./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor929994433
<...>
Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
execve("./syz-executor929994433", ["./syz-executor929994433"], 0x7fff3517cd70 /* 10 vars */) = 0
brk(NULL) = 0x555556af4000
brk(0x555556af4e00) = 0x555556af4e00
arch_prctl(ARCH_SET_FS, 0x555556af4480) = 0
set_tid_address(0x555556af4750) = 5025
set_robust_list(0x555556af4760, 24) = 0
rseq(0x555556af4da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor929994433", 4096) = 27
getrandom("\x90\xe0\x1d\x3b\x01\x88\xef\x34", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556af4e00
brk(0x555556b15e00) = 0x555556b15e00
brk(0x555556b16000) = 0x555556b16000
mprotect(0x7f0bcd676000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5025
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5025", 4) = 4
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5025}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5025}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f0bcd5cb220, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0bcd5d3310}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f0bcd5cb220, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0bcd5d3310}, NULL, 8) = 0
mkdir("./syzkaller.cc9laV", 0700) = 0
chmod("./syzkaller.cc9laV", 0777) = 0
chdir("./syzkaller.cc9laV") = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bc51c1000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7f0bc51c1000, 4194304) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.717778][ T5025] syz-executor929[5025]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 56.764991][ T5025] loop0: detected capacity change from 0 to 8192
[ 56.773967][ T5025] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 56.787107][ T5025] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 56.796561][ T5025] REISERFS (device loop0): using ordered data mode
[ 56.803305][ T5025] reiserfs: using flush barriers
[ 56.809287][ T5025] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 56.825850][ T5025] REISERFS (device loop0): checking transaction log (loop0)
[ 56.833796][ T5025] REISERFS (device loop0): Using r5 hash to sort names
[ 56.840984][ T5025] ==================================================================
[ 56.849061][ T5025] BUG: KASAN: use-after-free in reiserfs_get_unused_objectid+0x231/0x490
[ 56.857481][ T5025] Read of size 250888 at addr ffff888075ee9058 by task syz-executor929/5025
[ 56.866140][ T5025]
[ 56.868453][ T5025] CPU: 1 PID: 5025 Comm: syz-executor929 Not tainted 6.5.0-syzkaller-11075-g92901222f83d #0
[ 56.878542][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 56.888587][ T5025] Call Trace:
[ 56.891884][ T5025]
[ 56.894807][ T5025] dump_stack_lvl+0x1e7/0x2d0
[ 56.899490][ T5025] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.904945][ T5025] ? panic+0x770/0x770
[ 56.909096][ T5025] ? _printk+0xd5/0x120
[ 56.913257][ T5025] print_report+0x163/0x540
[ 56.917928][ T5025] ? trace_contention_end+0x3c/0xf0
[ 56.923205][ T5025] ? __virt_addr_valid+0x22f/0x2e0
[ 56.928311][ T5025] ? __phys_addr+0xba/0x170
[ 56.932809][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 56.938870][ T5025] kasan_report+0x175/0x1b0
[ 56.943387][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 56.949470][ T5025] kasan_check_range+0x27e/0x290
[ 56.954424][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 56.960502][ T5025] __asan_memmove+0x29/0x70
[ 56.965027][ T5025] reiserfs_get_unused_objectid+0x231/0x490
[ 56.970920][ T5025] reiserfs_new_inode+0x2bc/0x1d10
[ 56.976031][ T5025] ? __mutex_trylock_common+0x182/0x2e0
[ 56.981939][ T5025] ? __might_sleep+0xc0/0xc0
[ 56.986573][ T5025] ? reiserfs_write_inode+0x2e0/0x2e0
[ 56.991964][ T5025] ? do_journal_begin_r+0xdcd/0x1020
[ 56.997274][ T5025] ? journal_begin+0x1f3/0x360
[ 57.002082][ T5025] reiserfs_mkdir+0x5b0/0x8f0
[ 57.006764][ T5025] ? reiserfs_symlink+0x720/0x720
[ 57.011786][ T5025] ? __down_write_common+0x161/0x200
[ 57.017067][ T5025] ? __up_read+0x690/0x690
[ 57.021474][ T5025] reiserfs_xattr_init+0x323/0x670
[ 57.026595][ T5025] reiserfs_fill_super+0x2207/0x2620
[ 57.032147][ T5025] ? reiserfs_kill_sb+0x150/0x150
[ 57.037246][ T5025] ? __down_write_common+0x161/0x200
[ 57.042549][ T5025] mount_bdev+0x237/0x300
[ 57.046891][ T5025] ? reiserfs_kill_sb+0x150/0x150
[ 57.052010][ T5025] ? get_tree_bdev+0x5b0/0x5b0
[ 57.056768][ T5025] ? vfs_parse_fs_string+0x190/0x230
[ 57.062051][ T5025] ? vfs_parse_fs_param+0x410/0x410
[ 57.067332][ T5025] ? cap_capable+0x1b4/0x240
[ 57.071936][ T5025] legacy_get_tree+0xef/0x190
[ 57.076606][ T5025] ? remove_save_link+0x540/0x540
[ 57.081648][ T5025] vfs_get_tree+0x8c/0x280
[ 57.086058][ T5025] do_new_mount+0x28f/0xae0
[ 57.090563][ T5025] ? do_move_mount_old+0x170/0x170
[ 57.095694][ T5025] ? user_path_at_empty+0x12f/0x180
[ 57.100906][ T5025] __se_sys_mount+0x2d9/0x3c0
[ 57.105673][ T5025] ? __x64_sys_mount+0xc0/0xc0
[ 57.110452][ T5025] ? rcu_is_watching+0x15/0xb0
[ 57.115235][ T5025] ? __x64_sys_mount+0x20/0xc0
[ 57.120017][ T5025] do_syscall_64+0x41/0xc0
[ 57.124447][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.130343][ T5025] RIP: 0033:0x7f0bcd6080ca
[ 57.134760][ T5025] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.154375][ T5025] RSP: 002b:00007ffdd5703148 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 57.162786][ T5025] RAX: ffffffffffffffda RBX: 00007ffdd5703160 RCX: 00007f0bcd6080ca
[ 57.170748][ T5025] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffdd5703160
[ 57.178712][ T5025] RBP: 0000000000000004 R08: 00007ffdd57031a0 R09: 0000000000001132
[ 57.186688][ T5025] R10: 0000000000008008 R11: 0000000000000286 R12: 0000000000008008
[ 57.194652][ T5025] R13: 00007ffdd57031a0 R14: 0000000000000003 R15: 0000000000400000
[ 57.202624][ T5025]
[ 57.205634][ T5025]
[ 57.207985][ T5025] The buggy address belongs to the physical page:
[ 57.214382][ T5025] page:ffffea0001d7ba40 refcount:3 mapcount:0 mapping:ffff88801addcd78 index:0x10 pfn:0x75ee9
[ 57.224717][ T5025] memcg:ffff888015e5a000
[ 57.228952][ T5025] aops:def_blk_aops ino:700000
[ 57.233725][ T5025] flags: 0xfff00000008104(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 57.243100][ T5025] page_type: 0xffffffff()
[ 57.247426][ T5025] raw: 00fff00000008104 0000000000000000 dead000000000122 ffff88801addcd78
[ 57.256084][ T5025] raw: 0000000000000010 ffff888076e04bc8 00000003ffffffff ffff888015e5a000
[ 57.264652][ T5025] page dumped because: kasan: bad access detected
[ 57.271050][ T5025] page_owner tracks the page as allocated
[ 57.276749][ T5025] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5025, tgid 5025 (syz-executor929), ts 56773895243, free_ts 51044933989
[ 57.297321][ T5025] post_alloc_hook+0x1e6/0x210
[ 57.302097][ T5025] get_page_from_freelist+0x31ec/0x3370
[ 57.307644][ T5025] __alloc_pages+0x255/0x670
[ 57.312242][ T5025] folio_alloc+0x1e/0x60
[ 57.316474][ T5025] filemap_alloc_folio+0xde/0x500
[ 57.321491][ T5025] __filemap_get_folio+0x431/0xbb0
[ 57.326591][ T5025] __getblk_gfp+0x218/0x630
[ 57.331083][ T5025] __bread_gfp+0x2e/0x380
[ 57.335400][ T5025] read_super_block+0x91/0x800
[ 57.340382][ T5025] reiserfs_fill_super+0x912/0x2620
[ 57.345574][ T5025] mount_bdev+0x237/0x300
[ 57.349896][ T5025] legacy_get_tree+0xef/0x190
[ 57.354568][ T5025] vfs_get_tree+0x8c/0x280
[ 57.359160][ T5025] do_new_mount+0x28f/0xae0
[ 57.363676][ T5025] __se_sys_mount+0x2d9/0x3c0
[ 57.368351][ T5025] do_syscall_64+0x41/0xc0
[ 57.372765][ T5025] page last free stack trace:
[ 57.377430][ T5025] free_unref_page_prepare+0x8c3/0x9f0
[ 57.382911][ T5025] free_unref_page_list+0x596/0x830
[ 57.388107][ T5025] release_pages+0x2113/0x23f0
[ 57.392859][ T5025] tlb_flush_mmu+0x34c/0x4e0
[ 57.397439][ T5025] tlb_finish_mmu+0xd4/0x1f0
[ 57.402108][ T5025] exit_mmap+0x4d3/0xc50
[ 57.406342][ T5025] __mmput+0x115/0x3c0
[ 57.410398][ T5025] exit_mm+0x21f/0x300
[ 57.414460][ T5025] do_exit+0x612/0x2290
[ 57.418610][ T5025] do_group_exit+0x206/0x2c0
[ 57.423279][ T5025] __x64_sys_exit_group+0x3f/0x40
[ 57.428290][ T5025] do_syscall_64+0x41/0xc0
[ 57.432695][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.438577][ T5025]
[ 57.440886][ T5025] Memory state around the buggy address:
[ 57.446675][ T5025] ffff888075ee9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 57.454722][ T5025] ffff888075ee9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 57.462771][ T5025] >ffff888075eea000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.470815][ T5025] ^
[ 57.474866][ T5025] ffff888075eea080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.482911][ T5025] ffff888075eea100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.491044][ T5025] ==================================================================
[ 57.499388][ T5025] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 57.506605][ T5025] CPU: 0 PID: 5025 Comm: syz-executor929 Not tainted 6.5.0-syzkaller-11075-g92901222f83d #0
[ 57.516659][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 57.526791][ T5025] Call Trace:
[ 57.530152][ T5025]
[ 57.533087][ T5025] dump_stack_lvl+0x1e7/0x2d0
[ 57.537773][ T5025] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.543228][ T5025] ? panic+0x770/0x770
[ 57.547288][ T5025] ? rcu_is_watching+0x15/0xb0
[ 57.552045][ T5025] ? vscnprintf+0x5d/0x80
[ 57.558477][ T5025] panic+0x30f/0x770
[ 57.562380][ T5025] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 57.568546][ T5025] ? check_panic_on_warn+0x21/0xa0
[ 57.573748][ T5025] ? __memcpy_flushcache+0x2b0/0x2b0
[ 57.579037][ T5025] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 57.585028][ T5025] ? _raw_spin_unlock+0x40/0x40
[ 57.589969][ T5025] check_panic_on_warn+0x82/0xa0
[ 57.595091][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 57.601165][ T5025] end_report+0x6e/0x130
[ 57.605853][ T5025] kasan_report+0x186/0x1b0
[ 57.610351][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 57.616417][ T5025] kasan_check_range+0x27e/0x290
[ 57.621354][ T5025] ? reiserfs_get_unused_objectid+0x231/0x490
[ 57.627508][ T5025] __asan_memmove+0x29/0x70
[ 57.632005][ T5025] reiserfs_get_unused_objectid+0x231/0x490
[ 57.638008][ T5025] reiserfs_new_inode+0x2bc/0x1d10
[ 57.644456][ T5025] ? __mutex_trylock_common+0x182/0x2e0
[ 57.650277][ T5025] ? __might_sleep+0xc0/0xc0
[ 57.654896][ T5025] ? reiserfs_write_inode+0x2e0/0x2e0
[ 57.660260][ T5025] ? do_journal_begin_r+0xdcd/0x1020
[ 57.665644][ T5025] ? journal_begin+0x1f3/0x360
[ 57.670397][ T5025] reiserfs_mkdir+0x5b0/0x8f0
[ 57.675073][ T5025] ? reiserfs_symlink+0x720/0x720
[ 57.680092][ T5025] ? __down_write_common+0x161/0x200
[ 57.685461][ T5025] ? __up_read+0x690/0x690
[ 57.690043][ T5025] reiserfs_xattr_init+0x323/0x670
[ 57.695149][ T5025] reiserfs_fill_super+0x2207/0x2620
[ 57.700435][ T5025] ? reiserfs_kill_sb+0x150/0x150
[ 57.705458][ T5025] ? __down_write_common+0x161/0x200
[ 57.710745][ T5025] mount_bdev+0x237/0x300
[ 57.715061][ T5025] ? reiserfs_kill_sb+0x150/0x150
[ 57.720078][ T5025] ? get_tree_bdev+0x5b0/0x5b0
[ 57.724826][ T5025] ? vfs_parse_fs_string+0x190/0x230
[ 57.730106][ T5025] ? vfs_parse_fs_param+0x410/0x410
[ 57.735298][ T5025] ? cap_capable+0x1b4/0x240
[ 57.740145][ T5025] legacy_get_tree+0xef/0x190
[ 57.744813][ T5025] ? remove_save_link+0x540/0x540
[ 57.749834][ T5025] vfs_get_tree+0x8c/0x280
[ 57.754330][ T5025] do_new_mount+0x28f/0xae0
[ 57.758859][ T5025] ? do_move_mount_old+0x170/0x170
[ 57.763961][ T5025] ? user_path_at_empty+0x12f/0x180
[ 57.769150][ T5025] __se_sys_mount+0x2d9/0x3c0
[ 57.773818][ T5025] ? __x64_sys_mount+0xc0/0xc0
[ 57.778569][ T5025] ? rcu_is_watching+0x15/0xb0
[ 57.783321][ T5025] ? __x64_sys_mount+0x20/0xc0
[ 57.788073][ T5025] do_syscall_64+0x41/0xc0
[ 57.792655][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.798574][ T5025] RIP: 0033:0x7f0bcd6080ca
[ 57.803007][ T5025] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.822807][ T5025] RSP: 002b:00007ffdd5703148 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 57.831218][ T5025] RAX: ffffffffffffffda RBX: 00007ffdd5703160 RCX: 00007f0bcd6080ca
[ 57.839182][ T5025] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffdd5703160
[ 57.847144][ T5025] RBP: 0000000000000004 R08: 00007ffdd57031a0 R09: 0000000000001132
[ 57.855106][ T5025] R10: 0000000000008008 R11: 0000000000000286 R12: 0000000000008008
[ 57.863073][ T5025] R13: 00007ffdd57031a0 R14: 0000000000000003 R15: 0000000000400000
[ 57.871044][ T5025]
[ 57.874151][ T5025] Kernel Offset: disabled
[ 57.878550][ T5025] Rebooting in 86400 seconds..