./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor987748611

<...>
Warning: Permanently added '10.128.1.106' (ECDSA) to the list of known hosts.
execve("./syz-executor987748611", ["./syz-executor987748611"], 0x7ffd989e4010 /* 10 vars */) = 0
brk(NULL)                               = 0x555557195000
brk(0x555557195c40)                     = 0x555557195c40
arch_prctl(ARCH_SET_FS, 0x555557195300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor987748611", 4096) = 27
brk(0x5555571b6c40)                     = 0x5555571b6c40
brk(0x5555571b7000)                     = 0x5555571b7000
mprotect(0x7fe06986d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
ftruncate(3, 4194338)                   = 0
pwrite64(3, "\x00\x04\x00\x00\xec\x01\x00\x00\x13\x02\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x61\x1c\xad\x49\xe1\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x10\xcc\x03\x02\x00\x01\x00\x52\x65\x49\x73\x45\x72\x33\x46\x73\x00\x00\x00\x02\x00\x00\x00\x02\x00\x01\x00\x02\x00\x01\x02\x00\x00\x00\x00\x01\x00\x00\x00\x12\x31\x23\x12\x12\x33\x12\x33\x12\x31\x12\x34\x13\x41\x24\x12"..., 128, 65536) = 128
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32, 65728) = 32
pwrite64(3, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4096, 69632) = 4096
pwrite64(3, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x61\x1c\xad\x49\xe1\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64, 2170880) = 64
pwrite64(3, "\x01\x00\x02\x00\x5c\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2c\x00\xd4\x0f\x01\x00\x01\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xf4\x01\x00\x00\x02\x00\x30\x00\xa4\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 96, 2174976) = 96
pwrite64(3, "\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x28\x00\x04\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x2e\x2e\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x00\x00\x00\x00\xed\x41\x00\x00\x03\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x5c\xf9\x01\x00\x53\x5f\x01\x00\x3a\xc1\x65\x5f\x3a\xc1\x65\x5f\x3a\xc1\x65\x5f\x01\x00\x00\x00\x00\x00\x00\x00", 96, 2178976) = 96
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   49.938139][ T3602] loop0: detected capacity change from 0 to 8192
[   49.947156][ T3602] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   49.960212][ T3602] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   49.969550][ T3602] REISERFS (device loop0): using ordered data mode
[   49.976097][ T3602] reiserfs: using flush barriers
[   49.981686][ T3602] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   49.998110][ T3602] REISERFS (device loop0): checking transaction log (loop0)
[   50.006064][ T3602] REISERFS (device loop0): Using rupasov hash to sort names
[   50.013623][ T3602] ==================================================================
[   50.021690][ T3602] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910
[   50.029179][ T3602] Read of size 18446744073709551585 at addr ffff888071805fa4 by task syz-executor987/3602
[   50.039050][ T3602] 
[   50.041359][ T3602] CPU: 1 PID: 3602 Comm: syz-executor987 Not tainted 6.1.0-rc1-next-20221021-syzkaller #0
[   50.051318][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   50.061359][ T3602] Call Trace:
[   50.064626][ T3602]  <TASK>
[   50.067555][ T3602]  dump_stack_lvl+0xcd/0x134
[   50.072144][ T3602]  print_report+0x15e/0x45d
[   50.076657][ T3602]  ? __phys_addr+0xc4/0x140
[   50.081163][ T3602]  ? leaf_paste_entries+0x449/0x910
[   50.086377][ T3602]  kasan_report+0xbb/0x1f0
[   50.090806][ T3602]  ? leaf_paste_entries+0x449/0x910
[   50.096012][ T3602]  kasan_check_range+0x13d/0x180
[   50.100950][ T3602]  memmove+0x20/0x60
[   50.104854][ T3602]  leaf_paste_entries+0x449/0x910
[   50.109978][ T3602]  balance_leaf+0x917d/0xde40
[   50.114656][ T3602]  ? reiserfs_prepare_for_journal+0x15e/0x2b0
[   50.120723][ T3602]  ? fix_nodes+0x14cb/0x8650
[   50.125319][ T3602]  ? balance_leaf+0x0/0xde40
[   50.129914][ T3602]  do_balance+0x315/0x810
[   50.134251][ T3602]  ? do_balance+0x0/0x810
[   50.138579][ T3602]  ? __mutex_unlock_slowpath+0x0/0x5e0
[   50.144050][ T3602]  reiserfs_paste_into_item+0x763/0x8e0
[   50.149613][ T3602]  ? reiserfs_paste_into_item+0x0/0x8e0
[   50.155199][ T3602]  ? reiserfs_find_entry.part.0+0x0/0xdf0
[   50.160937][ T3602]  ? yura_hash+0x223/0x2a0
[   50.165375][ T3602]  ? make_cpu_key+0x22/0x2a0
[   50.169997][ T3602]  reiserfs_add_entry+0x8cb/0xcf0
[   50.175035][ T3602]  ? reiserfs_add_entry+0x0/0xcf0
[   50.180061][ T3602]  ? __mutex_unlock_slowpath+0x0/0x5e0
[   50.185542][ T3602]  ? __dquot_initialize+0x0/0xbe0
[   50.190574][ T3602]  ? do_raw_spin_lock+0x0/0x2a0
[   50.195437][ T3602]  reiserfs_mkdir+0x675/0x980
[   50.200116][ T3602]  ? reiserfs_mkdir+0x0/0x980
[   50.204795][ T3602]  ? down_write+0x153/0x220
[   50.209308][ T3602]  ? down_write+0x0/0x220
[   50.213648][ T3602]  reiserfs_xattr_init+0x57a/0xc30
[   50.218763][ T3602]  reiserfs_fill_super+0x2127/0x2e90
[   50.224058][ T3602]  ? reiserfs_fill_super+0x0/0x2e90
[   50.229266][ T3602]  ? sget+0x472/0x580
[   50.233251][ T3602]  ? snprintf+0xbb/0xf0
[   50.237419][ T3602]  ? set_blocksize+0x2e5/0x370
[   50.242190][ T3602]  mount_bdev+0x34d/0x410
[   50.246519][ T3602]  ? reiserfs_fill_super+0x0/0x2e90
[   50.251722][ T3602]  ? get_super_block+0x0/0x40
[   50.256402][ T3602]  legacy_get_tree+0x105/0x220
[   50.261171][ T3602]  vfs_get_tree+0x89/0x2f0
[   50.265585][ T3602]  path_mount+0x1326/0x1e20
[   50.270113][ T3602]  ? kmem_cache_free+0xea/0x5b0
[   50.274972][ T3602]  ? path_mount+0x0/0x1e20
[   50.279396][ T3602]  ? putname+0xfe/0x140
[   50.283558][ T3602]  __x64_sys_mount+0x27f/0x300
[   50.288320][ T3602]  ? __x64_sys_mount+0x0/0x300
[   50.293082][ T3602]  ? _raw_spin_unlock_irq+0x2a/0x40
[   50.298278][ T3602]  ? ptrace_notify+0xfa/0x140
[   50.302957][ T3602]  do_syscall_64+0x35/0xb0
[   50.307380][ T3602]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.313282][ T3602] RIP: 0033:0x7fe0698012aa
[   50.317696][ T3602] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.337301][ T3602] RSP: 002b:00007ffd0ebfcff8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   50.345716][ T3602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe0698012aa
[   50.353685][ T3602] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd0ebfd010
[   50.361653][ T3602] RBP: 00007ffd0ebfd010 R08: 00007ffd0ebfd050 R09: 00005555571952c0
[   50.369622][ T3602] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   50.377586][ T3602] R13: 00007ffd0ebfd050 R14: 0000000000000006 R15: 0000000020000290
[   50.385563][ T3602]  </TASK>
[   50.388577][ T3602] 
[   50.390890][ T3602] The buggy address belongs to the physical page:
[   50.397291][ T3602] page:ffffea0001c60140 refcount:3 mapcount:0 mapping:ffff88801b3e75f8 index:0x213 pfn:0x71805
[   50.407611][ T3602] memcg:ffff88813fe50000
[   50.411839][ T3602] aops:def_blk_aops ino:700000
[   50.416605][ T3602] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[   50.425975][ T3602] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88801b3e75f8
[   50.434553][ T3602] raw: 0000000000000213 ffff88807435e658 00000003ffffffff ffff88813fe50000
[   50.443125][ T3602] page dumped because: kasan: bad access detected
[   50.449525][ T3602] page_owner tracks the page as allocated
[   50.455230][ T3602] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3602, tgid 3602 (syz-executor987), ts 50005929875, free_ts 44495089544
[   50.475806][ T3602]  get_page_from_freelist+0x10b5/0x2d50
[   50.481367][ T3602]  __alloc_pages+0x1c7/0x5a0
[   50.485970][ T3602]  alloc_pages+0x1a6/0x270
[   50.490410][ T3602]  folio_alloc+0x1c/0x70
[   50.494668][ T3602]  filemap_alloc_folio+0x306/0x3a0
[   50.499788][ T3602]  __filemap_get_folio+0x328/0xd90
[   50.504898][ T3602]  pagecache_get_page+0x2a/0x280
[   50.509842][ T3602]  __getblk_slow+0x1f4/0xfb0
[   50.514437][ T3602]  __getblk_gfp+0x6e/0x80
[   50.518771][ T3602]  search_by_key+0x3a8/0x3bf0
[   50.523635][ T3602]  reiserfs_read_locked_inode+0x154/0x2160
[   50.529443][ T3602]  reiserfs_fill_super+0x126f/0x2e90
[   50.534736][ T3602]  mount_bdev+0x34d/0x410
[   50.539070][ T3602]  legacy_get_tree+0x105/0x220
[   50.543838][ T3602]  vfs_get_tree+0x89/0x2f0
[   50.548251][ T3602]  path_mount+0x1326/0x1e20
[   50.552751][ T3602] page last free stack trace:
[   50.557412][ T3602]  free_pcp_prepare+0x65c/0xd90
[   50.562267][ T3602]  free_unref_page_list+0x172/0xc40
[   50.567459][ T3602]  release_pages+0x35b/0x12d0
[   50.572132][ T3602]  tlb_batch_pages_flush+0xa8/0x1a0
[   50.577335][ T3602]  tlb_finish_mmu+0x147/0x7e0
[   50.582020][ T3602]  exit_mmap+0x1fe/0x7a0
[   50.586266][ T3602]  __mmput+0x128/0x4c0
[   50.590340][ T3602]  mmput+0x5c/0x70
[   50.594061][ T3602]  do_exit+0xa39/0x29a0
[   50.598211][ T3602]  do_group_exit+0xd0/0x2a0
[   50.602708][ T3602]  __x64_sys_exit_group+0x3a/0x50
[   50.607730][ T3602]  do_syscall_64+0x35/0xb0
[   50.612148][ T3602]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.618047][ T3602] 
[   50.620364][ T3602] Memory state around the buggy address:
[   50.625987][ T3602]  ffff888071805e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.634040][ T3602]  ffff888071805f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.642093][ T3602] >ffff888071805f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.650141][ T3602]                                ^
[   50.655239][ T3602]  ffff888071806000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.663295][ T3602]  ffff888071806080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   50.671359][ T3602] ==================================================================
[   50.679814][ T3602] Kernel panic - not syncing: panic_on_warn set ...
[   50.686416][ T3602] CPU: 1 PID: 3602 Comm: syz-executor987 Not tainted 6.1.0-rc1-next-20221021-syzkaller #0
[   50.696331][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   50.706385][ T3602] Call Trace:
[   50.709661][ T3602]  <TASK>
[   50.712588][ T3602]  dump_stack_lvl+0xcd/0x134
[   50.717187][ T3602]  panic+0x2c8/0x622
[   50.721087][ T3602]  ? panic+0x0/0x622
[   50.724984][ T3602]  ? preempt_schedule_common+0x59/0xc0
[   50.730448][ T3602]  ? preempt_schedule_notrace_thunk-0xa/0x20
[   50.736438][ T3602]  end_report.part.0+0x3f/0x7c
[   50.741208][ T3602]  ? leaf_paste_entries+0x449/0x910
[   50.746414][ T3602]  kasan_non_canonical_hook.cold-0x5/0x4f
[   50.752142][ T3602]  ? leaf_paste_entries+0x449/0x910
[   50.757346][ T3602]  kasan_check_range+0x13d/0x180
[   50.762284][ T3602]  memmove+0x20/0x60
[   50.766180][ T3602]  leaf_paste_entries+0x449/0x910
[   50.771215][ T3602]  balance_leaf+0x917d/0xde40
[   50.775896][ T3602]  ? reiserfs_prepare_for_journal+0x15e/0x2b0
[   50.781965][ T3602]  ? fix_nodes+0x14cb/0x8650
[   50.786571][ T3602]  ? balance_leaf+0x0/0xde40
[   50.791165][ T3602]  do_balance+0x315/0x810
[   50.795499][ T3602]  ? do_balance+0x0/0x810
[   50.800176][ T3602]  ? __mutex_unlock_slowpath+0x0/0x5e0
[   50.805654][ T3602]  reiserfs_paste_into_item+0x763/0x8e0
[   50.811229][ T3602]  ? reiserfs_paste_into_item+0x0/0x8e0
[   50.816830][ T3602]  ? reiserfs_find_entry.part.0+0x0/0xdf0
[   50.822556][ T3602]  ? yura_hash+0x223/0x2a0
[   50.826985][ T3602]  ? make_cpu_key+0x22/0x2a0
[   50.831584][ T3602]  reiserfs_add_entry+0x8cb/0xcf0
[   50.836613][ T3602]  ? reiserfs_add_entry+0x0/0xcf0
[   50.841636][ T3602]  ? __mutex_unlock_slowpath+0x0/0x5e0
[   50.847114][ T3602]  ? __dquot_initialize+0x0/0xbe0
[   50.852253][ T3602]  ? do_raw_spin_lock+0x0/0x2a0
[   50.857122][ T3602]  reiserfs_mkdir+0x675/0x980
[   50.861805][ T3602]  ? reiserfs_mkdir+0x0/0x980
[   50.866489][ T3602]  ? down_write+0x153/0x220
[   50.871001][ T3602]  ? down_write+0x0/0x220
[   50.875344][ T3602]  reiserfs_xattr_init+0x57a/0xc30
[   50.880463][ T3602]  reiserfs_fill_super+0x2127/0x2e90
[   50.885763][ T3602]  ? reiserfs_fill_super+0x0/0x2e90
[   50.890976][ T3602]  ? sget+0x472/0x580
[   50.894962][ T3602]  ? snprintf+0xbb/0xf0
[   50.899154][ T3602]  ? set_blocksize+0x2e5/0x370
[   50.903948][ T3602]  mount_bdev+0x34d/0x410
[   50.908282][ T3602]  ? reiserfs_fill_super+0x0/0x2e90
[   50.913486][ T3602]  ? get_super_block+0x0/0x40
[   50.918170][ T3602]  legacy_get_tree+0x105/0x220
[   50.922938][ T3602]  vfs_get_tree+0x89/0x2f0
[   50.927362][ T3602]  path_mount+0x1326/0x1e20
[   50.931869][ T3602]  ? kmem_cache_free+0xea/0x5b0
[   50.936728][ T3602]  ? path_mount+0x0/0x1e20
[   50.941144][ T3602]  ? putname+0xfe/0x140
[   50.945300][ T3602]  __x64_sys_mount+0x27f/0x300
[   50.950065][ T3602]  ? __x64_sys_mount+0x0/0x300
[   50.954827][ T3602]  ? _raw_spin_unlock_irq+0x2a/0x40
[   50.960025][ T3602]  ? ptrace_notify+0xfa/0x140
[   50.964703][ T3602]  do_syscall_64+0x35/0xb0
[   50.969128][ T3602]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.975045][ T3602] RIP: 0033:0x7fe0698012aa
[   50.979475][ T3602] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.999113][ T3602] RSP: 002b:00007ffd0ebfcff8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   51.007525][ T3602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe0698012aa
[   51.015510][ T3602] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd0ebfd010
[   51.023491][ T3602] RBP: 00007ffd0ebfd010 R08: 00007ffd0ebfd050 R09: 00005555571952c0
[   51.031465][ T3602] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   51.039435][ T3602] R13: 00007ffd0ebfd050 R14: 0000000000000006 R15: 0000000020000290
[   51.047410][ T3602]  </TASK>
[   51.050638][ T3602] Kernel Offset: disabled
[   51.054952][ T3602] Rebooting in 86400 seconds..