syzbot

 sign-in | mailing list | source | docs
🐞 Open [898]
🐞 Fixed [141]
🐞 Invalid [1041]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: use-after-free Read in reiserfs_release_objectid (2)

Status: upstream: reported C repro on 2025/01/08 08:59
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8b37105f98b0cda6bbcd@syzkaller.appspotmail.com
First crash: 437d, last: 5h37m
Bug presence (2)
Date Name Commit Repro Result
2025/01/08 linux-6.1.y (ToT) 7dc732d24ff7 C [report] KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 upstream (ToT) eea6e4b4dfb8 C Didn't crash
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in reiserfs_release_objectid 19 C 1 1115d 1203d 0/1 upstream: reported C repro on 2022/12/04 21:28
linux-6.1 KASAN: use-after-free Read in reiserfs_release_objectid 19 1 1077d 1077d 0/3 auto-obsoleted due to no activity on 2023/08/07 07:31
upstream KASAN: use-after-free Read in reiserfs_release_objectid fs 19 C error done 6 807d 1208d 0/29 auto-obsoleted due to no activity on 2024/05/25 08:15
linux-5.15 KASAN: use-after-free Read in reiserfs_release_objectid missing-backport origin:lts-only 19 C error 139 1h43m 605d 0/3 upstream: reported C repro on 2024/07/24 14:44
linux-4.19 KASAN: use-after-free Read in reiserfs_release_objectid reiserfs 19 C error 2 1133d 1209d 0/1 upstream: reported C repro on 2022/11/28 17:34
linux-6.6 KASAN: use-after-free Read in reiserfs_release_objectid origin:lts-only 19 C error 19 12d 111d 0/2 upstream: reported C repro on 2025/11/30 15:46
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/11/08 02:07 1h51m fix candidate upstream OK (0) job log
2025/03/23 11:07 17m fix candidate upstream error job log

Sample crash report:
REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2)
REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
==================================================================
BUG: KASAN: use-after-free in reiserfs_release_objectid+0x430/0x614 fs/reiserfs/objectid.c:165
Read of size 8188 at addr ffff0000ec5fe050 by task syz.0.17/4512

CPU: 0 PID: 4512 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
Call trace:
 dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 print_address_description+0x88/0x218 mm/kasan/report.c:316
 print_report+0x50/0x68 mm/kasan/report.c:420
 kasan_report+0xa8/0xfc mm/kasan/report.c:524
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x258/0x290 mm/kasan/generic.c:189
 memmove+0x48/0x90 mm/kasan/shadow.c:54
 reiserfs_release_objectid+0x430/0x614 fs/reiserfs/objectid.c:165
 remove_save_link+0x234/0x350 fs/reiserfs/super.c:542
 reiserfs_evict_inode+0x308/0x408 fs/reiserfs/inode.c:91
 evict+0x3e0/0x828 fs/inode.c:705
 iput_final fs/inode.c:1834 [inline]
 iput+0x754/0x7e4 fs/inode.c:1860
 dentry_unlink_inode+0x360/0x438 fs/dcache.c:405
 __dentry_kill+0x320/0x598 fs/dcache.c:611
 dentry_kill+0xc8/0x248 fs/dcache.c:-1
 dput+0x238/0x454 fs/dcache.c:918
 do_renameat2+0x750/0xa74 fs/namei.c:5037
 __do_sys_renameat2 fs/namei.c:5068 [inline]
 __se_sys_renameat2 fs/namei.c:5065 [inline]
 __arm64_sys_renameat2+0xe0/0xfc fs/namei.c:5065
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the physical page:
page:00000000fc187fe3 refcount:3 mapcount:0 mapping:00000000ee3cdb62 index:0x10 pfn:0x12c5fe
memcg:ffff0000cefb0000
aops:def_blk_aops ino:700000
flags: 0x5ffc60000022046(referenced|uptodate|workingset|private|mappedtodisk|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000022046 0000000000000000 dead000000000122 ffff0000c058bf10
raw: 0000000000000010 ffff0000e0eb41d0 00000003ffffffff ffff0000cefb0000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000ec5fef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000ec5fef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000ec5ff000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff0000ec5ff080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000ec5ff100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================

Crashes (371):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/21 10:14 linux-6.1.y f2ddafa93a25 5b92003d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/12/02 04:58 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/12/02 03:08 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 15:57 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 14:36 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 12:39 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 11:19 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 08:59 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/27 07:17 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/08/11 08:19 linux-6.1.y 3594f306da12 32a0e5ed .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/04/28 06:40 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 14:11 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 12:52 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 11:45 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 10:11 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/13 15:39 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/15 08:07 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/05 09:27 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/21 18:12 linux-6.1.y f2ddafa93a25 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/21 16:54 linux-6.1.y f2ddafa93a25 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/21 14:56 linux-6.1.y f2ddafa93a25 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/21 09:21 linux-6.1.y f2ddafa93a25 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/20 11:07 linux-6.1.y f2ddafa93a25 2f245add .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/20 06:58 linux-6.1.y f2ddafa93a25 2f245add .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/19 20:54 linux-6.1.y f2ddafa93a25 bd6dcb30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/19 15:00 linux-6.1.y f2ddafa93a25 bd6dcb30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/19 09:45 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/19 03:11 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/19 01:55 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/18 22:50 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/18 15:15 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/18 15:14 linux-6.1.y f2ddafa93a25 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/18 00:20 linux-6.1.y f2ddafa93a25 c8810548 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/17 12:03 linux-6.1.y f2ddafa93a25 c01bca74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/16 23:20 linux-6.1.y f2ddafa93a25 0737c18f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/12 21:31 linux-6.1.y f2ddafa93a25 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 11:11 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 10:50 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 09:32 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 09:06 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 09:03 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 06:18 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/10 06:16 linux-6.1.y f2ddafa93a25 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/09 02:45 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/03/09 02:30 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/02/16 04:43 linux-6.1.y 8ce36b2849ef 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/02/15 09:17 linux-6.1.y 8ce36b2849ef 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/02/07 09:41 linux-6.1.y 0182cb5b74ee f20fc9f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/25 19:24 linux-6.1.y cd9b81672742 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/25 14:07 linux-6.1.y cd9b81672742 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/17 23:40 linux-6.1.y cd9b81672742 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/17 04:22 linux-6.1.y bec0e10ee67e 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/15 13:49 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/15 12:11 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/15 11:01 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/15 05:52 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/06 12:29 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/06 07:24 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/01/05 23:43 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 08:58 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2026/02/15 21:35 linux-6.1.y 8ce36b2849ef 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: slab-out-of-bounds Read in reiserfs_release_objectid
2026/01/08 08:51 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: out-of-bounds Read in reiserfs_release_objectid
* Struck through repros no longer work on HEAD.