general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 3550 Comm: kworker/1:4 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: events free_ruleset_work
RIP: 0010:d_really_is_negative include/linux/dcache.h:466 [inline]
RIP: 0010:open_xa_root fs/reiserfs/xattr.c:124 [inline]
RIP: 0010:open_xa_dir+0x101/0x610 fs/reiserfs/xattr.c:152
Code: 05 00 00 49 03 1e 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 9d 42 b1 ff 4c 8b 3b 49 83 c7 68 4c 89 fb 48 c1 eb 03 <42> 80 3c 23 00 74 08 4c 89 ff e8 80 42 b1 ff 49 8b 3f 48 85 ff 0f
RSP: 0018:ffffc9000423f760 EFLAGS: 00010202
RAX: 1ffff1100ae21eb3 RBX: 000000000000000d RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: ffffc9000423f7d1
RBP: ffffc9000423f850 R08: dffffc0000000000 R09: ffffc9000423f7c0
R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1100eb7a8cf R14: ffff888075bd4678 R15: 0000000000000068
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005605ecff7000 CR3: 0000000017b70000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
reiserfs_for_each_xattr+0x1a4/0xb40 fs/reiserfs/xattr.c:252
reiserfs_delete_xattrs+0x1b/0x80 fs/reiserfs/xattr.c:364
reiserfs_evict_inode+0x20c/0x460 fs/reiserfs/inode.c:53
evict+0x2a4/0x620 fs/inode.c:666
release_inode+0x152/0x2e0 security/landlock/fs.c:77
landlock_put_object+0x82/0xb0 security/landlock/object.c:64
free_rule security/landlock/ruleset.c:110 [inline]
free_ruleset+0x83/0x170 security/landlock/ruleset.c:365
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:d_really_is_negative include/linux/dcache.h:466 [inline]
RIP: 0010:open_xa_root fs/reiserfs/xattr.c:124 [inline]
RIP: 0010:open_xa_dir+0x101/0x610 fs/reiserfs/xattr.c:152
Code: 05 00 00 49 03 1e 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 9d 42 b1 ff 4c 8b 3b 49 83 c7 68 4c 89 fb 48 c1 eb 03 <42> 80 3c 23 00 74 08 4c 89 ff e8 80 42 b1 ff 49 8b 3f 48 85 ff 0f
RSP: 0018:ffffc9000423f760 EFLAGS: 00010202
RAX: 1ffff1100ae21eb3 RBX: 000000000000000d RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: ffffc9000423f7d1
RBP: ffffc9000423f850 R08: dffffc0000000000 R09: ffffc9000423f7c0
R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1100eb7a8cf R14: ffff888075bd4678 R15: 0000000000000068
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5725d59120 CR3: 000000007db84000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 00 00 add %al,(%rax)
2: 49 03 1e add (%r14),%rbx
5: 48 89 d8 mov %rbx,%rax
8: 48 c1 e8 03 shr $0x3,%rax
c: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
11: 74 08 je 0x1b
13: 48 89 df mov %rbx,%rdi
16: e8 9d 42 b1 ff call 0xffb142b8
1b: 4c 8b 3b mov (%rbx),%r15
1e: 49 83 c7 68 add $0x68,%r15
22: 4c 89 fb mov %r15,%rbx
25: 48 c1 eb 03 shr $0x3,%rbx
* 29: 42 80 3c 23 00 cmpb $0x0,(%rbx,%r12,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 4c 89 ff mov %r15,%rdi
33: e8 80 42 b1 ff call 0xffb142b8
38: 49 8b 3f mov (%r15),%rdi
3b: 48 85 ff test %rdi,%rdi
3e: 0f .byte 0xf