Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. executing program [ 44.145621] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 44.163233] REISERFS (device loop0): using ordered data mode [ 44.169063] reiserfs: using flush barriers [ 44.175391] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 44.191648] REISERFS (device loop0): checking transaction log (loop0) [ 44.200714] REISERFS (device loop0): Using r5 hash to sort names [ 44.207163] ================================================================== [ 44.214588] BUG: KASAN: use-after-free in strlen+0x79/0x90 [ 44.220224] Read of size 1 at addr ffff88808e4460c4 by task syz-executor347/7973 [ 44.227756] [ 44.229396] CPU: 0 PID: 7973 Comm: syz-executor347 Not tainted 4.14.305-syzkaller #0 [ 44.237273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 44.246901] Call Trace: [ 44.249485] dump_stack+0x1b2/0x281 [ 44.253195] print_address_description.cold+0x54/0x1d3 [ 44.258463] kasan_report_error.cold+0x8a/0x191 [ 44.263135] ? strlen+0x79/0x90 [ 44.266421] __asan_report_load1_noabort+0x68/0x70 [ 44.271352] ? block_is_partially_uptodate+0x1b0/0x1c0 [ 44.276626] ? strlen+0x79/0x90 [ 44.279888] strlen+0x79/0x90 [ 44.282981] reiserfs_find_entry.part.0+0x4ae/0x11e0 [ 44.288074] ? search_by_entry_key+0xf50/0xf50 [ 44.292649] reiserfs_lookup+0x1fd/0x400 [ 44.296696] ? reiserfs_unlink+0x6a0/0x6a0 [ 44.301031] ? fs_reclaim_release+0xd0/0x110 [ 44.305439] ? __d_alloc+0x2a/0xa20 [ 44.309053] ? d_alloc+0x1c7/0x240 [ 44.312584] ? _raw_spin_unlock+0x29/0x40 [ 44.316716] ? d_alloc+0x1cc/0x240 [ 44.320248] __lookup_hash+0x1bb/0x270 [ 44.324121] ? __inode_permission+0xcd/0x2f0 [ 44.328527] lookup_one_len+0x279/0x3a0 [ 44.332502] ? lookup_one_len_unlocked+0x410/0x410 [ 44.337424] reiserfs_lookup_privroot+0x92/0x270 [ 44.342167] reiserfs_fill_super+0x1772/0x2990 [ 44.346736] ? reiserfs_remount+0x1320/0x1320 [ 44.351220] ? lock_downgrade+0x740/0x740 [ 44.355359] ? snprintf+0xa5/0xd0 [ 44.358807] ? ns_test_super+0x50/0x50 [ 44.362696] ? set_blocksize+0x125/0x380 [ 44.366746] mount_bdev+0x2b3/0x360 [ 44.370364] ? reiserfs_remount+0x1320/0x1320 [ 44.375021] mount_fs+0x92/0x2a0 [ 44.378380] vfs_kern_mount.part.0+0x5b/0x470 [ 44.382882] do_mount+0xe65/0x2a30 [ 44.386415] ? copy_mount_string+0x40/0x40 [ 44.390664] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 44.395668] ? copy_mnt_ns+0xa30/0xa30 [ 44.399547] ? copy_mount_options+0x1fa/0x2f0 [ 44.404061] ? copy_mnt_ns+0xa30/0xa30 [ 44.407942] SyS_mount+0xa8/0x120 [ 44.411385] ? copy_mnt_ns+0xa30/0xa30 [ 44.415259] do_syscall_64+0x1d5/0x640 [ 44.419140] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 44.424317] RIP: 0033:0x7f6d5c9c9d2a [ 44.428015] RSP: 002b:00007ffce29fd7f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 44.435709] RAX: ffffffffffffffda RBX: 00005555563062c0 RCX: 00007f6d5c9c9d2a [ 44.442980] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffce29fd840 [ 44.450234] RBP: 0000000000000000 R08: 00007ffce29fd880 R09: 0000000000000030 [ 44.457503] R10: 0000000000008001 R11: 0000000000000286 R12: 0000000000000004 [ 44.464761] R13: 00007ffce29fd880 R14: 0000000000000003 R15: 00007ffce29fd840 [ 44.472057] [ 44.473679] The buggy address belongs to the page: [ 44.478593] page:ffffea0002391180 count:0 mapcount:0 mapping: (null) index:0x1 [ 44.486719] flags: 0xfff00000000000() [ 44.490507] raw: 00fff00000000000 0000000000000000 0000000000000001 00000000ffffffff [ 44.498378] raw: ffffea0002320aa0 ffffea00023911e0 0000000000000000 0000000000000000 [ 44.506255] page dumped because: kasan: bad access detected [ 44.511946] [ 44.513563] Memory state around the buggy address: [ 44.518502] ffff88808e445f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.525854] ffff88808e446000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.533222] >ffff88808e446080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.540650] ^ [ 44.546101] ffff88808e446100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.553445] ffff88808e446180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.560789] ================================================================== [ 44.568216] Disabling lock debugging due to kernel taint [ 44.579284] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 44.579284] [ 44.579311] CPU: 1 PID: 7973 Comm: syz-executor347 Tainted: G B 4.14.305-syzkaller #0 [ 44.579316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 44.579327] Call Trace: [ 44.579357] dump_stack+0x1b2/0x281 [ 44.579369] panic+0x21d/0x451 [ 44.579397] ? add_taint.cold+0x16/0x16 [ 44.579408] ? ___preempt_schedule+0x16/0x18 [ 44.579420] ? preempt_schedule_common+0x45/0xc0 [ 44.579430] ? ___preempt_schedule+0x16/0x18 [ 44.579443] check_panic_on_warn.cold+0x19/0x35 [ 44.579453] kasan_end_report+0x3a/0x40 [ 44.579462] kasan_report_error.cold+0xa7/0x191 [ 44.579477] ? strlen+0x79/0x90 [ 44.649240] __asan_report_load1_noabort+0x68/0x70 [ 44.654166] ? block_is_partially_uptodate+0x1b0/0x1c0 [ 44.659432] ? strlen+0x79/0x90 [ 44.662694] strlen+0x79/0x90 [ 44.665806] reiserfs_find_entry.part.0+0x4ae/0x11e0 [ 44.670898] ? search_by_entry_key+0xf50/0xf50 [ 44.675494] reiserfs_lookup+0x1fd/0x400 [ 44.679539] ? reiserfs_unlink+0x6a0/0x6a0 [ 44.683777] ? fs_reclaim_release+0xd0/0x110 [ 44.688173] ? __d_alloc+0x2a/0xa20 [ 44.691794] ? d_alloc+0x1c7/0x240 [ 44.695328] ? _raw_spin_unlock+0x29/0x40 [ 44.699461] ? d_alloc+0x1cc/0x240 [ 44.702985] __lookup_hash+0x1bb/0x270 [ 44.706875] ? __inode_permission+0xcd/0x2f0 [ 44.711270] lookup_one_len+0x279/0x3a0 [ 44.715233] ? lookup_one_len_unlocked+0x410/0x410 [ 44.720147] reiserfs_lookup_privroot+0x92/0x270 [ 44.724889] reiserfs_fill_super+0x1772/0x2990 [ 44.729458] ? reiserfs_remount+0x1320/0x1320 [ 44.733938] ? lock_downgrade+0x740/0x740 [ 44.738069] ? snprintf+0xa5/0xd0 [ 44.741510] ? ns_test_super+0x50/0x50 [ 44.745383] ? set_blocksize+0x125/0x380 [ 44.749431] mount_bdev+0x2b3/0x360 [ 44.753041] ? reiserfs_remount+0x1320/0x1320 [ 44.757518] mount_fs+0x92/0x2a0 [ 44.760873] vfs_kern_mount.part.0+0x5b/0x470 [ 44.765351] do_mount+0xe65/0x2a30 [ 44.768878] ? copy_mount_string+0x40/0x40 [ 44.773100] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 44.778111] ? copy_mnt_ns+0xa30/0xa30 [ 44.781986] ? copy_mount_options+0x1fa/0x2f0 [ 44.786467] ? copy_mnt_ns+0xa30/0xa30 [ 44.790354] SyS_mount+0xa8/0x120 [ 44.793791] ? copy_mnt_ns+0xa30/0xa30 [ 44.797688] do_syscall_64+0x1d5/0x640 [ 44.801568] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 44.806742] RIP: 0033:0x7f6d5c9c9d2a [ 44.810526] RSP: 002b:00007ffce29fd7f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 44.818228] RAX: ffffffffffffffda RBX: 00005555563062c0 RCX: 00007f6d5c9c9d2a [ 44.825482] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007ffce29fd840 [ 44.832734] RBP: 0000000000000000 R08: 00007ffce29fd880 R09: 0000000000000030 [ 44.839997] R10: 0000000000008001 R11: 0000000000000286 R12: 0000000000000004 [ 44.847259] R13: 00007ffce29fd880 R14: 0000000000000003 R15: 00007ffce29fd840 [ 44.854699] Kernel Offset: disabled [ 44.858314] Rebooting in 86400 seconds..