Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. executing program syzkaller login: [ 38.944434][ T3960] loop0: detected capacity change from 0 to 8192 [ 39.019304][ T3960] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 39.022035][ T3960] REISERFS (device loop0): using ordered data mode [ 39.023735][ T3960] reiserfs: using flush barriers [ 39.026089][ T3960] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.030968][ T3960] REISERFS (device loop0): checking transaction log (loop0) [ 39.034839][ T3960] REISERFS (device loop0): Using tea hash to sort names [ 39.037035][ T3960] ================================================================== [ 39.039179][ T3960] BUG: KASAN: use-after-free in search_by_entry_key+0x45c/0xe88 [ 39.041151][ T3960] Read of size 4 at addr ffff0000de4c7fc4 by task syz-executor162/3960 [ 39.043360][ T3960] [ 39.043987][ T3960] CPU: 0 PID: 3960 Comm: syz-executor162 Not tainted 5.15.153-syzkaller #0 [ 39.046265][ T3960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 39.048918][ T3960] Call trace: [ 39.049849][ T3960] dump_backtrace+0x0/0x530 [ 39.051084][ T3960] show_stack+0x2c/0x3c [ 39.052169][ T3960] dump_stack_lvl+0x108/0x170 [ 39.053388][ T3960] print_address_description+0x7c/0x3f0 [ 39.054875][ T3960] kasan_report+0x174/0x1e4 [ 39.056054][ T3960] __asan_report_load_n_noabort+0x40/0x4c [ 39.057555][ T3960] search_by_entry_key+0x45c/0xe88 [ 39.058896][ T3960] reiserfs_find_entry+0x2a8/0x1624 [ 39.060279][ T3960] reiserfs_lookup+0x184/0x3c4 [ 39.061459][ T3960] __lookup_slow+0x250/0x388 [ 39.062652][ T3960] lookup_one_len+0x178/0x28c [ 39.063867][ T3960] reiserfs_lookup_privroot+0x8c/0x204 [ 39.065253][ T3960] reiserfs_fill_super+0x1aec/0x1e8c [ 39.066616][ T3960] mount_bdev+0x274/0x370 [ 39.067694][ T3960] get_super_block+0x44/0x58 [ 39.068831][ T3960] legacy_get_tree+0xd4/0x16c [ 39.070055][ T3960] vfs_get_tree+0x90/0x274 [ 39.071198][ T3960] do_new_mount+0x278/0x8fc [ 39.072385][ T3960] path_mount+0x594/0x101c [ 39.073547][ T3960] __arm64_sys_mount+0x510/0x5e0 [ 39.074801][ T3960] invoke_syscall+0x98/0x2b8 [ 39.075969][ T3960] el0_svc_common+0x138/0x258 [ 39.077148][ T3960] do_el0_svc+0x58/0x14c [ 39.078227][ T3960] el0_svc+0x7c/0x1f0 [ 39.079154][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 39.080445][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 39.081686][ T3960] [ 39.082293][ T3960] The buggy address belongs to the page: [ 39.083777][ T3960] page:00000000020e47b0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e4c7 [ 39.086541][ T3960] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 39.088488][ T3960] raw: 05ffc00000000000 fffffc0003793208 fffffc0003793188 0000000000000000 [ 39.090735][ T3960] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 39.092974][ T3960] page dumped because: kasan: bad access detected [ 39.094625][ T3960] [ 39.095256][ T3960] Memory state around the buggy address: [ 39.096720][ T3960] ffff0000de4c7e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.098848][ T3960] ffff0000de4c7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.100936][ T3960] >ffff0000de4c7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.103020][ T3960] ^ [ 39.104508][ T3960] ffff0000de4c8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.106719][ T3960] ffff0000de4c8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.108898][ T3960] ================================================================== [ 39.110998][ T3960] Disabling lock debugging due to kernel taint [ 39.112773][ T3960] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 39.116185][ T3960] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.