./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor435863506

<...>
DUID 00:04:e3:38:52:80:67:3f:e9:c9:a2:47:22:a3:59:23:7d:1e
forked to background, child pid 4646
[   31.094037][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.104203][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts.
execve("./syz-executor435863506", ["./syz-executor435863506"], 0x7ffed03b14b0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b8a000
brk(0x555555b8ad00)                     = 0x555555b8ad00
arch_prctl(ARCH_SET_FS, 0x555555b8a3c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor435863506", 4096) = 27
brk(0x555555babd00)                     = 0x555555babd00
brk(0x555555bac000)                     = 0x555555bac000
mprotect(0x7f709addf000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f709ad2f490, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f709ad304e0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f709ad2f490, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f709ad304e0}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7092925000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7f7092925000, 4194304)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   55.479719][ T5068] loop0: detected capacity change from 0 to 8192
[   55.490902][ T5068] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   55.504051][ T5068] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   55.513464][ T5068] REISERFS (device loop0): using ordered data mode
[   55.520045][ T5068] reiserfs: using flush barriers
[   55.526572][ T5068] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   55.543041][ T5068] REISERFS (device loop0): checking transaction log (loop0)
mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
creat("./file0", 000)                   = 4
writev(4, [{iov_base="\xd1", iov_len=1}], 1) = 1
openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
write(5, "\x99", 1)                     = 1
mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000208} ---
write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007695) = 3584
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} ---
creat("\x99", 000)                      = 6
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000208} ---
[   55.588872][ T5068] REISERFS (device loop0): Using r5 hash to sort names
[   55.597266][ T5068] REISERFS (device loop0): using 3.5.x disk format
[   55.604429][ T5068] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   55.644648][ T5068] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2
[   55.660303][ T5068] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 549. Fsck?
[   55.671482][ T5068] REISERFS (device loop0): Remounting filesystem read-only
[   55.678800][ T5068] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
[   55.690507][ T5068] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   55.698893][ T5068] CPU: 0 PID: 5068 Comm: syz-executor435 Not tainted 6.2.0-rc1-syzkaller #0
[   55.707539][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.717658][ T5068] RIP: 0010:direct2indirect+0x916/0x17c0
[   55.723300][ T5068] Code: 48 8b 04 24 4a 8d 5c 38 10 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 43 03 00 00 48 63 1b 49 83 c6 28 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 8c 8a b2 ff 48 ba 00 00 00 00 00 fc
[   55.742901][ T5068] RSP: 0018:ffffc90003c7f100 EFLAGS: 00010206
[   55.748962][ T5068] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffff888021c93a80
[   55.756924][ T5068] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008
[   55.764876][ T5068] RBP: ffffc90003c7f270 R08: ffffffff822ef83e R09: ffffffff822e1c5d
[   55.772829][ T5068] R10: 0000000000000002 R11: ffff888021c93a80 R12: 0000000000000001
[   55.780778][ T5068] R13: 0000000000000000 R14: 0000000000000028 R15: 0000000000000010
[   55.788731][ T5068] FS:  0000555555b8a3c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   55.797645][ T5068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.804213][ T5068] CR2: 0000000020000208 CR3: 000000002a8a2000 CR4: 00000000003506f0
[   55.812167][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.820118][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.828073][ T5068] Call Trace:
[   55.831334][ T5068]  <TASK>
[   55.834252][ T5068]  ? r5_hash+0xe0/0xe0
[   55.838310][ T5068]  ? show_alloc_options+0xbd0/0xbd0
[   55.843491][ T5068]  ? journal_begin+0x1f1/0x350
[   55.848243][ T5068]  ? copy_item_head+0x1e/0x30
[   55.853600][ T5068]  reiserfs_get_block+0x4c9a/0x5180
[   55.858795][ T5068]  ? make_le_item_head+0x5b0/0x5b0
[   55.864152][ T5068]  ? update_cfs_rq_load_avg+0x483/0x570
[   55.869685][ T5068]  ? rcu_read_lock_sched_held+0x87/0x110
[   55.875306][ T5068]  ? create_page_buffers+0x244/0x4b0
[   55.880575][ T5068]  __block_write_begin_int+0x54c/0x1a80
[   55.886113][ T5068]  ? make_le_item_head+0x5b0/0x5b0
[   55.891206][ T5068]  ? page_zero_new_buffers+0x940/0x940
[   55.896645][ T5068]  ? fault_in_readable+0x219/0x310
[   55.901738][ T5068]  ? __block_write_begin+0x51/0x150
[   55.906935][ T5068]  ? reiserfs_write_begin+0x180/0x510
[   55.912287][ T5068]  reiserfs_write_begin+0x247/0x510
[   55.917468][ T5068]  generic_perform_write+0x2e4/0x5e0
[   55.922739][ T5068]  ? generic_file_direct_write+0x610/0x610
[   55.928528][ T5068]  ? __file_remove_privs+0x610/0x610
[   55.933793][ T5068]  ? generic_write_checks+0x15c/0x1c0
[   55.939152][ T5068]  __generic_file_write_iter+0x176/0x400
[   55.944770][ T5068]  generic_file_write_iter+0xab/0x310
[   55.950127][ T5068]  vfs_write+0x7dc/0xc50
[   55.954351][ T5068]  ? file_end_write+0x230/0x230
[   55.959180][ T5068]  ? ptrace_stop+0x74d/0x970
[   55.963756][ T5068]  ? _raw_spin_unlock_irq+0x2a/0x40
[   55.968952][ T5068]  ? __fdget_pos+0x252/0x2e0
[   55.973525][ T5068]  ksys_write+0x177/0x2a0
[   55.977926][ T5068]  ? __ia32_sys_read+0x80/0x80
[   55.982671][ T5068]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.988654][ T5068]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   55.994615][ T5068]  do_syscall_64+0x3d/0xb0
[   55.999015][ T5068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.004921][ T5068] RIP: 0033:0x7f709ad71ed9
[   56.009318][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.028922][ T5068] RSP: 002b:00007ffd885a00d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   56.037328][ T5068] RAX: ffffffffffffffda RBX: 00007ffd885a00e8 RCX: 00007f709ad71ed9
[   56.045303][ T5068] RDX: 00000000175d900f RSI: 0000000020000200 RDI: 0000000000000004
[   56.053259][ T5068] RBP: 00007ffd885a00e0 R08: 00007ffd885a00e0 R09: 00007f709ad2f490
[   56.061219][ T5068] R10: 00007ffd885a00e0 R11: 0000000000000246 R12: 0000000000000000
[   56.069171][ T5068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.077145][ T5068]  </TASK>
[   56.080144][ T5068] Modules linked in:
[   56.084466][ T5068] ---[ end trace 0000000000000000 ]---
[   56.089956][ T5068] RIP: 0010:direct2indirect+0x916/0x17c0
[   56.095621][ T5068] Code: 48 8b 04 24 4a 8d 5c 38 10 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 43 03 00 00 48 63 1b 49 83 c6 28 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 f7 e8 8c 8a b2 ff 48 ba 00 00 00 00 00 fc
[   56.115356][ T5068] RSP: 0018:ffffc90003c7f100 EFLAGS: 00010206
[   56.121460][ T5068] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffff888021c93a80
[   56.129484][ T5068] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008
[   56.137677][ T5068] RBP: ffffc90003c7f270 R08: ffffffff822ef83e R09: ffffffff822e1c5d
[   56.145668][ T5068] R10: 0000000000000002 R11: ffff888021c93a80 R12: 0000000000000001
[   56.153623][ T5068] R13: 0000000000000000 R14: 0000000000000028 R15: 0000000000000010
[   56.161622][ T5068] FS:  0000555555b8a3c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   56.170638][ T5068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.177336][ T5068] CR2: 0000000020000208 CR3: 000000002a8a2000 CR4: 00000000003506f0
[   56.185322][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.193628][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.201664][ T5068] Kernel panic - not syncing: Fatal exception
[   56.207907][ T5068] Kernel Offset: disabled
[   56.212240][ T5068] Rebooting in 86400 seconds..