REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop4): Using r5 hash to sort names
general protection fault: 0000 [#1] PREEMPT SMP KASAN
REISERFS (device loop1): using ordered data mode
CPU: 0 PID: 13334 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:write_special_inodes+0xa6/0x170 fs/jfs/jfs_logmgr.c:221
Code: 8b 7d 30 41 ff d4 48 8d 7b 28 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 ab 00 00 00 4c 8b 6b 28 49 8d 7d 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 88 00 00 00 49 8b 7d 30 41 ff d4 48 8d bb b0 00
RSP: 0018:ffff88804c47fbb8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8880a95e2080 RCX: ffffc9000852e000
RDX: 000000000000a025 RSI: ffffffff817ce5d8 RDI: 0000000000000030
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff817ce7c0
R13: 0000000000000000 R14: ffff8880a0092d80 R15: ffff88804c47fdd0
FS:  00007fbd09f13700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005632c401f7f8 CR3: 000000009b8ca000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lmLogSync+0x414/0x6e0 fs/jfs/jfs_logmgr.c:958
 jfs_syncpt+0x78/0x90 fs/jfs/jfs_logmgr.c:1062
 jfs_sync_fs+0x80/0xa0 fs/jfs/super.c:718
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0x105/0x250 fs/sync.c:64
 generic_shutdown_super+0x70/0x370 fs/super.c:442
 kill_block_super+0x97/0xf0 fs/super.c:1185
 deactivate_locked_super+0x94/0x160 fs/super.c:329
 deactivate_super+0x174/0x1a0 fs/super.c:360
 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
reiserfs: using flush barriers
RIP: 0033:0x7fbd0b9a260a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
RSP: 002b:00007fbd09f12f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffec RBX: 0000000000005ce8 RCX: 00007fbd0b9a260a
RDX: 0000000020005d00 RSI: 0000000020000000 RDI: 00007fbd09f12fe0
RBP: 00007fbd09f13020 R08: 00007fbd09f13020 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020005d00
R13: 0000000020000000 R14: 00007fbd09f12fe0 R15: 00000000200000c0
Modules linked in:
audit: type=1800 audit(1669901697.955:42): pid=13380 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=14313 res=0
---[ end trace 082599a8068c0d19 ]---
REISERFS (device loop1): checking transaction log (loop1)
RIP: 0010:write_special_inodes+0xa6/0x170 fs/jfs/jfs_logmgr.c:221
Code: 8b 7d 30 41 ff d4 48 8d 7b 28 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 ab 00 00 00 4c 8b 6b 28 49 8d 7d 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 88 00 00 00 49 8b 7d 30 41 ff d4 48 8d bb b0 00
RSP: 0018:ffff88804c47fbb8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8880a95e2080 RCX: ffffc9000852e000
RDX: 000000000000a025 RSI: ffffffff817ce5d8 RDI: 0000000000000030
REISERFS (device loop1): Using r5 hash to sort names
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff817ce7c0
REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
R13: 0000000000000000 R14: ffff8880a0092d80 R15: ffff88804c47fdd0
FS:  00007fbd09f13700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe7f63fe000 CR3: 000000009b8ca000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	8b 7d 30             	mov    0x30(%rbp),%edi
   3:	41 ff d4             	callq  *%r12
   6:	48 8d 7b 28          	lea    0x28(%rbx),%rdi
   a:	48 89 f8             	mov    %rdi,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1)
  15:	0f 85 ab 00 00 00    	jne    0xc6
  1b:	4c 8b 6b 28          	mov    0x28(%rbx),%r13
  1f:	49 8d 7d 30          	lea    0x30(%r13),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1) <-- trapping instruction
  2e:	0f 85 88 00 00 00    	jne    0xbc
  34:	49 8b 7d 30          	mov    0x30(%r13),%rdi
  38:	41 ff d4             	callq  *%r12
  3b:	48                   	rex.W
  3c:	8d                   	.byte 0x8d
  3d:	bb                   	.byte 0xbb
  3e:	b0 00                	mov    $0x0,%al