./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor436173881

<...>
Warning: Permanently added '10.128.10.17' (ED25519) to the list of known hosts.
execve("./syz-executor436173881", ["./syz-executor436173881"], 0x7fffd5ab6c80 /* 10 vars */) = 0
brk(NULL)                               = 0x555557028000
brk(0x555557028e00)                     = 0x555557028e00
arch_prctl(ARCH_SET_FS, 0x555557028480) = 0
set_tid_address(0x555557028750)         = 5015
set_robust_list(0x555557028760, 24)     = 0
rseq(0x555557028da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor436173881", 4096) = 27
getrandom("\x35\xbe\x8e\x1d\x60\x20\x33\x21", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555557028e00
brk(0x555557049e00)                     = 0x555557049e00
brk(0x55555704a000)                     = 0x55555704a000
mprotect(0x7fada4b4a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fada4aa2a10, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fada4aaa980}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fada4aa2a10, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fada4aaa980}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fad9c699000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7fad9c699000, 4194304)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[   55.957316][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor436'
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   56.002107][ T5015] loop0: detected capacity change from 0 to 8192
[   56.013686][ T5015] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   56.026874][ T5015] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.036201][ T5015] REISERFS (device loop0): using ordered data mode
[   56.042690][ T5015] reiserfs: using flush barriers
[   56.049123][ T5015] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.065635][ T5015] REISERFS (device loop0): checking transaction log (loop0)
[   56.075384][ T5015] REISERFS (device loop0): Using r5 hash to sort names
[   56.082697][ T5015] ==================================================================
[   56.090782][ T5015] BUG: KASAN: use-after-free in strlen+0x58/0x70
[   56.097127][ T5015] Read of size 1 at addr ffff8880731570c4 by task syz-executor436/5015
[   56.105352][ T5015] 
[   56.107665][ T5015] CPU: 1 PID: 5015 Comm: syz-executor436 Not tainted 6.5.0-rc4-syzkaller-00251-gf0ab9f34e59e #0
[   56.118064][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   56.128107][ T5015] Call Trace:
[   56.131377][ T5015]  <TASK>
[   56.134299][ T5015]  dump_stack_lvl+0x1e7/0x2d0
[   56.138974][ T5015]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.144515][ T5015]  ? panic+0x770/0x770
[   56.148578][ T5015]  ? _printk+0xd5/0x120
[   56.152732][ T5015]  print_report+0x163/0x540
[   56.157227][ T5015]  ? __virt_addr_valid+0x22f/0x2e0
[   56.162328][ T5015]  ? __phys_addr+0xba/0x170
[   56.166824][ T5015]  ? strlen+0x58/0x70
[   56.170799][ T5015]  kasan_report+0x175/0x1b0
[   56.175300][ T5015]  ? strlen+0x58/0x70
[   56.179275][ T5015]  strlen+0x58/0x70
[   56.183076][ T5015]  reiserfs_find_entry+0x982/0x19b0
[   56.188292][ T5015]  ? reiserfs_get_parent+0x2d0/0x2d0
[   56.193580][ T5015]  ? mutex_lock_nested+0x1b/0x20
[   56.198529][ T5015]  reiserfs_lookup+0x1e2/0x580
[   56.203296][ T5015]  ? reiserfs_init_priv_inode+0x150/0x150
[   56.209196][ T5015]  ? d_hash_and_lookup+0x1b0/0x1b0
[   56.214301][ T5015]  ? __init_waitqueue_head+0xae/0x150
[   56.219669][ T5015]  __lookup_slow+0x282/0x3e0
[   56.224248][ T5015]  ? lookup_one_len+0x2d0/0x2d0
[   56.229094][ T5015]  lookup_one_len+0x18b/0x2d0
[   56.233763][ T5015]  ? lookup_one_common+0x460/0x460
[   56.238875][ T5015]  reiserfs_lookup_privroot+0x89/0x180
[   56.244342][ T5015]  reiserfs_fill_super+0x195b/0x2620
[   56.249629][ T5015]  ? reiserfs_kill_sb+0x150/0x150
[   56.254649][ T5015]  ? snprintf+0xda/0x120
[   56.258896][ T5015]  ? sb_set_blocksize+0x99/0x100
[   56.263827][ T5015]  mount_bdev+0x276/0x3b0
[   56.268167][ T5015]  ? reiserfs_kill_sb+0x150/0x150
[   56.273189][ T5015]  legacy_get_tree+0xef/0x190
[   56.277870][ T5015]  ? remove_save_link+0x540/0x540
[   56.282887][ T5015]  vfs_get_tree+0x8c/0x270
[   56.287295][ T5015]  do_new_mount+0x28f/0xae0
[   56.291791][ T5015]  ? do_move_mount_old+0x170/0x170
[   56.296894][ T5015]  ? user_path_at_empty+0x12f/0x180
[   56.302082][ T5015]  __se_sys_mount+0x2d9/0x3c0
[   56.306751][ T5015]  ? __x64_sys_mount+0xc0/0xc0
[   56.311596][ T5015]  ? syscall_enter_from_user_mode+0x32/0x230
[   56.317619][ T5015]  ? __x64_sys_mount+0x20/0xc0
[   56.322459][ T5015]  do_syscall_64+0x41/0xc0
[   56.326872][ T5015]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.332761][ T5015] RIP: 0033:0x7fada4ad7c7a
[   56.337166][ T5015] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   56.356909][ T5015] RSP: 002b:00007ffe59121918 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   56.365314][ T5015] RAX: ffffffffffffffda RBX: 00007ffe59121920 RCX: 00007fada4ad7c7a
[   56.373278][ T5015] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffe59121920
[   56.381237][ T5015] RBP: 0000000000000004 R08: 00007ffe59121960 R09: 000000000000111a
[   56.389200][ T5015] R10: 0000000000008001 R11: 0000000000000286 R12: 00007ffe59121960
[   56.397163][ T5015] R13: 0000000000000003 R14: 0000000000400000 R15: 0000000000000001
[   56.405129][ T5015]  </TASK>
[   56.408139][ T5015] 
[   56.410450][ T5015] The buggy address belongs to the physical page:
[   56.416844][ T5015] page:ffffea0001cc55c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x73157
[   56.427069][ T5015] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   56.434168][ T5015] page_type: 0xffffffff()
[   56.438489][ T5015] raw: 00fff00000000000 ffffea0001cc5608 ffff8880b9943020 0000000000000000
[   56.447066][ T5015] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   56.455655][ T5015] page dumped because: kasan: bad access detected
[   56.462051][ T5015] page_owner tracks the page as freed
[   56.467510][ T5015] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4995, tgid 4995 (sshd), ts 48263689800, free_ts 48370941470
[   56.485493][ T5015]  post_alloc_hook+0x1e6/0x210
[   56.490260][ T5015]  get_page_from_freelist+0x31e8/0x3370
[   56.495795][ T5015]  __alloc_pages+0x255/0x670
[   56.500372][ T5015]  __folio_alloc+0x13/0x30
[   56.504774][ T5015]  vma_alloc_folio+0x48a/0x9a0
[   56.509532][ T5015]  handle_mm_fault+0x20c7/0x5410
[   56.514460][ T5015]  exc_page_fault+0x3cf/0x7c0
[   56.519132][ T5015]  asm_exc_page_fault+0x26/0x30
[   56.523976][ T5015] page last free stack trace:
[   56.528719][ T5015]  free_unref_page_prepare+0x903/0xa30
[   56.534164][ T5015]  free_unref_page_list+0x596/0x830
[   56.539474][ T5015]  release_pages+0x2193/0x2470
[   56.544239][ T5015]  tlb_flush_mmu+0x100/0x210
[   56.548816][ T5015]  tlb_finish_mmu+0xd4/0x1f0
[   56.553395][ T5015]  unmap_region+0x258/0x2a0
[   56.557975][ T5015]  do_vmi_align_munmap+0x135d/0x1630
[   56.563254][ T5015]  do_vmi_munmap+0x24d/0x2d0
[   56.567836][ T5015]  __vm_munmap+0x230/0x450
[   56.572238][ T5015]  __x64_sys_munmap+0x69/0x80
[   56.576986][ T5015]  do_syscall_64+0x41/0xc0
[   56.581394][ T5015]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.587279][ T5015] 
[   56.589589][ T5015] Memory state around the buggy address:
[   56.595202][ T5015]  ffff888073156f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.603247][ T5015]  ffff888073157000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.611323][ T5015] >ffff888073157080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.619454][ T5015]                                            ^
[   56.625589][ T5015]  ffff888073157100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.633634][ T5015]  ffff888073157180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.641680][ T5015] ==================================================================
[   56.649967][ T5015] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.657186][ T5015] CPU: 0 PID: 5015 Comm: syz-executor436 Not tainted 6.5.0-rc4-syzkaller-00251-gf0ab9f34e59e #0
[   56.667596][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   56.677635][ T5015] Call Trace:
[   56.680902][ T5015]  <TASK>
[   56.683815][ T5015]  dump_stack_lvl+0x1e7/0x2d0
[   56.688483][ T5015]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.694007][ T5015]  ? panic+0x770/0x770
[   56.698057][ T5015]  ? vscnprintf+0x5d/0x80
[   56.702650][ T5015]  panic+0x30f/0x770
[   56.706597][ T5015]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   56.712738][ T5015]  ? check_panic_on_warn+0x21/0xa0
[   56.717832][ T5015]  ? __memcpy_flushcache+0x2b0/0x2b0
[   56.723101][ T5015]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   56.729070][ T5015]  ? _raw_spin_unlock+0x40/0x40
[   56.733902][ T5015]  check_panic_on_warn+0x82/0xa0
[   56.738820][ T5015]  ? strlen+0x58/0x70
[   56.742783][ T5015]  end_report+0x6e/0x130
[   56.747097][ T5015]  kasan_report+0x186/0x1b0
[   56.752364][ T5015]  ? strlen+0x58/0x70
[   56.756345][ T5015]  strlen+0x58/0x70
[   56.760149][ T5015]  reiserfs_find_entry+0x982/0x19b0
[   56.765349][ T5015]  ? reiserfs_get_parent+0x2d0/0x2d0
[   56.770629][ T5015]  ? mutex_lock_nested+0x1b/0x20
[   56.775555][ T5015]  reiserfs_lookup+0x1e2/0x580
[   56.780317][ T5015]  ? reiserfs_init_priv_inode+0x150/0x150
[   56.786036][ T5015]  ? d_hash_and_lookup+0x1b0/0x1b0
[   56.791147][ T5015]  ? __init_waitqueue_head+0xae/0x150
[   56.796511][ T5015]  __lookup_slow+0x282/0x3e0
[   56.801091][ T5015]  ? lookup_one_len+0x2d0/0x2d0
[   56.805935][ T5015]  lookup_one_len+0x18b/0x2d0
[   56.810602][ T5015]  ? lookup_one_common+0x460/0x460
[   56.815707][ T5015]  reiserfs_lookup_privroot+0x89/0x180
[   56.821167][ T5015]  reiserfs_fill_super+0x195b/0x2620
[   56.826460][ T5015]  ? reiserfs_kill_sb+0x150/0x150
[   56.831479][ T5015]  ? snprintf+0xda/0x120
[   56.835720][ T5015]  ? sb_set_blocksize+0x99/0x100
[   56.840734][ T5015]  mount_bdev+0x276/0x3b0
[   56.845052][ T5015]  ? reiserfs_kill_sb+0x150/0x150
[   56.850070][ T5015]  legacy_get_tree+0xef/0x190
[   56.854736][ T5015]  ? remove_save_link+0x540/0x540
[   56.859754][ T5015]  vfs_get_tree+0x8c/0x270
[   56.864174][ T5015]  do_new_mount+0x28f/0xae0
[   56.868668][ T5015]  ? do_move_mount_old+0x170/0x170
[   56.873769][ T5015]  ? user_path_at_empty+0x12f/0x180
[   56.878960][ T5015]  __se_sys_mount+0x2d9/0x3c0
[   56.883631][ T5015]  ? __x64_sys_mount+0xc0/0xc0
[   56.888386][ T5015]  ? syscall_enter_from_user_mode+0x32/0x230
[   56.894359][ T5015]  ? __x64_sys_mount+0x20/0xc0
[   56.899113][ T5015]  do_syscall_64+0x41/0xc0
[   56.903542][ T5015]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.909426][ T5015] RIP: 0033:0x7fada4ad7c7a
[   56.913846][ T5015] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   56.933696][ T5015] RSP: 002b:00007ffe59121918 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   56.942107][ T5015] RAX: ffffffffffffffda RBX: 00007ffe59121920 RCX: 00007fada4ad7c7a
[   56.950067][ T5015] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffe59121920
[   56.958107][ T5015] RBP: 0000000000000004 R08: 00007ffe59121960 R09: 000000000000111a
[   56.966085][ T5015] R10: 0000000000008001 R11: 0000000000000286 R12: 00007ffe59121960
[   56.974053][ T5015] R13: 0000000000000003 R14: 0000000000400000 R15: 0000000000000001
[   56.982020][ T5015]  </TASK>
[   56.985224][ T5015] Kernel Offset: disabled
[   56.989539][ T5015] Rebooting in 86400 seconds..