./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3145545404
<...>
forked to background, child pid 4642
no interfaces have a carrier
[ 22.770731][ T4643] 8021q: adding VLAN 0 to HW filter on device bond0
[ 22.779690][ T4643] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts.
execve("./syz-executor3145545404", ["./syz-executor3145545404"], 0x7ffe82aff0b0 /* 10 vars */) = 0
brk(NULL) = 0x555556092000
brk(0x555556092c40) = 0x555556092c40
arch_prctl(ARCH_SET_FS, 0x555556092300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3145545404", 4096) = 28
brk(0x5555560b3c40) = 0x5555560b3c40
brk(0x5555560b4000) = 0x5555560b4000
mprotect(0x7f4ed2090000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5063
mkdir("./syzkaller.Ag2cA0", 0700) = 0
chmod("./syzkaller.Ag2cA0", 0777) = 0
chdir("./syzkaller.Ag2cA0") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560925d0) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] chdir("./0") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec9bd2000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5064] munmap(0x7f4ec9bd2000, 4194304) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file0", 0777) = 0
syzkaller login: [ 42.256407][ T5064] loop0: detected capacity change from 0 to 8192
[ 42.267432][ T5064] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 42.280807][ T5064] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 42.290072][ T5064] REISERFS (device loop0): using ordered data mode
[ 42.296558][ T5064] reiserfs: using flush barriers
[ 42.302568][ T5064] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 42.319069][ T5064] REISERFS (device loop0): checking transaction log (loop0)
[pid 5064] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./file0") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] creat("./file0", 000) = 4
[pid 5064] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3617}], 1) = 3617
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5064] dup2(5, 4) = 4
[pid 5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOFOLLOW|FASYNC, 000) = 6
[pid 5064] ftruncate(6, 33587195) = 0
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556093620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 42.354715][ T5064] REISERFS (device loop0): Using r5 hash to sort names
[ 42.362408][ T5064] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555609b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555609b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556093620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560925d0) = 5067
./strace-static-x86_64: Process 5067 attached
[pid 5067] chdir("./1") = 0
[pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5067] setpgid(0, 0) = 0
[pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5067] write(3, "1000", 4) = 4
[pid 5067] close(3) = 0
[pid 5067] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5067] memfd_create("syzkaller", 0) = 3
[pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec9bd2000
[pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5067] munmap(0x7f4ec9bd2000, 4194304) = 0
[pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5067] close(3) = 0
[pid 5067] mkdir("./file0", 0777) = 0
[ 42.482162][ T5067] loop0: detected capacity change from 0 to 8192
[ 42.492345][ T5067] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 42.505380][ T5067] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 42.514708][ T5067] REISERFS (device loop0): using ordered data mode
[ 42.521273][ T5067] reiserfs: using flush barriers
[ 42.526832][ T5067] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 42.543417][ T5067] REISERFS (device loop0): checking transaction log (loop0)
[pid 5067] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5067] chdir("./file0") = 0
[pid 5067] ioctl(4, LOOP_CLR_FD) = 0
[pid 5067] close(4) = 0
[pid 5067] creat("./file0", 000) = 4
[pid 5067] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3617}], 1) = 3617
[pid 5067] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5067] dup2(5, 4) = 4
[pid 5067] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOFOLLOW|FASYNC, 000) = 6
[ 42.577249][ T5067] REISERFS (device loop0): Using r5 hash to sort names
[ 42.584347][ T5067] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 42.607301][ T5067] ==================================================================
[ 42.615394][ T5067] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0xa2d/0xc30
[ 42.623120][ T5067] Read of size 104 at addr ffff888071e4bfd8 by task syz-executor314/5067
[ 42.631515][ T5067]
[ 42.633825][ T5067] CPU: 1 PID: 5067 Comm: syz-executor314 Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0
[ 42.644216][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 42.654256][ T5067] Call Trace:
[ 42.657521][ T5067]
[ 42.660436][ T5067] dump_stack_lvl+0xd1/0x138
[ 42.665027][ T5067] print_report+0x15e/0x45d
[ 42.669535][ T5067] ? __phys_addr+0xc8/0x140
[ 42.674028][ T5067] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 42.679389][ T5067] kasan_report+0xbf/0x1f0
[ 42.683791][ T5067] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 42.689151][ T5067] kasan_check_range+0x141/0x190
[ 42.694076][ T5067] memcpy+0x24/0x60
[ 42.697947][ T5067] leaf_paste_in_buffer+0xa2d/0xc30
[ 42.703139][ T5067] leaf_copy_dir_entries.isra.0+0x7f3/0x980
[ 42.709028][ T5067] ? leaf_paste_entries+0x910/0x910
[ 42.714214][ T5067] ? lock_release+0x810/0x810
[ 42.718883][ T5067] leaf_move_items+0x16d2/0x3ad0
[ 42.723808][ T5067] ? rcu_read_lock_sched_held+0x3e/0x70
[ 42.729346][ T5067] ? trace_contention_end+0x153/0x1e0
[ 42.734713][ T5067] ? leaf_copy_dir_entries.isra.0+0x980/0x980
[ 42.740773][ T5067] ? __mutex_lock+0x231/0x1360
[ 42.745544][ T5067] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 42.751105][ T5067] leaf_shift_left+0xa4/0x380
[ 42.755783][ T5067] balance_leaf+0x3337/0xde40
[ 42.760479][ T5067] ? reiserfs_prepare_for_journal+0x162/0x2b0
[ 42.766540][ T5067] ? fix_nodes+0x14cf/0x8660
[ 42.771118][ T5067] ? replace_key+0x170/0x170
[ 42.775734][ T5067] do_balance+0x319/0x810
[ 42.780056][ T5067] ? get_right_neighbor_position+0x170/0x170
[ 42.786025][ T5067] ? wait_for_completion_io_timeout+0x20/0x20
[ 42.792090][ T5067] ? folio_flags.constprop.0+0x53/0x150
[ 42.797627][ T5067] reiserfs_insert_item+0xdb2/0x11b0
[ 42.802905][ T5067] ? reiserfs_paste_into_item+0x8e0/0x8e0
[ 42.808643][ T5067] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[ 42.814816][ T5067] ? journal_begin+0x214/0x400
[ 42.819569][ T5067] reiserfs_get_block+0x1b23/0x4150
[ 42.824757][ T5067] ? reiserfs_commit_write+0x6f0/0x6f0
[ 42.830203][ T5067] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 42.836186][ T5067] ? create_page_buffers+0x440/0x640
[ 42.841462][ T5067] ? do_raw_spin_unlock+0x175/0x230
[ 42.846647][ T5067] __block_write_begin_int+0x3bd/0x14b0
[ 42.852178][ T5067] ? reiserfs_commit_write+0x6f0/0x6f0
[ 42.857629][ T5067] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 42.863184][ T5067] ? PageHeadHuge+0x1a2/0x200
[ 42.867849][ T5067] reiserfs_write_begin+0x36e/0xa60
[ 42.873035][ T5067] generic_cont_expand_simple+0x117/0x1f0
[ 42.878747][ T5067] ? end_bio_bh_io_sync+0x130/0x130
[ 42.883941][ T5067] ? setattr_prepare+0x13c/0xc30
[ 42.888873][ T5067] reiserfs_setattr+0x39a/0x1460
[ 42.893811][ T5067] ? reiserfs_new_inode+0x2190/0x2190
[ 42.899194][ T5067] ? current_time+0x1fe/0x2c0
[ 42.903864][ T5067] ? evm_inode_setattr+0x7e/0x710
[ 42.908875][ T5067] ? mode_strip_sgid+0x210/0x210
[ 42.913800][ T5067] ? reiserfs_new_inode+0x2190/0x2190
[ 42.919157][ T5067] notify_change+0xca7/0x1420
[ 42.923835][ T5067] ? do_truncate+0x143/0x200
[ 42.928420][ T5067] do_truncate+0x143/0x200
[ 42.932831][ T5067] ? file_open_root+0x430/0x430
[ 42.937696][ T5067] do_sys_ftruncate+0x51f/0x710
[ 42.942564][ T5067] do_syscall_64+0x39/0xb0
[ 42.946980][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.952890][ T5067] RIP: 0033:0x7f4ed201fa09
[ 42.957292][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.976909][ T5067] RSP: 002b:00007ffe38d5a2d8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 42.985305][ T5067] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f4ed201fa09
[ 42.993292][ T5067] RDX: 00007f4ed201fa09 RSI: 0000000002007ffb RDI: 0000000000000006
[ 43.001265][ T5067] RBP: 0000000000000000 R08: 00007ffe38d5a300 R09: 00007ffe38d5a300
[ 43.009237][ T5067] R10: 00007ffe38d5a300 R11: 0000000000000246 R12: 00007ffe38d5a2fc
[ 43.017193][ T5067] R13: 00007ffe38d5a330 R14: 00007ffe38d5a310 R15: 0000000000000001
[ 43.025158][ T5067]
[ 43.028166][ T5067]
[ 43.030475][ T5067] The buggy address belongs to the physical page:
[ 43.036863][ T5067] page:ffffea0001c792c0 refcount:2 mapcount:0 mapping:ffff888144c49df8 index:0x213 pfn:0x71e4b
[ 43.047167][ T5067] memcg:ffff88813ff40000
[ 43.051386][ T5067] aops:def_blk_aops ino:700000
[ 43.056139][ T5067] flags: 0xfff00000002032(referenced|lru|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 43.065850][ T5067] raw: 00fff00000002032 ffffea0001c79288 ffffea00006fec48 ffff888144c49df8
[ 43.074433][ T5067] raw: 0000000000000213 ffff8880728d5658 00000002ffffffff ffff88813ff40000
[ 43.083264][ T5067] page dumped because: kasan: bad access detected
[ 43.089658][ T5067] page_owner tracks the page as allocated
[ 43.095351][ T5067] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5067, tgid 5067 (syz-executor314), ts 42577079040, free_ts 9666845253
[ 43.115847][ T5067] get_page_from_freelist+0x119c/0x2ce0
[ 43.121392][ T5067] __alloc_pages+0x1cb/0x5b0
[ 43.125989][ T5067] alloc_pages+0x1aa/0x270
[ 43.130392][ T5067] folio_alloc+0x20/0x70
[ 43.134639][ T5067] filemap_alloc_folio+0x362/0x450
[ 43.139739][ T5067] __filemap_get_folio+0x32c/0xd80
[ 43.144838][ T5067] pagecache_get_page+0x2e/0x280
[ 43.149761][ T5067] __getblk_slow+0x1f4/0x1030
[ 43.154437][ T5067] __getblk_gfp+0x72/0x80
[ 43.158748][ T5067] search_by_key+0x3ac/0x3bf0
[ 43.163435][ T5067] reiserfs_read_locked_inode+0x158/0x2160
[ 43.169233][ T5067] reiserfs_fill_super+0x1273/0x2e90
[ 43.174527][ T5067] mount_bdev+0x351/0x410
[ 43.178848][ T5067] legacy_get_tree+0x109/0x220
[ 43.183602][ T5067] vfs_get_tree+0x8d/0x2f0
[ 43.188007][ T5067] path_mount+0x132a/0x1e20
[ 43.192512][ T5067] page last free stack trace:
[ 43.197177][ T5067] free_pcp_prepare+0x65c/0xc00
[ 43.202013][ T5067] free_unref_page+0x1d/0x490
[ 43.206678][ T5067] free_contig_range+0xb5/0x180
[ 43.211536][ T5067] destroy_args+0xa8/0x64c
[ 43.215945][ T5067] debug_vm_pgtable+0x28de/0x296f
[ 43.220977][ T5067] do_one_initcall+0x141/0x790
[ 43.225748][ T5067] kernel_init_freeable+0x6f9/0x782
[ 43.230935][ T5067] kernel_init+0x1e/0x1d0
[ 43.235262][ T5067] ret_from_fork+0x1f/0x30
[ 43.239712][ T5067]
[ 43.242020][ T5067] Memory state around the buggy address:
[ 43.247629][ T5067] ffff888071e4bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.255670][ T5067] ffff888071e4bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.263726][ T5067] >ffff888071e4c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.271775][ T5067] ^
[ 43.275823][ T5067] ffff888071e4c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.283872][ T5067] ffff888071e4c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.291925][ T5067] ==================================================================
[ 43.300477][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 43.307669][ T5067] CPU: 1 PID: 5067 Comm: syz-executor314 Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0
[ 43.318061][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 43.328110][ T5067] Call Trace:
[ 43.331401][ T5067]
[ 43.334316][ T5067] dump_stack_lvl+0xd1/0x138
[ 43.338894][ T5067] panic+0x2cc/0x626
[ 43.342777][ T5067] ? panic_print_sys_info.part.0+0x110/0x110
[ 43.348757][ T5067] ? preempt_schedule_thunk+0x1a/0x20
[ 43.354149][ T5067] ? preempt_schedule_common+0x59/0xc0
[ 43.359597][ T5067] check_panic_on_warn.cold+0x19/0x35
[ 43.364957][ T5067] end_report.part.0+0x36/0x73
[ 43.369710][ T5067] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 43.375069][ T5067] kasan_report.cold+0xa/0xf
[ 43.379661][ T5067] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 43.385047][ T5067] kasan_check_range+0x141/0x190
[ 43.389991][ T5067] memcpy+0x24/0x60
[ 43.393816][ T5067] leaf_paste_in_buffer+0xa2d/0xc30
[ 43.399039][ T5067] leaf_copy_dir_entries.isra.0+0x7f3/0x980
[ 43.404947][ T5067] ? leaf_paste_entries+0x910/0x910
[ 43.410141][ T5067] ? lock_release+0x810/0x810
[ 43.414811][ T5067] leaf_move_items+0x16d2/0x3ad0
[ 43.419748][ T5067] ? rcu_read_lock_sched_held+0x3e/0x70
[ 43.425295][ T5067] ? trace_contention_end+0x153/0x1e0
[ 43.430830][ T5067] ? leaf_copy_dir_entries.isra.0+0x980/0x980
[ 43.436889][ T5067] ? __mutex_lock+0x231/0x1360
[ 43.441669][ T5067] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 43.447215][ T5067] leaf_shift_left+0xa4/0x380
[ 43.451890][ T5067] balance_leaf+0x3337/0xde40
[ 43.456586][ T5067] ? reiserfs_prepare_for_journal+0x162/0x2b0
[ 43.462663][ T5067] ? fix_nodes+0x14cf/0x8660
[ 43.467247][ T5067] ? replace_key+0x170/0x170
[ 43.471849][ T5067] do_balance+0x319/0x810
[ 43.476178][ T5067] ? get_right_neighbor_position+0x170/0x170
[ 43.482176][ T5067] ? wait_for_completion_io_timeout+0x20/0x20
[ 43.488237][ T5067] ? folio_flags.constprop.0+0x53/0x150
[ 43.493771][ T5067] reiserfs_insert_item+0xdb2/0x11b0
[ 43.499047][ T5067] ? reiserfs_paste_into_item+0x8e0/0x8e0
[ 43.504781][ T5067] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[ 43.510929][ T5067] ? journal_begin+0x214/0x400
[ 43.515699][ T5067] reiserfs_get_block+0x1b23/0x4150
[ 43.520887][ T5067] ? reiserfs_commit_write+0x6f0/0x6f0
[ 43.526330][ T5067] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 43.532305][ T5067] ? create_page_buffers+0x440/0x640
[ 43.537578][ T5067] ? do_raw_spin_unlock+0x175/0x230
[ 43.542760][ T5067] __block_write_begin_int+0x3bd/0x14b0
[ 43.548294][ T5067] ? reiserfs_commit_write+0x6f0/0x6f0
[ 43.553763][ T5067] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 43.559312][ T5067] ? PageHeadHuge+0x1a2/0x200
[ 43.563992][ T5067] reiserfs_write_begin+0x36e/0xa60
[ 43.569215][ T5067] generic_cont_expand_simple+0x117/0x1f0
[ 43.574949][ T5067] ? end_bio_bh_io_sync+0x130/0x130
[ 43.580159][ T5067] ? setattr_prepare+0x13c/0xc30
[ 43.585101][ T5067] reiserfs_setattr+0x39a/0x1460
[ 43.590040][ T5067] ? reiserfs_new_inode+0x2190/0x2190
[ 43.595419][ T5067] ? current_time+0x1fe/0x2c0
[ 43.600087][ T5067] ? evm_inode_setattr+0x7e/0x710
[ 43.605099][ T5067] ? mode_strip_sgid+0x210/0x210
[ 43.610028][ T5067] ? reiserfs_new_inode+0x2190/0x2190
[ 43.615386][ T5067] notify_change+0xca7/0x1420
[ 43.620055][ T5067] ? do_truncate+0x143/0x200
[ 43.624638][ T5067] do_truncate+0x143/0x200
[ 43.629063][ T5067] ? file_open_root+0x430/0x430
[ 43.633908][ T5067] do_sys_ftruncate+0x51f/0x710
[ 43.638751][ T5067] do_syscall_64+0x39/0xb0
[ 43.643165][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.649052][ T5067] RIP: 0033:0x7f4ed201fa09
[ 43.653458][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.673055][ T5067] RSP: 002b:00007ffe38d5a2d8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 43.681464][ T5067] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f4ed201fa09
[ 43.689437][ T5067] RDX: 00007f4ed201fa09 RSI: 0000000002007ffb RDI: 0000000000000006
[ 43.697467][ T5067] RBP: 0000000000000000 R08: 00007ffe38d5a300 R09: 00007ffe38d5a300
[ 43.705425][ T5067] R10: 00007ffe38d5a300 R11: 0000000000000246 R12: 00007ffe38d5a2fc
[ 43.713394][ T5067] R13: 00007ffe38d5a330 R14: 00007ffe38d5a310 R15: 0000000000000001
[ 43.721388][ T5067]
[ 43.725407][ T5067] Kernel Offset: disabled
[ 43.729721][ T5067] Rebooting in 86400 seconds..