Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. executing program [ 35.361781][ T4294] loop0: detected capacity change from 0 to 8192 [ 35.367627][ T4294] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 35.371209][ T4294] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 35.374612][ T4294] REISERFS (device loop0): using ordered data mode [ 35.376315][ T4294] reiserfs: using flush barriers [ 35.382268][ T4294] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.387079][ T4294] REISERFS (device loop0): checking transaction log (loop0) [ 35.439352][ T4294] REISERFS (device loop0): Using tea hash to sort names [ 35.441568][ T4294] ================================================================== [ 35.443768][ T4294] BUG: KASAN: use-after-free in search_by_entry_key+0x458/0xe34 [ 35.445732][ T4294] Read of size 4 at addr ffff0001742c2024 by task syz-executor585/4294 [ 35.447919][ T4294] [ 35.448570][ T4294] CPU: 0 PID: 4294 Comm: syz-executor585 Not tainted 6.1.135-syzkaller #0 [ 35.450811][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.453518][ T4294] Call trace: [ 35.454429][ T4294] dump_backtrace+0x1c8/0x1f4 [ 35.455813][ T4294] show_stack+0x2c/0x3c [ 35.456918][ T4294] __dump_stack+0x30/0x40 [ 35.458141][ T4294] dump_stack_lvl+0xf8/0x160 [ 35.459362][ T4294] print_address_description+0x88/0x220 [ 35.460859][ T4294] print_report+0x50/0x68 [ 35.462035][ T4294] kasan_report+0xa8/0x100 [ 35.463366][ T4294] __asan_report_load_n_noabort+0x28/0x34 [ 35.464922][ T4294] search_by_entry_key+0x458/0xe34 [ 35.466276][ T4294] reiserfs_find_entry+0x260/0x13b8 [ 35.467602][ T4294] reiserfs_lookup+0x15c/0x378 [ 35.468888][ T4294] __lookup_slow+0x24c/0x370 [ 35.470069][ T4294] lookup_one_len+0x178/0x28c [ 35.471321][ T4294] reiserfs_lookup_privroot+0x8c/0x204 [ 35.472847][ T4294] reiserfs_fill_super+0x18ec/0x1d40 [ 35.474192][ T4294] mount_bdev+0x264/0x358 [ 35.475348][ T4294] get_super_block+0x44/0x58 [ 35.476509][ T4294] legacy_get_tree+0xd4/0x16c [ 35.477790][ T4294] vfs_get_tree+0x90/0x274 [ 35.478913][ T4294] do_new_mount+0x228/0x810 [ 35.480150][ T4294] path_mount+0x5b4/0xe78 [ 35.481313][ T4294] __arm64_sys_mount+0x49c/0x584 [ 35.482709][ T4294] invoke_syscall+0x98/0x2bc [ 35.483926][ T4294] el0_svc_common+0x138/0x258 [ 35.485137][ T4294] do_el0_svc+0x58/0x13c [ 35.486233][ T4294] el0_svc+0x58/0x138 [ 35.487315][ T4294] el0t_64_sync_handler+0x84/0xf0 [ 35.488677][ T4294] el0t_64_sync+0x18c/0x190 [ 35.489920][ T4294] [ 35.490517][ T4294] The buggy address belongs to the physical page: [ 35.492218][ T4294] page:000000003de3eee6 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1b42c2 [ 35.495017][ T4294] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 35.496947][ T4294] raw: 05ffc00000000000 fffffc0005d0b0c8 ffff0001b3e30e20 0000000000000000 [ 35.499320][ T4294] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 35.501626][ T4294] page dumped because: kasan: bad access detected [ 35.503429][ T4294] [ 35.504016][ T4294] Memory state around the buggy address: [ 35.505515][ T4294] ffff0001742c1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.507638][ T4294] ffff0001742c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.510003][ T4294] >ffff0001742c2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.512284][ T4294] ^ [ 35.513604][ T4294] ffff0001742c2080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.515898][ T4294] ffff0001742c2100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.518098][ T4294] ================================================================== [ 35.520339][ T4294] Disabling lock debugging due to kernel taint [ 35.522530][ T4294] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.