 00007fffd098b734
[ 69.248576][ T5022]
[ 69.251607][ T5022]
[ 69.253941][ T5022] The buggy address belongs to the physical page:
[ 69.260504][ T5022] page:ffffea0001d092c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7424b
[ 69.270939][ T5022] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 69.278062][ T5022] page_type: 0xffffffff()
[ 69.282416][ T5022] raw: 00fff00000000000 ffffea0001d09308 ffff8880b98431a0 0000000000000000
[ 69.291011][ T5022] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 69.299603][ T5022] page dumped because: kasan: bad access detected
[ 69.306018][ T5022] page_owner tracks the page as freed
[ 69.311408][ T5022] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 16863089212, free_ts 18396190057
[ 69.326347][ T5022] post_alloc_hook+0x1e6/0x210
[ 69.331119][ T5022] split_map_pages+0x24a/0x510
[ 69.335894][ T5022] isolate_freepages_range+0x480/0x4e0
[ 69.341360][ T5022] alloc_contig_range+0x62e/0x9a0
[ 69.346390][ T5022] alloc_contig_pages+0x3f4/0x4f0
[ 69.351420][ T5022] debug_vm_pgtable_alloc_huge_page+0xb9/0x110
[ 69.357604][ T5022] init_args+0x837/0xb10
[ 69.361859][ T5022] debug_vm_pgtable+0xe0/0x4b0
[ 69.366627][ T5022] do_one_initcall+0x23d/0x7d0
[ 69.371408][ T5022] do_initcall_level+0x157/0x210
[ 69.376354][ T5022] do_initcalls+0x3f/0x80
[ 69.380700][ T5022] kernel_init_freeable+0x43b/0x5d0
[ 69.385932][ T5022] kernel_init+0x1d/0x2a0
[ 69.390270][ T5022] ret_from_fork+0x2e/0x60
[ 69.394694][ T5022] ret_from_fork_asm+0x11/0x20
[ 69.399468][ T5022] page last free stack trace:
[ 69.404140][ T5022] free_unref_page_prepare+0x903/0xa30
[ 69.409618][ T5022] free_unref_page+0x37/0x3f0
[ 69.414317][ T5022] free_contig_range+0x9e/0x150
[ 69.419191][ T5022] destroy_args+0x102/0x9a0
[ 69.423705][ T5022] debug_vm_pgtable+0x42a/0x4b0
[ 69.428562][ T5022] do_one_initcall+0x23d/0x7d0
[ 69.433334][ T5022] do_initcall_level+0x157/0x210
[ 69.438277][ T5022] do_initcalls+0x3f/0x80
[ 69.442618][ T5022] kernel_init_freeable+0x43b/0x5d0
[ 69.447822][ T5022] kernel_init+0x1d/0x2a0
[ 69.452154][ T5022] ret_from_fork+0x2e/0x60
[ 69.456583][ T5022] ret_from_fork_asm+0x11/0x20
[ 69.461354][ T5022]
[ 69.463672][ T5022] Memory state around the buggy address:
[ 69.469296][ T5022] ffff88807424af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.477356][ T5022] ffff88807424af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.485415][ T5022] >ffff88807424b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.493559][ T5022] ^
[ 69.497634][ T5022] ffff88807424b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.505708][ T5022] ffff88807424b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.513764][ T5022] ==================================================================
[ 69.522397][ T5022] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.529607][ T5022] CPU: 1 PID: 5022 Comm: syz-executor218 Not tainted 6.5.0-syzkaller-01207-g1c59d383390f #0
[ 69.539672][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 69.549726][ T5022] Call Trace:
[ 69.553007][ T5022]
[ 69.555938][ T5022] dump_stack_lvl+0x1e7/0x2d0
[ 69.560628][ T5022] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.566097][ T5022] ? panic+0x770/0x770
[ 69.570164][ T5022] ? preempt_schedule_common+0x83/0xc0
[ 69.575632][ T5022] ? vscnprintf+0x5d/0x80
[ 69.579963][ T5022] panic+0x30f/0x770
[ 69.583860][ T5022] ? check_panic_on_warn+0x21/0xa0
[ 69.588974][ T5022] ? __memcpy_flushcache+0x2b0/0x2b0
[ 69.594285][ T5022] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 69.600263][ T5022] ? _raw_spin_unlock+0x40/0x40
[ 69.605111][ T5022] ? print_report+0x4fb/0x540
[ 69.609807][ T5022] check_panic_on_warn+0x82/0xa0
[ 69.614752][ T5022] ? reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.620382][ T5022] end_report+0x6e/0x130
[ 69.624631][ T5022] kasan_report+0x186/0x1b0
[ 69.629142][ T5022] ? reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.634780][ T5022] kasan_check_range+0x27e/0x290
[ 69.639732][ T5022] reiserfs_readdir_inode+0x5dc/0x14c0
[ 69.645209][ T5022] ? reiserfs_dir_fsync+0x100/0x100
[ 69.650419][ T5022] ? __mutex_trylock_common+0x182/0x2e0
[ 69.655978][ T5022] ? print_irqtrace_events+0x220/0x220
[ 69.661449][ T5022] ? iterate_dir+0xd7/0x580
[ 69.665954][ T5022] ? down_read_killable+0x1d4/0x350
[ 69.671163][ T5022] ? fsnotify_perm+0x420/0x5a0
[ 69.675940][ T5022] iterate_dir+0x1cd/0x580
[ 69.680359][ T5022] __se_sys_getdents64+0x20d/0x4f0
[ 69.685480][ T5022] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 69.691465][ T5022] ? __x64_sys_getdents64+0x80/0x80
[ 69.696666][ T5022] ? filldir+0x6a0/0x6a0
[ 69.700945][ T5022] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.707011][ T5022] ? lockdep_hardirqs_on+0x98/0x140
[ 69.712209][ T5022] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.718191][ T5022] do_syscall_64+0x41/0xc0
[ 69.722634][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.728563][ T5022] RIP: 0033:0x7fe4b6d129b9
[ 69.732989][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 69.752601][ T5022] RSP: 002b:00007fffd098b6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 69.761018][ T5022] RAX: ffffffffffffffda RBX: 00007fe4b6d6709a RCX: 00007fe4b6d129b9
[ 69.768989][ T5022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 69.776958][ T5022] RBP: 00007fffd098b728 R08: 0000555500000000 R09: 0000555500000000
[ 69.784928][ T5022] R10: 0000000000001131 R11: 0000000000000246 R12: 00007fffd098b740
[ 69.792902][ T5022] R13: 00007fe4b6d955b0 R14: 0000000000000000 R15: 00007fffd098b734
[ 69.800889][ T5022]
[ 69.804183][ T5022] Kernel Offset: disabled
[ 69.808504][ T5022] Rebooting in 86400 seconds..