Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts. [ 33.872945][ T6096] syz-executor211[6096]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set executing program [ 33.915481][ T6096] loop0: detected capacity change from 0 to 8192 [ 33.920923][ T6096] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 33.924386][ T6096] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 33.926924][ T6096] REISERFS (device loop0): using ordered data mode [ 33.928588][ T6096] reiserfs: using flush barriers [ 33.930500][ T6096] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 33.934780][ T6096] REISERFS (device loop0): checking transaction log (loop0) [ 33.939355][ T6096] REISERFS (device loop0): Using r5 hash to sort names [ 33.941384][ T6096] ================================================================== [ 33.943472][ T6096] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 33.945454][ T6096] Read of size 4 at addr ffff0000e00d6754 by task syz-executor211/6096 [ 33.947593][ T6096] [ 33.948197][ T6096] CPU: 1 PID: 6096 Comm: syz-executor211 Not tainted 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 33.950847][ T6096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 33.953516][ T6096] Call trace: [ 33.954393][ T6096] dump_backtrace+0x1b8/0x1e4 [ 33.955645][ T6096] show_stack+0x2c/0x44 [ 33.956772][ T6096] dump_stack_lvl+0xd0/0x124 [ 33.957965][ T6096] print_report+0x174/0x514 [ 33.959122][ T6096] kasan_report+0xd8/0x138 [ 33.960326][ T6096] __asan_report_load_n_noabort+0x1c/0x28 [ 33.961857][ T6096] search_by_entry_key+0x45c/0xe88 [ 33.963241][ T6096] reiserfs_find_entry+0x288/0x149c [ 33.964585][ T6096] reiserfs_lookup+0x17c/0x45c [ 33.965811][ T6096] __lookup_slow+0x250/0x374 [ 33.967031][ T6096] lookup_one_len+0x178/0x28c [ 33.968301][ T6096] reiserfs_lookup_privroot+0x8c/0x184 [ 33.969727][ T6096] reiserfs_fill_super+0x15b4/0x2028 [ 33.971144][ T6096] mount_bdev+0x1e8/0x2b4 [ 33.972283][ T6096] get_super_block+0x44/0x58 [ 33.973552][ T6096] legacy_get_tree+0xd4/0x16c [ 33.974776][ T6096] vfs_get_tree+0x90/0x288 [ 33.975937][ T6096] do_new_mount+0x25c/0x8c8 [ 33.977123][ T6096] path_mount+0x590/0xe04 [ 33.978303][ T6096] __arm64_sys_mount+0x45c/0x594 [ 33.979591][ T6096] invoke_syscall+0x98/0x2b8 [ 33.980790][ T6096] el0_svc_common+0x130/0x23c [ 33.982062][ T6096] do_el0_svc+0x48/0x58 [ 33.983168][ T6096] el0_svc+0x54/0x158 [ 33.984219][ T6096] el0t_64_sync_handler+0x84/0xfc [ 33.985504][ T6096] el0t_64_sync+0x190/0x194 [ 33.986655][ T6096] [ 33.987280][ T6096] The buggy address belongs to the physical page: [ 33.988951][ T6096] page:0000000078cae901 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1200d6 [ 33.991649][ T6096] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 33.993507][ T6096] page_type: 0xffffffff() [ 33.994673][ T6096] raw: 05ffc00000000000 fffffc00038035c8 ffff0001b41b3b60 0000000000000000 [ 33.996948][ T6096] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 33.999248][ T6096] page dumped because: kasan: bad access detected [ 34.000882][ T6096] [ 34.001487][ T6096] Memory state around the buggy address: [ 34.002968][ T6096] ffff0000e00d6600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.005083][ T6096] ffff0000e00d6680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.007199][ T6096] >ffff0000e00d6700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.009340][ T6096] ^ [ 34.011142][ T6096] ffff0000e00d6780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.013190][ T6096] ffff0000e00d6800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.015277][ T6096] ================================================================== [ 34.017493][ T6096] Disabling lock debugging due to kernel taint