./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1011708285
<...>
Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts.
execve("./syz-executor1011708285", ["./syz-executor1011708285"], 0x7ffe4d6df2c0 /* 10 vars */) = 0
brk(NULL) = 0x55555604b000
brk(0x55555604be00) = 0x55555604be00
arch_prctl(ARCH_SET_FS, 0x55555604b480) = 0
set_tid_address(0x55555604b750) = 5033
set_robust_list(0x55555604b760, 24) = 0
rseq(0x55555604bda0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1011708285", 4096) = 28
getrandom("\x74\xa2\xca\x57\x38\xe1\x97\xf0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555604be00
brk(0x55555606ce00) = 0x55555606ce00
brk(0x55555606d000) = 0x55555606d000
mprotect(0x7ff90ec9e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5033
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5033", 4) = 4
close(3) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7ff90ebf5df0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff90ebfdd60}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7ff90ebf5df0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff90ebfdd60}, NULL, 8) = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff9067ec000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7ff9067ec000, 4194304) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.714753][ T5033] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5033 'syz-executor101'
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 63.757501][ T5033] loop0: detected capacity change from 0 to 8192
[ 63.766762][ T5033] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 63.779929][ T5033] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 63.789243][ T5033] REISERFS (device loop0): using ordered data mode
[ 63.795862][ T5033] reiserfs: using flush barriers
[ 63.801641][ T5033] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 63.818082][ T5033] REISERFS (device loop0): checking transaction log (loop0)
[ 63.826194][ T5033] REISERFS (device loop0): Using r5 hash to sort names
[ 63.833121][ T5033] ==================================================================
[ 63.841188][ T5033] BUG: KASAN: use-after-free in search_by_entry_key+0x80a/0x940
[ 63.848868][ T5033] Read of size 4 at addr ffff888071eaf004 by task syz-executor101/5033
[ 63.857112][ T5033]
[ 63.859436][ T5033] CPU: 0 PID: 5033 Comm: syz-executor101 Not tainted 6.5.0-rc3-next-20230728-syzkaller #0
[ 63.869336][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 63.879402][ T5033] Call Trace:
[ 63.882683][ T5033]
[ 63.885619][ T5033] dump_stack_lvl+0xd9/0x1b0
[ 63.890226][ T5033] print_report+0xc4/0x620
[ 63.894669][ T5033] ? __virt_addr_valid+0x5e/0x2d0
[ 63.899707][ T5033] ? __phys_addr+0xc6/0x140
[ 63.904226][ T5033] kasan_report+0xda/0x110
[ 63.908691][ T5033] ? search_by_entry_key+0x80a/0x940
[ 63.913999][ T5033] ? search_by_entry_key+0x80a/0x940
[ 63.919326][ T5033] search_by_entry_key+0x80a/0x940
[ 63.924459][ T5033] reiserfs_find_entry+0x1dc/0xe70
[ 63.929598][ T5033] ? search_by_entry_key+0x940/0x940
[ 63.934930][ T5033] reiserfs_lookup+0x1f5/0x690
[ 63.939732][ T5033] ? reiserfs_unlink+0x700/0x700
[ 63.944704][ T5033] __lookup_slow+0x24d/0x450
[ 63.949328][ T5033] ? lookup_open.isra.0+0x1360/0x1360
[ 63.954731][ T5033] ? reacquire_held_locks+0x4b0/0x4b0
[ 63.960382][ T5033] ? secondary_startup_64_no_verify+0x12b/0x16b
[ 63.966712][ T5033] ? secondary_startup_64_no_verify+0x12b/0x16b
[ 63.972989][ T5033] ? d_lookup+0xe9/0x180
[ 63.977257][ T5033] lookup_one_len+0x17d/0x1b0
[ 63.981953][ T5033] ? __lookup_slow+0x450/0x450
[ 63.986739][ T5033] reiserfs_lookup_privroot+0x94/0x200
[ 63.992225][ T5033] reiserfs_fill_super+0x1ab6/0x3150
[ 63.997540][ T5033] ? reiserfs_remount+0x1640/0x1640
[ 64.002763][ T5033] ? snprintf+0xc8/0x100
[ 64.007030][ T5033] ? vsprintf+0x30/0x30
[ 64.011212][ T5033] ? bit_wait_timeout+0x160/0x160
[ 64.016268][ T5033] ? preempt_count_sub+0x150/0x150
[ 64.021424][ T5033] ? do_raw_spin_lock+0x12e/0x2b0
[ 64.026485][ T5033] ? down_write+0x14f/0x200
[ 64.031073][ T5033] ? setup_bdev_super+0x385/0x770
[ 64.036132][ T5033] ? reiserfs_remount+0x1640/0x1640
[ 64.041382][ T5033] mount_bdev+0x1f3/0x350
[ 64.045742][ T5033] ? sget+0x610/0x610
[ 64.049756][ T5033] ? vfs_parse_fs_string+0xfb/0x150
[ 64.054978][ T5033] ? apparmor_capable+0x1da/0x4e0
[ 64.060018][ T5033] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 64.065068][ T5033] legacy_get_tree+0x109/0x220
[ 64.069854][ T5033] vfs_get_tree+0x88/0x350
[ 64.074285][ T5033] path_mount+0x1492/0x1ed0
[ 64.078808][ T5033] ? kmem_cache_free+0xf0/0x490
[ 64.083690][ T5033] ? finish_automount+0xa50/0xa50
[ 64.088867][ T5033] ? putname+0x101/0x140
[ 64.093161][ T5033] __x64_sys_mount+0x293/0x310
[ 64.097950][ T5033] ? copy_mnt_ns+0xb60/0xb60
[ 64.102563][ T5033] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.107774][ T5033] ? ptrace_notify+0xf4/0x130
[ 64.112560][ T5033] do_syscall_64+0x38/0xb0
[ 64.116996][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.122992][ T5033] RIP: 0033:0x7ff90ec32aaa
[ 64.127449][ T5033] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 64.147078][ T5033] RSP: 002b:00007ffc6fc44eb8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 64.155502][ T5033] RAX: ffffffffffffffda RBX: 00007ffc6fc44ec0 RCX: 00007ff90ec32aaa
[ 64.163480][ T5033] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007ffc6fc44ec0
[ 64.171461][ T5033] RBP: 0000000000000004 R08: 00007ffc6fc44f00 R09: 000000000000111a
[ 64.179452][ T5033] R10: 000000000120c083 R11: 0000000000000286 R12: 00007ffc6fc44f00
[ 64.187438][ T5033] R13: 0000000000000003 R14: 0000000000400000 R15: 0000000000000001
[ 64.195433][ T5033]
[ 64.198457][ T5033]
[ 64.200779][ T5033] The buggy address belongs to the physical page:
[ 64.207189][ T5033] page:ffffea0001c7abc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x71eaf
[ 64.217348][ T5033] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 64.224458][ T5033] page_type: 0xffffffff()
[ 64.228797][ T5033] raw: 00fff00000000000 ffffea0001c7ac08 ffff8880b98435a0 0000000000000000
[ 64.237388][ T5033] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 64.245973][ T5033] page dumped because: kasan: bad access detected
[ 64.252383][ T5033] page_owner tracks the page as freed
[ 64.257745][ T5033] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 24956269710, free_ts 25984781224
[ 64.272686][ T5033] post_alloc_hook+0x2d2/0x350
[ 64.277481][ T5033] split_map_pages+0x1ff/0x520
[ 64.282270][ T5033] isolate_freepages_range+0x31e/0x380
[ 64.287742][ T5033] alloc_contig_range+0x32e/0x510
[ 64.292776][ T5033] alloc_contig_pages+0x30c/0x600
[ 64.297807][ T5033] debug_vm_pgtable+0x955/0x4090
[ 64.302770][ T5033] do_one_initcall+0x117/0x630
[ 64.307552][ T5033] kernel_init_freeable+0x5bd/0x8f0
[ 64.312771][ T5033] kernel_init+0x1c/0x2a0
[ 64.317120][ T5033] ret_from_fork+0x2c/0x70
[ 64.321547][ T5033] ret_from_fork_asm+0x11/0x20
[ 64.326336][ T5033] page last free stack trace:
[ 64.331010][ T5033] free_unref_page_prepare+0x508/0xb90
[ 64.336511][ T5033] free_unref_page+0x33/0x3b0
[ 64.341211][ T5033] free_contig_range+0xb6/0x190
[ 64.346082][ T5033] destroy_args+0x686/0x940
[ 64.350626][ T5033] debug_vm_pgtable+0x2363/0x4090
[ 64.355681][ T5033] do_one_initcall+0x117/0x630
[ 64.360481][ T5033] kernel_init_freeable+0x5bd/0x8f0
[ 64.365707][ T5033] kernel_init+0x1c/0x2a0
[ 64.370057][ T5033] ret_from_fork+0x2c/0x70
[ 64.374500][ T5033] ret_from_fork_asm+0x11/0x20
[ 64.379282][ T5033]
[ 64.381607][ T5033] Memory state around the buggy address:
[ 64.387236][ T5033] ffff888071eaef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.395303][ T5033] ffff888071eaef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.403368][ T5033] >ffff888071eaf000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.411427][ T5033] ^
[ 64.415491][ T5033] ffff888071eaf080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.423585][ T5033] ffff888071eaf100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.431649][ T5033] ==================================================================
[ 64.440087][ T5033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 64.447314][ T5033] CPU: 0 PID: 5033 Comm: syz-executor101 Not tainted 6.5.0-rc3-next-20230728-syzkaller #0
[ 64.457244][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 64.467315][ T5033] Call Trace:
[ 64.470604][ T5033]
[ 64.473552][ T5033] dump_stack_lvl+0xd9/0x1b0
[ 64.478174][ T5033] panic+0x6a4/0x750
[ 64.482097][ T5033] ? panic_smp_self_stop+0xa0/0xa0
[ 64.487260][ T5033] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 64.493267][ T5033] ? preempt_schedule_thunk+0x1a/0x30
[ 64.498678][ T5033] ? preempt_schedule_common+0x45/0xc0
[ 64.504172][ T5033] check_panic_on_warn+0xab/0xb0
[ 64.509149][ T5033] end_report+0x108/0x150
[ 64.513514][ T5033] kasan_report+0xea/0x110
[ 64.517965][ T5033] ? search_by_entry_key+0x80a/0x940
[ 64.523281][ T5033] ? search_by_entry_key+0x80a/0x940
[ 64.528606][ T5033] search_by_entry_key+0x80a/0x940
[ 64.533751][ T5033] reiserfs_find_entry+0x1dc/0xe70
[ 64.538915][ T5033] ? search_by_entry_key+0x940/0x940
[ 64.544255][ T5033] reiserfs_lookup+0x1f5/0x690
[ 64.549061][ T5033] ? reiserfs_unlink+0x700/0x700
[ 64.554049][ T5033] __lookup_slow+0x24d/0x450
[ 64.558668][ T5033] ? lookup_open.isra.0+0x1360/0x1360
[ 64.564103][ T5033] ? reacquire_held_locks+0x4b0/0x4b0
[ 64.569594][ T5033] ? secondary_startup_64_no_verify+0x12b/0x16b
[ 64.575872][ T5033] ? secondary_startup_64_no_verify+0x12b/0x16b
[ 64.582146][ T5033] ? d_lookup+0xe9/0x180
[ 64.586416][ T5033] lookup_one_len+0x17d/0x1b0
[ 64.591120][ T5033] ? __lookup_slow+0x450/0x450
[ 64.595917][ T5033] reiserfs_lookup_privroot+0x94/0x200
[ 64.601420][ T5033] reiserfs_fill_super+0x1ab6/0x3150
[ 64.606750][ T5033] ? reiserfs_remount+0x1640/0x1640
[ 64.611992][ T5033] ? snprintf+0xc8/0x100
[ 64.616271][ T5033] ? vsprintf+0x30/0x30
[ 64.620458][ T5033] ? bit_wait_timeout+0x160/0x160
[ 64.625513][ T5033] ? preempt_count_sub+0x150/0x150
[ 64.630662][ T5033] ? do_raw_spin_lock+0x12e/0x2b0
[ 64.635722][ T5033] ? down_write+0x14f/0x200
[ 64.640261][ T5033] ? setup_bdev_super+0x385/0x770
[ 64.645315][ T5033] ? reiserfs_remount+0x1640/0x1640
[ 64.650571][ T5033] mount_bdev+0x1f3/0x350
[ 64.654938][ T5033] ? sget+0x610/0x610
[ 64.658955][ T5033] ? vfs_parse_fs_string+0xfb/0x150
[ 64.664193][ T5033] ? apparmor_capable+0x1da/0x4e0
[ 64.669248][ T5033] ? reiserfs_kill_sb+0x1e0/0x1e0
[ 64.674307][ T5033] legacy_get_tree+0x109/0x220
[ 64.679107][ T5033] vfs_get_tree+0x88/0x350
[ 64.683551][ T5033] path_mount+0x1492/0x1ed0
[ 64.688087][ T5033] ? kmem_cache_free+0xf0/0x490
[ 64.692977][ T5033] ? finish_automount+0xa50/0xa50
[ 64.698032][ T5033] ? putname+0x101/0x140
[ 64.702303][ T5033] __x64_sys_mount+0x293/0x310
[ 64.707098][ T5033] ? copy_mnt_ns+0xb60/0xb60
[ 64.711714][ T5033] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.716956][ T5033] ? ptrace_notify+0xf4/0x130
[ 64.721842][ T5033] do_syscall_64+0x38/0xb0
[ 64.726379][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.732299][ T5033] RIP: 0033:0x7ff90ec32aaa
[ 64.736731][ T5033] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 64.756369][ T5033] RSP: 002b:00007ffc6fc44eb8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 64.764804][ T5033] RAX: ffffffffffffffda RBX: 00007ffc6fc44ec0 RCX: 00007ff90ec32aaa
[ 64.772792][ T5033] RDX: 0000000020000140 RSI: 0000000020000340 RDI: 00007ffc6fc44ec0
[ 64.781042][ T5033] RBP: 0000000000000004 R08: 00007ffc6fc44f00 R09: 000000000000111a
[ 64.789051][ T5033] R10: 000000000120c083 R11: 0000000000000286 R12: 00007ffc6fc44f00
[ 64.797043][ T5033] R13: 0000000000000003 R14: 0000000000400000 R15: 0000000000000001
[ 64.805038][ T5033]
[ 64.808363][ T5033] Kernel Offset: disabled
[ 64.812716][ T5033] Rebooting in 86400 seconds..