Warning: Permanently added '10.128.1.111' (ECDSA) to the list of known hosts.
[ 51.362789][ T3543] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 51.370955][ T3543] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 51.378282][ T3543] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 51.386033][ T3543] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 51.393723][ T3543] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 51.400959][ T3543] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 51.478296][ T3548] loop0: detected capacity change from 0 to 8192
[ 51.487308][ T3548] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 51.500370][ T3548] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 51.509658][ T3548] REISERFS (device loop0): using ordered data mode
[ 51.516234][ T3548] reiserfs: using flush barriers
[ 51.522081][ T3548] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 51.538582][ T3548] REISERFS (device loop0): checking transaction log (loop0)
[ 51.547582][ T3548] REISERFS (device loop0): Using r5 hash to sort names
[ 51.555223][ T3548] ==================================================================
[ 51.563315][ T3548] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x22d/0x480
[ 51.571722][ T3548] Read of size 250888 at addr ffff88807327e058 by task syz-executor302/3548
[ 51.580364][ T3548]
[ 51.582672][ T3548] CPU: 0 PID: 3548 Comm: syz-executor302 Not tainted 6.1.29-syzkaller #0
[ 51.591056][ T3548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 51.601090][ T3548] Call Trace:
[ 51.604345][ T3548]
[ 51.607255][ T3548] dump_stack_lvl+0x1e3/0x2cb
[ 51.611919][ T3548] ? irq_work_queue+0xcd/0x150
[ 51.616661][ T3548] ? nf_tcp_handle_invalid+0x642/0x642
[ 51.622095][ T3548] ? panic+0x75d/0x75d
[ 51.626146][ T3548] ? _printk+0xd1/0x111
[ 51.630283][ T3548] ? _raw_spin_lock_irqsave+0xac/0x120
[ 51.635724][ T3548] print_report+0x15f/0x4f0
[ 51.640214][ T3548] ? __mutex_lock_common+0x429/0x2520
[ 51.645584][ T3548] ? __virt_addr_valid+0x22b/0x2e0
[ 51.650849][ T3548] ? __phys_addr+0xb6/0x170
[ 51.655333][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 51.661378][ T3548] kasan_report+0x136/0x160
[ 51.665860][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 51.671909][ T3548] kasan_check_range+0x27f/0x290
[ 51.676825][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 51.682873][ T3548] memmove+0x25/0x60
[ 51.686746][ T3548] reiserfs_get_unused_objectid+0x22d/0x480
[ 51.692708][ T3548] reiserfs_new_inode+0x2b8/0x1d90
[ 51.697797][ T3548] ? __mutex_trylock_common+0x17e/0x2e0
[ 51.703322][ T3548] ? reiserfs_write_inode+0x2e0/0x2e0
[ 51.708670][ T3548] ? do_journal_begin_r+0xdc9/0x1020
[ 51.713935][ T3548] ? mb_cache_destroy+0x280/0x280
[ 51.718938][ T3548] ? journal_begin+0x1ef/0x350
[ 51.723674][ T3548] reiserfs_mkdir+0x5ac/0x8f0
[ 51.728327][ T3548] ? reiserfs_symlink+0x720/0x720
[ 51.733331][ T3548] ? rwsem_write_trylock+0x166/0x210
[ 51.738598][ T3548] ? __up_read+0x690/0x690
[ 51.742992][ T3548] reiserfs_xattr_init+0x348/0x730
[ 51.748082][ T3548] reiserfs_fill_super+0x2203/0x2620
[ 51.753350][ T3548] ? reiserfs_kill_sb+0x150/0x150
[ 51.758356][ T3548] ? snprintf+0xd6/0x120
[ 51.762586][ T3548] mount_bdev+0x26d/0x3a0
[ 51.766898][ T3548] ? reiserfs_kill_sb+0x150/0x150
[ 51.771901][ T3548] legacy_get_tree+0xeb/0x180
[ 51.776575][ T3548] ? remove_save_link+0x540/0x540
[ 51.781579][ T3548] vfs_get_tree+0x88/0x270
[ 51.785971][ T3548] do_new_mount+0x28b/0xad0
[ 51.790483][ T3548] ? do_move_mount_old+0x160/0x160
[ 51.795594][ T3548] ? user_path_at_empty+0x12b/0x180
[ 51.800790][ T3548] __se_sys_mount+0x2d5/0x3c0
[ 51.805446][ T3548] ? __x64_sys_mount+0xc0/0xc0
[ 51.810191][ T3548] ? syscall_enter_from_user_mode+0x2e/0x220
[ 51.816153][ T3548] ? lockdep_hardirqs_on+0x94/0x130
[ 51.821325][ T3548] ? __x64_sys_mount+0x1c/0xc0
[ 51.826067][ T3548] do_syscall_64+0x3d/0xb0
[ 51.830474][ T3548] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.836516][ T3548] RIP: 0033:0x7f0c81ee6d9a
[ 51.840909][ T3548] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 f8 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 51.860489][ T3548] RSP: 002b:00007f0c81688078 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 51.868883][ T3548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0c81ee6d9a
[ 51.876831][ T3548] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f0c81688090
[ 51.884777][ T3548] RBP: 0000000000000004 R08: 00007f0c816880d0 R09: 0000000000001132
[ 51.892722][ T3548] R10: 0000000000008008 R11: 0000000000000286 R12: 00007f0c816886b8
[ 51.900666][ T3548] R13: 00007f0c81688090 R14: 00007f0c816880d0 R15: 0000000000008008
[ 51.908650][ T3548]
[ 51.911644][ T3548]
[ 51.913942][ T3548] The buggy address belongs to the physical page:
[ 51.920324][ T3548] page:ffffea0001cc9f80 refcount:3 mapcount:0 mapping:ffff888140d775f8 index:0x10 pfn:0x7327e
[ 51.930533][ T3548] memcg:ffff88813ff70000
[ 51.934747][ T3548] aops:def_blk_aops ino:700000
[ 51.939487][ T3548] flags: 0xfff08000002042(referenced|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[ 51.949194][ T3548] raw: 00fff08000002042 0000000000000000 dead000000000122 ffff888140d775f8
[ 51.957752][ T3548] raw: 0000000000000010 ffff888073b402b8 00000003ffffffff ffff88813ff70000
[ 51.966305][ T3548] page dumped because: kasan: bad access detected
[ 51.972689][ T3548] page_owner tracks the page as allocated
[ 51.978380][ T3548] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3548, tgid 3542 (syz-executor302), ts 51487150241, free_ts 51477328355
[ 51.998934][ T3548] post_alloc_hook+0x18d/0x1b0
[ 52.003684][ T3548] get_page_from_freelist+0x32ed/0x3480
[ 52.009201][ T3548] __alloc_pages+0x28d/0x770
[ 52.013763][ T3548] folio_alloc+0x1a/0x50
[ 52.017982][ T3548] filemap_alloc_folio+0xda/0x4f0
[ 52.022984][ T3548] __filemap_get_folio+0x711/0xe30
[ 52.028069][ T3548] pagecache_get_page+0x28/0x250
[ 52.032985][ T3548] __getblk_gfp+0x211/0xa20
[ 52.037482][ T3548] __bread_gfp+0x2a/0x370
[ 52.041784][ T3548] read_super_block+0x91/0x800
[ 52.046522][ T3548] reiserfs_fill_super+0x90e/0x2620
[ 52.051698][ T3548] mount_bdev+0x26d/0x3a0
[ 52.056030][ T3548] legacy_get_tree+0xeb/0x180
[ 52.060686][ T3548] vfs_get_tree+0x88/0x270
[ 52.065077][ T3548] do_new_mount+0x28b/0xad0
[ 52.069558][ T3548] __se_sys_mount+0x2d5/0x3c0
[ 52.074210][ T3548] page last free stack trace:
[ 52.078870][ T3548] free_unref_page_prepare+0xf63/0x1120
[ 52.084394][ T3548] free_unref_page_list+0x107/0x810
[ 52.089568][ T3548] release_pages+0x2836/0x2b40
[ 52.094308][ T3548] tlb_flush_mmu+0xfc/0x210
[ 52.098790][ T3548] tlb_finish_mmu+0xce/0x1f0
[ 52.103368][ T3548] unmap_region+0x29f/0x2f0
[ 52.107861][ T3548] do_mas_align_munmap+0xe98/0x15e0
[ 52.113039][ T3548] do_mas_munmap+0x246/0x2b0
[ 52.117616][ T3548] __vm_munmap+0x268/0x370
[ 52.122018][ T3548] __x64_sys_munmap+0x5c/0x70
[ 52.126677][ T3548] do_syscall_64+0x3d/0xb0
[ 52.131103][ T3548] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.137011][ T3548]
[ 52.139319][ T3548] Memory state around the buggy address:
[ 52.144950][ T3548] ffff8880732b5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.152986][ T3548] ffff8880732b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.161033][ T3548] >ffff8880732b6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.169079][ T3548] ^
[ 52.173136][ T3548] ffff8880732b6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.181170][ T3548] ffff8880732b6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.189203][ T3548] ==================================================================
[ 52.197688][ T3548] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 52.204894][ T3548] CPU: 0 PID: 3548 Comm: syz-executor302 Not tainted 6.1.29-syzkaller #0
[ 52.213303][ T3548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 52.223345][ T3548] Call Trace:
[ 52.226605][ T3548]
[ 52.229515][ T3548] dump_stack_lvl+0x1e3/0x2cb
[ 52.234178][ T3548] ? nf_tcp_handle_invalid+0x642/0x642
[ 52.239612][ T3548] ? panic+0x75d/0x75d
[ 52.243659][ T3548] ? preempt_schedule_common+0xa6/0xd0
[ 52.249114][ T3548] ? vscnprintf+0x59/0x80
[ 52.253432][ T3548] panic+0x318/0x75d
[ 52.257321][ T3548] ? check_panic_on_warn+0x1d/0xa0
[ 52.262420][ T3548] ? memcpy_page_flushcache+0xfc/0xfc
[ 52.267804][ T3548] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 52.273775][ T3548] ? _raw_spin_unlock+0x40/0x40
[ 52.278608][ T3548] ? print_report+0x4a3/0x4f0
[ 52.283265][ T3548] check_panic_on_warn+0x7e/0xa0
[ 52.288182][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 52.294242][ T3548] end_report+0x66/0x110
[ 52.298469][ T3548] kasan_report+0x143/0x160
[ 52.303011][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 52.309073][ T3548] kasan_check_range+0x27f/0x290
[ 52.314015][ T3548] ? reiserfs_get_unused_objectid+0x22d/0x480
[ 52.320071][ T3548] memmove+0x25/0x60
[ 52.323954][ T3548] reiserfs_get_unused_objectid+0x22d/0x480
[ 52.329843][ T3548] reiserfs_new_inode+0x2b8/0x1d90
[ 52.334950][ T3548] ? __mutex_trylock_common+0x17e/0x2e0
[ 52.340491][ T3548] ? reiserfs_write_inode+0x2e0/0x2e0
[ 52.345855][ T3548] ? do_journal_begin_r+0xdc9/0x1020
[ 52.351136][ T3548] ? mb_cache_destroy+0x280/0x280
[ 52.356155][ T3548] ? journal_begin+0x1ef/0x350
[ 52.360924][ T3548] reiserfs_mkdir+0x5ac/0x8f0
[ 52.365593][ T3548] ? reiserfs_symlink+0x720/0x720
[ 52.370604][ T3548] ? rwsem_write_trylock+0x166/0x210
[ 52.375882][ T3548] ? __up_read+0x690/0x690
[ 52.380286][ T3548] reiserfs_xattr_init+0x348/0x730
[ 52.385386][ T3548] reiserfs_fill_super+0x2203/0x2620
[ 52.390662][ T3548] ? reiserfs_kill_sb+0x150/0x150
[ 52.395676][ T3548] ? snprintf+0xd6/0x120
[ 52.399916][ T3548] mount_bdev+0x26d/0x3a0
[ 52.404234][ T3548] ? reiserfs_kill_sb+0x150/0x150
[ 52.409248][ T3548] legacy_get_tree+0xeb/0x180
[ 52.413922][ T3548] ? remove_save_link+0x540/0x540
[ 52.419042][ T3548] vfs_get_tree+0x88/0x270
[ 52.423468][ T3548] do_new_mount+0x28b/0xad0
[ 52.427970][ T3548] ? do_move_mount_old+0x160/0x160
[ 52.433073][ T3548] ? user_path_at_empty+0x12b/0x180
[ 52.438263][ T3548] __se_sys_mount+0x2d5/0x3c0
[ 52.442933][ T3548] ? __x64_sys_mount+0xc0/0xc0
[ 52.447689][ T3548] ? syscall_enter_from_user_mode+0x2e/0x220
[ 52.453662][ T3548] ? lockdep_hardirqs_on+0x94/0x130
[ 52.458851][ T3548] ? __x64_sys_mount+0x1c/0xc0
[ 52.463607][ T3548] do_syscall_64+0x3d/0xb0
[ 52.468030][ T3548] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.473921][ T3548] RIP: 0033:0x7f0c81ee6d9a
[ 52.478334][ T3548] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 f8 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.497939][ T3548] RSP: 002b:00007f0c81688078 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 52.506347][ T3548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0c81ee6d9a
[ 52.514304][ T3548] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f0c81688090
[ 52.522260][ T3548] RBP: 0000000000000004 R08: 00007f0c816880d0 R09: 0000000000001132
[ 52.530229][ T3548] R10: 0000000000008008 R11: 0000000000000286 R12: 00007f0c816886b8
[ 52.538210][ T3548] R13: 00007f0c81688090 R14: 00007f0c816880d0 R15: 0000000000008008
[ 52.546186][ T3548]
[ 52.549341][ T3548] Kernel Offset: disabled
[ 52.553653][ T3548] Rebooting in 86400 seconds..