./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4256936182 <...> Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts. execve("./syz-executor4256936182", ["./syz-executor4256936182"], 0x7ffcca624500 /* 10 vars */) = 0 brk(NULL) = 0x555555f2a000 brk(0x555555f2ad00) = 0x555555f2ad00 arch_prctl(ARCH_SET_FS, 0x555555f2a380) = 0 set_tid_address(0x555555f2a650) = 5035 set_robust_list(0x555555f2a660, 24) = 0 rseq(0x555555f2aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4256936182", 4096) = 28 getrandom("\xf8\xdd\x91\x38\x85\x98\x82\xbe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555f2ad00 brk(0x555555f4bd00) = 0x555555f4bd00 brk(0x555555f4c000) = 0x555555f4c000 mprotect(0x7f25ac13e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a3c8d000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7f25a3c8d000, 4194304) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 71.041015][ T5035] syz-executor425[5035]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 71.100761][ T5035] loop0: detected capacity change from 0 to 8192 [ 71.113486][ T5035] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 71.126802][ T5035] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 71.136230][ T5035] REISERFS (device loop0): using ordered data mode [ 71.142755][ T5035] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 creat("./bus", 000) = 5 open(".", O_RDONLY) = 6 mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 writev(5, [{iov_base="D", iov_len=1}], 1) = 1 writev(4, [{iov_base="\x44\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3976}, {iov_base=NULL, iov_len=142606336}], 2) = 3976 [ 71.149555][ T5035] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 71.166408][ T5035] REISERFS (device loop0): checking transaction log (loop0) [ 71.176331][ T5035] REISERFS (device loop0): Using tea hash to sort names [ 71.184523][ T5035] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 71.216053][ T5035] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4106499 0(1) DIR], item_len 35, item_location 3757, free_space(entry_count) 2 [ 71.232178][ T5035] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 71.243847][ T5035] REISERFS (device loop0): Remounting filesystem read-only [ 71.251412][ T5035] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 71.263134][ T5035] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 71.271535][ T5035] CPU: 0 PID: 5035 Comm: syz-executor425 Not tainted 6.6.0-rc3-syzkaller-00165-g3b517966c561 #0 [ 71.281949][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 71.291994][ T5035] RIP: 0010:direct2indirect+0x95b/0x1830 [ 71.297640][ T5035] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 17 de b1 ff 48 ba 00 00 00 00 00 fc [ 71.317242][ T5035] RSP: 0018:ffffc90003a1f000 EFLAGS: 00010206 [ 71.323301][ T5035] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003a1f5d8 [ 71.331264][ T5035] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 71.339224][ T5035] RBP: ffffc90003a1f190 R08: ffffffff82369dbf R09: ffffffff8235c33d [ 71.347185][ T5035] R10: 0000000000000002 R11: ffff88801f511dc0 R12: 0000000000000001 [ 71.355144][ T5035] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010 [ 71.363103][ T5035] FS: 0000555555f2a380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 71.372018][ T5035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.378591][ T5035] CR2: 0000000000000000 CR3: 000000007ce28000 CR4: 00000000003506f0 [ 71.386564][ T5035] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.394622][ T5035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.402594][ T5035] Call Trace: [ 71.405877][ T5035] [ 71.408808][ T5035] ? __die_body+0x8b/0xe0 [ 71.413167][ T5035] ? die_addr+0xc9/0x100 [ 71.417447][ T5035] ? exc_general_protection+0x3c2/0x5b0 [ 71.423003][ T5035] ? asm_exc_general_protection+0x26/0x30 [ 71.428734][ T5035] ? search_for_position_by_key+0x11d/0x1010 [ 71.434718][ T5035] ? direct2indirect+0x8df/0x1830 [ 71.439744][ T5035] ? direct2indirect+0x95b/0x1830 [ 71.444769][ T5035] ? r5_hash+0xd0/0xd0 [ 71.448859][ T5035] ? show_alloc_options+0xc00/0xc00 [ 71.454069][ T5035] ? journal_begin+0x1f3/0x360 [ 71.458848][ T5035] ? copy_item_head+0x22/0x30 [ 71.463520][ T5035] reiserfs_get_block+0x4c34/0x5130 [ 71.468764][ T5035] ? make_le_item_head+0x570/0x570 [ 71.473883][ T5035] ? __lock_acquire+0x1345/0x7f70 [ 71.478905][ T5035] ? verify_lock_unused+0x140/0x140 [ 71.484125][ T5035] ? folio_create_buffers+0xc7/0x250 [ 71.489406][ T5035] __block_write_begin_int+0x54d/0x1ac0 [ 71.494965][ T5035] ? folio_wait_stable+0xa4/0xc0 [ 71.499904][ T5035] ? make_le_item_head+0x570/0x570 [ 71.505013][ T5035] ? folio_zero_new_buffers+0x530/0x530 [ 71.510551][ T5035] ? fault_in_readable+0x1a6/0x2b0 [ 71.515718][ T5035] ? __block_write_begin+0x64/0x150 [ 71.520912][ T5035] reiserfs_write_begin+0x24d/0x520 [ 71.526113][ T5035] generic_perform_write+0x31b/0x630 [ 71.531393][ T5035] ? generic_file_direct_write+0x3f0/0x3f0 [ 71.537197][ T5035] ? __generic_file_write_iter+0x101/0x230 [ 71.543010][ T5035] generic_file_write_iter+0xaf/0x310 [ 71.548386][ T5035] do_iter_write+0x84f/0xde0 [ 71.552987][ T5035] ? vfs_iter_write+0xa0/0xa0 [ 71.557658][ T5035] ? rcu_read_lock_any_held+0xb7/0x160 [ 71.563121][ T5035] do_writev+0x27f/0x470 [ 71.567366][ T5035] ? do_readv+0x460/0x460 [ 71.571714][ T5035] ? do_notify_parent+0x1100/0x1100 [ 71.576919][ T5035] ? print_irqtrace_events+0x220/0x220 [ 71.582379][ T5035] ? syscall_enter_from_user_mode+0x32/0x230 [ 71.588361][ T5035] ? syscall_enter_from_user_mode+0x8c/0x230 [ 71.594337][ T5035] do_syscall_64+0x41/0xc0 [ 71.598748][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.604638][ T5035] RIP: 0033:0x7f25ac0ca7b9 [ 71.609052][ T5035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.628686][ T5035] RSP: 002b:00007fff57b94348 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 71.637136][ T5035] RAX: ffffffffffffffda RBX: 00007fff57b94518 RCX: 00007f25ac0ca7b9 [ 71.645114][ T5035] RDX: 0000000000000002 RSI: 00000000200013c0 RDI: 0000000000000004 [ 71.653076][ T5035] RBP: 00007f25ac13e610 R08: 00007fff57b94518 R09: 00007fff57b94518 [ 71.661039][ T5035] R10: 00007fff57b94518 R11: 0000000000000246 R12: 0000000000000001 [ 71.669002][ T5035] R13: 00007fff57b94508 R14: 0000000000000001 R15: 0000000000000001 [ 71.676988][ T5035] [ 71.679997][ T5035] Modules linked in: [ 71.689292][ T5035] ---[ end trace 0000000000000000 ]--- [ 71.694787][ T5035] RIP: 0010:direct2indirect+0x95b/0x1830 [ 71.700477][ T5035] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 17 de b1 ff 48 ba 00 00 00 00 00 fc [ 71.720121][ T5035] RSP: 0018:ffffc90003a1f000 EFLAGS: 00010206 [ 71.726254][ T5035] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003a1f5d8 [ 71.734230][ T5035] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 71.742264][ T5035] RBP: ffffc90003a1f190 R08: ffffffff82369dbf R09: ffffffff8235c33d [ 71.750287][ T5035] R10: 0000000000000002 R11: ffff88801f511dc0 R12: 0000000000000001 [ 71.758304][ T5035] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010 [ 71.766461][ T5035] FS: 0000555555f2a380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 71.775435][ T5035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.782040][ T5035] CR2: 0000000000000000 CR3: 000000007ce28000 CR4: 00000000003506f0 [ 71.790064][ T5035] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.798108][ T5035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.806133][ T5035] Kernel panic - not syncing: Fatal exception [ 71.812310][ T5035] Kernel Offset: disabled [ 71.816635][ T5035] Rebooting in 86400 seconds..