./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor124039988 <...> Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. execve("./syz-executor124039988", ["./syz-executor124039988"], 0x7fffa0c3fc70 /* 10 vars */) = 0 brk(NULL) = 0x55555563f000 brk(0x55555563fe00) = 0x55555563fe00 arch_prctl(ARCH_SET_FS, 0x55555563f480) = 0 set_tid_address(0x55555563f750) = 5012 set_robust_list(0x55555563f760, 24) = 0 rseq(0x55555563fda0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor124039988", 4096) = 27 getrandom("\xc5\xdb\x27\xd2\x98\x22\x22\x5a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555563fe00 brk(0x555555660e00) = 0x555555660e00 brk(0x555555661000) = 0x555555661000 mprotect(0x7f9854c8b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5012}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 [ 59.132768][ T26] audit: type=1400 audit(1690407159.670:83): avc: denied { write } for pid=5009 comm="strace-static-x" path="pipe:[28531]" dev="pipefs" ino=28531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f9854be0020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9854be8110}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f9854be0020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9854be8110}, NULL, 8) = 0 getuid() = 0 [ 59.167193][ T26] audit: type=1400 audit(1690407159.700:84): avc: denied { execmem } for pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 59.186982][ T26] audit: type=1400 audit(1690407159.710:85): avc: denied { create } for pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f984c7d6000 [ 59.233200][ T26] audit: type=1400 audit(1690407159.710:86): avc: denied { create } for pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 59.238675][ T5012] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5012 'syz-executor124' [ 59.254615][ T26] audit: type=1400 audit(1690407159.710:87): avc: denied { write } for pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 59.285806][ T26] audit: type=1400 audit(1690407159.710:88): avc: denied { nlmsg_read } for pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 59.308067][ T26] audit: type=1400 audit(1690407159.710:89): avc: denied { read } for pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7f984c7d6000, 4194304) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 59.329064][ T26] audit: type=1400 audit(1690407159.710:90): avc: denied { write } for pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.342120][ T5012] loop0: detected capacity change from 0 to 8192 [ 59.350627][ T26] audit: type=1400 audit(1690407159.710:91): avc: denied { read } for pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.367367][ T5012] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 59.377612][ T26] audit: type=1400 audit(1690407159.760:92): avc: denied { read } for pid=4682 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 59.390335][ T5012] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 59.421125][ T5012] REISERFS (device loop0): using ordered data mode [ 59.427657][ T5012] reiserfs: using flush barriers [ 59.433893][ T5012] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 59.450529][ T5012] REISERFS (device loop0): checking transaction log (loop0) [ 59.461774][ T5012] REISERFS (device loop0): Using r5 hash to sort names [ 59.469232][ T5012] ================================================================== [ 59.477293][ T5012] BUG: KASAN: use-after-free in search_by_entry_key+0x80a/0x940 [ 59.484931][ T5012] Read of size 4 at addr ffff88806fb6b004 by task syz-executor124/5012 [ 59.493163][ T5012] [ 59.495471][ T5012] CPU: 1 PID: 5012 Comm: syz-executor124 Not tainted 6.5.0-rc3-syzkaller-00024-g18b44bc5a672 #0 [ 59.505878][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 59.516192][ T5012] Call Trace: [ 59.519473][ T5012] [ 59.522393][ T5012] dump_stack_lvl+0xd9/0x1b0 [ 59.526990][ T5012] print_report+0xc4/0x620 [ 59.531399][ T5012] ? __virt_addr_valid+0x5e/0x2d0 [ 59.536413][ T5012] ? __phys_addr+0xc6/0x140 [ 59.540903][ T5012] kasan_report+0xda/0x110 [ 59.545310][ T5012] ? search_by_entry_key+0x80a/0x940 [ 59.550587][ T5012] ? search_by_entry_key+0x80a/0x940 [ 59.555857][ T5012] search_by_entry_key+0x80a/0x940 [ 59.560961][ T5012] reiserfs_find_entry+0x1dc/0xe70 [ 59.566071][ T5012] ? search_by_entry_key+0x940/0x940 [ 59.571342][ T5012] reiserfs_lookup+0x1f5/0x690 [ 59.576088][ T5012] ? reiserfs_unlink+0x770/0x770 [ 59.581013][ T5012] __lookup_slow+0x24d/0x450 [ 59.585586][ T5012] ? lookup_open.isra.0+0x1360/0x1360 [ 59.590940][ T5012] ? reacquire_held_locks+0x4b0/0x4b0 [ 59.596304][ T5012] ? secondary_startup_64_no_verify+0x12b/0x16b [ 59.602552][ T5012] ? secondary_startup_64_no_verify+0x12b/0x16b [ 59.608810][ T5012] ? d_lookup+0xe9/0x180 [ 59.613055][ T5012] lookup_one_len+0x17d/0x1b0 [ 59.617741][ T5012] ? __lookup_slow+0x450/0x450 [ 59.622520][ T5012] reiserfs_lookup_privroot+0x94/0x200 [ 59.627977][ T5012] reiserfs_fill_super+0x20f9/0x3150 [ 59.633262][ T5012] ? reiserfs_remount+0x1640/0x1640 [ 59.638464][ T5012] ? reacquire_held_locks+0x4b0/0x4b0 [ 59.643826][ T5012] ? snprintf+0xc8/0x100 [ 59.648057][ T5012] ? reiserfs_remount+0x1640/0x1640 [ 59.653262][ T5012] mount_bdev+0x30d/0x3d0 [ 59.657582][ T5012] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 59.662595][ T5012] legacy_get_tree+0x109/0x220 [ 59.667351][ T5012] vfs_get_tree+0x88/0x350 [ 59.671759][ T5012] path_mount+0x1492/0x1ed0 [ 59.676249][ T5012] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.681435][ T5012] ? finish_automount+0xa50/0xa50 [ 59.686441][ T5012] ? putname+0x101/0x140 [ 59.690668][ T5012] __x64_sys_mount+0x293/0x310 [ 59.695418][ T5012] ? copy_mnt_ns+0xb60/0xb60 [ 59.700001][ T5012] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.705215][ T5012] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.710408][ T5012] ? ptrace_notify+0xf4/0x130 [ 59.715103][ T5012] do_syscall_64+0x38/0xb0 [ 59.719515][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.725391][ T5012] RIP: 0033:0x7f9854c1567a [ 59.729795][ T5012] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 0e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.749415][ T5012] RSP: 002b:00007ffc2d183f68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 59.757843][ T5012] RAX: ffffffffffffffda RBX: 00007ffc2d183f80 RCX: 00007f9854c1567a [ 59.765891][ T5012] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffc2d183f80 [ 59.773855][ T5012] RBP: 0000000000000004 R08: 00007ffc2d183fc0 R09: 0000000000001120 [ 59.781820][ T5012] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000208000 [ 59.789781][ T5012] R13: 00007ffc2d183fc0 R14: 0000000000000003 R15: 0000000000400000 [ 59.797745][ T5012] [ 59.800762][ T5012] [ 59.803156][ T5012] The buggy address belongs to the physical page: [ 59.809655][ T5012] page:ffffea0001bedac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6fb6b [ 59.819799][ T5012] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 59.826891][ T5012] page_type: 0xffffffff() [ 59.831203][ T5012] raw: 00fff00000000000 ffffea0001bedb08 ffffe8ffffc023a0 0000000000000000 [ 59.839774][ T5012] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 59.848341][ T5012] page dumped because: kasan: bad access detected [ 59.854840][ T5012] page_owner tracks the page as freed [ 59.860190][ T5012] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4880, tgid 4880 (sftp-server), ts 51130624423, free_ts 52492779428 [ 59.878766][ T5012] post_alloc_hook+0x2d2/0x350 [ 59.883522][ T5012] get_page_from_freelist+0x10a9/0x31e0 [ 59.889051][ T5012] __alloc_pages+0x1d0/0x4a0 [ 59.893625][ T5012] __folio_alloc+0x16/0x40 [ 59.898026][ T5012] vma_alloc_folio+0x156/0x890 [ 59.903406][ T5012] __handle_mm_fault+0x12a8/0x3b80 [ 59.908503][ T5012] handle_mm_fault+0x2ab/0x9d0 [ 59.913262][ T5012] do_user_addr_fault+0x2e7/0xfc0 [ 59.918272][ T5012] exc_page_fault+0x5c/0xd0 [ 59.922763][ T5012] asm_exc_page_fault+0x26/0x30 [ 59.927606][ T5012] page last free stack trace: [ 59.932268][ T5012] free_unref_page_prepare+0x508/0xb90 [ 59.937719][ T5012] free_unref_page_list+0xe6/0xb30 [ 59.942819][ T5012] release_pages+0x32a/0x14e0 [ 59.947483][ T5012] tlb_batch_pages_flush+0x9a/0x190 [ 59.952681][ T5012] tlb_finish_mmu+0x14b/0x7e0 [ 59.957339][ T5012] exit_mmap+0x2db/0x960 [ 59.961569][ T5012] __mmput+0x12a/0x4d0 [ 59.965623][ T5012] mmput+0x62/0x70 [ 59.969327][ T5012] do_exit+0x9b4/0x2a20 [ 59.973478][ T5012] do_group_exit+0xd4/0x2a0 [ 59.977973][ T5012] __x64_sys_exit_group+0x3e/0x50 [ 59.982988][ T5012] do_syscall_64+0x38/0xb0 [ 59.987386][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.993262][ T5012] [ 59.995566][ T5012] Memory state around the buggy address: [ 60.001175][ T5012] ffff88806fb6af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.009213][ T5012] ffff88806fb6af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.017274][ T5012] >ffff88806fb6b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.025351][ T5012] ^ [ 60.029415][ T5012] ffff88806fb6b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.037489][ T5012] ffff88806fb6b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.045543][ T5012] ================================================================== [ 60.054212][ T5012] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.061418][ T5012] CPU: 1 PID: 5012 Comm: syz-executor124 Not tainted 6.5.0-rc3-syzkaller-00024-g18b44bc5a672 #0 [ 60.072443][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 60.082495][ T5012] Call Trace: [ 60.085787][ T5012] [ 60.088719][ T5012] dump_stack_lvl+0xd9/0x1b0 [ 60.093327][ T5012] panic+0x6a4/0x750 [ 60.097227][ T5012] ? panic_smp_self_stop+0xa0/0xa0 [ 60.102342][ T5012] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 60.108515][ T5012] ? preempt_schedule_thunk+0x1a/0x30 [ 60.114009][ T5012] ? preempt_schedule_common+0x45/0xc0 [ 60.119484][ T5012] check_panic_on_warn+0xab/0xb0 [ 60.124433][ T5012] end_report+0x108/0x150 [ 60.128780][ T5012] kasan_report+0xea/0x110 [ 60.133214][ T5012] ? search_by_entry_key+0x80a/0x940 [ 60.138511][ T5012] ? search_by_entry_key+0x80a/0x940 [ 60.143806][ T5012] search_by_entry_key+0x80a/0x940 [ 60.148923][ T5012] reiserfs_find_entry+0x1dc/0xe70 [ 60.154053][ T5012] ? search_by_entry_key+0x940/0x940 [ 60.159348][ T5012] reiserfs_lookup+0x1f5/0x690 [ 60.164136][ T5012] ? reiserfs_unlink+0x770/0x770 [ 60.169123][ T5012] __lookup_slow+0x24d/0x450 [ 60.173739][ T5012] ? lookup_open.isra.0+0x1360/0x1360 [ 60.179136][ T5012] ? reacquire_held_locks+0x4b0/0x4b0 [ 60.184529][ T5012] ? secondary_startup_64_no_verify+0x12b/0x16b [ 60.190786][ T5012] ? secondary_startup_64_no_verify+0x12b/0x16b [ 60.197039][ T5012] ? d_lookup+0xe9/0x180 [ 60.201291][ T5012] lookup_one_len+0x17d/0x1b0 [ 60.206004][ T5012] ? __lookup_slow+0x450/0x450 [ 60.210793][ T5012] reiserfs_lookup_privroot+0x94/0x200 [ 60.216276][ T5012] reiserfs_fill_super+0x20f9/0x3150 [ 60.221585][ T5012] ? reiserfs_remount+0x1640/0x1640 [ 60.226797][ T5012] ? reacquire_held_locks+0x4b0/0x4b0 [ 60.232279][ T5012] ? snprintf+0xc8/0x100 [ 60.236619][ T5012] ? reiserfs_remount+0x1640/0x1640 [ 60.241840][ T5012] mount_bdev+0x30d/0x3d0 [ 60.246179][ T5012] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 60.251215][ T5012] legacy_get_tree+0x109/0x220 [ 60.255991][ T5012] vfs_get_tree+0x88/0x350 [ 60.260413][ T5012] path_mount+0x1492/0x1ed0 [ 60.264923][ T5012] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.270132][ T5012] ? finish_automount+0xa50/0xa50 [ 60.275159][ T5012] ? putname+0x101/0x140 [ 60.279403][ T5012] __x64_sys_mount+0x293/0x310 [ 60.284170][ T5012] ? copy_mnt_ns+0xb60/0xb60 [ 60.288761][ T5012] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.293958][ T5012] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.299162][ T5012] ? ptrace_notify+0xf4/0x130 [ 60.303836][ T5012] do_syscall_64+0x38/0xb0 [ 60.308249][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.314144][ T5012] RIP: 0033:0x7f9854c1567a [ 60.318562][ T5012] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 0e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.338187][ T5012] RSP: 002b:00007ffc2d183f68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 60.346695][ T5012] RAX: ffffffffffffffda RBX: 00007ffc2d183f80 RCX: 00007f9854c1567a [ 60.354665][ T5012] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffc2d183f80 [ 60.362640][ T5012] RBP: 0000000000000004 R08: 00007ffc2d183fc0 R09: 0000000000001120 [ 60.370613][ T5012] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000208000 [ 60.378580][ T5012] R13: 00007ffc2d183fc0 R14: 0000000000000003 R15: 0000000000400000 [ 60.386550][ T5012] [ 60.389782][ T5012] Kernel Offset: disabled [ 60.394098][ T5012] Rebooting in 86400 seconds..