Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts.
2023/11/15 23:43:27 ignoring optional flag "sandboxArg"="0"
2023/11/15 23:43:27 parsed 1 programs
2023/11/15 23:43:27 executed programs: 0
[   52.765136][ T2671] loop0: detected capacity change from 0 to 8192
[   52.773381][ T2671] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   52.787461][ T2671] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   52.797715][ T2671] REISERFS (device loop0): using ordered data mode
[   52.804579][ T2671] reiserfs: using flush barriers
[   52.810543][ T2671] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   52.828119][ T2671] REISERFS (device loop0): checking transaction log (loop0)
[   52.836413][ T2671] REISERFS (device loop0): Using r5 hash to sort names
[   52.843674][ T2671] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   52.855744][ T2671] ==================================================================
[   52.864356][ T2671] BUG: KASAN: use-after-free in reiserfs_release_objectid+0x46f/0x850
[   52.873157][ T2671] Read of size 14568 at addr ffff88806c7bd0d0 by task syz-executor.0/2671
[   52.882443][ T2671] 
[   52.884944][ T2671] CPU: 1 PID: 2671 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller #0
[   52.894125][ T2671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   52.905217][ T2671] Call Trace:
[   52.908753][ T2671]  <TASK>
[   52.912115][ T2671]  dump_stack_lvl+0xf8/0x260
[   52.916890][ T2671]  ? nf_tcp_handle_invalid+0x300/0x300
[   52.923234][ T2671]  ? panic+0x500/0x500
[   52.928468][ T2671]  ? _printk+0xce/0x110
[   52.933235][ T2671]  print_report+0x163/0x540
[   52.938136][ T2671]  ? reiserfs_release_objectid+0x46f/0x850
[   52.944218][ T2671]  kasan_report+0x142/0x170
[   52.949555][ T2671]  ? reiserfs_release_objectid+0x46f/0x850
[   52.956782][ T2671]  kasan_check_range+0x27e/0x290
[   52.962504][ T2671]  ? reiserfs_release_objectid+0x46f/0x850
[   52.969355][ T2671]  __asan_memmove+0x29/0x70
[   52.974245][ T2671]  reiserfs_release_objectid+0x46f/0x850
[   52.979968][ T2671]  remove_save_link+0x2e3/0x4f0
[   52.985259][ T2671]  ? add_save_link+0x750/0x750
[   52.990733][ T2671]  reiserfs_evict_inode+0x2ad/0x3a0
[   52.996449][ T2671]  ? entry_points_to_object+0x760/0x760
[   53.002349][ T2671]  ? do_raw_spin_unlock+0x13b/0x8b0
[   53.007846][ T2671]  ? do_raw_spin_unlock+0x13b/0x8b0
[   53.013304][ T2671]  evict+0x263/0x640
[   53.017349][ T2671]  __dentry_kill+0x380/0x5d0
[   53.022131][ T2671]  dentry_kill+0xbb/0x1e0
[   53.026575][ T2671]  ? dput+0x3c/0x2b0
[   53.030647][ T2671]  dput+0x13c/0x2b0
[   53.034881][ T2671]  do_renameat2+0xa53/0xfe0
[   53.039667][ T2671]  ? fsnotify_move+0x410/0x410
[   53.044785][ T2671]  ? __check_object_size+0x371/0x6b0
[   53.050262][ T2671]  ? strncpy_from_user+0x69/0x1b0
[   53.055695][ T2671]  ? getname_flags+0x10f/0x440
[   53.061506][ T2671]  __x64_sys_rename+0x81/0x90
[   53.066444][ T2671]  do_syscall_64+0x45/0xe0
[   53.071029][ T2671]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   53.077131][ T2671] RIP: 0033:0x7ffa2147c859
[   53.081703][ T2671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   53.103265][ T2671] RSP: 002b:00007ffa221cf0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   53.113680][ T2671] RAX: ffffffffffffffda RBX: 00007ffa2159bf80 RCX: 00007ffa2147c859
[   53.122204][ T2671] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000140
[   53.130778][ T2671] RBP: 00007ffa214d8ad0 R08: 0000000000000000 R09: 0000000000000000
[   53.138967][ T2671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   53.147277][ T2671] R13: 0000000000000006 R14: 00007ffa2159bf80 R15: 00007fff3454d7d8
[   53.156277][ T2671]  </TASK>
[   53.159408][ T2671] 
[   53.161898][ T2671] The buggy address belongs to the physical page:
[   53.168775][ T2671] page:ffffea0001b1ef40 refcount:3 mapcount:0 mapping:ffff8880114813f0 index:0x10 pfn:0x6c7bd
[   53.179655][ T2671] memcg:ffff888075a0a000
[   53.184059][ T2671] aops:def_blk_aops ino:700000
[   53.188984][ T2671] flags: 0xfff0000002810c(referenced|uptodate|active|private|mappedtodisk|node=0|zone=1|lastcpupid=0x7ff)
[   53.200764][ T2671] page_type: 0xffffffff()
[   53.205193][ T2671] raw: 00fff0000002810c 0000000000000000 dead000000000122 ffff8880114813f0
[   53.214862][ T2671] raw: 0000000000000010 ffff88806f9ba0e8 00000003ffffffff ffff888075a0a000
[   53.223693][ T2671] page dumped because: kasan: bad access detected
[   53.230442][ T2671] page_owner tracks the page as allocated
[   53.236312][ T2671] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 2671, tgid 2670 (syz-executor.0), ts 52773279857, free_ts 6437857685
[   53.257649][ T2671]  post_alloc_hook+0x10b/0x130
[   53.262585][ T2671]  get_page_from_freelist+0x345c/0x35f0
[   53.268343][ T2671]  __alloc_pages+0x255/0x650
[   53.273636][ T2671]  alloc_pages_mpol+0x27f/0x4d0
[   53.278664][ T2671]  folio_alloc+0xd4/0x220
[   53.283066][ T2671]  filemap_alloc_folio+0xc6/0x3a0
[   53.288205][ T2671]  __filemap_get_folio+0x28f/0x690
[   53.293346][ T2671]  bdev_getblk+0x1b4/0x4d0
[   53.298101][ T2671]  __bread_gfp+0xaa/0x2a0
[   53.302650][ T2671]  read_super_block+0x84/0x700
[   53.307662][ T2671]  reiserfs_fill_super+0xa22/0x2070
[   53.313151][ T2671]  mount_bdev+0x1d6/0x290
[   53.317726][ T2671]  legacy_get_tree+0xe9/0x170
[   53.322831][ T2671]  vfs_get_tree+0x7e/0x190
[   53.327332][ T2671]  do_new_mount+0x1e5/0x930
[   53.332176][ T2671]  __se_sys_mount+0x242/0x2d0
[   53.337198][ T2671] page last free stack trace:
[   53.342222][ T2671]  free_unref_page_prepare+0x7f9/0x910
[   53.348565][ T2671]  free_unref_page+0x37/0x3a0
[   53.353679][ T2671]  free_contig_range+0x91/0x130
[   53.358755][ T2671]  destroy_args+0x72/0x6e0
[   53.363804][ T2671]  debug_vm_pgtable+0x3be/0x5e0
[   53.369184][ T2671]  do_one_initcall+0x192/0x4b0
[   53.373936][ T2671]  do_initcall_level+0x11e/0x1e0
[   53.379022][ T2671]  do_initcalls+0x3e/0x70
[   53.383429][ T2671]  kernel_init_freeable+0x359/0x4b0
[   53.388709][ T2671]  kernel_init+0x18/0x1a0
[   53.393031][ T2671]  ret_from_fork+0x2e/0x60
[   53.397712][ T2671]  ret_from_fork_asm+0x11/0x20
[   53.402952][ T2671] 
[   53.405408][ T2671] Memory state around the buggy address:
[   53.411809][ T2671]  ffff88806c7bff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.421336][ T2671]  ffff88806c7bff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.429597][ T2671] >ffff88806c7c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.438175][ T2671]                    ^
[   53.442229][ T2671]  ffff88806c7c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.450470][ T2671]  ffff88806c7c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.459909][ T2671] ==================================================================
[   53.468965][ T2671] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.477098][ T2671] Kernel Offset: disabled
[   53.481989][ T2671] Rebooting in 86400 seconds..