Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts. executing program [ 36.469471][ T6085] syz-executor349[6085]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 36.512384][ T6085] loop0: detected capacity change from 0 to 8192 [ 36.516930][ T6085] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 36.520373][ T6085] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 36.522718][ T6085] REISERFS (device loop0): using ordered data mode [ 36.524301][ T6085] reiserfs: using flush barriers [ 36.526583][ T6085] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.530896][ T6085] REISERFS (device loop0): checking transaction log (loop0) [ 36.534498][ T6085] REISERFS (device loop0): Using tea hash to sort names [ 36.536976][ T6085] ================================================================== [ 36.539025][ T6085] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 36.540960][ T6085] Read of size 4 at addr ffff0000dfee5fc4 by task syz-executor349/6085 [ 36.543107][ T6085] [ 36.543674][ T6085] CPU: 1 PID: 6085 Comm: syz-executor349 Not tainted 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 36.546063][ T6085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 36.548761][ T6085] Call trace: [ 36.549590][ T6085] dump_backtrace+0x1b8/0x1e4 [ 36.550772][ T6085] show_stack+0x2c/0x44 [ 36.551831][ T6085] dump_stack_lvl+0xd0/0x124 [ 36.553057][ T6085] print_report+0x174/0x514 [ 36.554276][ T6085] kasan_report+0xd8/0x138 [ 36.555459][ T6085] __asan_report_load_n_noabort+0x1c/0x28 [ 36.557072][ T6085] search_by_entry_key+0x45c/0xe88 [ 36.558483][ T6085] reiserfs_find_entry+0x288/0x149c [ 36.559852][ T6085] reiserfs_lookup+0x17c/0x45c [ 36.561142][ T6085] __lookup_slow+0x250/0x374 [ 36.562318][ T6085] lookup_one_len+0x178/0x28c [ 36.563578][ T6085] reiserfs_lookup_privroot+0x8c/0x184 [ 36.565028][ T6085] reiserfs_fill_super+0x1bc0/0x2028 [ 36.566454][ T6085] mount_bdev+0x1e8/0x2b4 [ 36.567618][ T6085] get_super_block+0x44/0x58 [ 36.568855][ T6085] legacy_get_tree+0xd4/0x16c [ 36.570126][ T6085] vfs_get_tree+0x90/0x288 [ 36.571291][ T6085] do_new_mount+0x25c/0x8c8 [ 36.572506][ T6085] path_mount+0x590/0xe04 [ 36.573633][ T6085] __arm64_sys_mount+0x45c/0x594 [ 36.574969][ T6085] invoke_syscall+0x98/0x2b8 [ 36.576207][ T6085] el0_svc_common+0x130/0x23c [ 36.577473][ T6085] do_el0_svc+0x48/0x58 [ 36.578582][ T6085] el0_svc+0x54/0x158 [ 36.579629][ T6085] el0t_64_sync_handler+0x84/0xfc [ 36.581002][ T6085] el0t_64_sync+0x190/0x194 [ 36.582251][ T6085] [ 36.582849][ T6085] The buggy address belongs to the physical page: [ 36.584564][ T6085] page:000000008a548f3d refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11fee5 [ 36.587314][ T6085] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 36.589228][ T6085] page_type: 0xffffffff() [ 36.590363][ T6085] raw: 05ffc00000000000 fffffc00037fb988 fffffc00037fb908 0000000000000000 [ 36.592639][ T6085] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 36.594899][ T6085] page dumped because: kasan: bad access detected [ 36.596632][ T6085] [ 36.597241][ T6085] Memory state around the buggy address: [ 36.598729][ T6085] ffff0000dfee5e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.600878][ T6085] ffff0000dfee5f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.603048][ T6085] >ffff0000dfee5f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.605179][ T6085] ^ [ 36.606904][ T6085] ffff0000dfee6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.609007][ T6085] ffff0000dfee6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.611170][ T6085] ================================================================== [ 36.613488][ T6085] Disabling lock debugging due to kernel taint [ 36.615250][ T6085] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 36.618764][ T6085] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.