./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2603265205

<...>
Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
execve("./syz-executor2603265205", ["./syz-executor2603265205"], 0x7ffc90d42330 /* 10 vars */) = 0
brk(NULL)                               = 0x555556566000
brk(0x555556566d00)                     = 0x555556566d00
arch_prctl(ARCH_SET_FS, 0x5555565663c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2603265205", 4096) = 28
brk(0x555556587d00)                     = 0x555556587d00
brk(0x555556588000)                     = 0x555556588000
mprotect(0x7f5344ea0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f5344df0490, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5344df1500}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f5344df0490, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5344df1500}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f533c9e6000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7f533c9e6000, 4194304)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[   53.295462][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor260'
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   53.337737][ T4993] loop0: detected capacity change from 0 to 8192
[   53.349053][ T4993] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   53.362292][ T4993] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   53.371644][ T4993] REISERFS (device loop0): using ordered data mode
[   53.378366][ T4993] reiserfs: using flush barriers
[   53.384617][ T4993] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   53.401083][ T4993] REISERFS (device loop0): checking transaction log (loop0)
mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
creat("./file0", 000)                   = 4
writev(4, [{iov_base="\xd1", iov_len=1}], 1) = 1
openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
write(5, "\x99", 1)                     = 1
mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000208} ---
write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007695) = 3584
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} ---
creat("\x99", 000)                      = 6
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000208} ---
[   53.444980][ T4993] REISERFS (device loop0): Using r5 hash to sort names
[   53.452142][ T4993] REISERFS (device loop0): using 3.5.x disk format
[   53.459609][ T4993] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   53.491711][ T4993] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2
[   53.507735][ T4993] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 549. Fsck?
[   53.518452][ T4993] REISERFS (device loop0): Remounting filesystem read-only
[   53.525785][ T4993] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
[   53.537480][ T4993] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   53.545868][ T4993] CPU: 0 PID: 4993 Comm: syz-executor260 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0
[   53.556251][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   53.566290][ T4993] RIP: 0010:direct2indirect+0x95b/0x1840
[   53.571943][ T4993] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 c7 9e b2 ff 48 ba 00 00 00 00 00 fc
[   53.591625][ T4993] RSP: 0018:ffffc90003b1f0c0 EFLAGS: 00010206
[   53.597673][ T4993] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003b1f698
[   53.605621][ T4993] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008
[   53.613573][ T4993] RBP: ffffc90003b1f250 R08: ffffffff8230b87f R09: ffffffff822fdcfd
[   53.621521][ T4993] R10: 0000000000000002 R11: ffff888021d78000 R12: 0000000000000001
[   53.629470][ T4993] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010
[   53.637425][ T4993] FS:  00005555565663c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   53.646339][ T4993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.652906][ T4993] CR2: 0000000020000208 CR3: 0000000020a93000 CR4: 00000000003506f0
[   53.660865][ T4993] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.668821][ T4993] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.676775][ T4993] Call Trace:
[   53.680044][ T4993]  <TASK>
[   53.682963][ T4993]  ? __die_body+0x5e/0xa0
[   53.687279][ T4993]  ? die_addr+0x99/0xc0
[   53.691419][ T4993]  ? exc_general_protection+0x3c2/0x5b0
[   53.696970][ T4993]  ? asm_exc_general_protection+0x26/0x30
[   53.702674][ T4993]  ? search_for_position_by_key+0x11d/0x1010
[   53.708641][ T4993]  ? direct2indirect+0x8df/0x1840
[   53.713647][ T4993]  ? direct2indirect+0x95b/0x1840
[   53.718666][ T4993]  ? r5_hash+0xd0/0xd0
[   53.722718][ T4993]  ? show_alloc_options+0xc00/0xc00
[   53.727900][ T4993]  ? journal_begin+0x1f3/0x360
[   53.732647][ T4993]  ? copy_item_head+0x22/0x30
[   53.737313][ T4993]  reiserfs_get_block+0x4c34/0x5130
[   53.742511][ T4993]  ? make_le_item_head+0x570/0x570
[   53.747611][ T4993]  ? validate_chain+0x119/0x58f0
[   53.752538][ T4993]  ? reacquire_held_locks+0x660/0x660
[   53.757896][ T4993]  ? validate_chain+0x119/0x58f0
[   53.762821][ T4993]  ? reacquire_held_locks+0x660/0x660
[   53.768183][ T4993]  ? __lock_acquire+0x1316/0x2070
[   53.773207][ T4993]  ? folio_create_buffers+0xc7/0x250
[   53.778474][ T4993]  __block_write_begin_int+0x548/0x1a50
[   53.784010][ T4993]  ? make_le_item_head+0x570/0x570
[   53.789107][ T4993]  ? PageUptodate+0x290/0x290
[   53.793768][ T4993]  ? folio_test_hugetlb+0xa0/0x1d0
[   53.798867][ T4993]  ? __block_write_begin+0x65/0x160
[   53.804049][ T4993]  ? reiserfs_write_begin+0x183/0x520
[   53.809407][ T4993]  reiserfs_write_begin+0x24d/0x520
[   53.814595][ T4993]  generic_perform_write+0x300/0x5e0
[   53.819872][ T4993]  ? generic_file_direct_write+0x460/0x460
[   53.825662][ T4993]  ? __file_remove_privs+0x640/0x640
[   53.830935][ T4993]  ? generic_write_checks+0x160/0x1c0
[   53.836293][ T4993]  __generic_file_write_iter+0x17a/0x400
[   53.841912][ T4993]  generic_file_write_iter+0xaf/0x310
[   53.847268][ T4993]  vfs_write+0x790/0xb20
[   53.851502][ T4993]  ? file_end_write+0x250/0x250
[   53.856437][ T4993]  ? lockdep_hardirqs_on+0x98/0x140
[   53.861626][ T4993]  ? __fdget_pos+0x265/0x2f0
[   53.866240][ T4993]  ksys_write+0x1a0/0x2c0
[   53.870561][ T4993]  ? __ia32_sys_read+0x90/0x90
[   53.875313][ T4993]  ? syscall_enter_from_user_mode+0x32/0x230
[   53.881277][ T4993]  ? syscall_enter_from_user_mode+0x8c/0x230
[   53.887242][ T4993]  do_syscall_64+0x41/0xc0
[   53.891641][ T4993]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.897519][ T4993] RIP: 0033:0x7f5344e32ef9
[   53.901924][ T4993] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.921527][ T4993] RSP: 002b:00007ffdc78f56e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   53.929933][ T4993] RAX: ffffffffffffffda RBX: 00007ffdc78f56f8 RCX: 00007f5344e32ef9
[   53.937889][ T4993] RDX: 00000000175d900f RSI: 0000000020000200 RDI: 0000000000000004
[   53.945844][ T4993] RBP: 00007ffdc78f56f0 R08: 00007ffdc78f56f0 R09: 00007f5344df0490
[   53.953799][ T4993] R10: 00007ffdc78f56f0 R11: 0000000000000246 R12: 0000000000000000
[   53.961752][ T4993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   53.969709][ T4993]  </TASK>
[   53.972709][ T4993] Modules linked in:
[   53.976897][ T4993] ---[ end trace 0000000000000000 ]---
[   53.982371][ T4993] RIP: 0010:direct2indirect+0x95b/0x1840
[   53.988063][ T4993] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 c7 9e b2 ff 48 ba 00 00 00 00 00 fc
[   54.007715][ T4993] RSP: 0018:ffffc90003b1f0c0 EFLAGS: 00010206
[   54.013802][ T4993] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003b1f698
[   54.021857][ T4993] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008
[   54.029859][ T4993] RBP: ffffc90003b1f250 R08: ffffffff8230b87f R09: ffffffff822fdcfd
[   54.037845][ T4993] R10: 0000000000000002 R11: ffff888021d78000 R12: 0000000000000001
[   54.045835][ T4993] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010
[   54.053820][ T4993] FS:  00005555565663c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   54.062729][ T4993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   54.069335][ T4993] CR2: 0000000020000208 CR3: 0000000020a93000 CR4: 00000000003506f0
[   54.077326][ T4993] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.085763][ T4993] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.093750][ T4993] Kernel panic - not syncing: Fatal exception
[   54.099954][ T4993] Kernel Offset: disabled
[   54.104264][ T4993] Rebooting in 86400 seconds..