REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using rupasov hash to sort names BUG: unable to handle kernel paging request at ffff888094f84000 IP: __memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43 kasan: CONFIG_KASAN_INLINE enabled PGD c9dc067 kasan: GPF could be caused by NULL-ptr deref or user memory access P4D c9dc067 PUD 23ffff067 PMD b07c0063 PTE 8000000094f84161 Oops: 0003 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 7970 Comm: syz-executor126 Not tainted 4.14.299-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 task: ffff888098a1c000 task.stack: ffff888095a08000 RIP: 0010:__memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43 RSP: 0018:ffff888095a0f060 EFLAGS: 00010293 RAX: ffff88808e64cfb4 RBX: 0000000000000010 RCX: fffffffff96c8fb0 RDX: fffffffffffffffc RSI: ffff888094f83ff0 RDI: ffff888094f84000 RBP: 0000000000000010 R08: ffff88808e64cfa0 R09: ffffed1011cc99f5 R10: ffff88808e64cfaf R11: 00002e2e0004003c R12: ffff88808e64cfa4 R13: 000000000000001c R14: ffff88808e64cf84 R15: ffff88808e64c030 FS: 0000555556059300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff888094f84000 CR3: 00000000b610c000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memmove include/linux/string.h:391 [inline] leaf_paste_entries+0x44b/0x9b0 fs/reiserfs/lbalance.c:1378 balance_leaf_finish_node_paste_dirent fs/reiserfs/do_balan.c:1306 [inline] balance_leaf_finish_node_paste fs/reiserfs/do_balan.c:1332 [inline] balance_leaf_finish_node fs/reiserfs/do_balan.c:1375 [inline] balance_leaf+0x827e/0xba30 fs/reiserfs/do_balan.c:1463 do_balance+0x282/0x630 fs/reiserfs/do_balan.c:1899 reiserfs_paste_into_item+0x569/0x6f0 fs/reiserfs/stree.c:2169 reiserfs_add_entry+0x7d3/0xbc0 fs/reiserfs/namei.c:566 reiserfs_mkdir+0x5ca/0x8b0 fs/reiserfs/namei.c:858 create_privroot fs/reiserfs/xattr.c:880 [inline] reiserfs_xattr_init+0x393/0xa50 fs/reiserfs/xattr.c:1002 reiserfs_fill_super+0x1d4a/0x2990 fs/reiserfs/super.c:2188 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 Code: 90 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 RIP: __memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43 RSP: ffff888095a0f060 CR2: ffff888094f84000 ---[ end trace 430efb6fe8da0b39 ]--- general protection fault: 0000 [#2] PREEMPT SMP KASAN ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 48 89 f8 mov %rdi,%rax a: 48 83 fa 20 cmp $0x20,%rdx e: 0f 82 03 01 00 00 jb 0x117 14: 48 39 fe cmp %rdi,%rsi 17: 7d 0f jge 0x28 19: 49 89 f0 mov %rsi,%r8 1c: 49 01 d0 add %rdx,%r8 1f: 49 39 f8 cmp %rdi,%r8 22: 0f 8f 9f 00 00 00 jg 0xc7 28: 48 89 d1 mov %rdx,%rcx * 2b: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction 2d: c3 retq 2e: 48 81 fa a8 02 00 00 cmp $0x2a8,%rdx 35: 72 05 jb 0x3c 37: 40 38 fe cmp %dil,%sil 3a: 74 3b je 0x77 3c: 48 83 ea 20 sub $0x20,%rdx