[ 15.072483][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.077100][ T5601] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.128120][ T537] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.132431][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.180' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.836072][ T5925] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5925 'syz-executor513' [ 39.876743][ T5925] loop0: detected capacity change from 0 to 8192 [ 39.880838][ T5925] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.883542][ T5925] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 39.885626][ T5925] REISERFS (device loop0): using ordered data mode [ 39.886863][ T5925] reiserfs: using flush barriers [ 39.888520][ T5925] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.892380][ T5925] REISERFS (device loop0): checking transaction log (loop0) [ 39.895494][ T5925] REISERFS (device loop0): Using r5 hash to sort names [ 39.897097][ T5925] ================================================================== [ 39.898698][ T5925] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 39.900215][ T5925] Read of size 4 at addr ffff0000e2b37004 by task syz-executor513/5925 [ 39.901930][ T5925] [ 39.902449][ T5925] CPU: 1 PID: 5925 Comm: syz-executor513 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 [ 39.904393][ T5925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 39.906445][ T5925] Call trace: [ 39.907150][ T5925] dump_backtrace+0x1b8/0x1e4 [ 39.908106][ T5925] show_stack+0x2c/0x44 [ 39.908927][ T5925] dump_stack_lvl+0xd0/0x124 [ 39.909842][ T5925] print_report+0x174/0x514 [ 39.910730][ T5925] kasan_report+0xd4/0x130 [ 39.911669][ T5925] __asan_report_load_n_noabort+0x1c/0x28 [ 39.912816][ T5925] search_by_entry_key+0x45c/0xe88 [ 39.913853][ T5925] reiserfs_find_entry+0xd20/0x149c [ 39.914915][ T5925] reiserfs_lookup+0x184/0x3c4 [ 39.915863][ T5925] __lookup_slow+0x250/0x374 [ 39.916825][ T5925] lookup_one_len+0x178/0x28c [ 39.917764][ T5925] reiserfs_lookup_privroot+0x8c/0x204 [ 39.918892][ T5925] reiserfs_fill_super+0x15b4/0x2028 [ 39.920016][ T5925] mount_bdev+0x26c/0x368 [ 39.920877][ T5925] get_super_block+0x44/0x58 [ 39.921794][ T5925] legacy_get_tree+0xd4/0x16c [ 39.922773][ T5925] vfs_get_tree+0x90/0x274 [ 39.923664][ T5925] do_new_mount+0x25c/0x8c8 [ 39.924594][ T5925] path_mount+0x590/0xe04 [ 39.925494][ T5925] __arm64_sys_mount+0x45c/0x594 [ 39.926544][ T5925] invoke_syscall+0x98/0x2c0 [ 39.927429][ T5925] el0_svc_common+0x138/0x258 [ 39.928416][ T5925] do_el0_svc+0x64/0x198 [ 39.929265][ T5925] el0_svc+0x4c/0x15c [ 39.930164][ T5925] el0t_64_sync_handler+0x84/0xf0 [ 39.931179][ T5925] el0t_64_sync+0x190/0x194 [ 39.932073][ T5925] [ 39.932521][ T5925] The buggy address belongs to the physical page: [ 39.933865][ T5925] page:000000009a787874 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x122b37 [ 39.935976][ T5925] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 39.937514][ T5925] raw: 05ffc00000000000 fffffc00038ace08 ffff0001b428eca0 0000000000000000 [ 39.939321][ T5925] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 39.941034][ T5925] page dumped because: kasan: bad access detected [ 39.942359][ T5925] [ 39.942822][ T5925] Memory state around the buggy address: [ 39.944002][ T5925] ffff0000e2b36f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.945689][ T5925] ffff0000e2b36f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.947329][ T5925] >ffff0000e2b37000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.949016][ T5925] ^ [ 39.949831][ T5925] ffff0000e2b37080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.951466][ T5925] ffff0000e2b37100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.953156][ T5925] ================================================================== [ 39.954936][ T5925] Disabling lock debugging due to kernel taint