Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts. executing program [ 41.173741] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 41.182509] REISERFS (device loop0): using ordered data mode [ 41.188395] reiserfs: using flush barriers [ 41.194711] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 0, max trans age 30 [ 41.214762] REISERFS (device loop0): checking transaction log (loop0) executing program [ 41.223888] REISERFS (device loop0): Using rupasov hash to sort names [ 41.291447] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 41.300567] REISERFS (device loop0): using ordered data mode [ 41.306624] reiserfs: using flush barriers [ 41.312886] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 0, max trans age 30 [ 41.332003] REISERFS (device loop0): checking transaction log (loop0) [ 41.339541] REISERFS (device loop0): Using rupasov hash to sort names [ 41.346881] ================================================================== [ 41.354376] BUG: KASAN: use-after-free in search_by_entry_key+0xcda/0xf30 [ 41.361418] Read of size 4 at addr ffff88808b258004 by task syz-executor259/8108 [ 41.369036] [ 41.370676] CPU: 0 PID: 8108 Comm: syz-executor259 Not tainted 4.19.180-syzkaller #0 [ 41.378541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.388123] Call Trace: [ 41.390723] dump_stack+0x1fc/0x2ef [ 41.394357] print_address_description.cold+0x54/0x219 [ 41.399717] kasan_report_error.cold+0x8a/0x1b9 [ 41.404402] ? search_by_entry_key+0xcda/0xf30 [ 41.408981] __asan_report_load_n_noabort+0x8b/0xa0 [ 41.413999] ? search_by_entry_key+0xcda/0xf30 [ 41.418584] search_by_entry_key+0xcda/0xf30 [ 41.422994] reiserfs_find_entry.part.0+0x142/0x1480 [ 41.428129] ? lock_acquire+0x170/0x3c0 [ 41.432100] ? reiserfs_write_lock+0x75/0xf0 [ 41.436776] ? search_by_entry_key+0xf30/0xf30 [ 41.441920] ? lock_downgrade+0x720/0x720 [ 41.446103] reiserfs_lookup+0x24a/0x490 [ 41.450246] ? reiserfs_unlink+0x760/0x760 [ 41.454571] ? mark_held_locks+0xf0/0xf0 [ 41.458649] ? __lockdep_init_map+0x100/0x5a0 [ 41.463224] ? __lockdep_init_map+0x100/0x5a0 [ 41.467828] __lookup_slow+0x246/0x4a0 [ 41.471908] ? follow_dotdot_rcu+0x1040/0x1040 [ 41.476671] ? __d_lookup+0x411/0x710 [ 41.480469] ? d_lookup+0x18e/0x250 [ 41.484198] lookup_one_len+0x163/0x190 [ 41.488294] ? try_lookup_one_len+0x180/0x180 [ 41.492984] reiserfs_lookup_privroot+0x92/0x280 [ 41.497866] reiserfs_fill_super+0x13ea/0x2cf0 [ 41.502554] ? reiserfs_remount+0x1540/0x1540 [ 41.507063] ? lock_downgrade+0x720/0x720 [ 41.511211] ? snprintf+0xbb/0xf0 [ 41.514662] ? vsprintf+0x30/0x30 [ 41.518142] ? wait_for_completion_io+0x10/0x10 [ 41.522825] mount_bdev+0x2fc/0x3b0 [ 41.526581] ? reiserfs_remount+0x1540/0x1540 [ 41.531066] mount_fs+0xa3/0x310 [ 41.534421] vfs_kern_mount.part.0+0x68/0x470 [ 41.538918] do_mount+0x113c/0x2f10 [ 41.542547] ? cmp_ex_sort+0xc0/0xc0 [ 41.546260] ? __do_page_fault+0x180/0xd60 [ 41.550488] ? copy_mount_string+0x40/0x40 [ 41.554730] ? copy_mount_options+0x1cd/0x380 [ 41.559215] ? memset+0x20/0x40 [ 41.562501] ? copy_mount_options+0x26f/0x380 [ 41.567043] ksys_mount+0xcf/0x130 [ 41.570578] __x64_sys_mount+0xba/0x150 [ 41.574543] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 41.579388] do_syscall_64+0xf9/0x620 [ 41.583226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.588558] RIP: 0033:0x44622a [ 41.591744] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.610765] RSP: 002b:00007ffde14f4358 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 41.620015] RAX: ffffffffffffffda RBX: 00007ffde14f43b0 RCX: 000000000044622a [ 41.627610] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffde14f4370 [ 41.635350] RBP: 00007ffde14f4370 R08: 00007ffde14f43b0 R09: 0000000000000000 [ 41.642760] R10: 0000000000208403 R11: 0000000000000286 R12: 0000000000000004 [ 41.650042] R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000004 [ 41.657435] [ 41.659051] The buggy address belongs to the page: [ 41.663990] page:ffffea00022c9600 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 41.672129] flags: 0xfff00000000000() [ 41.676037] raw: 00fff00000000000 ffffea00022c9648 ffff8880ba02ea08 0000000000000000 [ 41.683928] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 41.691794] page dumped because: kasan: bad access detected [ 41.697493] [ 41.699109] Memory state around the buggy address: [ 41.704036] ffff88808b257f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.711389] ffff88808b257f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.718764] >ffff88808b258000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.726362] ^ [ 41.729829] ffff88808b258080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.737193] ffff88808b258100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.745115] ================================================================== [ 41.752477] Disabling lock debugging due to kernel taint [ 41.758578] Kernel panic - not syncing: panic_on_warn set ... [ 41.758578] [ 41.765970] CPU: 0 PID: 8108 Comm: syz-executor259 Tainted: G B 4.19.180-syzkaller #0 [ 41.775261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.784722] Call Trace: [ 41.787421] dump_stack+0x1fc/0x2ef [ 41.791069] panic+0x26a/0x50e [ 41.794270] ? __warn_printk+0xf3/0xf3 [ 41.798171] ? preempt_schedule_common+0x45/0xc0 [ 41.803552] ? ___preempt_schedule+0x16/0x18 [ 41.808827] ? trace_hardirqs_on+0x55/0x210 [ 41.813151] kasan_end_report+0x43/0x49 [ 41.817211] kasan_report_error.cold+0xa7/0x1b9 [ 41.821886] ? search_by_entry_key+0xcda/0xf30 [ 41.826477] __asan_report_load_n_noabort+0x8b/0xa0 [ 41.831506] ? search_by_entry_key+0xcda/0xf30 [ 41.836368] search_by_entry_key+0xcda/0xf30 [ 41.840772] reiserfs_find_entry.part.0+0x142/0x1480 [ 41.845946] ? lock_acquire+0x170/0x3c0 [ 41.851189] ? reiserfs_write_lock+0x75/0xf0 [ 41.855910] ? search_by_entry_key+0xf30/0xf30 [ 41.860499] ? lock_downgrade+0x720/0x720 [ 41.864668] reiserfs_lookup+0x24a/0x490 [ 41.868866] ? reiserfs_unlink+0x760/0x760 [ 41.873199] ? mark_held_locks+0xf0/0xf0 [ 41.877445] ? __lockdep_init_map+0x100/0x5a0 [ 41.881953] ? __lockdep_init_map+0x100/0x5a0 [ 41.886531] __lookup_slow+0x246/0x4a0 [ 41.890419] ? follow_dotdot_rcu+0x1040/0x1040 [ 41.895118] ? __d_lookup+0x411/0x710 [ 41.898962] ? d_lookup+0x18e/0x250 [ 41.902578] lookup_one_len+0x163/0x190 [ 41.906666] ? try_lookup_one_len+0x180/0x180 [ 41.911164] reiserfs_lookup_privroot+0x92/0x280 [ 41.915937] reiserfs_fill_super+0x13ea/0x2cf0 [ 41.920533] ? reiserfs_remount+0x1540/0x1540 [ 41.925024] ? lock_downgrade+0x720/0x720 [ 41.929186] ? snprintf+0xbb/0xf0 [ 41.932649] ? vsprintf+0x30/0x30 [ 41.936289] ? wait_for_completion_io+0x10/0x10 [ 41.940994] mount_bdev+0x2fc/0x3b0 [ 41.944620] ? reiserfs_remount+0x1540/0x1540 [ 41.949214] mount_fs+0xa3/0x310 [ 41.952584] vfs_kern_mount.part.0+0x68/0x470 [ 41.957523] do_mount+0x113c/0x2f10 [ 41.961261] ? cmp_ex_sort+0xc0/0xc0 [ 41.964994] ? __do_page_fault+0x180/0xd60 [ 41.969232] ? copy_mount_string+0x40/0x40 [ 41.973492] ? copy_mount_options+0x1cd/0x380 [ 41.977976] ? memset+0x20/0x40 [ 41.981357] ? copy_mount_options+0x26f/0x380 [ 41.986211] ksys_mount+0xcf/0x130 [ 41.989832] __x64_sys_mount+0xba/0x150 [ 41.993904] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 41.999016] do_syscall_64+0xf9/0x620 [ 42.002810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.008138] RIP: 0033:0x44622a [ 42.011317] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.030477] RSP: 002b:00007ffde14f4358 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 42.038288] RAX: ffffffffffffffda RBX: 00007ffde14f43b0 RCX: 000000000044622a [ 42.046008] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffde14f4370 [ 42.053273] RBP: 00007ffde14f4370 R08: 00007ffde14f43b0 R09: 0000000000000000 [ 42.060647] R10: 0000000000208403 R11: 0000000000000286 R12: 0000000000000004 [ 42.067922] R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000004 [ 42.075337] Kernel Offset: disabled [ 42.078957] Rebooting in 86400 seconds..