Warning: Permanently added '10.128.1.109' (ED25519) to the list of known hosts. executing program [ 46.321520][ T4014] loop0: detected capacity change from 0 to 8192 [ 46.400073][ T4014] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.402534][ T4014] REISERFS (device loop0): using ordered data mode [ 46.404330][ T4014] reiserfs: using flush barriers [ 46.406457][ T4014] REISERFS (device loop0): journal params: device ram0, size 127, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 46.411179][ T4014] REISERFS (device loop0): checking transaction log (ram0) [ 46.422766][ T4014] ================================================================== [ 46.424846][ T4014] BUG: KASAN: use-after-free in reiserfs_read_locked_inode+0x17e8/0x1f54 [ 46.427002][ T4014] Read of size 4 at addr ffff0000de28d000 by task syz-executor146/4014 [ 46.429040][ T4014] [ 46.429607][ T4014] CPU: 0 PID: 4014 Comm: syz-executor146 Not tainted 5.15.167-syzkaller #0 [ 46.431904][ T4014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 46.434547][ T4014] Call trace: [ 46.435492][ T4014] dump_backtrace+0x0/0x530 [ 46.436593][ T4014] show_stack+0x2c/0x3c [ 46.437592][ T4014] dump_stack_lvl+0x108/0x170 [ 46.438781][ T4014] print_address_description+0x7c/0x3f0 [ 46.440088][ T4014] kasan_report+0x174/0x1e4 [ 46.441212][ T4014] __asan_report_load_n_noabort+0x40/0x4c [ 46.442512][ T4014] reiserfs_read_locked_inode+0x17e8/0x1f54 [ 46.443919][ T4014] reiserfs_fill_super+0x108c/0x1e8c [ 46.445352][ T4014] mount_bdev+0x274/0x370 [ 46.446450][ T4014] get_super_block+0x44/0x58 [ 46.447693][ T4014] legacy_get_tree+0xd4/0x16c [ 46.448875][ T4014] vfs_get_tree+0x90/0x274 [ 46.450081][ T4014] do_new_mount+0x278/0x8fc [ 46.451221][ T4014] path_mount+0x594/0x101c [ 46.452334][ T4014] __arm64_sys_mount+0x510/0x5e0 [ 46.453637][ T4014] invoke_syscall+0x98/0x2b8 [ 46.454879][ T4014] el0_svc_common+0x138/0x258 [ 46.456122][ T4014] do_el0_svc+0x58/0x14c [ 46.457167][ T4014] el0_svc+0x7c/0x1f0 [ 46.458148][ T4014] el0t_64_sync_handler+0x84/0xe4 [ 46.459424][ T4014] el0t_64_sync+0x1a0/0x1a4 [ 46.460530][ T4014] [ 46.461127][ T4014] The buggy address belongs to the page: [ 46.462576][ T4014] page:000000008d321b26 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e28d [ 46.464964][ T4014] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 46.466825][ T4014] raw: 05ffc00000000000 fffffc000378a388 ffff0001b41a6520 0000000000000000 [ 46.469192][ T4014] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.471387][ T4014] page dumped because: kasan: bad access detected [ 46.472992][ T4014] [ 46.473545][ T4014] Memory state around the buggy address: [ 46.475039][ T4014] ffff0000de28cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.476979][ T4014] ffff0000de28cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.479031][ T4014] >ffff0000de28d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.481177][ T4014] ^ [ 46.482247][ T4014] ffff0000de28d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.484242][ T4014] ffff0000de28d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.486278][ T4014] ================================================================== [ 46.488339][ T4014] Disabling lock debugging due to kernel taint [ 46.490112][ T4014] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 46.494072][ T4014] REISERFS warning (device loop0): reiserfs_fill_super: corrupt root inode, run fsck