Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.884162] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 36.892911] REISERFS (device loop0): using ordered data mode [ 36.898799] reiserfs: using flush barriers [ 36.906526] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 36.926244] REISERFS (device loop0): checking transaction log (loop0) [ 38.481902] REISERFS (device loop0): Using r5 hash to sort names [ 38.488384] REISERFS (device loop0): using 3.5.x disk format [ 38.495145] ================================================================== [ 38.502619] BUG: KASAN: use-after-free in leaf_paste_entries+0x417/0x910 [ 38.509479] Read of size 18446744073709549059 at addr ffff88808319d9bf by task syz-executor847/8097 [ 38.518670] [ 38.520300] CPU: 0 PID: 8097 Comm: syz-executor847 Not tainted 4.19.163-syzkaller #0 [ 38.528225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.537570] Call Trace: [ 38.540151] dump_stack+0x1fc/0x2fe [ 38.543770] print_address_description.cold+0x54/0x219 [ 38.549124] kasan_report_error.cold+0x8a/0x1c7 [ 38.553779] ? leaf_paste_entries+0x417/0x910 [ 38.558262] kasan_report+0x8f/0x96 [ 38.561878] ? cache_alloc_refill+0x2a0/0x340 [ 38.566360] ? leaf_paste_entries+0x417/0x910 [ 38.570844] memmove+0x20/0x50 [ 38.574026] leaf_paste_entries+0x417/0x910 [ 38.578384] balance_leaf+0x8fb4/0xca40 [ 38.582424] ? replace_key+0x160/0x160 [ 38.586303] do_balance+0x306/0x760 [ 38.589941] ? get_right_neighbor_position+0x170/0x170 [ 38.595263] ? __mutex_unlock_slowpath+0xea/0x610 [ 38.600124] ? memset+0x20/0x40 [ 38.603435] reiserfs_paste_into_item+0x636/0x7d0 [ 38.608278] ? reiserfs_delete_object+0x200/0x200 [ 38.613153] ? search_by_entry_key+0xf30/0xf30 [ 38.617736] ? reiserfs_new_inode+0x353/0x2180 [ 38.622323] ? r5_hash+0xab/0xd0 [ 38.625694] ? make_cpu_key+0x22/0x2a0 [ 38.629586] reiserfs_add_entry+0x89a/0xcc0 [ 38.633909] ? reiserfs_lookup+0x490/0x490 [ 38.638140] ? wait_for_completion_io+0x10/0x10 [ 38.642830] ? do_journal_begin_r+0xd10/0x10b0 [ 38.647433] ? dquot_initialize_needed+0x290/0x290 [ 38.652379] reiserfs_mkdir+0x66e/0x980 [ 38.656350] ? reiserfs_mknod+0x700/0x700 [ 38.660493] ? lock_acquire+0x171/0x3c0 [ 38.664461] reiserfs_xattr_init+0x406/0xae0 [ 38.668867] reiserfs_fill_super+0x206e/0x2ce4 [ 38.673473] ? reiserfs_remount+0x1540/0x1540 [ 38.677964] ? lock_downgrade+0x720/0x720 [ 38.682111] ? snprintf+0xbb/0xf0 [ 38.685578] ? wait_for_completion_io+0x10/0x10 [ 38.690249] mount_bdev+0x2fc/0x3b0 [ 38.693872] ? reiserfs_remount+0x1540/0x1540 [ 38.698360] mount_fs+0xa3/0x30c [ 38.701716] vfs_kern_mount.part.0+0x68/0x470 [ 38.706230] do_mount+0x113c/0x2f10 [ 38.709856] ? lock_acquire+0x170/0x3c0 [ 38.713832] ? check_preemption_disabled+0x41/0x280 [ 38.718843] ? copy_mount_string+0x40/0x40 [ 38.723092] ? copy_mount_options+0x59/0x380 [ 38.727511] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.732532] ? kmem_cache_alloc_trace+0x323/0x380 [ 38.737379] ? copy_mount_options+0x26f/0x380 [ 38.741890] ksys_mount+0xcf/0x130 [ 38.745443] __x64_sys_mount+0xba/0x150 [ 38.749457] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.754064] do_syscall_64+0xf9/0x620 [ 38.757863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.763390] RIP: 0033:0x447d9a [ 38.766567] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 38.785457] RSP: 002b:00007ffe5439cba8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 38.793155] RAX: ffffffffffffffda RBX: 00007ffe5439cc00 RCX: 0000000000447d9a [ 38.800425] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe5439cbc0 [ 38.807701] RBP: 00007ffe5439cbc0 R08: 00007ffe5439cc00 R09: 0000000000000000 [ 38.814969] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 38.822248] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.829539] [ 38.831153] The buggy address belongs to the page: [ 38.836066] page:ffffea00020c6740 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 38.844195] flags: 0xfff00000000000() [ 38.847997] raw: 00fff00000000000 ffffea00020c6788 ffff8880ba02ea08 0000000000000000 [ 38.855875] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 38.863739] page dumped because: kasan: bad access detected [ 38.869445] [ 38.871062] Memory state around the buggy address: [ 38.876025] ffff88808319d880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.883368] ffff88808319d900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.890760] >ffff88808319d980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.898103] ^ [ 38.903368] ffff88808319da00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.910746] ffff88808319da80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.918120] ================================================================== [ 38.925489] Disabling lock debugging due to kernel taint [ 38.931206] Kernel panic - not syncing: panic_on_warn set ... [ 38.931206] [ 38.938581] CPU: 0 PID: 8097 Comm: syz-executor847 Tainted: G B 4.19.163-syzkaller #0 [ 38.947873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.957228] Call Trace: [ 38.959831] dump_stack+0x1fc/0x2fe [ 38.963473] panic+0x26a/0x50e [ 38.966669] ? __warn_printk+0xf3/0xf3 [ 38.970564] ? preempt_schedule_common+0x45/0xc0 [ 38.975335] ? ___preempt_schedule+0x16/0x18 [ 38.979734] ? trace_hardirqs_on+0x55/0x210 [ 38.984043] kasan_end_report+0x43/0x49 [ 38.988028] kasan_report_error.cold+0xa7/0x1c7 [ 38.992688] ? leaf_paste_entries+0x417/0x910 [ 38.997177] kasan_report+0x8f/0x96 [ 39.000791] ? cache_alloc_refill+0x2a0/0x340 [ 39.005294] ? leaf_paste_entries+0x417/0x910 [ 39.009797] memmove+0x20/0x50 [ 39.012998] leaf_paste_entries+0x417/0x910 [ 39.017323] balance_leaf+0x8fb4/0xca40 [ 39.021308] ? replace_key+0x160/0x160 [ 39.025189] do_balance+0x306/0x760 [ 39.028799] ? get_right_neighbor_position+0x170/0x170 [ 39.034077] ? __mutex_unlock_slowpath+0xea/0x610 [ 39.038905] ? memset+0x20/0x40 [ 39.042171] reiserfs_paste_into_item+0x636/0x7d0 [ 39.047058] ? reiserfs_delete_object+0x200/0x200 [ 39.051903] ? search_by_entry_key+0xf30/0xf30 [ 39.056470] ? reiserfs_new_inode+0x353/0x2180 [ 39.061054] ? r5_hash+0xab/0xd0 [ 39.064408] ? make_cpu_key+0x22/0x2a0 [ 39.068287] reiserfs_add_entry+0x89a/0xcc0 [ 39.072624] ? reiserfs_lookup+0x490/0x490 [ 39.076856] ? wait_for_completion_io+0x10/0x10 [ 39.081522] ? do_journal_begin_r+0xd10/0x10b0 [ 39.086093] ? dquot_initialize_needed+0x290/0x290 [ 39.091020] reiserfs_mkdir+0x66e/0x980 [ 39.095001] ? reiserfs_mknod+0x700/0x700 [ 39.099326] ? lock_acquire+0x171/0x3c0 [ 39.103316] reiserfs_xattr_init+0x406/0xae0 [ 39.107726] reiserfs_fill_super+0x206e/0x2ce4 [ 39.112344] ? reiserfs_remount+0x1540/0x1540 [ 39.116825] ? lock_downgrade+0x720/0x720 [ 39.122009] ? snprintf+0xbb/0xf0 [ 39.125476] ? wait_for_completion_io+0x10/0x10 [ 39.130140] mount_bdev+0x2fc/0x3b0 [ 39.133781] ? reiserfs_remount+0x1540/0x1540 [ 39.138275] mount_fs+0xa3/0x30c [ 39.141624] vfs_kern_mount.part.0+0x68/0x470 [ 39.146099] do_mount+0x113c/0x2f10 [ 39.149708] ? lock_acquire+0x170/0x3c0 [ 39.153662] ? check_preemption_disabled+0x41/0x280 [ 39.158687] ? copy_mount_string+0x40/0x40 [ 39.162908] ? copy_mount_options+0x59/0x380 [ 39.167300] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.172319] ? kmem_cache_alloc_trace+0x323/0x380 [ 39.177180] ? copy_mount_options+0x26f/0x380 [ 39.181682] ksys_mount+0xcf/0x130 [ 39.185208] __x64_sys_mount+0xba/0x150 [ 39.189164] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 39.193736] do_syscall_64+0xf9/0x620 [ 39.197540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.202720] RIP: 0033:0x447d9a [ 39.205892] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 39.224793] RSP: 002b:00007ffe5439cba8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 39.232485] RAX: ffffffffffffffda RBX: 00007ffe5439cc00 RCX: 0000000000447d9a [ 39.239776] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe5439cbc0 [ 39.247044] RBP: 00007ffe5439cbc0 R08: 00007ffe5439cc00 R09: 0000000000000000 [ 39.254311] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 39.261574] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 39.269347] Kernel Offset: disabled [ 39.272980] Rebooting in 86400 seconds..