Warning: Permanently added '10.128.1.78' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.933822][ T4216] loop0: detected capacity change from 0 to 8192 [ 45.938187][ T4216] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.940999][ T4216] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.943041][ T4216] REISERFS (device loop0): using ordered data mode [ 45.944440][ T4216] reiserfs: using flush barriers [ 45.946331][ T4216] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.949587][ T4216] REISERFS (device loop0): checking transaction log (loop0) [ 45.953040][ T4216] REISERFS (device loop0): Using r5 hash to sort names [ 45.954777][ T4216] ================================================================== [ 45.956475][ T4216] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 45.958110][ T4216] Read of size 4 at addr ffff0000e0e74004 by task syz-executor275/4216 [ 45.959775][ T4216] [ 45.960234][ T4216] CPU: 0 PID: 4216 Comm: syz-executor275 Not tainted 6.1.27-syzkaller #0 [ 45.962040][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 45.964157][ T4216] Call trace: [ 45.964811][ T4216] dump_backtrace+0x1c8/0x1f4 [ 45.965796][ T4216] show_stack+0x2c/0x3c [ 45.966694][ T4216] dump_stack_lvl+0x108/0x170 [ 45.967676][ T4216] print_report+0x174/0x4c0 [ 45.968658][ T4216] kasan_report+0xd4/0x130 [ 45.969572][ T4216] __asan_report_load_n_noabort+0x28/0x34 [ 45.970796][ T4216] search_by_entry_key+0x45c/0xe88 [ 45.971934][ T4216] reiserfs_find_entry+0xd20/0x149c [ 45.973040][ T4216] reiserfs_lookup+0x184/0x3c4 [ 45.974029][ T4216] __lookup_slow+0x250/0x374 [ 45.975033][ T4216] lookup_one_len+0x178/0x28c [ 45.976002][ T4216] reiserfs_lookup_privroot+0x8c/0x204 [ 45.977170][ T4216] reiserfs_fill_super+0x15b4/0x2028 [ 45.978283][ T4216] mount_bdev+0x26c/0x368 [ 45.979218][ T4216] get_super_block+0x44/0x58 [ 45.980192][ T4216] legacy_get_tree+0xd4/0x16c [ 45.981163][ T4216] vfs_get_tree+0x90/0x274 [ 45.982092][ T4216] do_new_mount+0x25c/0x8c8 [ 45.983027][ T4216] path_mount+0x590/0xe58 [ 45.983993][ T4216] __arm64_sys_mount+0x45c/0x594 [ 45.985065][ T4216] invoke_syscall+0x98/0x2c0 [ 45.986009][ T4216] el0_svc_common+0x138/0x258 [ 45.987002][ T4216] do_el0_svc+0x64/0x218 [ 45.987901][ T4216] el0_svc+0x58/0x168 [ 45.988796][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 45.989875][ T4216] el0t_64_sync+0x18c/0x190 [ 45.990819][ T4216] [ 45.991300][ T4216] The buggy address belongs to the physical page: [ 45.992636][ T4216] page:00000000d4852bc2 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x120e74 [ 45.994865][ T4216] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 45.996351][ T4216] raw: 05ffc00000000000 fffffc0003839d48 ffff0001b45cc220 0000000000000000 [ 45.998105][ T4216] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 45.999959][ T4216] page dumped because: kasan: bad access detected [ 46.001281][ T4216] [ 46.001779][ T4216] Memory state around the buggy address: [ 46.002952][ T4216] ffff0000e0e73f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.004590][ T4216] ffff0000e0e73f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.006269][ T4216] >ffff0000e0e74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.007926][ T4216] ^ [ 46.008783][ T4216] ffff0000e0e74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.010502][ T4216] ffff0000e0e74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.012185][ T4216] ================================================================== [ 46.014059][ T4216] Disabling lock debugging due to kernel taint