[ 18.076264][ T3639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.082056][ T3639] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.127287][ T1831] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.131200][ T3552] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.122' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.825537][ T3963] loop0: detected capacity change from 0 to 8192 [ 43.832316][ T3963] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 43.834532][ T3963] REISERFS (device loop0): using ordered data mode [ 43.836255][ T3963] reiserfs: using flush barriers [ 43.838454][ T3963] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 43.842925][ T3963] REISERFS (device loop0): checking transaction log (loop0) [ 43.846729][ T3963] REISERFS (device loop0): Using r5 hash to sort names [ 43.848764][ T3963] ================================================================== [ 43.850724][ T3963] BUG: KASAN: use-after-free in strlen+0x54/0x70 [ 43.852275][ T3963] Read of size 1 at addr ffff0000df7e77a3 by task syz-executor582/3963 [ 43.854195][ T3963] [ 43.854754][ T3963] CPU: 1 PID: 3963 Comm: syz-executor582 Not tainted 5.15.114-syzkaller #0 [ 43.856923][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 43.859325][ T3963] Call trace: [ 43.860100][ T3963] dump_backtrace+0x0/0x530 [ 43.861181][ T3963] show_stack+0x2c/0x3c [ 43.862179][ T3963] dump_stack_lvl+0x108/0x170 [ 43.863310][ T3963] print_address_description+0x7c/0x3f0 [ 43.864648][ T3963] kasan_report+0x174/0x1e4 [ 43.865754][ T3963] __asan_report_load1_noabort+0x44/0x50 [ 43.867200][ T3963] strlen+0x54/0x70 [ 43.868163][ T3963] reiserfs_find_entry+0x86c/0x1624 [ 43.869471][ T3963] reiserfs_lookup+0x184/0x3c4 [ 43.870706][ T3963] __lookup_slow+0x250/0x388 [ 43.871835][ T3963] lookup_one_len+0x178/0x28c [ 43.873039][ T3963] reiserfs_lookup_privroot+0x8c/0x204 [ 43.874356][ T3963] reiserfs_fill_super+0x1494/0x1e8c [ 43.875636][ T3963] mount_bdev+0x274/0x370 [ 43.876712][ T3963] get_super_block+0x44/0x58 [ 43.877849][ T3963] legacy_get_tree+0xd4/0x16c [ 43.878967][ T3963] vfs_get_tree+0x90/0x274 [ 43.880090][ T3963] do_new_mount+0x25c/0x8c4 [ 43.881273][ T3963] path_mount+0x590/0x104c [ 43.882367][ T3963] __arm64_sys_mount+0x510/0x5e0 [ 43.883653][ T3963] invoke_syscall+0x98/0x2b8 [ 43.884785][ T3963] el0_svc_common+0x138/0x258 [ 43.885863][ T3963] do_el0_svc+0x58/0x14c [ 43.886934][ T3963] el0_svc+0x7c/0x1f0 [ 43.887971][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 43.889178][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 43.890272][ T3963] [ 43.890829][ T3963] The buggy address belongs to the page: [ 43.892211][ T3963] page:00000000f6a84383 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11f7e7 [ 43.894801][ T3963] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 43.896497][ T3963] raw: 05ffc00000000000 fffffc00037dfa08 ffff0001b4836860 0000000000000000 [ 43.898612][ T3963] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 43.900794][ T3963] page dumped because: kasan: bad access detected [ 43.902392][ T3963] [ 43.902951][ T3963] Memory state around the buggy address: [ 43.904338][ T3963] ffff0000df7e7680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.906264][ T3963] ffff0000df7e7700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.908220][ T3963] >ffff0000df7e7780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.910168][ T3963] ^ [ 43.911398][ T3963] ffff0000df7e7800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.913388][ T3963] ffff0000df7e7880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.915383][ T3963] ================================================================== [ 43.917362][ T3963] Disabling lock debugging due to kernel taint