./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1064045121 <...> Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts. execve("./syz-executor1064045121", ["./syz-executor1064045121"], 0x7fffe71c2fe0 /* 10 vars */) = 0 brk(NULL) = 0x555555bd9000 brk(0x555555bd9d00) = 0x555555bd9d00 arch_prctl(ARCH_SET_FS, 0x555555bd9380) = 0 set_tid_address(0x555555bd9650) = 5067 set_robust_list(0x555555bd9660, 24) = 0 rseq(0x555555bd9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1064045121", 4096) = 28 getrandom("\x11\x76\x26\x5f\xac\x20\x50\x9c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555bd9d00 brk(0x555555bfad00) = 0x555555bfad00 brk(0x555555bfb000) = 0x555555bfb000 mprotect(0x7efe0e52b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe0607a000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7efe0607a000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 54.435476][ T5067] loop0: detected capacity change from 0 to 8192 [ 54.447584][ T5067] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.460920][ T5067] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.470281][ T5067] REISERFS (device loop0): using ordered data mode [ 54.476799][ T5067] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 54.483426][ T5067] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.500226][ T5067] REISERFS (device loop0): checking transaction log (loop0) [ 54.510185][ T5067] REISERFS (device loop0): Using r5 hash to sort names [ 54.517482][ T5067] REISERFS (device loop0): using 3.5.x disk format [ 54.524960][ T5067] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 ftruncate(4, 3676) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 write(6, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 23137) = 23137 [ 54.605752][ T5067] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 [ 54.621450][ T5067] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 54.632130][ T5067] REISERFS (device loop0): Remounting filesystem read-only [ 54.639495][ T5067] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 54.651397][ T5067] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 54.660273][ T5067] CPU: 1 PID: 5067 Comm: syz-executor106 Not tainted 6.7.0-rc7-syzkaller #0 [ 54.669137][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 54.679398][ T5067] RIP: 0010:direct2indirect+0x817/0x10f0 [ 54.685286][ T5067] Code: e5 06 00 00 4c 89 e2 49 63 44 24 08 48 c1 ea 03 80 3c 1a 00 0f 85 d9 06 00 00 4d 8b 24 24 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 d5 06 00 00 48 8d 54 40 03 49 8b 44 24 28 4c 8d [ 54.705079][ T5067] RSP: 0018:ffffc90003a67550 EFLAGS: 00010216 [ 54.711139][ T5067] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff822a4630 [ 54.719134][ T5067] RDX: 0000000000000005 RSI: ffffffff822a463f RDI: 0000000000000028 [ 54.727301][ T5067] RBP: ffffc90003a676e0 R08: 0000000000000005 R09: 0000000000000001 [ 54.735263][ T5067] R10: 00000000fffffffe R11: 0000000000000001 R12: 0000000000000000 [ 54.743228][ T5067] R13: ffff888074998ed0 R14: 0000000000000001 R15: ffffc90003a67950 [ 54.751216][ T5067] FS: 0000555555bd9380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 54.760140][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.766714][ T5067] CR2: 000055df765d70b0 CR3: 00000000765a9000 CR4: 0000000000350ef0 [ 54.774676][ T5067] Call Trace: [ 54.777941][ T5067] [ 54.780859][ T5067] ? show_regs+0x8f/0xa0 [ 54.785214][ T5067] ? die_addr+0x4f/0xd0 [ 54.789379][ T5067] ? exc_general_protection+0x155/0x230 [ 54.794945][ T5067] ? asm_exc_general_protection+0x26/0x30 [ 54.800673][ T5067] ? direct2indirect+0x7a0/0x10f0 [ 54.805801][ T5067] ? direct2indirect+0x7af/0x10f0 [ 54.811010][ T5067] ? direct2indirect+0x817/0x10f0 [ 54.816062][ T5067] ? do_journal_begin_r+0xbed/0x12a0 [ 54.821434][ T5067] ? r5_hash+0xd0/0xd0 [ 54.825499][ T5067] ? journal_begin+0x215/0x400 [ 54.830293][ T5067] reiserfs_get_block+0x3a6e/0x4570 [ 54.835501][ T5067] ? reiserfs_commit_write+0x700/0x700 [ 54.841051][ T5067] ? mark_lock+0xb5/0xc50 [ 54.845396][ T5067] ? print_usage_bug.part.0+0x550/0x550 [ 54.850944][ T5067] ? __lock_acquire+0x14f0/0x3b20 [ 54.855967][ T5067] ? filemap_get_entry+0x239/0x460 [ 54.861068][ T5067] ? folio_flags.constprop.0+0x56/0x150 [ 54.866659][ T5067] ? reiserfs_commit_write+0x700/0x700 [ 54.872216][ T5067] __block_write_begin_int+0x3c0/0x1560 [ 54.877764][ T5067] ? reiserfs_commit_write+0x700/0x700 [ 54.883219][ T5067] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 54.888758][ T5067] reiserfs_write_begin+0x350/0x7d0 [ 54.894056][ T5067] generic_perform_write+0x278/0x600 [ 54.899354][ T5067] ? folio_add_wait_queue+0x1c0/0x1c0 [ 54.904725][ T5067] ? generic_write_checks+0x2b0/0x3f0 [ 54.910095][ T5067] __generic_file_write_iter+0x1f9/0x240 [ 54.915726][ T5067] generic_file_write_iter+0xe3/0x350 [ 54.921092][ T5067] vfs_write+0x64f/0xdf0 [ 54.925326][ T5067] ? kernel_write+0x6c0/0x6c0 [ 54.929999][ T5067] ? __fget_light+0x1fc/0x260 [ 54.934666][ T5067] ksys_write+0x12f/0x250 [ 54.938982][ T5067] ? __ia32_sys_read+0xb0/0xb0 [ 54.943739][ T5067] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 54.949972][ T5067] do_syscall_64+0x40/0x110 [ 54.954465][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 54.960343][ T5067] RIP: 0033:0x7efe0e4b79f9 [ 54.964736][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.984331][ T5067] RSP: 002b:00007ffc5e514468 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.992728][ T5067] RAX: ffffffffffffffda RBX: 00007ffc5e514638 RCX: 00007efe0e4b79f9 [ 55.000689][ T5067] RDX: 0000000000000014 RSI: 0000000020000080 RDI: 0000000000000004 [ 55.008642][ T5067] RBP: 00007efe0e52b610 R08: 00007ffc5e514638 R09: 00007ffc5e514638 [ 55.016613][ T5067] R10: 00007ffc5e514207 R11: 0000000000000246 R12: 0000000000000001 [ 55.024656][ T5067] R13: 00007ffc5e514628 R14: 0000000000000001 R15: 0000000000000001 [ 55.032821][ T5067] [ 55.036623][ T5067] Modules linked in: [ 55.041046][ T5067] ---[ end trace 0000000000000000 ]--- [ 55.046513][ T5067] RIP: 0010:direct2indirect+0x817/0x10f0 [ 55.052277][ T5067] Code: e5 06 00 00 4c 89 e2 49 63 44 24 08 48 c1 ea 03 80 3c 1a 00 0f 85 d9 06 00 00 4d 8b 24 24 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 d5 06 00 00 48 8d 54 40 03 49 8b 44 24 28 4c 8d [ 55.072042][ T5067] RSP: 0018:ffffc90003a67550 EFLAGS: 00010216 [ 55.078127][ T5067] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff822a4630 [ 55.086217][ T5067] RDX: 0000000000000005 RSI: ffffffff822a463f RDI: 0000000000000028 [ 55.094220][ T5067] RBP: ffffc90003a676e0 R08: 0000000000000005 R09: 0000000000000001 [ 55.102237][ T5067] R10: 00000000fffffffe R11: 0000000000000001 R12: 0000000000000000 [ 55.110261][ T5067] R13: ffff888074998ed0 R14: 0000000000000001 R15: ffffc90003a67950 [ 55.118238][ T5067] FS: 0000555555bd9380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 55.127211][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.133856][ T5067] CR2: 000055df765d70b0 CR3: 00000000765a9000 CR4: 0000000000350ef0 [ 55.141871][ T5067] Kernel panic - not syncing: Fatal exception [ 55.148235][ T5067] Kernel Offset: disabled [ 55.152548][ T5067] Rebooting in 86400 seconds..