Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.407162] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.416439] REISERFS (device loop0): using ordered data mode [ 36.422544] reiserfs: using flush barriers [ 36.428589] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.444968] REISERFS (device loop0): checking transaction log (loop0) executing program [ 36.454923] REISERFS (device loop0): Using rupasov hash to sort names [ 36.462461] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 36.538079] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.546789] REISERFS (device loop0): using ordered data mode [ 36.552765] reiserfs: using flush barriers [ 36.558145] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.573896] REISERFS (device loop0): checking transaction log (loop0) [ 36.581449] REISERFS (device loop0): Using rupasov hash to sort names executing program [ 36.588378] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 36.652041] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.660780] REISERFS (device loop0): using ordered data mode [ 36.667664] reiserfs: using flush barriers [ 36.672968] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.689491] REISERFS (device loop0): checking transaction log (loop0) [ 36.698427] REISERFS (device loop0): Using rupasov hash to sort names [ 36.705777] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 36.772588] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.781355] REISERFS (device loop0): using ordered data mode [ 36.787553] reiserfs: using flush barriers [ 36.792847] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.808791] REISERFS (device loop0): checking transaction log (loop0) [ 36.816532] REISERFS (device loop0): Using rupasov hash to sort names [ 36.823308] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 36.891380] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 36.900112] REISERFS (device loop0): using ordered data mode [ 36.907093] reiserfs: using flush barriers [ 36.912296] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 36.928761] REISERFS (device loop0): checking transaction log (loop0) [ 36.937096] REISERFS (device loop0): Using rupasov hash to sort names [ 36.945289] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 37.011996] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.020695] REISERFS (device loop0): using ordered data mode [ 37.027815] reiserfs: using flush barriers [ 37.033072] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.049358] REISERFS (device loop0): checking transaction log (loop0) [ 37.056861] REISERFS (device loop0): Using rupasov hash to sort names [ 37.064619] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 37.136694] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.145420] REISERFS (device loop0): using ordered data mode [ 37.151310] reiserfs: using flush barriers [ 37.158374] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.175475] REISERFS (device loop0): checking transaction log (loop0) executing program [ 37.182939] REISERFS (device loop0): Using rupasov hash to sort names [ 37.190161] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 37.267208] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.276105] REISERFS (device loop0): using ordered data mode [ 37.282066] reiserfs: using flush barriers [ 37.287798] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.304774] REISERFS (device loop0): checking transaction log (loop0) executing program [ 37.312370] REISERFS (device loop0): Using rupasov hash to sort names [ 37.321023] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 37.381886] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.390610] REISERFS (device loop0): using ordered data mode [ 37.396659] reiserfs: using flush barriers [ 37.401777] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.417685] REISERFS (device loop0): checking transaction log (loop0) [ 37.425125] REISERFS (device loop0): Using rupasov hash to sort names [ 37.432005] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. executing program [ 37.503451] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 37.512063] REISERFS (device loop0): using ordered data mode [ 37.518531] reiserfs: using flush barriers [ 37.524067] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 37.539841] REISERFS (device loop0): checking transaction log (loop0) [ 37.548120] REISERFS (device loop0): Using rupasov hash to sort names [ 37.555790] ================================================================== [ 37.563261] BUG: KASAN: use-after-free in search_by_entry_key+0xcda/0xf30 [ 37.570185] Read of size 4 at addr ffff88808aa09714 by task syz-executor655/8141 [ 37.577698] [ 37.579312] CPU: 0 PID: 8141 Comm: syz-executor655 Not tainted 4.19.211-syzkaller #0 [ 37.587168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 37.596515] Call Trace: [ 37.599107] dump_stack+0x1fc/0x2ef [ 37.602736] print_address_description.cold+0x54/0x219 [ 37.608010] kasan_report_error.cold+0x8a/0x1b9 [ 37.612666] ? search_by_entry_key+0xcda/0xf30 [ 37.617232] __asan_report_load_n_noabort+0x8b/0xa0 [ 37.622265] ? search_by_entry_key+0xcda/0xf30 [ 37.626834] search_by_entry_key+0xcda/0xf30 [ 37.631223] reiserfs_find_entry.part.0+0x142/0x1480 [ 37.636320] ? lock_acquire+0x170/0x3c0 [ 37.640280] ? reiserfs_write_lock+0x75/0xf0 [ 37.644673] ? search_by_entry_key+0xf30/0xf30 [ 37.649326] ? lock_downgrade+0x720/0x720 [ 37.653456] reiserfs_lookup+0x24a/0x490 [ 37.657500] ? reiserfs_unlink+0x760/0x760 [ 37.661720] ? mark_held_locks+0xf0/0xf0 [ 37.665759] ? reiserfs_write_lock_nested+0x65/0xe0 [ 37.670759] ? __lockdep_init_map+0x100/0x5a0 [ 37.675233] ? __lockdep_init_map+0x100/0x5a0 [ 37.679707] __lookup_slow+0x246/0x4a0 [ 37.683579] ? follow_dotdot_rcu+0x1040/0x1040 [ 37.688147] ? __d_lookup+0x411/0x710 [ 37.691940] ? d_lookup+0x18e/0x250 [ 37.695551] lookup_one_len+0x163/0x190 [ 37.699512] ? try_lookup_one_len+0x180/0x180 [ 37.703995] reiserfs_lookup_privroot+0x92/0x280 [ 37.708736] reiserfs_fill_super+0x1f12/0x2d80 [ 37.713299] ? reiserfs_remount+0x1540/0x1540 [ 37.717773] ? lock_downgrade+0x720/0x720 [ 37.721902] ? snprintf+0xbb/0xf0 [ 37.725338] ? wait_for_completion_io+0x10/0x10 [ 37.730001] mount_bdev+0x2fc/0x3b0 [ 37.733613] ? reiserfs_remount+0x1540/0x1540 [ 37.738087] mount_fs+0xa3/0x310 [ 37.741436] vfs_kern_mount.part.0+0x68/0x470 [ 37.745911] do_mount+0x115c/0x2f50 [ 37.749519] ? do_raw_spin_unlock+0x171/0x230 [ 37.753997] ? check_preemption_disabled+0x41/0x280 [ 37.758997] ? copy_mount_string+0x40/0x40 [ 37.763211] ? copy_mount_options+0x59/0x380 [ 37.767597] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.772592] ? kmem_cache_alloc_trace+0x323/0x380 [ 37.777416] ? copy_mount_options+0x26f/0x380 [ 37.781892] ksys_mount+0xcf/0x130 [ 37.785414] __x64_sys_mount+0xba/0x150 [ 37.789367] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.793925] do_syscall_64+0xf9/0x620 [ 37.797705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.802882] RIP: 0033:0x7fe30181c40a [ 37.806582] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.825464] RSP: 002b:00007ffe63057d18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 37.833151] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe30181c40a [ 37.840417] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe63057d30 [ 37.847664] RBP: 00007ffe63057d30 R08: 00007ffe63057d70 R09: 00005555573382c0 [ 37.854909] R10: 0000000000200080 R11: 0000000000000286 R12: 0000000000000004 [ 37.862157] R13: 00007ffe63057d70 R14: 0000000000000006 R15: 0000000020000350 [ 37.869409] [ 37.871017] The buggy address belongs to the page: [ 37.875928] page:ffffea00022a8240 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 37.884056] flags: 0xfff00000000000() [ 37.887846] raw: 00fff00000000000 ffff8880ba02ea88 ffffea00022a8288 0000000000000000 [ 37.895708] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 37.903571] page dumped because: kasan: bad access detected [ 37.909254] [ 37.910856] Memory state around the buggy address: [ 37.915763] ffff88808aa09600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.923098] ffff88808aa09680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.930435] >ffff88808aa09700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.937772] ^ [ 37.941642] ffff88808aa09780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.948978] ffff88808aa09800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.956335] ================================================================== [ 37.963671] Disabling lock debugging due to kernel taint [ 37.972132] Kernel panic - not syncing: panic_on_warn set ... [ 37.972132] [ 37.979512] CPU: 0 PID: 8141 Comm: syz-executor655 Tainted: G B 4.19.211-syzkaller #0 [ 37.988774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 37.998115] Call Trace: [ 38.000686] dump_stack+0x1fc/0x2ef [ 38.004294] panic+0x26a/0x50e [ 38.007466] ? __warn_printk+0xf3/0xf3 [ 38.011330] ? preempt_schedule_common+0x45/0xc0 [ 38.016062] ? ___preempt_schedule+0x16/0x18 [ 38.020461] ? trace_hardirqs_on+0x55/0x210 [ 38.024852] kasan_end_report+0x43/0x49 [ 38.028807] kasan_report_error.cold+0xa7/0x1b9 [ 38.033457] ? search_by_entry_key+0xcda/0xf30 [ 38.038022] __asan_report_load_n_noabort+0x8b/0xa0 [ 38.043022] ? search_by_entry_key+0xcda/0xf30 [ 38.047583] search_by_entry_key+0xcda/0xf30 [ 38.051968] reiserfs_find_entry.part.0+0x142/0x1480 [ 38.057062] ? lock_acquire+0x170/0x3c0 [ 38.061033] ? reiserfs_write_lock+0x75/0xf0 [ 38.065443] ? search_by_entry_key+0xf30/0xf30 [ 38.070007] ? lock_downgrade+0x720/0x720 [ 38.074139] reiserfs_lookup+0x24a/0x490 [ 38.078183] ? reiserfs_unlink+0x760/0x760 [ 38.082399] ? mark_held_locks+0xf0/0xf0 [ 38.086441] ? reiserfs_write_lock_nested+0x65/0xe0 [ 38.091444] ? __lockdep_init_map+0x100/0x5a0 [ 38.095918] ? __lockdep_init_map+0x100/0x5a0 [ 38.100398] __lookup_slow+0x246/0x4a0 [ 38.104267] ? follow_dotdot_rcu+0x1040/0x1040 [ 38.108828] ? __d_lookup+0x411/0x710 [ 38.112638] ? d_lookup+0x18e/0x250 [ 38.116247] lookup_one_len+0x163/0x190 [ 38.120200] ? try_lookup_one_len+0x180/0x180 [ 38.124676] reiserfs_lookup_privroot+0x92/0x280 [ 38.129415] reiserfs_fill_super+0x1f12/0x2d80 [ 38.133977] ? reiserfs_remount+0x1540/0x1540 [ 38.138453] ? lock_downgrade+0x720/0x720 [ 38.142578] ? snprintf+0xbb/0xf0 [ 38.146027] ? wait_for_completion_io+0x10/0x10 [ 38.150676] mount_bdev+0x2fc/0x3b0 [ 38.154289] ? reiserfs_remount+0x1540/0x1540 [ 38.158767] mount_fs+0xa3/0x310 [ 38.162116] vfs_kern_mount.part.0+0x68/0x470 [ 38.166597] do_mount+0x115c/0x2f50 [ 38.170202] ? do_raw_spin_unlock+0x171/0x230 [ 38.174676] ? check_preemption_disabled+0x41/0x280 [ 38.179670] ? copy_mount_string+0x40/0x40 [ 38.183881] ? copy_mount_options+0x59/0x380 [ 38.188268] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.193267] ? kmem_cache_alloc_trace+0x323/0x380 [ 38.198105] ? copy_mount_options+0x26f/0x380 [ 38.202595] ksys_mount+0xcf/0x130 [ 38.206116] __x64_sys_mount+0xba/0x150 [ 38.210070] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.214628] do_syscall_64+0xf9/0x620 [ 38.218409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.223576] RIP: 0033:0x7fe30181c40a [ 38.227271] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.246151] RSP: 002b:00007ffe63057d18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 38.253842] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe30181c40a [ 38.261091] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe63057d30 [ 38.268343] RBP: 00007ffe63057d30 R08: 00007ffe63057d70 R09: 00005555573382c0 [ 38.275590] R10: 0000000000200080 R11: 0000000000000286 R12: 0000000000000004 [ 38.282837] R13: 00007ffe63057d70 R14: 0000000000000006 R15: 0000000020000350 [ 38.290258] Kernel Offset: disabled [ 38.293865] Rebooting in 86400 seconds..