Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.558421] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 32.567200] REISERFS (device loop0): using ordered data mode [ 32.574399] reiserfs: using flush barriers [ 32.579736] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 32.599824] REISERFS (device loop0): checking transaction log (loop0) [ 33.965678] REISERFS (device loop0): Using tea hash to sort names [ 33.972642] ================================================================== [ 33.980059] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 [ 33.986798] Read of size 18446744073709551584 at addr ffff88808406efa4 by task syz-executor759/8069 [ 33.996088] [ 33.997706] CPU: 1 PID: 8069 Comm: syz-executor759 Not tainted 4.19.172-syzkaller #0 [ 34.005610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.014944] Call Trace: [ 34.017521] dump_stack+0x1fc/0x2ef [ 34.021143] print_address_description.cold+0x54/0x219 [ 34.026475] kasan_report_error.cold+0x8a/0x1b9 [ 34.031218] ? leaf_paste_entries+0x449/0x910 [ 34.035697] kasan_report+0x8f/0xa0 [ 34.039353] ? journal_mark_dirty+0x770/0xc80 [ 34.043833] ? leaf_paste_entries+0x449/0x910 [ 34.048312] memmove+0x20/0x50 [ 34.051491] leaf_paste_entries+0x449/0x910 [ 34.055802] balance_leaf+0x8fd7/0xca70 [ 34.059766] ? replace_key+0x160/0x160 [ 34.063640] do_balance+0x30a/0x760 [ 34.067255] ? get_right_neighbor_position+0x170/0x170 [ 34.072612] ? __mutex_unlock_slowpath+0xea/0x610 [ 34.077458] ? memset+0x20/0x40 [ 34.080727] reiserfs_paste_into_item+0x636/0x7d0 [ 34.085557] ? reiserfs_delete_object+0x200/0x200 [ 34.090418] ? search_by_entry_key+0xf30/0xf30 [ 34.094981] ? keyed_hash+0x83b/0xee0 [ 34.098778] ? make_cpu_key+0x22/0x2a0 [ 34.102659] reiserfs_add_entry+0x89a/0xcc0 [ 34.106967] ? reiserfs_lookup+0x490/0x490 [ 34.111239] ? wait_for_completion_io+0x10/0x10 [ 34.115898] ? do_journal_begin_r+0xd10/0x10b0 [ 34.120521] ? dquot_initialize_needed+0x290/0x290 [ 34.125493] reiserfs_mkdir+0x66e/0x980 [ 34.129478] ? reiserfs_mknod+0x700/0x700 [ 34.133615] ? lock_acquire+0x171/0x3c0 [ 34.137578] reiserfs_xattr_init+0x406/0xae0 [ 34.141989] reiserfs_fill_super+0x206e/0x2cf0 [ 34.146572] ? reiserfs_remount+0x1540/0x1540 [ 34.151054] ? lock_downgrade+0x720/0x720 [ 34.155188] ? snprintf+0xbb/0xf0 [ 34.158646] ? wait_for_completion_io+0x10/0x10 [ 34.163304] mount_bdev+0x2fc/0x3b0 [ 34.166914] ? reiserfs_remount+0x1540/0x1540 [ 34.171393] mount_fs+0xa3/0x310 [ 34.174744] vfs_kern_mount.part.0+0x68/0x470 [ 34.179223] do_mount+0x113c/0x2f10 [ 34.182846] ? lock_acquire+0x170/0x3c0 [ 34.186814] ? check_preemption_disabled+0x41/0x280 [ 34.191815] ? copy_mount_string+0x40/0x40 [ 34.196031] ? copy_mount_options+0x59/0x380 [ 34.200425] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.205421] ? kmem_cache_alloc_trace+0x323/0x380 [ 34.210253] ? copy_mount_options+0x26f/0x380 [ 34.214732] ksys_mount+0xcf/0x130 [ 34.218258] __x64_sys_mount+0xba/0x150 [ 34.222217] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 34.226802] do_syscall_64+0xf9/0x620 [ 34.230603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.235774] RIP: 0033:0x445b8a [ 34.238950] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.257849] RSP: 002b:00007fff981928a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 34.265538] RAX: ffffffffffffffda RBX: 00007fff98192900 RCX: 0000000000445b8a [ 34.272788] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff981928c0 [ 34.280064] RBP: 00007fff981928c0 R08: 00007fff98192900 R09: 0000000000000000 [ 34.287365] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 34.294634] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 34.301898] [ 34.303503] The buggy address belongs to the page: [ 34.308422] page:ffffea0002101b80 count:3 mapcount:0 mapping:ffff8880ade01520 index:0x3d97 [ 34.316818] flags: 0xfff00000001044(referenced|active|private) [ 34.322771] raw: 00fff00000001044 dead000000000100 dead000000000200 ffff8880ade01520 [ 34.330633] raw: 0000000000003d97 ffff88808a60e540 00000003ffffffff ffff88823b2d08c0 [ 34.338490] page dumped because: kasan: bad access detected [ 34.344178] page->mem_cgroup:ffff88823b2d08c0 [ 34.348649] [ 34.350254] Memory state around the buggy address: [ 34.355162] ffff88808406ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.362501] ffff88808406ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.369858] >ffff88808406ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.377212] ^ [ 34.381601] ffff88808406f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.388968] ffff88808406f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.396302] ================================================================== [ 34.403642] Disabling lock debugging due to kernel taint [ 34.410019] Kernel panic - not syncing: panic_on_warn set ... [ 34.410019] [ 34.417404] CPU: 1 PID: 8069 Comm: syz-executor759 Tainted: G B 4.19.172-syzkaller #0 [ 34.426671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.436021] Call Trace: [ 34.438614] dump_stack+0x1fc/0x2ef [ 34.442247] panic+0x26a/0x50e [ 34.445440] ? __warn_printk+0xf3/0xf3 [ 34.449334] ? preempt_schedule_common+0x45/0xc0 [ 34.454102] ? ___preempt_schedule+0x16/0x18 [ 34.458490] ? trace_hardirqs_on+0x55/0x210 [ 34.462794] kasan_end_report+0x43/0x49 [ 34.466749] kasan_report_error.cold+0xa7/0x1b9 [ 34.471401] ? leaf_paste_entries+0x449/0x910 [ 34.475876] kasan_report+0x8f/0xa0 [ 34.479486] ? journal_mark_dirty+0x770/0xc80 [ 34.483965] ? leaf_paste_entries+0x449/0x910 [ 34.488460] memmove+0x20/0x50 [ 34.491641] leaf_paste_entries+0x449/0x910 [ 34.495979] balance_leaf+0x8fd7/0xca70 [ 34.499937] ? replace_key+0x160/0x160 [ 34.503806] do_balance+0x30a/0x760 [ 34.507413] ? get_right_neighbor_position+0x170/0x170 [ 34.512672] ? __mutex_unlock_slowpath+0xea/0x610 [ 34.517502] ? memset+0x20/0x40 [ 34.520779] reiserfs_paste_into_item+0x636/0x7d0 [ 34.525604] ? reiserfs_delete_object+0x200/0x200 [ 34.530442] ? search_by_entry_key+0xf30/0xf30 [ 34.535002] ? keyed_hash+0x83b/0xee0 [ 34.538783] ? make_cpu_key+0x22/0x2a0 [ 34.542650] reiserfs_add_entry+0x89a/0xcc0 [ 34.546973] ? reiserfs_lookup+0x490/0x490 [ 34.551189] ? wait_for_completion_io+0x10/0x10 [ 34.555840] ? do_journal_begin_r+0xd10/0x10b0 [ 34.560406] ? dquot_initialize_needed+0x290/0x290 [ 34.565321] reiserfs_mkdir+0x66e/0x980 [ 34.569276] ? reiserfs_mknod+0x700/0x700 [ 34.573410] ? lock_acquire+0x171/0x3c0 [ 34.577372] reiserfs_xattr_init+0x406/0xae0 [ 34.581763] reiserfs_fill_super+0x206e/0x2cf0 [ 34.586325] ? reiserfs_remount+0x1540/0x1540 [ 34.590799] ? lock_downgrade+0x720/0x720 [ 34.594926] ? snprintf+0xbb/0xf0 [ 34.598364] ? wait_for_completion_io+0x10/0x10 [ 34.603017] mount_bdev+0x2fc/0x3b0 [ 34.606622] ? reiserfs_remount+0x1540/0x1540 [ 34.611110] mount_fs+0xa3/0x310 [ 34.614457] vfs_kern_mount.part.0+0x68/0x470 [ 34.618933] do_mount+0x113c/0x2f10 [ 34.622541] ? lock_acquire+0x170/0x3c0 [ 34.626502] ? check_preemption_disabled+0x41/0x280 [ 34.631498] ? copy_mount_string+0x40/0x40 [ 34.635712] ? copy_mount_options+0x59/0x380 [ 34.640101] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.645096] ? kmem_cache_alloc_trace+0x323/0x380 [ 34.649917] ? copy_mount_options+0x26f/0x380 [ 34.654395] ksys_mount+0xcf/0x130 [ 34.657938] __x64_sys_mount+0xba/0x150 [ 34.661894] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 34.666457] do_syscall_64+0xf9/0x620 [ 34.670242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.675420] RIP: 0033:0x445b8a [ 34.678594] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.697478] RSP: 002b:00007fff981928a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 34.705165] RAX: ffffffffffffffda RBX: 00007fff98192900 RCX: 0000000000445b8a [ 34.712430] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff981928c0 [ 34.719678] RBP: 00007fff981928c0 R08: 00007fff98192900 R09: 0000000000000000 [ 34.726925] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 34.734172] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 34.742025] Kernel Offset: disabled [ 34.745635] Rebooting in 86400 seconds..