./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor124039988

<...>
Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts.
execve("./syz-executor124039988", ["./syz-executor124039988"], 0x7fffa0c3fc70 /* 10 vars */) = 0
brk(NULL)                               = 0x55555563f000
brk(0x55555563fe00)                     = 0x55555563fe00
arch_prctl(ARCH_SET_FS, 0x55555563f480) = 0
set_tid_address(0x55555563f750)         = 5012
set_robust_list(0x55555563f760, 24)     = 0
rseq(0x55555563fda0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor124039988", 4096) = 27
getrandom("\xc5\xdb\x27\xd2\x98\x22\x22\x5a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555563fe00
brk(0x555555660e00)                     = 0x555555660e00
brk(0x555555661000)                     = 0x555555661000
mprotect(0x7f9854c8b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5012}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784
[   59.132768][   T26] audit: type=1400 audit(1690407159.670:83): avc:  denied  { write } for  pid=5009 comm="strace-static-x" path="pipe:[28531]" dev="pipefs" ino=28531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5012}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f9854be0020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9854be8110}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f9854be0020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9854be8110}, NULL, 8) = 0
getuid()                                = 0
[   59.167193][   T26] audit: type=1400 audit(1690407159.700:84): avc:  denied  { execmem } for  pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   59.186982][   T26] audit: type=1400 audit(1690407159.710:85): avc:  denied  { create } for  pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f984c7d6000
[   59.233200][   T26] audit: type=1400 audit(1690407159.710:86): avc:  denied  { create } for  pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   59.238675][ T5012] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5012 'syz-executor124'
[   59.254615][   T26] audit: type=1400 audit(1690407159.710:87): avc:  denied  { write } for  pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   59.285806][   T26] audit: type=1400 audit(1690407159.710:88): avc:  denied  { nlmsg_read } for  pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   59.308067][   T26] audit: type=1400 audit(1690407159.710:89): avc:  denied  { read } for  pid=5009 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7f984c7d6000, 4194304)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   59.329064][   T26] audit: type=1400 audit(1690407159.710:90): avc:  denied  { write } for  pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   59.342120][ T5012] loop0: detected capacity change from 0 to 8192
[   59.350627][   T26] audit: type=1400 audit(1690407159.710:91): avc:  denied  { read } for  pid=5012 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   59.367367][ T5012] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.377612][   T26] audit: type=1400 audit(1690407159.760:92): avc:  denied  { read } for  pid=4682 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[   59.390335][ T5012] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   59.421125][ T5012] REISERFS (device loop0): using ordered data mode
[   59.427657][ T5012] reiserfs: using flush barriers
[   59.433893][ T5012] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.450529][ T5012] REISERFS (device loop0): checking transaction log (loop0)
[   59.461774][ T5012] REISERFS (device loop0): Using r5 hash to sort names
[   59.469232][ T5012] ==================================================================
[   59.477293][ T5012] BUG: KASAN: use-after-free in search_by_entry_key+0x80a/0x940
[   59.484931][ T5012] Read of size 4 at addr ffff88806fb6b004 by task syz-executor124/5012
[   59.493163][ T5012] 
[   59.495471][ T5012] CPU: 1 PID: 5012 Comm: syz-executor124 Not tainted 6.5.0-rc3-syzkaller-00024-g18b44bc5a672 #0
[   59.505878][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   59.516192][ T5012] Call Trace:
[   59.519473][ T5012]  <TASK>
[   59.522393][ T5012]  dump_stack_lvl+0xd9/0x1b0
[   59.526990][ T5012]  print_report+0xc4/0x620
[   59.531399][ T5012]  ? __virt_addr_valid+0x5e/0x2d0
[   59.536413][ T5012]  ? __phys_addr+0xc6/0x140
[   59.540903][ T5012]  kasan_report+0xda/0x110
[   59.545310][ T5012]  ? search_by_entry_key+0x80a/0x940
[   59.550587][ T5012]  ? search_by_entry_key+0x80a/0x940
[   59.555857][ T5012]  search_by_entry_key+0x80a/0x940
[   59.560961][ T5012]  reiserfs_find_entry+0x1dc/0xe70
[   59.566071][ T5012]  ? search_by_entry_key+0x940/0x940
[   59.571342][ T5012]  reiserfs_lookup+0x1f5/0x690
[   59.576088][ T5012]  ? reiserfs_unlink+0x770/0x770
[   59.581013][ T5012]  __lookup_slow+0x24d/0x450
[   59.585586][ T5012]  ? lookup_open.isra.0+0x1360/0x1360
[   59.590940][ T5012]  ? reacquire_held_locks+0x4b0/0x4b0
[   59.596304][ T5012]  ? secondary_startup_64_no_verify+0x12b/0x16b
[   59.602552][ T5012]  ? secondary_startup_64_no_verify+0x12b/0x16b
[   59.608810][ T5012]  ? d_lookup+0xe9/0x180
[   59.613055][ T5012]  lookup_one_len+0x17d/0x1b0
[   59.617741][ T5012]  ? __lookup_slow+0x450/0x450
[   59.622520][ T5012]  reiserfs_lookup_privroot+0x94/0x200
[   59.627977][ T5012]  reiserfs_fill_super+0x20f9/0x3150
[   59.633262][ T5012]  ? reiserfs_remount+0x1640/0x1640
[   59.638464][ T5012]  ? reacquire_held_locks+0x4b0/0x4b0
[   59.643826][ T5012]  ? snprintf+0xc8/0x100
[   59.648057][ T5012]  ? reiserfs_remount+0x1640/0x1640
[   59.653262][ T5012]  mount_bdev+0x30d/0x3d0
[   59.657582][ T5012]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   59.662595][ T5012]  legacy_get_tree+0x109/0x220
[   59.667351][ T5012]  vfs_get_tree+0x88/0x350
[   59.671759][ T5012]  path_mount+0x1492/0x1ed0
[   59.676249][ T5012]  ? lockdep_hardirqs_on+0x7d/0x100
[   59.681435][ T5012]  ? finish_automount+0xa50/0xa50
[   59.686441][ T5012]  ? putname+0x101/0x140
[   59.690668][ T5012]  __x64_sys_mount+0x293/0x310
[   59.695418][ T5012]  ? copy_mnt_ns+0xb60/0xb60
[   59.700001][ T5012]  ? lockdep_hardirqs_on+0x7d/0x100
[   59.705215][ T5012]  ? _raw_spin_unlock_irq+0x2e/0x50
[   59.710408][ T5012]  ? ptrace_notify+0xf4/0x130
[   59.715103][ T5012]  do_syscall_64+0x38/0xb0
[   59.719515][ T5012]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.725391][ T5012] RIP: 0033:0x7f9854c1567a
[   59.729795][ T5012] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 0e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.749415][ T5012] RSP: 002b:00007ffc2d183f68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   59.757843][ T5012] RAX: ffffffffffffffda RBX: 00007ffc2d183f80 RCX: 00007f9854c1567a
[   59.765891][ T5012] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffc2d183f80
[   59.773855][ T5012] RBP: 0000000000000004 R08: 00007ffc2d183fc0 R09: 0000000000001120
[   59.781820][ T5012] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000208000
[   59.789781][ T5012] R13: 00007ffc2d183fc0 R14: 0000000000000003 R15: 0000000000400000
[   59.797745][ T5012]  </TASK>
[   59.800762][ T5012] 
[   59.803156][ T5012] The buggy address belongs to the physical page:
[   59.809655][ T5012] page:ffffea0001bedac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6fb6b
[   59.819799][ T5012] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   59.826891][ T5012] page_type: 0xffffffff()
[   59.831203][ T5012] raw: 00fff00000000000 ffffea0001bedb08 ffffe8ffffc023a0 0000000000000000
[   59.839774][ T5012] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   59.848341][ T5012] page dumped because: kasan: bad access detected
[   59.854840][ T5012] page_owner tracks the page as freed
[   59.860190][ T5012] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4880, tgid 4880 (sftp-server), ts 51130624423, free_ts 52492779428
[   59.878766][ T5012]  post_alloc_hook+0x2d2/0x350
[   59.883522][ T5012]  get_page_from_freelist+0x10a9/0x31e0
[   59.889051][ T5012]  __alloc_pages+0x1d0/0x4a0
[   59.893625][ T5012]  __folio_alloc+0x16/0x40
[   59.898026][ T5012]  vma_alloc_folio+0x156/0x890
[   59.903406][ T5012]  __handle_mm_fault+0x12a8/0x3b80
[   59.908503][ T5012]  handle_mm_fault+0x2ab/0x9d0
[   59.913262][ T5012]  do_user_addr_fault+0x2e7/0xfc0
[   59.918272][ T5012]  exc_page_fault+0x5c/0xd0
[   59.922763][ T5012]  asm_exc_page_fault+0x26/0x30
[   59.927606][ T5012] page last free stack trace:
[   59.932268][ T5012]  free_unref_page_prepare+0x508/0xb90
[   59.937719][ T5012]  free_unref_page_list+0xe6/0xb30
[   59.942819][ T5012]  release_pages+0x32a/0x14e0
[   59.947483][ T5012]  tlb_batch_pages_flush+0x9a/0x190
[   59.952681][ T5012]  tlb_finish_mmu+0x14b/0x7e0
[   59.957339][ T5012]  exit_mmap+0x2db/0x960
[   59.961569][ T5012]  __mmput+0x12a/0x4d0
[   59.965623][ T5012]  mmput+0x62/0x70
[   59.969327][ T5012]  do_exit+0x9b4/0x2a20
[   59.973478][ T5012]  do_group_exit+0xd4/0x2a0
[   59.977973][ T5012]  __x64_sys_exit_group+0x3e/0x50
[   59.982988][ T5012]  do_syscall_64+0x38/0xb0
[   59.987386][ T5012]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.993262][ T5012] 
[   59.995566][ T5012] Memory state around the buggy address:
[   60.001175][ T5012]  ffff88806fb6af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.009213][ T5012]  ffff88806fb6af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.017274][ T5012] >ffff88806fb6b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   60.025351][ T5012]                    ^
[   60.029415][ T5012]  ffff88806fb6b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   60.037489][ T5012]  ffff88806fb6b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   60.045543][ T5012] ==================================================================
[   60.054212][ T5012] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.061418][ T5012] CPU: 1 PID: 5012 Comm: syz-executor124 Not tainted 6.5.0-rc3-syzkaller-00024-g18b44bc5a672 #0
[   60.072443][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   60.082495][ T5012] Call Trace:
[   60.085787][ T5012]  <TASK>
[   60.088719][ T5012]  dump_stack_lvl+0xd9/0x1b0
[   60.093327][ T5012]  panic+0x6a4/0x750
[   60.097227][ T5012]  ? panic_smp_self_stop+0xa0/0xa0
[   60.102342][ T5012]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   60.108515][ T5012]  ? preempt_schedule_thunk+0x1a/0x30
[   60.114009][ T5012]  ? preempt_schedule_common+0x45/0xc0
[   60.119484][ T5012]  check_panic_on_warn+0xab/0xb0
[   60.124433][ T5012]  end_report+0x108/0x150
[   60.128780][ T5012]  kasan_report+0xea/0x110
[   60.133214][ T5012]  ? search_by_entry_key+0x80a/0x940
[   60.138511][ T5012]  ? search_by_entry_key+0x80a/0x940
[   60.143806][ T5012]  search_by_entry_key+0x80a/0x940
[   60.148923][ T5012]  reiserfs_find_entry+0x1dc/0xe70
[   60.154053][ T5012]  ? search_by_entry_key+0x940/0x940
[   60.159348][ T5012]  reiserfs_lookup+0x1f5/0x690
[   60.164136][ T5012]  ? reiserfs_unlink+0x770/0x770
[   60.169123][ T5012]  __lookup_slow+0x24d/0x450
[   60.173739][ T5012]  ? lookup_open.isra.0+0x1360/0x1360
[   60.179136][ T5012]  ? reacquire_held_locks+0x4b0/0x4b0
[   60.184529][ T5012]  ? secondary_startup_64_no_verify+0x12b/0x16b
[   60.190786][ T5012]  ? secondary_startup_64_no_verify+0x12b/0x16b
[   60.197039][ T5012]  ? d_lookup+0xe9/0x180
[   60.201291][ T5012]  lookup_one_len+0x17d/0x1b0
[   60.206004][ T5012]  ? __lookup_slow+0x450/0x450
[   60.210793][ T5012]  reiserfs_lookup_privroot+0x94/0x200
[   60.216276][ T5012]  reiserfs_fill_super+0x20f9/0x3150
[   60.221585][ T5012]  ? reiserfs_remount+0x1640/0x1640
[   60.226797][ T5012]  ? reacquire_held_locks+0x4b0/0x4b0
[   60.232279][ T5012]  ? snprintf+0xc8/0x100
[   60.236619][ T5012]  ? reiserfs_remount+0x1640/0x1640
[   60.241840][ T5012]  mount_bdev+0x30d/0x3d0
[   60.246179][ T5012]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   60.251215][ T5012]  legacy_get_tree+0x109/0x220
[   60.255991][ T5012]  vfs_get_tree+0x88/0x350
[   60.260413][ T5012]  path_mount+0x1492/0x1ed0
[   60.264923][ T5012]  ? lockdep_hardirqs_on+0x7d/0x100
[   60.270132][ T5012]  ? finish_automount+0xa50/0xa50
[   60.275159][ T5012]  ? putname+0x101/0x140
[   60.279403][ T5012]  __x64_sys_mount+0x293/0x310
[   60.284170][ T5012]  ? copy_mnt_ns+0xb60/0xb60
[   60.288761][ T5012]  ? lockdep_hardirqs_on+0x7d/0x100
[   60.293958][ T5012]  ? _raw_spin_unlock_irq+0x2e/0x50
[   60.299162][ T5012]  ? ptrace_notify+0xf4/0x130
[   60.303836][ T5012]  do_syscall_64+0x38/0xb0
[   60.308249][ T5012]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.314144][ T5012] RIP: 0033:0x7f9854c1567a
[   60.318562][ T5012] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 0e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   60.338187][ T5012] RSP: 002b:00007ffc2d183f68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   60.346695][ T5012] RAX: ffffffffffffffda RBX: 00007ffc2d183f80 RCX: 00007f9854c1567a
[   60.354665][ T5012] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffc2d183f80
[   60.362640][ T5012] RBP: 0000000000000004 R08: 00007ffc2d183fc0 R09: 0000000000001120
[   60.370613][ T5012] R10: 0000000000208000 R11: 0000000000000286 R12: 0000000000208000
[   60.378580][ T5012] R13: 00007ffc2d183fc0 R14: 0000000000000003 R15: 0000000000400000
[   60.386550][ T5012]  </TASK>
[   60.389782][ T5012] Kernel Offset: disabled
[   60.394098][ T5012] Rebooting in 86400 seconds..