CR3 = 0x0000000000000000
RSP = 0x0000000000000f80  RIP = 0x0000000000008000
RFLAGS=0x00000002         DR7 = 0x0000000000000400
==================================================================
Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
BUG: KASAN: out-of-bounds in memmove include/linux/string.h:392 [inline]
BUG: KASAN: out-of-bounds in leaf_paste_entries+0x449/0x910 fs/reiserfs/lbalance.c:1378
Read of size 18446744073709551584 at addr ffff888042a1cfa4 by task syz-executor.3/24624

CPU: 1 PID: 24624 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256
DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
 kasan_report+0x8f/0xa0 mm/kasan/report.c:412
 memmove+0x20/0x50 mm/kasan/kasan.c:293
 memmove include/linux/string.h:392 [inline]
 leaf_paste_entries+0x449/0x910 fs/reiserfs/lbalance.c:1378
 balance_leaf_finish_node_paste_dirent fs/reiserfs/do_balan.c:1306 [inline]
 balance_leaf_finish_node_paste fs/reiserfs/do_balan.c:1332 [inline]
 balance_leaf_finish_node fs/reiserfs/do_balan.c:1375 [inline]
 balance_leaf+0x8fd7/0xca70 fs/reiserfs/do_balan.c:1463
 do_balance+0x30a/0x760 fs/reiserfs/do_balan.c:1899
SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
 reiserfs_paste_into_item+0x636/0x7d0 fs/reiserfs/stree.c:2169
ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
 reiserfs_add_entry+0x89a/0xcc0 fs/reiserfs/namei.c:566
FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
 reiserfs_mkdir+0x66e/0x980 fs/reiserfs/namei.c:858
 create_privroot fs/reiserfs/xattr.c:880 [inline]
 reiserfs_xattr_init+0x406/0xae0 fs/reiserfs/xattr.c:1002
 reiserfs_remount+0x103c/0x1540 fs/reiserfs/super.c:1599
GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
 do_remount_sb+0x1a0/0x6a0 fs/super.c:888
GDTR:                           limit=0x00000000, base=0x0000000000000000
 do_remount fs/namespace.c:2313 [inline]
 do_mount+0x1a62/0x2f50 fs/namespace.c:2813
LDTR: sel=0x0011, attr=0x10000, limit=0x00000000, base=0x0000000000000000
 ksys_mount+0xcf/0x130 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
IDTR:                           limit=0x00000000, base=0x0000000000000000
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f64db0aa0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f64d15b9168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f64db1ca1f0 RCX: 00007f64db0aa0d9
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 00007f64db105ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000420 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc45ace20f R14: 00007f64d15b9300 R15: 0000000000022000

TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
The buggy address belongs to the page:
page:ffffea00010a8700 count:2 mapcount:0 mapping:ffff88808ffddbe0 index:0x213
flags: 0xfff00000001064(referenced|lru|active|private)
raw: 00fff00000001064 ffffea0000468308 ffffea00026b13c8 ffff88808ffddbe0
raw: 0000000000000213 ffff88808af9abd0 00000002ffffffff ffff8880b59f68c0
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8880b59f68c0

Memory state around the buggy address:
EFER =     0x0000000000000000  PAT = 0x0007040600070406
 ffff888042a1ce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff888042a1cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888042a1cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                               ^
 ffff888042a1d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff888042a1d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
CR3 = 0x0000000000000000
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
RSP = 0x0000000000000f80  RIP = 0x0000000000008000
Interruptibility = 00000008  ActivityState = 00000000
RFLAGS=0x00000002         DR7 = 0x0000000000000400
*** Host State ***
RIP = 0xffffffff811a9c2f  RSP = 0xffff88804467f8c0
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007fc61f6c9700 GSBase=ffff8880ba000000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
CR0=0000000080050033 CR3=00000000b0078000 CR4=00000000003426f0
CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff88201290
DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000ea
ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
GDTR:                           limit=0x00000000, base=0x0000000000000000
        reason=80000021 qualification=0000000000000000
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff203e1c5dce
IDTR:                           limit=0x00000000, base=0x0000000000000000
TPR Threshold = 0x00
EPT pointer = 0x00000000af60401e
TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
Virtual processor ID = 0x0003
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000008  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811a9c2f  RSP = 0xffff8880b48cf8c0
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f035f1a3700 GSBase=ffff8880ba100000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000000abccc000 CR4=00000000003426e0
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff88201290
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000ea
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff204470bfb8
TPR Threshold = 0x00
EPT pointer = 0x0000000098c3501e
Virtual processor ID = 0x0001