./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2396628514
<...>
Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts.
execve("./syz-executor2396628514", ["./syz-executor2396628514"], 0x7fff23d8b360 /* 10 vars */) = 0
brk(NULL) = 0x555555ff0000
brk(0x555555ff0c40) = 0x555555ff0c40
arch_prctl(ARCH_SET_FS, 0x555555ff0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2396628514", 4096) = 28
brk(0x555556011c40) = 0x555556011c40
brk(0x555556012000) = 0x555556012000
mprotect(0x7f82b2c0c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5028
mkdir("./syzkaller.8l92En", 0700) = 0
chmod("./syzkaller.8l92En", 0777) = 0
chdir("./syzkaller.8l92En") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ff05d0) = 5029
./strace-static-x86_64: Process 5029 attached
[pid 5029] chdir("./0") = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[pid 5029] close(3) = 0
[pid 5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5029] memfd_create("syzkaller", 0) = 3
[pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82aa750000
[ 73.220004][ T5029] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5029 'syz-executor239'
[pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5029] munmap(0x7f82aa750000, 4194304) = 0
[pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5029] close(3) = 0
[pid 5029] mkdir("./file0", 0777) = 0
[ 73.289917][ T5029] loop0: detected capacity change from 0 to 8192
[ 73.304453][ T5029] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 73.317696][ T5029] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 73.327352][ T5029] REISERFS (device loop0): using ordered data mode
[ 73.334017][ T5029] reiserfs: using flush barriers
[ 73.340404][ T5029] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 73.357125][ T5029] REISERFS (device loop0): checking transaction log (loop0)
[pid 5029] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5029] chdir("./file0") = 0
[pid 5029] ioctl(4, LOOP_CLR_FD) = 0
[pid 5029] close(4) = 0
[pid 5029] open(".", O_RDONLY) = 4
[pid 5029] getdents64(4, NULL /* 0 entries */, 0) = 0
[pid 5029] exit_group(0) = ?
[pid 5029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ff1620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 73.412507][ T5029] REISERFS (device loop0): Using r5 hash to sort names
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ff9660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ff9660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555ff1620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ff05d0) = 5032
./strace-static-x86_64: Process 5032 attached
[pid 5032] chdir("./1") = 0
[pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5032] setpgid(0, 0) = 0
[pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5032] write(3, "1000", 4) = 4
[pid 5032] close(3) = 0
[pid 5032] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5032] memfd_create("syzkaller", 0) = 3
[pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82aa750000
[pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5032] munmap(0x7f82aa750000, 4194304) = 0
[pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5032] close(3) = 0
[pid 5032] mkdir("./file0", 0777) = 0
[ 73.580868][ T5032] loop0: detected capacity change from 0 to 8192
[ 73.592525][ T5032] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 73.605608][ T5032] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 73.615113][ T5032] REISERFS (device loop0): using ordered data mode
[ 73.621624][ T5032] reiserfs: using flush barriers
[ 73.627872][ T5032] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 73.644496][ T5032] REISERFS (device loop0): checking transaction log (loop0)
[pid 5032] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5032] chdir("./file0") = 0
[pid 5032] ioctl(4, LOOP_CLR_FD) = 0
[pid 5032] close(4) = 0
[pid 5032] open(".", O_RDONLY) = 4
[pid 5032] getdents64(4, NULL /* 0 entries */, 0) = 0
[pid 5032] exit_group(0) = ?
[pid 5032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ff1620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 73.710632][ T5032] REISERFS (device loop0): Using r5 hash to sort names
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ff9660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ff9660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555ff1620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ff05d0) = 5034
./strace-static-x86_64: Process 5034 attached
[pid 5034] chdir("./2") = 0
[pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5034] setpgid(0, 0) = 0
[pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5034] write(3, "1000", 4) = 4
[pid 5034] close(3) = 0
[pid 5034] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5034] memfd_create("syzkaller", 0) = 3
[pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82aa750000
[pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5034] munmap(0x7f82aa750000, 4194304) = 0
[pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5034] close(3) = 0
[pid 5034] mkdir("./file0", 0777) = 0
[ 73.877045][ T5034] loop0: detected capacity change from 0 to 8192
[ 73.889153][ T5034] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 73.902197][ T5034] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 73.911409][ T5034] REISERFS (device loop0): using ordered data mode
[ 73.918237][ T5034] reiserfs: using flush barriers
[ 73.924499][ T5034] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 73.940873][ T5034] REISERFS (device loop0): checking transaction log (loop0)
[pid 5034] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5034] chdir("./file0") = 0
[pid 5034] ioctl(4, LOOP_CLR_FD) = 0
[pid 5034] close(4) = 0
[pid 5034] open(".", O_RDONLY) = 4
[ 74.001800][ T5034] REISERFS (device loop0): Using r5 hash to sort names
[ 74.032703][ T5034] ==================================================================
[ 74.040803][ T5034] BUG: KASAN: use-after-free in reiserfs_readdir_inode+0xb0d/0x13b0
[ 74.048838][ T5034] Read of size 8 at addr ffff888072680000 by task syz-executor239/5034
[ 74.057167][ T5034]
[ 74.059489][ T5034] CPU: 1 PID: 5034 Comm: syz-executor239 Not tainted 6.4.0-next-20230707-syzkaller #0
[ 74.069038][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 74.079096][ T5034] Call Trace:
[ 74.082377][ T5034]
[ 74.085317][ T5034] dump_stack_lvl+0xd9/0x150
[ 74.090055][ T5034] print_address_description.constprop.0+0x2c/0x3c0
[ 74.096666][ T5034] kasan_report+0x11d/0x130
[ 74.101191][ T5034] ? reiserfs_readdir_inode+0xb0d/0x13b0
[ 74.106864][ T5034] kasan_check_range+0xf0/0x190
[ 74.111747][ T5034] reiserfs_readdir_inode+0xb0d/0x13b0
[ 74.117253][ T5034] ? reiserfs_dir_fsync+0x140/0x140
[ 74.122484][ T5034] ? lock_sync+0x190/0x190
[ 74.126918][ T5034] ? aa_path_link+0x2f0/0x2f0
[ 74.131619][ T5034] ? down_read_killable+0x14a/0x4f0
[ 74.136841][ T5034] ? down_read+0x480/0x480
[ 74.141276][ T5034] ? fsnotify_perm.part.0+0x248/0x680
[ 74.146680][ T5034] ? apparmor_file_permission+0x278/0x4f0
[ 74.152433][ T5034] iterate_dir+0x5b2/0x750
[ 74.156871][ T5034] __x64_sys_getdents64+0x13e/0x2c0
[ 74.162090][ T5034] ? __ia32_sys_getdents+0x2c0/0x2c0
[ 74.167393][ T5034] ? compat_fillonedir+0x470/0x470
[ 74.172522][ T5034] ? lockdep_hardirqs_on+0x7d/0x100
[ 74.177734][ T5034] ? _raw_spin_unlock_irq+0x2e/0x50
[ 74.182947][ T5034] ? ptrace_notify+0xfe/0x140
[ 74.187636][ T5034] do_syscall_64+0x39/0xb0
[ 74.192065][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.197972][ T5034] RIP: 0033:0x7f82b2b9d939
[ 74.202396][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.222009][ T5034] RSP: 002b:00007fffcd0daae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 74.230429][ T5034] RAX: ffffffffffffffda RBX: 0000000000011efc RCX: 00007f82b2b9d939
[ 74.238425][ T5034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 74.246408][ T5034] RBP: 0000000000000000 R08: 00007fffcd0dab10 R09: 00007fffcd0dab10
[ 74.254383][ T5034] R10: 0000000000001131 R11: 0000000000000246 R12: 00007fffcd0dab0c
[ 74.262361][ T5034] R13: 00007fffcd0dab40 R14: 00007fffcd0dab20 R15: 0000000000000002
[ 74.270347][ T5034]
[ 74.273370][ T5034]
[ 74.275697][ T5034] The buggy address belongs to the physical page:
[ 74.282103][ T5034] page:ffffea0001c9a000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72680
[ 74.292252][ T5034] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 74.299379][ T5034] page_type: 0xffffffff()
[ 74.303750][ T5034] raw: 00fff00000000000 ffffea0001c9a048 ffff8880b9843460 0000000000000000
[ 74.312355][ T5034] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 74.321035][ T5034] page dumped because: kasan: bad access detected
[ 74.327438][ T5034] page_owner tracks the page as freed
[ 74.332792][ T5034] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5030, tgid 5030 (udevd), ts 74034269571, free_ts 74036017218
[ 74.349907][ T5034] post_alloc_hook+0x2db/0x350
[ 74.354689][ T5034] get_page_from_freelist+0xfd9/0x2c40
[ 74.360166][ T5034] __alloc_pages+0x1cb/0x4a0
[ 74.364770][ T5034] __folio_alloc+0x16/0x40
[ 74.369264][ T5034] vma_alloc_folio+0x155/0x880
[ 74.374045][ T5034] shmem_alloc_folio+0x11d/0x1f0
[ 74.379015][ T5034] shmem_alloc_and_acct_folio+0x15e/0x5d0
[ 74.384772][ T5034] shmem_get_folio_gfp+0x9cc/0x1a80
[ 74.389981][ T5034] shmem_write_begin+0x14a/0x380
[ 74.394945][ T5034] generic_perform_write+0x26b/0x5d0
[ 74.400254][ T5034] __generic_file_write_iter+0x1f8/0x240
[ 74.405898][ T5034] generic_file_write_iter+0xe3/0x350
[ 74.411274][ T5034] vfs_write+0x981/0xda0
[ 74.415527][ T5034] ksys_write+0x122/0x250
[ 74.419874][ T5034] do_syscall_64+0x39/0xb0
[ 74.424295][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.430200][ T5034] page last free stack trace:
[ 74.434867][ T5034] free_unref_page_prepare+0x62e/0xcb0
[ 74.440340][ T5034] free_unref_page_list+0xe3/0xa70
[ 74.445460][ T5034] release_pages+0xcd8/0x1380
[ 74.450140][ T5034] __folio_batch_release+0x77/0xe0
[ 74.455265][ T5034] shmem_undo_range+0x583/0x1240
[ 74.460209][ T5034] shmem_evict_inode+0x332/0xb70
[ 74.465187][ T5034] evict+0x2ed/0x6b0
[ 74.469090][ T5034] iput.part.0+0x50a/0x740
[ 74.473515][ T5034] iput+0x5c/0x80
[ 74.477198][ T5034] dentry_unlink_inode+0x2b1/0x460
[ 74.482325][ T5034] __dentry_kill+0x3c0/0x640
[ 74.486919][ T5034] dput+0x6ac/0xe10
[ 74.490868][ T5034] do_renameat2+0xc14/0xd40
[ 74.495396][ T5034] __x64_sys_rename+0x81/0xa0
[ 74.500099][ T5034] do_syscall_64+0x39/0xb0
[ 74.504527][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.510434][ T5034]
[ 74.512772][ T5034] Memory state around the buggy address:
[ 74.518395][ T5034] ffff88807267ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.526450][ T5034] ffff88807267ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.534531][ T5034] >ffff888072680000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.542588][ T5034] ^
[ 74.546648][ T5034] ffff888072680080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.554726][ T5034] ffff888072680100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.562837][ T5034] ==================================================================
[ 74.571307][ T5034] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.578542][ T5034] CPU: 0 PID: 5034 Comm: syz-executor239 Not tainted 6.4.0-next-20230707-syzkaller #0
[ 74.588118][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 74.598179][ T5034] Call Trace:
[ 74.601460][ T5034]
[ 74.604397][ T5034] dump_stack_lvl+0xd9/0x150
[ 74.609025][ T5034] panic+0x686/0x730
[ 74.612942][ T5034] ? panic_smp_self_stop+0xa0/0xa0
[ 74.618093][ T5034] ? preempt_schedule_thunk+0x1a/0x30
[ 74.623491][ T5034] ? preempt_schedule_common+0x45/0xb0
[ 74.629029][ T5034] check_panic_on_warn+0xb1/0xc0
[ 74.634080][ T5034] end_report+0x108/0x150
[ 74.638436][ T5034] kasan_report+0xfa/0x130
[ 74.642912][ T5034] ? reiserfs_readdir_inode+0xb0d/0x13b0
[ 74.648577][ T5034] kasan_check_range+0xf0/0x190
[ 74.653475][ T5034] reiserfs_readdir_inode+0xb0d/0x13b0
[ 74.658972][ T5034] ? reiserfs_dir_fsync+0x140/0x140
[ 74.664209][ T5034] ? lock_sync+0x190/0x190
[ 74.668651][ T5034] ? aa_path_link+0x2f0/0x2f0
[ 74.673363][ T5034] ? down_read_killable+0x14a/0x4f0
[ 74.678763][ T5034] ? down_read+0x480/0x480
[ 74.683213][ T5034] ? fsnotify_perm.part.0+0x248/0x680
[ 74.688620][ T5034] ? apparmor_file_permission+0x278/0x4f0
[ 74.694366][ T5034] iterate_dir+0x5b2/0x750
[ 74.698828][ T5034] __x64_sys_getdents64+0x13e/0x2c0
[ 74.704060][ T5034] ? __ia32_sys_getdents+0x2c0/0x2c0
[ 74.709399][ T5034] ? compat_fillonedir+0x470/0x470
[ 74.714538][ T5034] ? lockdep_hardirqs_on+0x7d/0x100
[ 74.719767][ T5034] ? _raw_spin_unlock_irq+0x2e/0x50
[ 74.724984][ T5034] ? ptrace_notify+0xfe/0x140
[ 74.729678][ T5034] do_syscall_64+0x39/0xb0
[ 74.734147][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.740064][ T5034] RIP: 0033:0x7f82b2b9d939
[ 74.744490][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.764130][ T5034] RSP: 002b:00007fffcd0daae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 74.772559][ T5034] RAX: ffffffffffffffda RBX: 0000000000011efc RCX: 00007f82b2b9d939
[ 74.780536][ T5034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 74.788523][ T5034] RBP: 0000000000000000 R08: 00007fffcd0dab10 R09: 00007fffcd0dab10
[ 74.796506][ T5034] R10: 0000000000001131 R11: 0000000000000246 R12: 00007fffcd0dab0c
[ 74.804505][ T5034] R13: 00007fffcd0dab40 R14: 00007fffcd0dab20 R15: 0000000000000002
[ 74.812494][ T5034]
[ 74.815847][ T5034] Kernel Offset: disabled
[ 74.820195][ T5034] Rebooting in 86400 seconds..