./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor942878626
<...>
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
execve("./syz-executor942878626", ["./syz-executor942878626"], 0x7ffd90002310 /* 10 vars */) = 0
brk(NULL) = 0x55555718e000
brk(0x55555718ec40) = 0x55555718ec40
arch_prctl(ARCH_SET_FS, 0x55555718e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor942878626", 4096) = 27
brk(0x5555571afc40) = 0x5555571afc40
brk(0x5555571b0000) = 0x5555571b0000
mprotect(0x7f0deeac5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5068
mkdir("./syzkaller.nEu6mr", 0700) = 0
chmod("./syzkaller.nEu6mr", 0777) = 0
chdir("./syzkaller.nEu6mr") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555718e5d0) = 5069
./strace-static-x86_64: Process 5069 attached
[pid 5069] chdir("./0") = 0
[pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5069] setpgid(0, 0) = 0
[pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5069] write(3, "1000", 4) = 4
[pid 5069] close(3) = 0
[pid 5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5069] memfd_create("syzkaller", 0) = 3
[pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0de6609000
[pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5069] munmap(0x7f0de6609000, 4194304) = 0
[pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5069] close(3) = 0
[pid 5069] mkdir("./file0", 0777) = 0
syzkaller login: [ 67.753689][ T5069] loop0: detected capacity change from 0 to 8192
[ 67.767278][ T5069] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 67.780492][ T5069] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 67.790285][ T5069] REISERFS (device loop0): using ordered data mode
[ 67.797060][ T5069] reiserfs: using flush barriers
[pid 5069] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5069] chdir("./file0") = 0
[pid 5069] ioctl(4, LOOP_CLR_FD) = 0
[pid 5069] close(4) = 0
[pid 5069] exit_group(0) = ?
[pid 5069] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555718f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557197660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557197660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555718f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 67.803567][ T5069] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 67.820538][ T5069] REISERFS (device loop0): checking transaction log (loop0)
[ 67.830666][ T5069] REISERFS (device loop0): Using r5 hash to sort names
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555718e5d0) = 5072
./strace-static-x86_64: Process 5072 attached
[pid 5072] chdir("./1") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0de6609000
[pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5072] munmap(0x7f0de6609000, 4194304) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./file0", 0777) = 0
[ 67.974681][ T5072] loop0: detected capacity change from 0 to 8192
[ 67.986687][ T5072] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 67.999798][ T5072] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 68.009167][ T5072] REISERFS (device loop0): using ordered data mode
[ 68.015756][ T5072] reiserfs: using flush barriers
[pid 5072] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./file0") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555718f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557197660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557197660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555718f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555718e5d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid 5074] chdir("./2") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[ 68.022292][ T5072] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 68.038963][ T5072] REISERFS (device loop0): checking transaction log (loop0)
[ 68.047644][ T5072] REISERFS (device loop0): Using r5 hash to sort names
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0de6609000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5074] munmap(0x7f0de6609000, 4194304) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
[ 68.158059][ T5074] loop0: detected capacity change from 0 to 8192
[ 68.169183][ T5074] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 68.182335][ T5074] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 68.191611][ T5074] REISERFS (device loop0): using ordered data mode
[ 68.198308][ T5074] reiserfs: using flush barriers
[pid 5074] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_SILENT, "") = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555718f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557197660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557197660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x55555718f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 68.204413][ T5074] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 68.220972][ T5074] REISERFS (device loop0): checking transaction log (loop0)
[ 68.229243][ T5074] REISERFS (device loop0): Using r5 hash to sort names
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555718e5d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./3") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0de6609000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5076] munmap(0x7f0de6609000, 4194304) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[ 68.406415][ T5076] loop0: detected capacity change from 0 to 8192
[ 68.417710][ T5076] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 68.430785][ T5076] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 68.440137][ T5076] REISERFS (device loop0): using ordered data mode
[ 68.446703][ T5076] reiserfs: using flush barriers
[ 68.452735][ T5076] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 68.469215][ T5076] REISERFS (device loop0): checking transaction log (loop0)
[ 68.477487][ T5076] REISERFS (device loop0): Using r5 hash to sort names
[ 68.484434][ T5076] ==================================================================
[ 68.492516][ T5076] BUG: KASAN: use-after-free in strlen+0x58/0x70
[ 68.498882][ T5076] Read of size 1 at addr ffff8880727180c4 by task syz-executor942/5076
[ 68.507140][ T5076]
[ 68.509476][ T5076] CPU: 0 PID: 5076 Comm: syz-executor942 Not tainted 6.2.0-rc8-syzkaller #0
[ 68.518191][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 68.528277][ T5076] Call Trace:
[ 68.531579][ T5076]
[ 68.534539][ T5076] dump_stack_lvl+0x1e7/0x2d0
[ 68.539245][ T5076] ? irq_work_queue+0xd1/0x150
[ 68.544018][ T5076] ? nf_tcp_handle_invalid+0x640/0x640
[ 68.549484][ T5076] ? panic+0x770/0x770
[ 68.553574][ T5076] ? _printk+0xd5/0x120
[ 68.557743][ T5076] ? _raw_spin_lock_irqsave+0xb0/0x120
[ 68.563237][ T5076] print_report+0x163/0x4f0
[ 68.567768][ T5076] ? __virt_addr_valid+0x22f/0x2e0
[ 68.572894][ T5076] ? __phys_addr+0xba/0x170
[ 68.577411][ T5076] ? strlen+0x58/0x70
[ 68.581413][ T5076] kasan_report+0x13a/0x170
[ 68.585949][ T5076] ? strlen+0x58/0x70
[ 68.589954][ T5076] strlen+0x58/0x70
[ 68.593795][ T5076] reiserfs_find_entry+0x982/0x19b0
[ 68.599026][ T5076] ? reiserfs_get_parent+0x2d0/0x2d0
[ 68.604349][ T5076] ? mutex_lock_nested+0x1b/0x20
[ 68.609328][ T5076] reiserfs_lookup+0x1ea/0x4b0
[ 68.614118][ T5076] ? reiserfs_find_entry+0x19b0/0x19b0
[ 68.619610][ T5076] ? d_hash_and_lookup+0x1b0/0x1b0
[ 68.624751][ T5076] ? __init_waitqueue_head+0xae/0x150
[ 68.630346][ T5076] __lookup_slow+0x282/0x3e0
[ 68.635033][ T5076] ? lookup_one_len+0x2d0/0x2d0
[ 68.639900][ T5076] lookup_one_len+0x18b/0x2d0
[ 68.644596][ T5076] ? lookup_one_common+0x460/0x460
[ 68.649741][ T5076] reiserfs_lookup_privroot+0x89/0x1e0
[ 68.655213][ T5076] reiserfs_fill_super+0x195b/0x2620
[ 68.660518][ T5076] ? reiserfs_kill_sb+0x150/0x150
[ 68.665562][ T5076] ? snprintf+0xda/0x120
[ 68.669847][ T5076] ? sb_set_blocksize+0x99/0x100
[ 68.674820][ T5076] mount_bdev+0x271/0x3a0
[ 68.679169][ T5076] ? reiserfs_kill_sb+0x150/0x150
[ 68.684214][ T5076] legacy_get_tree+0xef/0x190
[ 68.688921][ T5076] ? remove_save_link+0x540/0x540
[ 68.693958][ T5076] vfs_get_tree+0x8c/0x270
[ 68.698401][ T5076] do_new_mount+0x28f/0xae0
[ 68.702923][ T5076] ? do_move_mount_old+0x170/0x170
[ 68.708043][ T5076] ? user_path_at_empty+0x12f/0x180
[ 68.713253][ T5076] __se_sys_mount+0x2d9/0x3c0
[ 68.717954][ T5076] ? __x64_sys_mount+0xc0/0xc0
[ 68.722761][ T5076] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 68.728753][ T5076] ? __x64_sys_mount+0x20/0xc0
[ 68.733604][ T5076] do_syscall_64+0x41/0xc0
[ 68.738041][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.743959][ T5076] RIP: 0033:0x7f0deea57d0a
[ 68.748389][ T5076] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.768025][ T5076] RSP: 002b:00007ffe5e115c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 68.776458][ T5076] RAX: ffffffffffffffda RBX: 000055555718e2c0 RCX: 00007f0deea57d0a
[ 68.784446][ T5076] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffe5e115ce0
[ 68.792496][ T5076] RBP: 0000000000000000 R08: 00007ffe5e115d20 R09: 000000000000111a
[ 68.800500][ T5076] R10: 0000000000008001 R11: 0000000000000286 R12: 0000000000000004
[ 68.808480][ T5076] R13: 00007ffe5e115d20 R14: 0000000000000003 R15: 00007ffe5e115ce0
[ 68.816499][ T5076]
[ 68.819518][ T5076]
[ 68.821850][ T5076] The buggy address belongs to the physical page:
[ 68.828284][ T5076] page:ffffea0001c9c600 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72718
[ 68.838439][ T5076] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 68.845571][ T5076] raw: 00fff00000000000 ffffea0001c9bec8 ffff8880b9841e20 0000000000000000
[ 68.854168][ T5076] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 68.862765][ T5076] page dumped because: kasan: bad access detected
[ 68.869196][ T5076] page_owner tracks the page as freed
[ 68.874571][ T5076] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5074, tgid 5074 (syz-executor942), ts 68154639328, free_ts 68338552355
[ 68.892555][ T5076] get_page_from_freelist+0x3449/0x35c0
[ 68.898127][ T5076] __alloc_pages+0x291/0x7e0
[ 68.902730][ T5076] __folio_alloc+0x13/0x30
[ 68.907254][ T5076] vma_alloc_folio+0x48a/0x9a0
[ 68.912046][ T5076] shmem_alloc_and_acct_folio+0x596/0xd40
[ 68.917794][ T5076] shmem_get_folio_gfp+0x1408/0x34a0
[ 68.923126][ T5076] shmem_write_begin+0x172/0x4f0
[ 68.928092][ T5076] generic_perform_write+0x300/0x5e0
[ 68.933490][ T5076] __generic_file_write_iter+0x17a/0x400
[ 68.939168][ T5076] generic_file_write_iter+0xaf/0x310
[ 68.944558][ T5076] vfs_write+0x7b2/0xbb0
[ 68.948836][ T5076] ksys_write+0x1a0/0x2c0
[ 68.954577][ T5076] do_syscall_64+0x41/0xc0
[ 68.959006][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.964913][ T5076] page last free stack trace:
[ 68.969592][ T5076] free_unref_page_prepare+0xf3a/0x1040
[ 68.975156][ T5076] free_unref_page_list+0x6b1/0x950
[ 68.980354][ T5076] release_pages+0x219e/0x2470
[ 68.985120][ T5076] __pagevec_release+0x84/0x100
[ 68.989977][ T5076] shmem_undo_range+0x6b6/0x1dd0
[ 68.994947][ T5076] shmem_evict_inode+0x258/0x9f0
[ 68.999895][ T5076] evict+0x2a4/0x620
[ 69.003789][ T5076] __dentry_kill+0x436/0x650
[ 69.008384][ T5076] dentry_kill+0xbb/0x290
[ 69.012716][ T5076] dput+0x1d8/0x3f0
[ 69.016536][ T5076] __fput+0x5e4/0x890
[ 69.020556][ T5076] task_work_run+0x24a/0x300
[ 69.025164][ T5076] ptrace_notify+0x2a2/0x350
[ 69.029790][ T5076] syscall_exit_to_user_mode+0x171/0x2e0
[ 69.035458][ T5076] do_syscall_64+0x4d/0xc0
[ 69.040000][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.045931][ T5076]
[ 69.048265][ T5076] Memory state around the buggy address:
[ 69.053890][ T5076] ffff888072717f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.061962][ T5076] ffff888072718000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.070058][ T5076] >ffff888072718080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.078124][ T5076] ^
[ 69.084283][ T5076] ffff888072718100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.092357][ T5076] ffff888072718180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.100429][ T5076] ==================================================================
[ 69.108803][ T5076] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.116029][ T5076] CPU: 0 PID: 5076 Comm: syz-executor942 Not tainted 6.2.0-rc8-syzkaller #0
[ 69.124710][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 69.134774][ T5076] Call Trace:
[ 69.138056][ T5076]
[ 69.140995][ T5076] dump_stack_lvl+0x1e7/0x2d0
[ 69.145756][ T5076] ? nf_tcp_handle_invalid+0x640/0x640
[ 69.151240][ T5076] ? panic+0x770/0x770
[ 69.155327][ T5076] ? preempt_schedule_common+0xa6/0xd0
[ 69.160799][ T5076] ? vscnprintf+0x5d/0x80
[ 69.165146][ T5076] panic+0x31c/0x770
[ 69.169053][ T5076] ? check_panic_on_warn+0x21/0xa0
[ 69.174174][ T5076] ? memcpy_page_flushcache+0x100/0x100
[ 69.179732][ T5076] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 69.185721][ T5076] ? _raw_spin_unlock+0x40/0x40
[ 69.190579][ T5076] ? print_report+0x4a7/0x4f0
[ 69.195277][ T5076] check_panic_on_warn+0x82/0xa0
[ 69.200219][ T5076] ? strlen+0x58/0x70
[ 69.204200][ T5076] end_report+0xb2/0x160
[ 69.208444][ T5076] kasan_report+0x147/0x170
[ 69.212954][ T5076] ? strlen+0x58/0x70
[ 69.216938][ T5076] strlen+0x58/0x70
[ 69.220748][ T5076] reiserfs_find_entry+0x982/0x19b0
[ 69.225963][ T5076] ? reiserfs_get_parent+0x2d0/0x2d0
[ 69.231277][ T5076] ? mutex_lock_nested+0x1b/0x20
[ 69.236230][ T5076] reiserfs_lookup+0x1ea/0x4b0
[ 69.241001][ T5076] ? reiserfs_find_entry+0x19b0/0x19b0
[ 69.246483][ T5076] ? d_hash_and_lookup+0x1b0/0x1b0
[ 69.251604][ T5076] ? __init_waitqueue_head+0xae/0x150
[ 69.256988][ T5076] __lookup_slow+0x282/0x3e0
[ 69.261614][ T5076] ? lookup_one_len+0x2d0/0x2d0
[ 69.266487][ T5076] lookup_one_len+0x18b/0x2d0
[ 69.271176][ T5076] ? lookup_one_common+0x460/0x460
[ 69.276316][ T5076] reiserfs_lookup_privroot+0x89/0x1e0
[ 69.281786][ T5076] reiserfs_fill_super+0x195b/0x2620
[ 69.287092][ T5076] ? reiserfs_kill_sb+0x150/0x150
[ 69.292143][ T5076] ? snprintf+0xda/0x120
[ 69.296396][ T5076] ? sb_set_blocksize+0x99/0x100
[ 69.301341][ T5076] mount_bdev+0x271/0x3a0
[ 69.305681][ T5076] ? reiserfs_kill_sb+0x150/0x150
[ 69.310726][ T5076] legacy_get_tree+0xef/0x190
[ 69.315409][ T5076] ? remove_save_link+0x540/0x540
[ 69.320457][ T5076] vfs_get_tree+0x8c/0x270
[ 69.324894][ T5076] do_new_mount+0x28f/0xae0
[ 69.329408][ T5076] ? do_move_mount_old+0x170/0x170
[ 69.334529][ T5076] ? user_path_at_empty+0x12f/0x180
[ 69.339732][ T5076] __se_sys_mount+0x2d9/0x3c0
[ 69.344418][ T5076] ? __x64_sys_mount+0xc0/0xc0
[ 69.349192][ T5076] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 69.355184][ T5076] ? __x64_sys_mount+0x20/0xc0
[ 69.359962][ T5076] do_syscall_64+0x41/0xc0
[ 69.364390][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.370295][ T5076] RIP: 0033:0x7f0deea57d0a
[ 69.374716][ T5076] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.394325][ T5076] RSP: 002b:00007ffe5e115c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 69.402742][ T5076] RAX: ffffffffffffffda RBX: 000055555718e2c0 RCX: 00007f0deea57d0a
[ 69.410721][ T5076] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffe5e115ce0
[ 69.418692][ T5076] RBP: 0000000000000000 R08: 00007ffe5e115d20 R09: 000000000000111a
[ 69.426693][ T5076] R10: 0000000000008001 R11: 0000000000000286 R12: 0000000000000004
[ 69.434663][ T5076] R13: 00007ffe5e115d20 R14: 0000000000000003 R15: 00007ffe5e115ce0
[ 69.442646][ T5076]
[ 69.445883][ T5076] Kernel Offset: disabled
[ 69.450208][ T5076] Rebooting in 86400 seconds..