Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.394025][ T8481] REISERFS (device loop0): found reiserfs format "3.5" with standard journal [ 59.403233][ T8481] REISERFS (device loop0): using ordered data mode [ 59.409918][ T8481] reiserfs: using flush barriers [ 59.416435][ T8481] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 59.435181][ T8481] REISERFS (device loop0): checking transaction log (loop0) [ 60.185474][ T8481] ================================================================== [ 60.194095][ T8481] BUG: KASAN: use-after-free in reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.202876][ T8481] Read of size 4 at addr ffff888035a26000 by task syz-executor059/8481 [ 60.211482][ T8481] [ 60.214006][ T8481] CPU: 0 PID: 8481 Comm: syz-executor059 Not tainted 5.10.0-rc6-syzkaller #0 [ 60.222738][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.233004][ T8481] Call Trace: [ 60.236283][ T8481] dump_stack+0x107/0x163 [ 60.240792][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.246846][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.252899][ T8481] print_address_description.constprop.0.cold+0xae/0x4c8 [ 60.259934][ T8481] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 60.265294][ T8481] ? vprintk_func+0x95/0x1e0 [ 60.269886][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.275954][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.282002][ T8481] kasan_report.cold+0x1f/0x37 [ 60.286756][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.292900][ T8481] reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.298781][ T8481] ? reiserfs_write_lock+0x75/0xf0 [ 60.303877][ T8481] ? sd_attrs_to_i_attrs+0x260/0x260 [ 60.309149][ T8481] ? mutex_lock_io_nested+0xf10/0xf60 [ 60.314500][ T8481] ? find_inode+0xc1/0x220 [ 60.318904][ T8481] ? reiserfs_init_locked_inode+0x120/0x120 [ 60.324781][ T8481] reiserfs_fill_super+0x18eb/0x2e00 [ 60.330053][ T8481] ? reiserfs_remount+0x1580/0x1580 [ 60.335233][ T8481] ? lock_downgrade+0x6d0/0x6d0 [ 60.340087][ T8481] ? snprintf+0xbb/0xf0 [ 60.344229][ T8481] ? vsprintf+0x30/0x30 [ 60.348368][ T8481] ? wait_for_completion+0x260/0x260 [ 60.353638][ T8481] ? set_blocksize+0x1c1/0x400 [ 60.358385][ T8481] mount_bdev+0x32e/0x3f0 [ 60.363063][ T8481] ? reiserfs_remount+0x1580/0x1580 [ 60.368253][ T8481] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 60.373262][ T8481] legacy_get_tree+0x105/0x220 [ 60.378012][ T8481] vfs_get_tree+0x89/0x2f0 [ 60.382415][ T8481] path_mount+0x13ad/0x20c0 [ 60.386902][ T8481] ? strncpy_from_user+0x2a0/0x3e0 [ 60.391996][ T8481] ? finish_automount+0xac0/0xac0 [ 60.396999][ T8481] ? getname_flags.part.0+0x1dd/0x4f0 [ 60.402354][ T8481] __x64_sys_mount+0x27f/0x300 [ 60.407102][ T8481] ? copy_mnt_ns+0xa60/0xa60 [ 60.411682][ T8481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 60.417556][ T8481] do_syscall_64+0x2d/0x70 [ 60.421950][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.427819][ T8481] RIP: 0033:0x447d7a [ 60.431691][ T8481] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 60.451280][ T8481] RSP: 002b:00007ffcf7e76348 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 60.459677][ T8481] RAX: ffffffffffffffda RBX: 00007ffcf7e763a0 RCX: 0000000000447d7a [ 60.467638][ T8481] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcf7e76360 [ 60.475585][ T8481] RBP: 00007ffcf7e76360 R08: 00007ffcf7e763a0 R09: 0000000000000000 [ 60.483540][ T8481] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 60.491581][ T8481] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 60.499648][ T8481] [ 60.501953][ T8481] The buggy address belongs to the page: [ 60.507757][ T8481] page:0000000050546bce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x35a26 [ 60.517902][ T8481] flags: 0xfff00000000000() [ 60.522386][ T8481] raw: 00fff00000000000 ffffea0000d689c8 ffff8880b9e39d48 0000000000000000 [ 60.530970][ T8481] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 60.539617][ T8481] page dumped because: kasan: bad access detected [ 60.546000][ T8481] [ 60.548316][ T8481] Memory state around the buggy address: [ 60.553936][ T8481] ffff888035a25f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.561994][ T8481] ffff888035a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.570049][ T8481] >ffff888035a26000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.578090][ T8481] ^ [ 60.582133][ T8481] ffff888035a26080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.590189][ T8481] ffff888035a26100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.598248][ T8481] ================================================================== [ 60.606305][ T8481] Disabling lock debugging due to kernel taint [ 60.613954][ T8481] Kernel panic - not syncing: panic_on_warn set ... [ 60.620595][ T8481] CPU: 1 PID: 8481 Comm: syz-executor059 Tainted: G B 5.10.0-rc6-syzkaller #0 [ 60.630941][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.641766][ T8481] Call Trace: [ 60.645041][ T8481] dump_stack+0x107/0x163 [ 60.649975][ T8481] ? reiserfs_read_locked_inode+0x1e40/0x2230 [ 60.656028][ T8481] panic+0x306/0x73d [ 60.660305][ T8481] ? __warn_printk+0xf3/0xf3 [ 60.665089][ T8481] ? preempt_schedule_common+0x59/0xc0 [ 60.670594][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.676725][ T8481] ? preempt_schedule_thunk+0x16/0x18 [ 60.682140][ T8481] ? trace_hardirqs_on+0x51/0x1c0 [ 60.687257][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.693303][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.699528][ T8481] end_report+0x58/0x5e [ 60.703670][ T8481] kasan_report.cold+0xd/0x37 [ 60.708490][ T8481] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.714546][ T8481] reiserfs_read_locked_inode+0x1f2d/0x2230 [ 60.720407][ T8481] ? reiserfs_write_lock+0x75/0xf0 [ 60.725493][ T8481] ? sd_attrs_to_i_attrs+0x260/0x260 [ 60.730748][ T8481] ? mutex_lock_io_nested+0xf10/0xf60 [ 60.736087][ T8481] ? find_inode+0xc1/0x220 [ 60.740470][ T8481] ? reiserfs_init_locked_inode+0x120/0x120 [ 60.746334][ T8481] reiserfs_fill_super+0x18eb/0x2e00 [ 60.751589][ T8481] ? reiserfs_remount+0x1580/0x1580 [ 60.756759][ T8481] ? lock_downgrade+0x6d0/0x6d0 [ 60.761822][ T8481] ? snprintf+0xbb/0xf0 [ 60.765947][ T8481] ? vsprintf+0x30/0x30 [ 60.770131][ T8481] ? wait_for_completion+0x260/0x260 [ 60.775404][ T8481] ? set_blocksize+0x1c1/0x400 [ 60.780155][ T8481] mount_bdev+0x32e/0x3f0 [ 60.784458][ T8481] ? reiserfs_remount+0x1580/0x1580 [ 60.789638][ T8481] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 60.794643][ T8481] legacy_get_tree+0x105/0x220 [ 60.799389][ T8481] vfs_get_tree+0x89/0x2f0 [ 60.803788][ T8481] path_mount+0x13ad/0x20c0 [ 60.808266][ T8481] ? strncpy_from_user+0x2a0/0x3e0 [ 60.813357][ T8481] ? finish_automount+0xac0/0xac0 [ 60.818376][ T8481] ? getname_flags.part.0+0x1dd/0x4f0 [ 60.823746][ T8481] __x64_sys_mount+0x27f/0x300 [ 60.828487][ T8481] ? copy_mnt_ns+0xa60/0xa60 [ 60.833058][ T8481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 60.839015][ T8481] do_syscall_64+0x2d/0x70 [ 60.843413][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.849504][ T8481] RIP: 0033:0x447d7a [ 60.853549][ T8481] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 60.873929][ T8481] RSP: 002b:00007ffcf7e76348 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 60.882516][ T8481] RAX: ffffffffffffffda RBX: 00007ffcf7e763a0 RCX: 0000000000447d7a [ 60.890879][ T8481] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcf7e76360 [ 60.898930][ T8481] RBP: 00007ffcf7e76360 R08: 00007ffcf7e763a0 R09: 0000000000000000 [ 60.906885][ T8481] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 60.915047][ T8481] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 60.926580][ T8481] Kernel Offset: disabled [ 60.930994][ T8481] Rebooting in 86400 seconds..