Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts. executing program [ 35.796514][ T3959] loop0: detected capacity change from 0 to 8192 [ 35.877667][ T3959] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 35.879837][ T3959] REISERFS (device loop0): using ordered data mode [ 35.880962][ T3959] reiserfs: using flush barriers [ 35.882839][ T3959] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.886448][ T3959] REISERFS (device loop0): checking transaction log (loop0) [ 35.890025][ T3959] REISERFS (device loop0): Using tea hash to sort names [ 35.891890][ T3959] ================================================================== [ 35.893670][ T3959] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 35.895332][ T3959] Read of size 4 at addr ffff0000dfc697c4 by task syz-executor239/3959 [ 35.897136][ T3959] [ 35.897671][ T3959] CPU: 1 PID: 3959 Comm: syz-executor239 Not tainted 5.15.152-syzkaller #0 [ 35.899620][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 35.901889][ T3959] Call trace: [ 35.902686][ T3959] dump_backtrace+0x0/0x530 [ 35.903679][ T3959] show_stack+0x2c/0x3c [ 35.904625][ T3959] dump_stack_lvl+0x108/0x170 [ 35.905668][ T3959] print_address_description+0x7c/0x3f0 [ 35.906888][ T3959] kasan_report+0x174/0x1e4 [ 35.907868][ T3959] __asan_report_load_n_noabort+0x40/0x4c [ 35.909165][ T3959] search_by_entry_key+0x45c/0xe88 [ 35.910241][ T3959] reiserfs_find_entry+0x2a8/0x1624 [ 35.911450][ T3959] reiserfs_lookup+0x184/0x3c4 [ 35.912562][ T3959] __lookup_slow+0x250/0x388 [ 35.913640][ T3959] lookup_one_len+0x178/0x28c [ 35.914656][ T3959] reiserfs_lookup_privroot+0x8c/0x204 [ 35.915886][ T3959] reiserfs_fill_super+0x1aec/0x1e8c [ 35.917062][ T3959] mount_bdev+0x274/0x370 [ 35.917994][ T3959] get_super_block+0x44/0x58 [ 35.919047][ T3959] legacy_get_tree+0xd4/0x16c [ 35.920177][ T3959] vfs_get_tree+0x90/0x274 [ 35.921166][ T3959] do_new_mount+0x278/0x8fc [ 35.922118][ T3959] path_mount+0x594/0x101c [ 35.923093][ T3959] __arm64_sys_mount+0x510/0x5e0 [ 35.924234][ T3959] invoke_syscall+0x98/0x2b8 [ 35.925242][ T3959] el0_svc_common+0x138/0x258 [ 35.926303][ T3959] do_el0_svc+0x58/0x14c [ 35.927287][ T3959] el0_svc+0x7c/0x1f0 [ 35.928204][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 35.929252][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 35.930205][ T3959] [ 35.930718][ T3959] The buggy address belongs to the page: [ 35.932042][ T3959] page:00000000ce108f31 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11fc69 [ 35.934336][ T3959] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 35.935971][ T3959] raw: 05ffc00000000000 fffffc00037f1a88 ffff0001b482d520 0000000000000000 [ 35.937818][ T3959] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 35.939743][ T3959] page dumped because: kasan: bad access detected [ 35.941055][ T3959] [ 35.941593][ T3959] Memory state around the buggy address: [ 35.942839][ T3959] ffff0000dfc69680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.944701][ T3959] ffff0000dfc69700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.946498][ T3959] >ffff0000dfc69780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.948337][ T3959] ^ [ 35.949691][ T3959] ffff0000dfc69800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.951581][ T3959] ffff0000dfc69880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.953429][ T3959] ================================================================== [ 35.955184][ T3959] Disabling lock debugging due to kernel taint [ 35.956967][ T3959] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.