./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1822271646

<...>
forked to background, child pid 4640
no interfaces have a carri[   22.029002][ T4641] 8021q: adding VLAN 0 to HW filter on device bond0
er
[   22.040480][ T4641] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts.
execve("./syz-executor1822271646", ["./syz-executor1822271646"], 0x7fffcde3e160 /* 10 vars */) = 0
brk(NULL)                               = 0x555556752000
brk(0x555556752c40)                     = 0x555556752c40
arch_prctl(ARCH_SET_FS, 0x555556752300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1822271646", 4096) = 28
brk(0x555556773c40)                     = 0x555556773c40
brk(0x555556774000)                     = 0x555556774000
mprotect(0x7f8f7df35000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567525d0) = 5062
./strace-static-x86_64: Process 5062 attached
[pid  5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5062] setpgid(0, 0)               = 0
[pid  5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1000", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] getuid()                    = 0
[pid  5062] memfd_create("syzkaller", 0) = 3
[pid  5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f75a79000
[pid  5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5062] munmap(0x7f8f75a79000, 4194304) = 0
[pid  5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5062] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5062] close(3)                    = 0
[pid  5062] mkdir("./file0", 0777)      = 0
syzkaller login: [   41.363809][ T5062] loop0: detected capacity change from 0 to 8192
[   41.375236][ T5062] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   41.388380][ T5062] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   41.397828][ T5062] REISERFS (device loop0): using ordered data mode
[   41.404393][ T5062] reiserfs: using flush barriers
[   41.410429][ T5062] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   41.426977][ T5062] REISERFS (device loop0): checking transaction log (loop0)
[   41.436929][ T5062] REISERFS (device loop0): Using r5 hash to sort names
[   41.444338][ T5062] ==================================================================
[   41.452391][ T5062] BUG: KASAN: use-after-free in search_by_entry_key+0x823/0x960
[   41.460034][ T5062] Read of size 4 at addr ffff88807258b004 by task syz-executor182/5062
[   41.468250][ T5062] 
[   41.470555][ T5062] CPU: 1 PID: 5062 Comm: syz-executor182 Not tainted 6.2.0-rc5-syzkaller-00020-g7bf70dbb1882 #0
[   41.480943][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   41.490980][ T5062] Call Trace:
[   41.494242][ T5062]  <TASK>
[   41.497160][ T5062]  dump_stack_lvl+0xd1/0x138
[   41.501757][ T5062]  print_report+0x15e/0x45d
[   41.506245][ T5062]  ? __phys_addr+0xc8/0x140
[   41.510733][ T5062]  ? search_by_entry_key+0x823/0x960
[   41.516062][ T5062]  kasan_report+0xbf/0x1f0
[   41.520464][ T5062]  ? search_by_entry_key+0x823/0x960
[   41.525730][ T5062]  search_by_entry_key+0x823/0x960
[   41.530836][ T5062]  reiserfs_find_entry.part.0+0x139/0xdf0
[   41.536536][ T5062]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   41.542074][ T5062]  ? search_by_entry_key+0x960/0x960
[   41.547349][ T5062]  ? find_held_lock+0x2d/0x110
[   41.552107][ T5062]  reiserfs_lookup+0x24e/0x490
[   41.556860][ T5062]  ? reiserfs_unlink+0x760/0x760
[   41.561786][ T5062]  ? d_alloc_parallel+0x694/0x1410
[   41.566896][ T5062]  __lookup_slow+0x24c/0x460
[   41.571477][ T5062]  ? __lookup_hash+0x180/0x180
[   41.576227][ T5062]  ? lock_downgrade+0x6e0/0x6e0
[   41.581081][ T5062]  ? d_lookup+0x105/0x170
[   41.585400][ T5062]  lookup_one_len+0x16e/0x1a0
[   41.590065][ T5062]  ? try_lookup_one_len+0x190/0x190
[   41.595250][ T5062]  ? down_write_killable+0x250/0x250
[   41.600526][ T5062]  ? reiserfs_schedule_old_flush+0x64/0x230
[   41.606409][ T5062]  reiserfs_lookup_privroot+0x96/0x290
[   41.611858][ T5062]  reiserfs_fill_super+0x20e9/0x2e90
[   41.617132][ T5062]  ? reiserfs_remount+0x1540/0x1540
[   41.622316][ T5062]  ? sget+0x476/0x580
[   41.626295][ T5062]  ? snprintf+0xbf/0x100
[   41.630535][ T5062]  mount_bdev+0x351/0x410
[   41.634855][ T5062]  ? reiserfs_remount+0x1540/0x1540
[   41.640042][ T5062]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   41.645347][ T5062]  legacy_get_tree+0x109/0x220
[   41.650129][ T5062]  vfs_get_tree+0x8d/0x2f0
[   41.654535][ T5062]  path_mount+0x132a/0x1e20
[   41.659028][ T5062]  ? kmem_cache_free+0xee/0x5c0
[   41.663865][ T5062]  ? finish_automount+0x960/0x960
[   41.668890][ T5062]  ? putname+0x102/0x140
[   41.673124][ T5062]  __x64_sys_mount+0x283/0x300
[   41.677879][ T5062]  ? copy_mnt_ns+0xb30/0xb30
[   41.682454][ T5062]  ? lockdep_hardirqs_on+0x7d/0x100
[   41.687639][ T5062]  ? _raw_spin_unlock_irq+0x2e/0x50
[   41.692851][ T5062]  ? ptrace_notify+0xfe/0x140
[   41.697515][ T5062]  do_syscall_64+0x39/0xb0
[   41.701920][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.707802][ T5062] RIP: 0033:0x7f8f7dec793a
[   41.712196][ T5062] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.731786][ T5062] RSP: 002b:00007ffd120c6778 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   41.740180][ T5062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8f7dec793a
[   41.748133][ T5062] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffd120c6790
[   41.756085][ T5062] RBP: 00007ffd120c6790 R08: 00007ffd120c67d0 R09: 0000000000000000
[   41.764039][ T5062] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000000004
[   41.771993][ T5062] R13: 00005555567522c0 R14: 0000000000208000 R15: 00007ffd120c67d0
[   41.779960][ T5062]  </TASK>
[   41.782960][ T5062] 
[   41.785264][ T5062] The buggy address belongs to the physical page:
[   41.791652][ T5062] page:ffffea0001c962c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7258b
[   41.801782][ T5062] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   41.808876][ T5062] raw: 00fff00000000000 ffffea0001c96308 ffff8880b99421e0 0000000000000000
[   41.817439][ T5062] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   41.825999][ T5062] page dumped because: kasan: bad access detected
[   41.832403][ T5062] page_owner tracks the page as freed
[   41.837837][ T5062] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 8796240948, free_ts 9322777396
[   41.852587][ T5062]  split_map_pages+0x1ef/0x520
[   41.857350][ T5062]  isolate_freepages_range+0x313/0x350
[   41.862819][ T5062]  alloc_contig_range+0x2fa/0x4a0
[   41.867837][ T5062]  alloc_contig_pages+0x35e/0x4c0
[   41.872849][ T5062]  debug_vm_pgtable+0x899/0x296f
[   41.877768][ T5062]  do_one_initcall+0x141/0x790
[   41.882522][ T5062]  kernel_init_freeable+0x6f9/0x782
[   41.887711][ T5062]  kernel_init+0x1e/0x1d0
[   41.892027][ T5062]  ret_from_fork+0x1f/0x30
[   41.896433][ T5062] page last free stack trace:
[   41.901086][ T5062]  free_pcp_prepare+0x65c/0xc00
[   41.905922][ T5062]  free_unref_page+0x1d/0x490
[   41.910590][ T5062]  free_contig_range+0xb5/0x180
[   41.915426][ T5062]  destroy_args+0xa8/0x64c
[   41.919830][ T5062]  debug_vm_pgtable+0x28de/0x296f
[   41.924837][ T5062]  do_one_initcall+0x141/0x790
[   41.929598][ T5062]  kernel_init_freeable+0x6f9/0x782
[   41.934784][ T5062]  kernel_init+0x1e/0x1d0
[   41.939098][ T5062]  ret_from_fork+0x1f/0x30
[   41.943501][ T5062] 
[   41.945804][ T5062] Memory state around the buggy address:
[   41.951417][ T5062]  ffff88807258af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.959493][ T5062]  ffff88807258af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.967540][ T5062] >ffff88807258b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.975584][ T5062]                    ^
[   41.979655][ T5062]  ffff88807258b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.987700][ T5062]  ffff88807258b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.995742][ T5062] ==================================================================
[   42.004023][ T5062] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   42.011240][ T5062] CPU: 1 PID: 5062 Comm: syz-executor182 Not tainted 6.2.0-rc5-syzkaller-00020-g7bf70dbb1882 #0
[   42.021646][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   42.031687][ T5062] Call Trace:
[   42.034958][ T5062]  <TASK>
[   42.037878][ T5062]  dump_stack_lvl+0xd1/0x138
[   42.042459][ T5062]  panic+0x2cc/0x626
[   42.046344][ T5062]  ? panic_print_sys_info.part.0+0x110/0x110
[   42.052313][ T5062]  ? preempt_schedule_thunk+0x1a/0x20
[   42.057681][ T5062]  ? preempt_schedule_common+0x59/0xc0
[   42.063145][ T5062]  check_panic_on_warn.cold+0x19/0x35
[   42.068517][ T5062]  end_report.part.0+0x36/0x73
[   42.073276][ T5062]  ? search_by_entry_key+0x823/0x960
[   42.078546][ T5062]  kasan_report.cold+0xa/0xf
[   42.083131][ T5062]  ? search_by_entry_key+0x823/0x960
[   42.088403][ T5062]  search_by_entry_key+0x823/0x960
[   42.093501][ T5062]  reiserfs_find_entry.part.0+0x139/0xdf0
[   42.099205][ T5062]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   42.104740][ T5062]  ? search_by_entry_key+0x960/0x960
[   42.110009][ T5062]  ? find_held_lock+0x2d/0x110
[   42.114769][ T5062]  reiserfs_lookup+0x24e/0x490
[   42.119515][ T5062]  ? reiserfs_unlink+0x760/0x760
[   42.124435][ T5062]  ? d_alloc_parallel+0x694/0x1410
[   42.129542][ T5062]  __lookup_slow+0x24c/0x460
[   42.134121][ T5062]  ? __lookup_hash+0x180/0x180
[   42.138869][ T5062]  ? lock_downgrade+0x6e0/0x6e0
[   42.143711][ T5062]  ? d_lookup+0x105/0x170
[   42.148028][ T5062]  lookup_one_len+0x16e/0x1a0
[   42.152695][ T5062]  ? try_lookup_one_len+0x190/0x190
[   42.157885][ T5062]  ? down_write_killable+0x250/0x250
[   42.163156][ T5062]  ? reiserfs_schedule_old_flush+0x64/0x230
[   42.169036][ T5062]  reiserfs_lookup_privroot+0x96/0x290
[   42.174479][ T5062]  reiserfs_fill_super+0x20e9/0x2e90
[   42.179756][ T5062]  ? reiserfs_remount+0x1540/0x1540
[   42.184941][ T5062]  ? sget+0x476/0x580
[   42.188919][ T5062]  ? snprintf+0xbf/0x100
[   42.193157][ T5062]  mount_bdev+0x351/0x410
[   42.197475][ T5062]  ? reiserfs_remount+0x1540/0x1540
[   42.202660][ T5062]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   42.207671][ T5062]  legacy_get_tree+0x109/0x220
[   42.212426][ T5062]  vfs_get_tree+0x8d/0x2f0
[   42.216831][ T5062]  path_mount+0x132a/0x1e20
[   42.221331][ T5062]  ? kmem_cache_free+0xee/0x5c0
[   42.226179][ T5062]  ? finish_automount+0x960/0x960
[   42.231190][ T5062]  ? putname+0x102/0x140
[   42.235423][ T5062]  __x64_sys_mount+0x283/0x300
[   42.240175][ T5062]  ? copy_mnt_ns+0xb30/0xb30
[   42.244756][ T5062]  ? lockdep_hardirqs_on+0x7d/0x100
[   42.249948][ T5062]  ? _raw_spin_unlock_irq+0x2e/0x50
[   42.255133][ T5062]  ? ptrace_notify+0xfe/0x140
[   42.259793][ T5062]  do_syscall_64+0x39/0xb0
[   42.264199][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.270077][ T5062] RIP: 0033:0x7f8f7dec793a
[   42.274476][ T5062] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   42.294071][ T5062] RSP: 002b:00007ffd120c6778 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   42.302467][ T5062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8f7dec793a
[   42.310422][ T5062] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffd120c6790
[   42.318434][ T5062] RBP: 00007ffd120c6790 R08: 00007ffd120c67d0 R09: 0000000000000000
[   42.326511][ T5062] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000000004
[   42.334471][ T5062] R13: 00005555567522c0 R14: 0000000000208000 R15: 00007ffd120c67d0
[   42.342433][ T5062]  </TASK>
[   42.346122][ T5062] Kernel Offset: disabled
[   42.350433][ T5062] Rebooting in 86400 seconds..