Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.808295] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 32.817184] REISERFS (device loop0): using ordered data mode [ 32.823389] reiserfs: using flush barriers [ 32.829957] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 32.846308] REISERFS (device loop0): checking transaction log (loop0) [ 32.854364] REISERFS (device loop0): Using r5 hash to sort names [ 32.861549] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 32.878052] ================================================================== [ 32.886347] BUG: KASAN: use-after-free in reiserfs_release_objectid+0x41c/0x710 [ 32.894054] Read of size 14568 at addr ffff88809fe060d0 by task syz-executor348/7985 [ 32.901933] [ 32.903593] CPU: 0 PID: 7985 Comm: syz-executor348 Not tainted 4.14.300-syzkaller #0 [ 32.911479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.921091] Call Trace: [ 32.924087] dump_stack+0x1b2/0x281 [ 32.927706] print_address_description.cold+0x54/0x1d3 [ 32.933058] kasan_report_error.cold+0x8a/0x191 [ 32.937821] ? reiserfs_release_objectid+0x41c/0x710 [ 32.942923] kasan_report+0x6f/0x80 [ 32.946596] ? journal_mark_dirty+0x6e0/0xae0 [ 32.951101] ? reiserfs_release_objectid+0x41c/0x710 [ 32.956206] memmove+0x20/0x50 [ 32.959393] reiserfs_release_objectid+0x41c/0x710 [ 32.964346] remove_save_link+0x1e2/0x380 [ 32.968674] ? add_save_link+0x5b0/0x5b0 [ 32.972954] reiserfs_evict_inode+0x3e7/0x4a0 [ 32.977763] ? inode2sd_v1+0x900/0x900 [ 32.981659] ? do_raw_spin_unlock+0x164/0x220 [ 32.986321] ? inode2sd_v1+0x900/0x900 [ 32.990201] evict+0x2c8/0x700 [ 32.993389] iput+0x458/0x7e0 [ 32.996489] dentry_unlink_inode+0x25c/0x310 [ 33.000901] __dentry_kill+0x320/0x550 [ 33.004775] ? dput.part.0+0x27/0x710 [ 33.008675] dput.part.0+0x4b5/0x710 [ 33.012379] dput+0x1b/0x30 [ 33.015299] SyS_renameat2+0x96a/0xad0 [ 33.019179] ? SyS_link+0x30/0x30 [ 33.022675] ? mntput_no_expire+0xee/0x910 [ 33.027104] ? dput.part.0+0x27/0x710 [ 33.030900] ? dput.part.0+0x164/0x710 [ 33.034943] ? mntput+0x5c/0x80 [ 33.038220] ? SyS_mknod+0x30/0x30 [ 33.041764] ? do_syscall_64+0x4c/0x640 [ 33.045810] ? SyS_renameat+0x30/0x30 [ 33.049625] do_syscall_64+0x1d5/0x640 [ 33.053612] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.058815] [ 33.060426] The buggy address belongs to the page: [ 33.065467] page:ffffea00027f8180 count:2 mapcount:0 mapping:ffff8880b1d92a68 index:0x10 [ 33.073795] flags: 0xfff0000001106c(referenced|uptodate|lru|active|private|mappedtodisk) [ 33.082130] raw: 00fff0000001106c ffff8880b1d92a68 0000000000000010 00000002ffffffff [ 33.090115] raw: ffffea00029fe320 ffffea0002cf8c20 ffff88808cefbf18 ffff88823b3288c0 [ 33.098016] page dumped because: kasan: bad access detected [ 33.103708] page->mem_cgroup:ffff88823b3288c0 [ 33.108270] [ 33.109882] Memory state around the buggy address: [ 33.114912] ffff88809fe06f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.122254] ffff88809fe06f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.129714] >ffff88809fe07000: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fb fb [ 33.137063] ^ [ 33.140426] ffff88809fe07080: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [ 33.147868] ffff88809fe07100: fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb fb [ 33.155254] ================================================================== [ 33.162715] Disabling lock debugging due to kernel taint [ 33.170706] Kernel panic - not syncing: panic_on_warn set ... [ 33.170706] [ 33.178102] CPU: 1 PID: 7985 Comm: syz-executor348 Tainted: G B 4.14.300-syzkaller #0 [ 33.187461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.196898] Call Trace: [ 33.199591] dump_stack+0x1b2/0x281 [ 33.203203] panic+0x1f9/0x42d [ 33.206384] ? add_taint.cold+0x16/0x16 [ 33.210439] ? ___preempt_schedule+0x16/0x18 [ 33.214834] kasan_end_report+0x43/0x49 [ 33.218915] kasan_report_error.cold+0xa7/0x191 [ 33.223761] ? reiserfs_release_objectid+0x41c/0x710 [ 33.228979] kasan_report+0x6f/0x80 [ 33.232699] ? journal_mark_dirty+0x6e0/0xae0 [ 33.237283] ? reiserfs_release_objectid+0x41c/0x710 [ 33.242389] memmove+0x20/0x50 [ 33.245804] reiserfs_release_objectid+0x41c/0x710 [ 33.250914] remove_save_link+0x1e2/0x380 [ 33.255059] ? add_save_link+0x5b0/0x5b0 [ 33.259114] reiserfs_evict_inode+0x3e7/0x4a0 [ 33.263609] ? inode2sd_v1+0x900/0x900 [ 33.267561] ? do_raw_spin_unlock+0x164/0x220 [ 33.272053] ? inode2sd_v1+0x900/0x900 [ 33.276048] evict+0x2c8/0x700 [ 33.279234] iput+0x458/0x7e0 [ 33.282344] dentry_unlink_inode+0x25c/0x310 [ 33.286828] __dentry_kill+0x320/0x550 [ 33.290711] ? dput.part.0+0x27/0x710 [ 33.294618] dput.part.0+0x4b5/0x710 [ 33.298326] dput+0x1b/0x30 [ 33.301260] SyS_renameat2+0x96a/0xad0 [ 33.305232] ? SyS_link+0x30/0x30 [ 33.308673] ? mntput_no_expire+0xee/0x910 [ 33.313240] ? dput.part.0+0x27/0x710 [ 33.317052] ? dput.part.0+0x164/0x710 [ 33.321138] ? mntput+0x5c/0x80 [ 33.324421] ? SyS_mknod+0x30/0x30 [ 33.327951] ? do_syscall_64+0x4c/0x640 [ 33.331911] ? SyS_renameat+0x30/0x30 [ 33.336720] do_syscall_64+0x1d5/0x640 [ 33.340691] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.346229] Kernel Offset: disabled [ 33.349861] Rebooting in 86400 seconds..