Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 50.494797] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 50.505150] REISERFS (device loop0): using ordered data mode [ 50.512086] reiserfs: using flush barriers [ 50.517443] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 0, max trans age 30 [ 50.538847] REISERFS (device loop0): checking transaction log (loop0) [ 50.547898] REISERFS (device loop0): Using r5 hash to sort names [ 50.554880] REISERFS (device loop0): using 3.5.x disk format [ 50.561424] ================================================================== [ 50.568843] BUG: KASAN: use-after-free in search_by_entry_key+0xcda/0xf30 [ 50.575897] Read of size 4 at addr ffff88808aaf37c4 by task syz-executor205/8110 [ 50.583410] [ 50.585028] CPU: 0 PID: 8110 Comm: syz-executor205 Not tainted 4.19.211-syzkaller #0 [ 50.592886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 50.602240] Call Trace: [ 50.604819] dump_stack+0x1fc/0x2ef [ 50.608434] print_address_description.cold+0x54/0x219 [ 50.613695] kasan_report_error.cold+0x8a/0x1b9 [ 50.618486] ? search_by_entry_key+0xcda/0xf30 [ 50.623179] __asan_report_load_n_noabort+0x8b/0xa0 [ 50.628192] ? search_by_entry_key+0xcda/0xf30 [ 50.632767] search_by_entry_key+0xcda/0xf30 [ 50.637169] reiserfs_find_entry.part.0+0x142/0x1480 [ 50.642277] ? reiserfs_write_lock+0x75/0xf0 [ 50.646684] ? search_by_entry_key+0xf30/0xf30 [ 50.651255] ? lock_downgrade+0x720/0x720 [ 50.655395] reiserfs_lookup+0x24a/0x490 [ 50.659448] ? reiserfs_unlink+0x760/0x760 [ 50.663674] ? mark_held_locks+0xf0/0xf0 [ 50.667731] ? __lockdep_init_map+0x100/0x5a0 [ 50.672209] ? __lockdep_init_map+0x100/0x5a0 [ 50.676692] __lookup_slow+0x246/0x4a0 [ 50.680576] ? follow_dotdot_rcu+0x1040/0x1040 [ 50.685145] ? __d_lookup+0x411/0x710 [ 50.688933] ? d_lookup+0x18e/0x250 [ 50.692546] lookup_one_len+0x163/0x190 [ 50.696507] ? try_lookup_one_len+0x180/0x180 [ 50.700999] reiserfs_lookup_privroot+0x92/0x280 [ 50.705836] reiserfs_fill_super+0x18e8/0x2d80 [ 50.710433] ? reiserfs_remount+0x1540/0x1540 [ 50.714927] ? lock_downgrade+0x720/0x720 [ 50.719161] ? snprintf+0xbb/0xf0 [ 50.722655] ? vsprintf+0x30/0x30 [ 50.726118] ? wait_for_completion_io+0x10/0x10 [ 50.730775] mount_bdev+0x2fc/0x3b0 [ 50.734390] ? reiserfs_remount+0x1540/0x1540 [ 50.738868] mount_fs+0xa3/0x310 [ 50.742224] vfs_kern_mount.part.0+0x68/0x470 [ 50.746703] do_mount+0x115c/0x2f50 [ 50.750316] ? do_raw_spin_unlock+0x171/0x230 [ 50.754801] ? check_preemption_disabled+0x41/0x280 [ 50.759813] ? copy_mount_string+0x40/0x40 [ 50.764049] ? copy_mount_options+0x59/0x380 [ 50.768453] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 50.773581] ? kmem_cache_alloc_trace+0x323/0x380 [ 50.778418] ? copy_mount_options+0x26f/0x380 [ 50.782907] ksys_mount+0xcf/0x130 [ 50.786444] __x64_sys_mount+0xba/0x150 [ 50.790407] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 50.795084] do_syscall_64+0xf9/0x620 [ 50.798901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.804074] RIP: 0033:0x7f0569f6df4a [ 50.807942] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.826919] RSP: 002b:00007ffda33d87a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 50.835046] RAX: ffffffffffffffda RBX: 00007ffda33d8800 RCX: 00007f0569f6df4a [ 50.842303] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffda33d87c0 [ 50.849906] RBP: 0000000000000003 R08: 00007ffda33d8800 R09: 0000000000000000 [ 50.857178] R10: 0000000000010001 R11: 0000000000000286 R12: 00007ffda33d87c0 [ 50.864437] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000004 [ 50.871712] [ 50.873324] The buggy address belongs to the page: [ 50.878236] page:ffffea00022abcc0 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 50.886387] flags: 0xfff00000000000() [ 50.890183] raw: 00fff00000000000 ffffea00022abd08 ffff8880ba02ea88 0000000000000000 [ 50.898151] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 50.906023] page dumped because: kasan: bad access detected [ 50.911835] [ 50.913449] Memory state around the buggy address: [ 50.918364] ffff88808aaf3680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.925709] ffff88808aaf3700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.933052] >ffff88808aaf3780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.940394] ^ [ 50.945842] ffff88808aaf3800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.953194] ffff88808aaf3880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.960535] ================================================================== [ 50.967885] Disabling lock debugging due to kernel taint [ 50.973571] Kernel panic - not syncing: panic_on_warn set ... [ 50.973571] [ 50.980959] CPU: 0 PID: 8110 Comm: syz-executor205 Tainted: G B 4.19.211-syzkaller #0 [ 50.990234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 50.999693] Call Trace: [ 51.002281] dump_stack+0x1fc/0x2ef [ 51.005895] panic+0x26a/0x50e [ 51.009073] ? __warn_printk+0xf3/0xf3 [ 51.012945] ? preempt_schedule_common+0x45/0xc0 [ 51.017685] ? ___preempt_schedule+0x16/0x18 [ 51.022187] ? trace_hardirqs_on+0x55/0x210 [ 51.026761] kasan_end_report+0x43/0x49 [ 51.030716] kasan_report_error.cold+0xa7/0x1b9 [ 51.035369] ? search_by_entry_key+0xcda/0xf30 [ 51.039935] __asan_report_load_n_noabort+0x8b/0xa0 [ 51.044934] ? search_by_entry_key+0xcda/0xf30 [ 51.049495] search_by_entry_key+0xcda/0xf30 [ 51.053972] reiserfs_find_entry.part.0+0x142/0x1480 [ 51.059068] ? reiserfs_write_lock+0x75/0xf0 [ 51.063459] ? search_by_entry_key+0xf30/0xf30 [ 51.068023] ? lock_downgrade+0x720/0x720 [ 51.072153] reiserfs_lookup+0x24a/0x490 [ 51.076195] ? reiserfs_unlink+0x760/0x760 [ 51.080413] ? mark_held_locks+0xf0/0xf0 [ 51.084471] ? __lockdep_init_map+0x100/0x5a0 [ 51.088946] ? __lockdep_init_map+0x100/0x5a0 [ 51.093423] __lookup_slow+0x246/0x4a0 [ 51.097292] ? follow_dotdot_rcu+0x1040/0x1040 [ 51.101854] ? __d_lookup+0x411/0x710 [ 51.105637] ? d_lookup+0x18e/0x250 [ 51.109261] lookup_one_len+0x163/0x190 [ 51.113222] ? try_lookup_one_len+0x180/0x180 [ 51.117703] reiserfs_lookup_privroot+0x92/0x280 [ 51.122443] reiserfs_fill_super+0x18e8/0x2d80 [ 51.127010] ? reiserfs_remount+0x1540/0x1540 [ 51.131486] ? lock_downgrade+0x720/0x720 [ 51.135614] ? snprintf+0xbb/0xf0 [ 51.139048] ? vsprintf+0x30/0x30 [ 51.142498] ? wait_for_completion_io+0x10/0x10 [ 51.147148] mount_bdev+0x2fc/0x3b0 [ 51.150767] ? reiserfs_remount+0x1540/0x1540 [ 51.155254] mount_fs+0xa3/0x310 [ 51.158712] vfs_kern_mount.part.0+0x68/0x470 [ 51.163208] do_mount+0x115c/0x2f50 [ 51.166823] ? do_raw_spin_unlock+0x171/0x230 [ 51.171318] ? check_preemption_disabled+0x41/0x280 [ 51.176324] ? copy_mount_string+0x40/0x40 [ 51.180540] ? copy_mount_options+0x59/0x380 [ 51.184930] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 51.190082] ? kmem_cache_alloc_trace+0x323/0x380 [ 51.194906] ? copy_mount_options+0x26f/0x380 [ 51.199645] ksys_mount+0xcf/0x130 [ 51.203165] __x64_sys_mount+0xba/0x150 [ 51.207236] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 51.211832] do_syscall_64+0xf9/0x620 [ 51.215631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.220805] RIP: 0033:0x7f0569f6df4a [ 51.224510] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.243740] RSP: 002b:00007ffda33d87a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 51.251544] RAX: ffffffffffffffda RBX: 00007ffda33d8800 RCX: 00007f0569f6df4a [ 51.258794] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffda33d87c0 [ 51.266045] RBP: 0000000000000003 R08: 00007ffda33d8800 R09: 0000000000000000 [ 51.273312] R10: 0000000000010001 R11: 0000000000000286 R12: 00007ffda33d87c0 [ 51.280659] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000004 [ 51.287998] Kernel Offset: disabled [ 51.291612] Rebooting in 86400 seconds..