Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 35.011324][ T3606] loop0: detected capacity change from 0 to 264192
[ 35.019138][ T3606] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 35.032166][ T3606] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 35.041475][ T3606] REISERFS (device loop0): using ordered data mode
[ 35.047974][ T3606] reiserfs: using flush barriers
[ 35.053602][ T3606] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 0, max trans age 30
[ 35.073349][ T3606] REISERFS (device loop0): checking transaction log (loop0)
[ 35.081075][ T3606] REISERFS (device loop0): Using r5 hash to sort names
[ 35.087949][ T3606] REISERFS (device loop0): using 3.5.x disk format
[ 35.094814][ T3606] ==================================================================
[ 35.102869][ T3606] BUG: KASAN: use-after-free in search_by_entry_key+0x580/0xd20
[ 35.110487][ T3606] Read of size 4 at addr ffff8880723117c4 by task syz-executor327/3606
[ 35.118705][ T3606]
[ 35.121010][ T3606] CPU: 0 PID: 3606 Comm: syz-executor327 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0
[ 35.131064][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 35.141098][ T3606] Call Trace:
[ 35.144361][ T3606]
[ 35.147279][ T3606] dump_stack_lvl+0x1b1/0x28e
[ 35.152206][ T3606] ? fortify_panic+0x13/0x13
[ 35.156866][ T3606] ? _printk+0xc0/0x100
[ 35.161007][ T3606] ? __wake_up_klogd+0xd6/0x100
[ 35.165841][ T3606] ? __wake_up_klogd+0xcd/0x100
[ 35.170674][ T3606] ? panic+0x710/0x710
[ 35.174733][ T3606] ? _printk+0xc0/0x100
[ 35.178879][ T3606] print_address_description+0x65/0x4b0
[ 35.184409][ T3606] print_report+0x108/0x1f0
[ 35.188897][ T3606] ? __mutex_trylock_common+0x198/0x2f0
[ 35.194423][ T3606] ? __might_sleep+0xc0/0xc0
[ 35.198997][ T3606] ? rcu_read_lock_sched_held+0x5d/0x110
[ 35.204717][ T3606] ? search_by_entry_key+0x580/0xd20
[ 35.210079][ T3606] kasan_report+0xc3/0xf0
[ 35.214397][ T3606] ? rcu_read_lock_sched_held+0x5d/0x110
[ 35.220017][ T3606] ? search_by_entry_key+0x580/0xd20
[ 35.225288][ T3606] search_by_entry_key+0x580/0xd20
[ 35.230406][ T3606] reiserfs_find_entry+0x280/0x1370
[ 35.235588][ T3606] ? read_lock_is_recursive+0x10/0x10
[ 35.240943][ T3606] ? reiserfs_write_lock+0x77/0xd0
[ 35.246038][ T3606] ? mutex_lock_io_nested+0x60/0x60
[ 35.251306][ T3606] ? rcu_lock_release+0x5/0x20
[ 35.256052][ T3606] ? rcu_lock_release+0x5/0x20
[ 35.260802][ T3606] ? lock_release+0x81/0x820
[ 35.265392][ T3606] ? reiserfs_get_parent+0x2b0/0x2b0
[ 35.270669][ T3606] ? lockdep_softirqs_off+0x3b3/0x430
[ 35.276029][ T3606] ? d_alloc_parallel+0x351/0x1240
[ 35.281145][ T3606] ? mutex_lock_nested+0x17/0x20
[ 35.286174][ T3606] reiserfs_lookup+0x1d0/0x490
[ 35.290953][ T3606] ? reiserfs_find_entry+0x1370/0x1370
[ 35.296396][ T3606] ? memset+0x1f/0x40
[ 35.300363][ T3606] ? lockdep_init_map_type+0x9d/0x890
[ 35.305722][ T3606] ? d_hash_and_lookup+0x1c0/0x1c0
[ 35.310815][ T3606] ? __init_waitqueue_head+0xa6/0x140
[ 35.316169][ T3606] __lookup_slow+0x266/0x3a0
[ 35.320740][ T3606] ? lookup_one_len+0x690/0x690
[ 35.325574][ T3606] lookup_one_len+0x430/0x690
[ 35.330232][ T3606] ? try_lookup_one_len+0x670/0x670
[ 35.335422][ T3606] ? prepare_error_buf+0x19c0/0x19c0
[ 35.340709][ T3606] reiserfs_lookup_privroot+0x85/0x1e0
[ 35.346167][ T3606] reiserfs_fill_super+0x1835/0x24a0
[ 35.351454][ T3606] ? reiserfs_kill_sb+0x150/0x150
[ 35.356467][ T3606] ? snprintf+0xc0/0x110
[ 35.360701][ T3606] mount_bdev+0x26c/0x3a0
[ 35.365013][ T3606] ? reiserfs_kill_sb+0x150/0x150
[ 35.370021][ T3606] legacy_get_tree+0xea/0x180
[ 35.374682][ T3606] ? remove_save_link+0x4a0/0x4a0
[ 35.379689][ T3606] vfs_get_tree+0x88/0x270
[ 35.384086][ T3606] do_new_mount+0x289/0xad0
[ 35.388569][ T3606] ? do_move_mount_old+0x150/0x150
[ 35.393664][ T3606] ? user_path_at_empty+0x149/0x1a0
[ 35.398842][ T3606] __se_sys_mount+0x2d3/0x3c0
[ 35.403501][ T3606] ? __x64_sys_mount+0xc0/0xc0
[ 35.408243][ T3606] ? __x64_sys_mount+0x1c/0xc0
[ 35.412988][ T3606] do_syscall_64+0x3d/0xb0
[ 35.417386][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 35.423264][ T3606] RIP: 0033:0x7f7952e7684a
[ 35.427665][ T3606] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 35.447256][ T3606] RSP: 002b:00007fff951138d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 35.455657][ T3606] RAX: ffffffffffffffda RBX: 00007fff95113930 RCX: 00007f7952e7684a
[ 35.463611][ T3606] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff951138f0
[ 35.471572][ T3606] RBP: 0000000000000003 R08: 00007fff95113930 R09: 0000000000000000
[ 35.479532][ T3606] R10: 0000000000010001 R11: 0000000000000286 R12: 00007fff951138f0
[ 35.487487][ T3606] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000004
[ 35.495535][ T3606]
[ 35.498536][ T3606]
[ 35.500843][ T3606] The buggy address belongs to the physical page:
[ 35.507237][ T3606] page:ffffea0001c8c440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72311
[ 35.517368][ T3606] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 35.524459][ T3606] raw: 00fff00000000000 ffffea0001c90e48 ffffea0001c7f688 0000000000000000
[ 35.533023][ T3606] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 35.541582][ T3606] page dumped because: kasan: bad access detected
[ 35.547969][ T3606] page_owner tracks the page as freed
[ 35.553330][ T3606] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3605, tgid 3605 (sh), ts 34997560219, free_ts 35004425544
[ 35.571105][ T3606] get_page_from_freelist+0x742/0x7c0
[ 35.576462][ T3606] __alloc_pages+0x259/0x560
[ 35.581030][ T3606] __folio_alloc+0xf/0x30
[ 35.585335][ T3606] vma_alloc_folio+0x663/0xb60
[ 35.590075][ T3606] do_anonymous_page+0x329/0x1150
[ 35.595081][ T3606] handle_mm_fault+0x184b/0x3590
[ 35.599997][ T3606] do_user_addr_fault+0x69b/0xcb0
[ 35.605003][ T3606] exc_page_fault+0x7a/0x110
[ 35.609577][ T3606] asm_exc_page_fault+0x22/0x30
[ 35.614416][ T3606] page last free stack trace:
[ 35.619069][ T3606] free_pcp_prepare+0x812/0x900
[ 35.623900][ T3606] free_unref_page_list+0xb4/0x7b0
[ 35.628989][ T3606] release_pages+0x22c3/0x2540
[ 35.633735][ T3606] tlb_flush_mmu+0x850/0xa70
[ 35.638308][ T3606] tlb_finish_mmu+0xcb/0x200
[ 35.642891][ T3606] exit_mmap+0x1cb/0x520
[ 35.647120][ T3606] __mmput+0x111/0x3a0
[ 35.651167][ T3606] exec_mmap+0x565/0x5f0
[ 35.655389][ T3606] begin_new_exec+0x7a1/0xfc0
[ 35.660110][ T3606] load_elf_binary+0x912/0x2840
[ 35.664944][ T3606] bprm_execve+0x8dc/0x1590
[ 35.669428][ T3606] do_execveat_common+0x598/0x750
[ 35.674437][ T3606] __x64_sys_execve+0x8e/0xa0
[ 35.679095][ T3606] do_syscall_64+0x3d/0xb0
[ 35.683491][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 35.689365][ T3606]
[ 35.691669][ T3606] Memory state around the buggy address:
[ 35.697275][ T3606] ffff888072311680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.705314][ T3606] ffff888072311700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.713354][ T3606] >ffff888072311780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.721397][ T3606] ^
[ 35.727544][ T3606] ffff888072311800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.735590][ T3606] ffff888072311880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.743635][ T3606] ==================================================================
[ 35.752541][ T3606] Kernel panic - not syncing: panic_on_warn set ...
[ 35.759142][ T3606] CPU: 0 PID: 3606 Comm: syz-executor327 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0
[ 35.769208][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 35.779248][ T3606] Call Trace:
[ 35.782513][ T3606]
[ 35.785428][ T3606] dump_stack_lvl+0x1b1/0x28e
[ 35.790093][ T3606] ? fortify_panic+0x13/0x13
[ 35.794668][ T3606] ? panic+0x710/0x710
[ 35.798727][ T3606] ? preempt_schedule_common+0xb7/0xe0
[ 35.804175][ T3606] ? vscnprintf+0x59/0x80
[ 35.808500][ T3606] panic+0x2d6/0x710
[ 35.812383][ T3606] ? fb_is_primary_device+0xcc/0xcc
[ 35.817566][ T3606] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 35.823532][ T3606] ? print_report+0x1b4/0x1f0
[ 35.828193][ T3606] ? search_by_entry_key+0x580/0xd20
[ 35.833461][ T3606] end_report+0x91/0xa0
[ 35.837606][ T3606] kasan_report+0xd0/0xf0
[ 35.841933][ T3606] ? rcu_read_lock_sched_held+0x5d/0x110
[ 35.847550][ T3606] ? search_by_entry_key+0x580/0xd20
[ 35.852834][ T3606] search_by_entry_key+0x580/0xd20
[ 35.857932][ T3606] reiserfs_find_entry+0x280/0x1370
[ 35.863112][ T3606] ? read_lock_is_recursive+0x10/0x10
[ 35.868466][ T3606] ? reiserfs_write_lock+0x77/0xd0
[ 35.873559][ T3606] ? mutex_lock_io_nested+0x60/0x60
[ 35.878743][ T3606] ? rcu_lock_release+0x5/0x20
[ 35.883489][ T3606] ? rcu_lock_release+0x5/0x20
[ 35.888236][ T3606] ? lock_release+0x81/0x820
[ 35.892809][ T3606] ? reiserfs_get_parent+0x2b0/0x2b0
[ 35.898076][ T3606] ? lockdep_softirqs_off+0x3b3/0x430
[ 35.903429][ T3606] ? d_alloc_parallel+0x351/0x1240
[ 35.908520][ T3606] ? mutex_lock_nested+0x17/0x20
[ 35.913445][ T3606] reiserfs_lookup+0x1d0/0x490
[ 35.918189][ T3606] ? reiserfs_find_entry+0x1370/0x1370
[ 35.923633][ T3606] ? memset+0x1f/0x40
[ 35.927596][ T3606] ? lockdep_init_map_type+0x9d/0x890
[ 35.932962][ T3606] ? d_hash_and_lookup+0x1c0/0x1c0
[ 35.938055][ T3606] ? __init_waitqueue_head+0xa6/0x140
[ 35.943418][ T3606] __lookup_slow+0x266/0x3a0
[ 35.947997][ T3606] ? lookup_one_len+0x690/0x690
[ 35.952835][ T3606] lookup_one_len+0x430/0x690
[ 35.957493][ T3606] ? try_lookup_one_len+0x670/0x670
[ 35.962671][ T3606] ? prepare_error_buf+0x19c0/0x19c0
[ 35.967941][ T3606] reiserfs_lookup_privroot+0x85/0x1e0
[ 35.973385][ T3606] reiserfs_fill_super+0x1835/0x24a0
[ 35.978663][ T3606] ? reiserfs_kill_sb+0x150/0x150
[ 35.983671][ T3606] ? snprintf+0xc0/0x110
[ 35.987901][ T3606] mount_bdev+0x26c/0x3a0
[ 35.992212][ T3606] ? reiserfs_kill_sb+0x150/0x150
[ 35.997224][ T3606] legacy_get_tree+0xea/0x180
[ 36.001885][ T3606] ? remove_save_link+0x4a0/0x4a0
[ 36.006895][ T3606] vfs_get_tree+0x88/0x270
[ 36.011316][ T3606] do_new_mount+0x289/0xad0
[ 36.015821][ T3606] ? do_move_mount_old+0x150/0x150
[ 36.020914][ T3606] ? user_path_at_empty+0x149/0x1a0
[ 36.026100][ T3606] __se_sys_mount+0x2d3/0x3c0
[ 36.030773][ T3606] ? __x64_sys_mount+0xc0/0xc0
[ 36.035594][ T3606] ? __x64_sys_mount+0x1c/0xc0
[ 36.040339][ T3606] do_syscall_64+0x3d/0xb0
[ 36.044742][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 36.050627][ T3606] RIP: 0033:0x7f7952e7684a
[ 36.055028][ T3606] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 36.074621][ T3606] RSP: 002b:00007fff951138d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 36.083018][ T3606] RAX: ffffffffffffffda RBX: 00007fff95113930 RCX: 00007f7952e7684a
[ 36.090975][ T3606] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff951138f0
[ 36.098930][ T3606] RBP: 0000000000000003 R08: 00007fff95113930 R09: 0000000000000000
[ 36.106883][ T3606] R10: 0000000000010001 R11: 0000000000000286 R12: 00007fff951138f0
[ 36.114837][ T3606] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000004
[ 36.122804][ T3606]
[ 36.125978][ T3606] Kernel Offset: disabled
[ 36.130292][ T3606] Rebooting in 86400 seconds..