Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.052225][ T3963] loop0: detected capacity change from 0 to 8192 [ 44.058741][ T3963] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 44.060877][ T3963] REISERFS (device loop0): using ordered data mode [ 44.062307][ T3963] reiserfs: using flush barriers [ 44.064334][ T3963] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 44.068205][ T3963] REISERFS (device loop0): checking transaction log (loop0) [ 44.071736][ T3963] REISERFS (device loop0): Using r5 hash to sort names [ 44.073403][ T3963] ================================================================== [ 44.075124][ T3963] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 44.076723][ T3963] Read of size 4 at addr ffff0000ddad7004 by task syz-executor898/3963 [ 44.078492][ T3963] [ 44.078964][ T3963] CPU: 1 PID: 3963 Comm: syz-executor898 Not tainted 5.15.111-syzkaller #0 [ 44.080748][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 44.082841][ T3963] Call trace: [ 44.083482][ T3963] dump_backtrace+0x0/0x530 [ 44.084467][ T3963] show_stack+0x2c/0x3c [ 44.085331][ T3963] dump_stack_lvl+0x108/0x170 [ 44.086289][ T3963] print_address_description+0x7c/0x3f0 [ 44.087435][ T3963] kasan_report+0x174/0x1e4 [ 44.088374][ T3963] __asan_report_load_n_noabort+0x40/0x4c [ 44.089548][ T3963] search_by_entry_key+0x45c/0xe88 [ 44.090652][ T3963] reiserfs_find_entry+0xdbc/0x1624 [ 44.091750][ T3963] reiserfs_lookup+0x184/0x3c4 [ 44.092676][ T3963] __lookup_slow+0x250/0x388 [ 44.093635][ T3963] lookup_one_len+0x178/0x28c [ 44.094579][ T3963] reiserfs_lookup_privroot+0x8c/0x204 [ 44.095712][ T3963] reiserfs_fill_super+0x1494/0x1e8c [ 44.096830][ T3963] mount_bdev+0x26c/0x368 [ 44.097747][ T3963] get_super_block+0x44/0x58 [ 44.098720][ T3963] legacy_get_tree+0xd4/0x16c [ 44.099671][ T3963] vfs_get_tree+0x90/0x274 [ 44.100584][ T3963] do_new_mount+0x25c/0x8c8 [ 44.101555][ T3963] path_mount+0x590/0x104c [ 44.102473][ T3963] __arm64_sys_mount+0x510/0x5e0 [ 44.103527][ T3963] invoke_syscall+0x98/0x2b8 [ 44.104431][ T3963] el0_svc_common+0x138/0x258 [ 44.105416][ T3963] do_el0_svc+0x58/0x14c [ 44.106282][ T3963] el0_svc+0x7c/0x1f0 [ 44.107082][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 44.108036][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 44.108930][ T3963] [ 44.109402][ T3963] The buggy address belongs to the page: [ 44.110530][ T3963] page:000000004299556a refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11dad7 [ 44.112560][ T3963] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 44.113939][ T3963] raw: 05ffc00000000000 fffffc000376b608 ffff0001b4836860 0000000000000000 [ 44.116033][ T3963] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 44.118089][ T3963] page dumped because: kasan: bad access detected [ 44.119528][ T3963] [ 44.120008][ T3963] Memory state around the buggy address: [ 44.121214][ T3963] ffff0000ddad6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.123007][ T3963] ffff0000ddad6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.124816][ T3963] >ffff0000ddad7000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.126537][ T3963] ^ [ 44.127342][ T3963] ffff0000ddad7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.129068][ T3963] ffff0000ddad7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.130768][ T3963] ================================================================== [ 44.132426][ T3963] Disabling lock debugging due to kernel taint