AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCfa+tpvDUOqiQlaZqT1VmS5pJ5t25ofwAAAMDVlVR5XV9WH54BJg/zuS59vWvt4GmV/Xyos9NH5lO62rToxj8BAADgn9fe7rv7Kevpmly2ynq8jz/IfKr3yXn29obfF12+HiSzrLf3f/72zrMkp+fv33attLMbOhIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwnR04FgAAAAAQ5m+dRscGAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//xlp2rg=") creat(&(0x7f0000000000)='./bus\x00', 0x1800000000000000) [ 3328.119428][T26156] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 3328.161624][T26155] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 3328.169561][T26158] REISERFS (device loop5): Using tea hash to sort names [ 3328.170936][T26155] REISERFS (device loop0): using ordered data mode [ 3328.189561][T26155] reiserfs: using flush barriers [ 3328.216792][T26155] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3328.221891][T26158] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 3328.234024][T26149] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "'-%xý ёC!dy:b㥒Bݲh+L/_:"pI[QPҿ;(X2\+V2 NIFAM.IJZu |ok0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001000)={0x9, 0x1, {0x6c9, @struct={0x0, 0x8}, 0x0, 0x4, 0x4, 0x4, 0x3, 0x0, 0x0, @struct={0x8, 0x3}, 0x8, 0x0, [0x3, 0x8001]}, {0x0, @struct, r1, 0x0, 0x9, 0x5, 0x1, 0x1, 0x0, @usage, 0x7fffffff, 0x0, [0x0, 0x0, 0x0, 0x1f, 0x4e6, 0xfffffffffffffffb]}, {0x1, @struct={0x0, 0xcc}, 0x0, 0x0, 0x81, 0x7bcc, 0x6, 0x7, 0x0, @struct={0x200}, 0x0, 0x0, [0x200, 0x0, 0x0, 0x6, 0x0, 0x99f1]}, {0x0, 0x0, 0x2}}) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f00000002c0)={r1, 0x100, 0x1, [0x1, 0x7, 0x6, 0x5, 0x7fffffff], [0x6, 0x4, 0x6, 0x9, 0x8, 0x6, 0x7a, 0x200, 0x100000001, 0x1, 0x6, 0xffffffffffffffff, 0x40, 0x69a, 0x6, 0x3, 0xffffffff, 0x8000, 0x7, 0xb5, 0x7, 0x6, 0x100000000, 0x2, 0x6, 0xd8, 0x2, 0x9, 0x387a, 0x4, 0x3, 0x0, 0x3, 0x5, 0x9, 0x81, 0x81, 0x0, 0x7, 0x698, 0xfff, 0x3, 0x1, 0x4, 0x100000001, 0x8000000000000001, 0x100, 0x8001, 0x4, 0xfffffffffffffe00, 0x1, 0x7ff, 0x8, 0x9, 0xfe, 0x2, 0x1, 0x6, 0xfffffffffffffffa, 0x3ff, 0x3, 0x1, 0x3f, 0x3f, 0x4, 0x472, 0x5, 0x80000000, 0x2, 0x88, 0x119e, 0x7, 0x4, 0x3, 0x20, 0x6, 0xffff, 0x6, 0x6, 0x5, 0x8, 0xff, 0x0, 0x1, 0x4, 0x80, 0x80000000, 0x100000000, 0x100000000, 0x7, 0x8, 0x1, 0x5, 0x8000000000000001, 0x7ff, 0x401, 0x3, 0x7, 0x1, 0x8, 0x800, 0x2, 0x7, 0x9c36, 0x2, 0x6, 0x1ff, 0x100000001, 0x2, 0x100000001, 0x5, 0x0, 0x1, 0x200, 0x3e1a, 0x709, 0x9, 0x7ff, 0xfffffffffffffff7, 0xd2a, 0x6]}) creat(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2007fff) 00:12:16 executing program 4: r0 = syz_mount_image$reiserfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x800c, &(0x7f0000000300)=ANY=[], 0xfd, 0x1116, &(0x7f0000000100)="$eJzs2DFrFEEUB/D/7J0xh8LKpV8sLSREzlpNoXCtrVZKOquktbgPY+N3kVT2Ib0WqSxX9jbrIoRTSbxCfz9YZnjz3s6bciYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQmSZfSrJXJfMhViUpSdOcLs+TNEP83qdJlZKXR8uT58eLFyd9WqqUV0npqlI+PulzF/PF/NH88d7hUPzu6Hg9vrlT0uTs4kZPMctlL5MNSV2Duz+yAQAA4P/RXlv9ext9u/uX9gcAAAB+5WZfEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+XFuP851hUiUpSdOcLs+TNFfU3dpSfwAAAMD1lVR5XV8V758BRg/zuS7rePe1vadVDvKhzmydMh2zq02bblwEAACAf157ez3cT1mN1+SyU1bDffxBpn18MpRMs7/fzy6HfD3slle7Bz//e/YsydnF+7fdV9rJVg4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHd24FgAAAAAQJi/dRodGwAAAAAAAAAAAAAAAAAAAAAAAABnBQAA//9b5dqa") close(r0) creat(&(0x7f0000000000)='./bus\x00', 0x140) [ 3350.174431][T26513] loop5: detected capacity change from 0 to 8192 [ 3350.191269][T26511] reiserfs: using flush barriers [ 3350.211882][T26517] loop1: detected capacity change from 0 to 8192 [ 3350.213537][T26511] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3350.251933][T26513] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 3350.280711][T26517] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 3350.290968][T26513] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 3350.295218][T26517] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 3350.312459][T26517] REISERFS (device loop1): using ordered data mode [ 3350.321537][T26517] reiserfs: using flush barriers [ 3350.330867][T26517] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3350.388073][T26524] loop4: detected capacity change from 0 to 8192 [ 3350.389162][T26511] REISERFS (device loop0): checking transaction log (loop0) [ 3350.396707][T26513] REISERFS (device loop5): using ordered data mode [ 3350.416739][T26517] REISERFS (device loop1): checking transaction log (loop1) [ 3350.427634][T26524] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 3350.437506][T26511] REISERFS (device loop0): Using tea hash to sort names [ 3350.441864][T26513] reiserfs: using flush barriers [ 3350.455200][T26524] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 3350.465804][T26513] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3350.466292][T26517] REISERFS (device loop1): Using tea hash to sort names [ 3350.488630][T26513] REISERFS (device loop5): checking transaction log (loop5) [ 3350.491689][T26511] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 3350.497542][T26524] REISERFS (device loop4): using ordered data mode [ 3350.519428][T26513] REISERFS (device loop5): Using tea hash to sort names [ 3350.522891][T26517] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. 00:12:16 executing program 3: syz_mount_image$reiserfs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x800c, &(0x7f0000000300)=ANY=[], 0xfd, 0x111f, &(0x7f0000002300)="$eJzs2LFuEzEcBvDPl1AagXQo3U8MDAyoKgoz0AGkrKywAOpEp2YCMeRhWNh4EOjEXnWHoU9wKLmmJ6QqgFo6wO8nRXb+/ny2RzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwMEy+lWSrSsarWpWkJE1zOD1O0qzqtz4PqpQ825vOnhxMns66WKqU50lZzEr5+LDLTsaT8f3xg63dO19mb9+9ebm/v3ewHHh1o6TJ0cmlnmKU070M1oQWG9w8SwMAAMD/o72w+vcW+nTzL60PAAAA/MrlviYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Lm27vsbq06VpCRNczg9TtKcM+/aFe0PAAAAuLiSKi/q8+rdM0DvXr7W5azedh5V2cmHOqNlZNinq3WLrh0EAACAf157fdncTpn31+SyUeare/fdDPv6MjnM9nb3/7TJ991kkPnmzs/fHj1OcnTy/vXiV9rBFR0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAf7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAC+CgAA//8sud4B") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000a40)=ANY=[@ANYRES32=r4, @ANYRES8=0x0, @ANYRES32, @ANYRES16=r2, @ANYRES32=r2, @ANYRESOCT=r3, @ANYBLOB="265c375a51dd6e984fce8f35aa96c075b7a81828e19cae434d5987a364b494527514aff7565f8f9989eff71bc0f5e1cdb221cc069e97497303a14bcd228eb3f0981bd1c6a9829f608f227226f10458476d5a0b704f73d9b09077243e32c3c64966b7f87048ae31ebf117f3d51f91ba7edfec2ea21d2382804f40b80f3155de316adc4b150165b76cd5aa00ce32875f610f185f85739dfc791879137b4c7b40f0fec0ee209e144676e71e63c3d74fc465d09f40982fd6c163c833e2a0c13bcb290e5e727197549ecb61473c5ced3d4d7684d79d50ab63ac97ad2228d9245ea6cd2b2716a000a9834983a3090000004374e58bcabab221000000fc00"/262, @ANYRESOCT=r2], 0x2, 0x1c9, &(0x7f0000000300)="$eJzsmb0P0kAYxp+7lg+JMXFxcHGQRIxS2qKGhQETdxPwa5NIJWgBAzUBEgfi4uLoYOLqP+DgwOTg5uaqg5qYOMjoXHPH0Z4FFHRp4vtLuD739d57L/AMAIIg/lu+fP7x6enlWus8gKMoIqfGvxnxGq6t//j84bln9SsvXn14+XZw7NEiGY8BCMP9zzcBvGkYCFQ/DH/dXVTPFnikr4HjrNI3wGApfRsc15X2wHBL6XuaHh5RwvesO0O/c7fne7ZoHNG4oqkm81vOGToA8io/ps2Pp7P7bd/3RkmRCdfnbEwdKv5Uv2WDo67VT7xfN588nov+uja2Vj8HHI7SVTA0la4hB8uy4pJo9z9pxvGNfe6fBnG8nIo0SKRLsOSI+EJHIyeWi3ebu76mJfm/ENK4AGxMvS/8W+SsMoGta2J/YiZwRvMnE2bkH5Wg/6Ayns7KvX6763W9getWL9kXbPuiW5FGtGp/43956U8FLX5mx9osy2LSDoKRMwGCkRP13VWrOW7z9fC73MOl/3GUTq9iiI+KvHZu+xlMvbh8ClUydiZPEARBEARBEARBEARBEARxEKfA5K+g6o+qcAfuVbn6ZwAAAP//7M1pUg==") ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {r3, 0xee00}}, './bus\x00'}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x143042, 0x0) ftruncate(r5, 0x2007fff) [ 3350.541658][T26513] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 3350.557999][T26524] reiserfs: using flush barriers [ 3350.581266][T26524] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3350.617428][T26513] REISERFS warning (device loop5): super-6502 reiserfs_getopt: unknown mount option "'-%xý ёC!dy:b㥒Bݲh+L/_:ϰpI[QPҿ;(X2\+V2 NIFAM.IJZu |ok [ 3350.931310][T26524] dump_stack_lvl+0x1e7/0x2d0 [ 3350.936000][T26524] ? nf_tcp_handle_invalid+0x650/0x650 [ 3350.941456][T26524] ? panic+0x770/0x770 [ 3350.945534][T26524] ? _printk+0xd5/0x120 [ 3350.949687][T26524] print_report+0x163/0x540 [ 3350.954189][T26524] ? __virt_addr_valid+0x22f/0x2e0 [ 3350.959296][T26524] ? __phys_addr+0xba/0x170 [ 3350.963791][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3350.969066][T26524] kasan_report+0x175/0x1b0 [ 3350.973563][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3350.978838][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3350.984113][T26524] kasan_check_range+0x27e/0x290 [ 3350.989045][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3350.994321][T26524] __asan_memmove+0x29/0x70 [ 3350.998823][T26524] leaf_paste_entries+0x963/0x13a0 [ 3351.003931][T26524] balance_leaf+0xbd22/0x12510 [ 3351.008691][T26524] ? is_bpf_text_address+0x26/0x2a0 [ 3351.013955][T26524] ? kernel_text_address+0xa3/0xe0 [ 3351.019062][T26524] ? __kernel_text_address+0xd/0x40 [ 3351.024252][T26524] ? unwind_get_return_address+0x91/0xc0 [ 3351.029878][T26524] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3351.035951][T26524] ? stack_trace_save+0x117/0x1c0 [ 3351.040972][T26524] ? mark_lock+0x9a/0x340 [ 3351.045292][T26524] ? stack_trace_snprint+0xf0/0xf0 [ 3351.050400][T26524] ? do_balance+0x8f0/0x8f0 [ 3351.054894][T26524] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 3351.060866][T26524] ? __stack_depot_save+0x20/0x650 [ 3351.065987][T26524] ? kasan_set_track+0x61/0x70 [ 3351.070742][T26524] ? kasan_set_track+0x4f/0x70 [ 3351.075497][T26524] ? __kasan_kmalloc+0x98/0xb0 [ 3351.080255][T26524] ? __kmalloc+0xb9/0x230 [ 3351.084578][T26524] ? fix_nodes+0x69a8/0x8ce0 [ 3351.089167][T26524] ? reiserfs_paste_into_item+0x654/0x870 [ 3351.094885][T26524] ? reiserfs_add_entry+0x9bc/0xd50 [ 3351.100089][T26524] ? reiserfs_mkdir+0x6c0/0x8f0 [ 3351.104954][T26524] ? reiserfs_xattr_init+0x323/0x670 [ 3351.110287][T26524] ? reiserfs_fill_super+0x2207/0x2620 [ 3351.115741][T26524] ? mount_bdev+0x237/0x300 [ 3351.120234][T26524] ? legacy_get_tree+0xef/0x190 [ 3351.125082][T26524] ? vfs_get_tree+0x8c/0x280 [ 3351.129662][T26524] ? do_new_mount+0x28f/0xae0 [ 3351.134332][T26524] ? __se_sys_mount+0x2d9/0x3c0 [ 3351.139181][T26524] ? do_syscall_64+0x41/0xc0 [ 3351.143763][T26524] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3351.149834][T26524] ? __wake_up+0x1d0/0x1d0 [ 3351.154241][T26524] ? get_parents+0x517/0xfb0 [ 3351.158834][T26524] ? set_parameters+0x8d0/0x8d0 [ 3351.163679][T26524] ? get_neighbors+0x631/0x1010 [ 3351.168527][T26524] ? reiserfs_prepare_for_journal+0x26d/0x280 [ 3351.174591][T26524] ? fix_nodes+0x7b03/0x8ce0 [ 3351.179186][T26524] do_balance+0x30d/0x8f0 [ 3351.183515][T26524] ? get_right_neighbor_position+0x210/0x210 [ 3351.189511][T26524] ? reiserfs_paste_into_item+0x3f3/0x870 [ 3351.195235][T26524] reiserfs_paste_into_item+0x732/0x870 [ 3351.200778][T26524] ? reiserfs_cut_from_item+0x2580/0x2580 [ 3351.206516][T26524] ? reiserfs_get_parent+0x2d0/0x2d0 [ 3351.211796][T26524] ? inode_get_bytes+0x76/0xa0 [ 3351.216558][T26524] ? _find_first_zero_bit+0x65/0x100 [ 3351.221843][T26524] reiserfs_add_entry+0x9bc/0xd50 [ 3351.226870][T26524] ? drop_new_inode+0x60/0x60 [ 3351.231545][T26524] ? do_journal_begin_r+0xdcd/0x1020 [ 3351.237010][T26524] ? journal_begin+0x1f3/0x360 [ 3351.241771][T26524] reiserfs_mkdir+0x6c0/0x8f0 [ 3351.246450][T26524] ? reiserfs_symlink+0x720/0x720 [ 3351.251470][T26524] ? __down_write_common+0x161/0x200 [ 3351.256752][T26524] ? __up_read+0x690/0x690 [ 3351.261183][T26524] reiserfs_xattr_init+0x323/0x670 [ 3351.266297][T26524] reiserfs_fill_super+0x2207/0x2620 [ 3351.271586][T26524] ? reiserfs_kill_sb+0x150/0x150 [ 3351.276610][T26524] ? __down_write_common+0x161/0x200 [ 3351.281892][T26524] mount_bdev+0x237/0x300 [ 3351.286222][T26524] ? reiserfs_kill_sb+0x150/0x150 [ 3351.291242][T26524] ? get_tree_bdev+0x5b0/0x5b0 [ 3351.295997][T26524] ? vfs_parse_fs_string+0x190/0x230 [ 3351.301281][T26524] ? vfs_parse_fs_param+0x410/0x410 [ 3351.306473][T26524] ? cap_capable+0x1b4/0x240 [ 3351.311057][T26524] legacy_get_tree+0xef/0x190 [ 3351.315729][T26524] ? remove_save_link+0x540/0x540 [ 3351.320749][T26524] vfs_get_tree+0x8c/0x280 [ 3351.325160][T26524] do_new_mount+0x28f/0xae0 [ 3351.329674][T26524] ? do_move_mount_old+0x170/0x170 [ 3351.334783][T26524] ? user_path_at_empty+0x12f/0x180 [ 3351.339974][T26524] __se_sys_mount+0x2d9/0x3c0 [ 3351.344646][T26524] ? __x64_sys_mount+0xc0/0xc0 [ 3351.349404][T26524] ? syscall_enter_from_user_mode+0x32/0x230 [ 3351.355394][T26524] ? lockdep_hardirqs_on+0x98/0x140 [ 3351.360598][T26524] ? __x64_sys_mount+0x20/0xc0 [ 3351.365361][T26524] do_syscall_64+0x41/0xc0 [ 3351.369773][T26524] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3351.375659][T26524] RIP: 0033:0x7f52c807e1ea [ 3351.380061][T26524] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 3351.399660][T26524] RSP: 002b:00007f52c8ec2ee8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 3351.408067][T26524] RAX: ffffffffffffffda RBX: 00007f52c8ec2f80 RCX: 00007f52c807e1ea [ 3351.416028][T26524] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f52c8ec2f40 [ 3351.423988][T26524] RBP: 0000000020000080 R08: 00007f52c8ec2f80 R09: 000000000000800c [ 3351.431953][T26524] R10: 000000000000800c R11: 0000000000000202 R12: 0000000020000040 [ 3351.439914][T26524] R13: 00007f52c8ec2f40 R14: 0000000000001116 R15: 0000000020000300 [ 3351.447885][T26524] [ 3351.450902][T26524] [ 3351.453213][T26524] The buggy address belongs to the physical page: [ 3351.459609][T26524] page:ffffea0000f2b180 refcount:2 mapcount:0 mapping:ffff8881488841f8 index:0x213 pfn:0x3cac6 [ 3351.469922][T26524] memcg:ffff888077760000 [ 3351.474148][T26524] aops:def_blk_aops ino:700004 [ 3351.478991][T26524] flags: 0xfff00000008124(referenced|lru|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 3351.488695][T26524] page_type: 0xffffffff() [ 3351.493015][T26524] raw: 00fff00000008124 ffffea0000e69a88 ffff888077b7e030 ffff8881488841f8 [ 3351.501585][T26524] raw: 0000000000000213 ffff88803ad299f8 00000002ffffffff ffff888077760000 [ 3351.510150][T26524] page dumped because: kasan: bad access detected [ 3351.516547][T26524] page_owner tracks the page as allocated [ 3351.522245][T26524] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 26524, tgid 26523 (syz-executor.4), ts 3350825451286, free_ts 3349391106593 [ 3351.543247][T26524] post_alloc_hook+0x1e6/0x210 [ 3351.548011][T26524] get_page_from_freelist+0x31db/0x3360 [ 3351.553555][T26524] __alloc_pages+0x255/0x670 [ 3351.558138][T26524] folio_alloc+0x1e/0x60 [ 3351.562378][T26524] filemap_alloc_folio+0xde/0x500 [ 3351.567400][T26524] __filemap_get_folio+0x431/0xbb0 [ 3351.572501][T26524] __getblk_gfp+0x218/0x630 [ 3351.576994][T26524] search_by_key+0x464/0x4b60 [ 3351.581662][T26524] reiserfs_read_locked_inode+0x240/0x2950 [ 3351.587461][T26524] reiserfs_fill_super+0x1363/0x2620 [ 3351.592741][T26524] mount_bdev+0x237/0x300 [ 3351.597059][T26524] legacy_get_tree+0xef/0x190 [ 3351.601730][T26524] vfs_get_tree+0x8c/0x280 [ 3351.606137][T26524] do_new_mount+0x28f/0xae0 [ 3351.610630][T26524] __se_sys_mount+0x2d9/0x3c0 [ 3351.615295][T26524] do_syscall_64+0x41/0xc0 [ 3351.619697][T26524] page last free stack trace: [ 3351.624355][T26524] free_unref_page_prepare+0x8c3/0x9f0 [ 3351.629806][T26524] free_unref_page_list+0x596/0x830 [ 3351.634993][T26524] release_pages+0x2113/0x23f0 [ 3351.639748][T26524] __folio_batch_release+0x84/0x100 [ 3351.644930][T26524] shmem_undo_range+0x6ad/0x19c0 [ 3351.649861][T26524] shmem_evict_inode+0x29e/0xa80 [ 3351.654797][T26524] evict+0x2a4/0x620 [ 3351.658688][T26524] __dentry_kill+0x436/0x650 [ 3351.663265][T26524] dentry_kill+0xbb/0x290 [ 3351.667585][T26524] dput+0x21e/0x470 [ 3351.671378][T26524] __fput+0x60d/0x910 [ 3351.675348][T26524] task_work_run+0x24a/0x300 [ 3351.679929][T26524] exit_to_user_mode_loop+0xde/0x100 [ 3351.685210][T26524] exit_to_user_mode_prepare+0xb1/0x140 [ 3351.690747][T26524] syscall_exit_to_user_mode+0x64/0x280 [ 3351.696283][T26524] do_syscall_64+0x4d/0xc0 [ 3351.700686][T26524] [ 3351.702995][T26524] Memory state around the buggy address: [ 3351.708609][T26524] ffff88803cac6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3351.716654][T26524] ffff88803cac6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3351.724700][T26524] >ffff88803cac6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3351.732747][T26524] ^ [ 3351.737839][T26524] ffff88803cac7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3351.745890][T26524] ffff88803cac7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3351.753935][T26524] ================================================================== 00:12:18 executing program 0: syz_mount_image$reiserfs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x800c, &(0x7f0000000300)=ANY=[], 0xfd, 0x111f, &(0x7f0000002300)="$eJzs2LFuEzEcBvDPl1AagXQo3U8MDAyoKgoz0AGkrKywAOpEp2YCMeRhWNh4EOjEXnWHoU9wKLmmJ6QqgFo6wO8nRXb+/ny2RzsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwMEy+lWSrSsarWpWkJE1zOD1O0qzqtz4PqpQ825vOnhxMns66WKqU50lZzEr5+LDLTsaT8f3xg63dO19mb9+9ebm/v3ewHHh1o6TJ0cmlnmKU070M1oQWG9w8SwMAAMD/o72w+vcW+nTzL60PAAAA/MrlviYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Lm27vsbq06VpCRNczg9TtKcM+/aFe0PAAAAuLiSKi/q8+rdM0DvXr7W5azedh5V2cmHOqNlZNinq3WLrh0EAACAf157fdncTpn31+SyUeare/fdDPv6MjnM9nb3/7TJ991kkPnmzs/fHj1OcnTy/vXiV9rBFR0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAf7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAC+CgAA//8sud4B") r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x40400, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2900, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r2, r3, 0x3, 0x0) copy_file_range(r1, &(0x7f0000000140)=0x9, r3, 0x0, 0x5, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[], 0x95) creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a404ac, &(0x7f0000001a40)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT, @ANYRESDEC, @ANYBLOB="6c625ae87ec6a2b70738c0c29ef3eb487e1fd790611d1b8aff2aa44fe4bdd1933c0b355ebb53e275cccbfc1e731e2525b40a8e13c49645616f66af80df6dc5df9aee179174b18dd2aee692c07e9892b5e21da6d0a123efd061b70b43aa92fccf24bf926e9c2d16f06547797cfc1473954c3d7ec3a45f3b4e908619a10a2f96f46f7e8993c33ee806e29434480b7557bee774c8f92a759a767858e7db6a52e0788aa24b4367b417d2585022d696dd4a70b30ace66cba3486c8df5cbf437d2ed2266558fabf1a3f0831032a915a1ebc0a0c64e6c8bb03dcd554be5daff61ffb84800000080ffffffffe68f405d77de45267fd2bdb85b53f5427a6cabe1ac2a92b3706c3e2f4c1305c627c1c7dc07e45037d7019c24ac97b7e90032f1734755b39661d9630f9f349e513a3d2b2a981188737cf460f913962f6bcae1bb3af3f813c7e7a34ecbdd9563f8e8fd6e4cecc02f011c412cfe72281743aaf114b61f1c9978357df3930b9303a00800000022867d104c51211b6d713216ca6b37d0968bd101de32f2d78ce06c8771a03c1b88946a67019a8506621f4a033b3d6dbaf4bfef96c6b34e8db8d10b224d96006082b0a3b16df93e46eca3903a6e09c4ac9939f6306f0600004800"/466, @ANYRESOCT, @ANYRESHEX, @ANYRESOCT], 0x1, 0x0, &(0x7f0000000000)) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2007fff) creat(&(0x7f0000000500)='./bus\x00', 0x1007901) [ 3351.823433][T26522] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 3351.835259][T26532] loop3: detected capacity change from 0 to 8192 [ 3351.856296][T26522] REISERFS (device loop2): checking transaction log (loop2) [ 3351.863807][T26524] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 3351.871009][T26524] CPU: 0 PID: 26524 Comm: syz-executor.4 Not tainted 6.6.0-rc3-syzkaller-00025-g50768a425b46 #0 [ 3351.881429][T26524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 3351.891488][T26524] Call Trace: [ 3351.894776][T26524] [ 3351.897714][T26524] dump_stack_lvl+0x1e7/0x2d0 [ 3351.902409][T26524] ? nf_tcp_handle_invalid+0x650/0x650 [ 3351.907869][T26524] ? panic+0x770/0x770 [ 3351.911935][T26524] ? vscnprintf+0x5d/0x80 [ 3351.916291][T26524] panic+0x30f/0x770 [ 3351.920187][T26524] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 3351.926395][T26524] ? check_panic_on_warn+0x21/0xa0 [ 3351.931498][T26524] ? __memcpy_flushcache+0x2b0/0x2b0 [ 3351.936777][T26524] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 3351.942756][T26524] ? _raw_spin_unlock+0x40/0x40 [ 3351.947604][T26524] check_panic_on_warn+0x82/0xa0 [ 3351.952535][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3351.957814][T26524] end_report+0x6e/0x130 [ 3351.962054][T26524] kasan_report+0x186/0x1b0 [ 3351.966552][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3351.971831][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3351.977117][T26524] kasan_check_range+0x27e/0x290 [ 3351.982050][T26524] ? leaf_paste_entries+0x963/0x13a0 [ 3351.987324][T26524] __asan_memmove+0x29/0x70 [ 3351.991830][T26524] leaf_paste_entries+0x963/0x13a0 [ 3351.996940][T26524] balance_leaf+0xbd22/0x12510 [ 3352.001695][T26524] ? is_bpf_text_address+0x26/0x2a0 [ 3352.006885][T26524] ? kernel_text_address+0xa3/0xe0 [ 3352.011989][T26524] ? __kernel_text_address+0xd/0x40 [ 3352.017178][T26524] ? unwind_get_return_address+0x91/0xc0 [ 3352.022803][T26524] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3352.028867][T26524] ? stack_trace_save+0x117/0x1c0 [ 3352.033883][T26524] ? mark_lock+0x9a/0x340 [ 3352.038202][T26524] ? stack_trace_snprint+0xf0/0xf0 [ 3352.043307][T26524] ? do_balance+0x8f0/0x8f0 [ 3352.047807][T26524] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 3352.053777][T26524] ? __stack_depot_save+0x20/0x650 [ 3352.058883][T26524] ? kasan_set_track+0x61/0x70 [ 3352.063641][T26524] ? kasan_set_track+0x4f/0x70 [ 3352.068399][T26524] ? __kasan_kmalloc+0x98/0xb0 [ 3352.073155][T26524] ? __kmalloc+0xb9/0x230 [ 3352.077475][T26524] ? fix_nodes+0x69a8/0x8ce0 [ 3352.082062][T26524] ? reiserfs_paste_into_item+0x654/0x870 [ 3352.087771][T26524] ? reiserfs_add_entry+0x9bc/0xd50 [ 3352.092961][T26524] ? reiserfs_mkdir+0x6c0/0x8f0 [ 3352.097800][T26524] ? reiserfs_xattr_init+0x323/0x670 [ 3352.103079][T26524] ? reiserfs_fill_super+0x2207/0x2620 [ 3352.108528][T26524] ? mount_bdev+0x237/0x300 [ 3352.113023][T26524] ? legacy_get_tree+0xef/0x190 [ 3352.117866][T26524] ? vfs_get_tree+0x8c/0x280 [ 3352.122470][T26524] ? do_new_mount+0x28f/0xae0 [ 3352.127155][T26524] ? __se_sys_mount+0x2d9/0x3c0 [ 3352.132002][T26524] ? do_syscall_64+0x41/0xc0 [ 3352.136582][T26524] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3352.142651][T26524] ? __wake_up+0x1d0/0x1d0 [ 3352.147066][T26524] ? get_parents+0x517/0xfb0 [ 3352.151658][T26524] ? set_parameters+0x8d0/0x8d0 [ 3352.156512][T26524] ? get_neighbors+0x631/0x1010 [ 3352.161369][T26524] ? reiserfs_prepare_for_journal+0x26d/0x280 [ 3352.167435][T26524] ? fix_nodes+0x7b03/0x8ce0 [ 3352.172031][T26524] do_balance+0x30d/0x8f0 [ 3352.176357][T26524] ? get_right_neighbor_position+0x210/0x210 [ 3352.182338][T26524] ? reiserfs_paste_into_item+0x3f3/0x870 [ 3352.188053][T26524] reiserfs_paste_into_item+0x732/0x870 [ 3352.193596][T26524] ? reiserfs_cut_from_item+0x2580/0x2580 [ 3352.199336][T26524] ? reiserfs_get_parent+0x2d0/0x2d0 [ 3352.204612][T26524] ? inode_get_bytes+0x76/0xa0 [ 3352.209374][T26524] ? _find_first_zero_bit+0x65/0x100 [ 3352.214660][T26524] reiserfs_add_entry+0x9bc/0xd50 [ 3352.219687][T26524] ? drop_new_inode+0x60/0x60 [ 3352.224359][T26524] ? do_journal_begin_r+0xdcd/0x1020 [ 3352.229653][T26524] ? journal_begin+0x1f3/0x360 [ 3352.234412][T26524] reiserfs_mkdir+0x6c0/0x8f0 [ 3352.239088][T26524] ? reiserfs_symlink+0x720/0x720 [ 3352.244109][T26524] ? __down_write_common+0x161/0x200 [ 3352.249396][T26524] ? __up_read+0x690/0x690 [ 3352.253832][T26524] reiserfs_xattr_init+0x323/0x670 [ 3352.258952][T26524] reiserfs_fill_super+0x2207/0x2620 [ 3352.264245][T26524] ? reiserfs_kill_sb+0x150/0x150 [ 3352.269273][T26524] ? __down_write_common+0x161/0x200 [ 3352.274557][T26524] mount_bdev+0x237/0x300 [ 3352.278882][T26524] ? reiserfs_kill_sb+0x150/0x150 [ 3352.283903][T26524] ? get_tree_bdev+0x5b0/0x5b0 [ 3352.288658][T26524] ? vfs_parse_fs_string+0x190/0x230 [ 3352.293942][T26524] ? vfs_parse_fs_param+0x410/0x410 [ 3352.299135][T26524] ? cap_capable+0x1b4/0x240 [ 3352.303718][T26524] legacy_get_tree+0xef/0x190 [ 3352.308399][T26524] ? remove_save_link+0x540/0x540 [ 3352.313424][T26524] vfs_get_tree+0x8c/0x280 [ 3352.317837][T26524] do_new_mount+0x28f/0xae0 [ 3352.322336][T26524] ? do_move_mount_old+0x170/0x170 [ 3352.327443][T26524] ? user_path_at_empty+0x12f/0x180 [ 3352.332658][T26524] __se_sys_mount+0x2d9/0x3c0 [ 3352.337334][T26524] ? __x64_sys_mount+0xc0/0xc0 [ 3352.342092][T26524] ? syscall_enter_from_user_mode+0x32/0x230 [ 3352.348069][T26524] ? lockdep_hardirqs_on+0x98/0x140 [ 3352.353264][T26524] ? __x64_sys_mount+0x20/0xc0 [ 3352.358030][T26524] do_syscall_64+0x41/0xc0 [ 3352.362438][T26524] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3352.368325][T26524] RIP: 0033:0x7f52c807e1ea [ 3352.372733][T26524] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 3352.392335][T26524] RSP: 002b:00007f52c8ec2ee8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 3352.400742][T26524] RAX: ffffffffffffffda RBX: 00007f52c8ec2f80 RCX: 00007f52c807e1ea [ 3352.408709][T26524] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f52c8ec2f40 [ 3352.416669][T26524] RBP: 0000000020000080 R08: 00007f52c8ec2f80 R09: 000000000000800c [ 3352.424630][T26524] R10: 000000000000800c R11: 0000000000000202 R12: 0000000020000040 [ 3352.432590][T26524] R13: 00007f52c8ec2f40 R14: 0000000000001116 R15: 0000000020000300 [ 3352.440558][T26524] [ 3352.443767][T26524] Kernel Offset: disabled [ 3352.448078][T26524] Rebooting in 86400 seconds..