./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1726007377 <...> DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03 forked to background, child pid 4660 [ 28.222934][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.232364][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.178' (ECDSA) to the list of known hosts. execve("./syz-executor1726007377", ["./syz-executor1726007377"], 0x7ffdd3b8c820 /* 10 vars */) = 0 brk(NULL) = 0x5555562ae000 brk(0x5555562aec40) = 0x5555562aec40 arch_prctl(ARCH_SET_FS, 0x5555562ae300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1726007377", 4096) = 28 brk(0x5555562cfc40) = 0x5555562cfc40 brk(0x5555562d0000) = 0x5555562d0000 mprotect(0x7f5c7cf8f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getuid() = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c74ad4000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7f5c74ad4000, 4194304) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 65.817362][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor172' ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 65.863947][ T4992] loop0: detected capacity change from 0 to 8192 [ 65.875027][ T4992] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.888094][ T4992] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 65.897455][ T4992] REISERFS (device loop0): using ordered data mode [ 65.904128][ T4992] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_DIRSYNC|MS_REC|MS_SILENT|MS_RELATIME|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mkdir(".", 0777) = -1 EEXIST (File exists) [ 65.910165][ T4992] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 65.926530][ T4992] REISERFS (device loop0): checking transaction log (loop0) [ 65.935359][ T4992] REISERFS (device loop0): Using r5 hash to sort names [ 65.946187][ T4992] reiserfs: enabling write barrier flush mode mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 chdir(".") = 0 creat("./file0", 000) = 5 write(5, "0xffffffffffffffff", 18) = 18 creat("./bus", 000) = 6 [ 65.957984][ T4992] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. writev(6, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3386}], 2) = 3514 fcntl(6, F_SETFL, O_RDONLY|O_NOCTTY|O_DIRECT|FASYNC) = 0 write(6, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\xe0\x57\x9d\x0f\x90\xb4\x36\xcd\x12\xbf\x05\x0b\x58\x5c\xc6\xe4\xb1\xba\x2a\xe7\x6a\x9f\x4e\xce\x56\x04\x9f\x59\x44\x24\x3f\x64\x15\xed\x31\x31\xa0\x5c\x93\x61\x73\xd0\xa9\x8f\xa4\xaa\x71\x70\x3d\xa1\x41\x40\x51\x37\xfd\x38\xb9\x67\xf2\xcf\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30"..., 392007695) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, ".pending_reads", O_WRONLY|O_CREAT|O_TRUNC|O_DIRECT|O_NOFOLLOW, 000) = 7 exit_group(0) = ? [ 66.018007][ T4992] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 [ 66.033431][ T4992] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 66.043973][ T4992] REISERFS (device loop0): Remounting filesystem read-only [ 66.051180][ T4992] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 2 0x0 SD] stat data [ 66.064466][ T4992] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 [ 66.079775][ T4992] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 66.090321][ T4992] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 66.102025][ T4992] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 66.110415][ T4992] CPU: 1 PID: 4992 Comm: syz-executor172 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 66.120802][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 66.130838][ T4992] RIP: 0010:prepare_for_delete_or_cut+0x18f/0x2240 [ 66.137336][ T4992] Code: d8 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 d0 17 00 00 4c 63 33 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 d2 55 b3 ff 4d 8b 3c 24 48 b8 00 [ 66.156926][ T4992] RSP: 0018:ffffc90003aff080 EFLAGS: 00010206 [ 66.162984][ T4992] RAX: 0000000000000005 RBX: ffffc90003aff860 RCX: dffffc0000000000 [ 66.170941][ T4992] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 66.178903][ T4992] RBP: ffffc90003aff208 R08: ffffffff823000d2 R09: ffffc90003aff6d0 [ 66.186872][ T4992] R10: 0000000000000002 R11: ffff888028da3b80 R12: 0000000000000028 [ 66.194838][ T4992] R13: 0000000000000fee R14: 0000000000000000 R15: dffffc0000000000 [ 66.202803][ T4992] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 66.211723][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.218297][ T4992] CR2: 00007f5c7cf63ee8 CR3: 000000000cd30000 CR4: 00000000003506e0 [ 66.226265][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.234223][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.242183][ T4992] Call Trace: [ 66.245450][ T4992] [ 66.248369][ T4992] ? __die_body+0x5e/0xa0 [ 66.252689][ T4992] ? die_addr+0x99/0xc0 [ 66.256830][ T4992] ? exc_general_protection+0x3c2/0x5b0 [ 66.262382][ T4992] ? asm_exc_general_protection+0x26/0x30 [ 66.268091][ T4992] ? prepare_for_delete_or_cut+0x112/0x2240 [ 66.273970][ T4992] ? prepare_for_delete_or_cut+0x18f/0x2240 [ 66.279853][ T4992] ? search_by_key+0x4b60/0x4b60 [ 66.284775][ T4992] ? reiserfs_delete_item+0x1040/0x1040 [ 66.290310][ T4992] reiserfs_cut_from_item+0x3af/0x2580 [ 66.295781][ T4992] ? reiserfs_do_truncate+0x15c0/0x15c0 [ 66.301320][ T4992] ? search_by_key+0x4790/0x4b60 [ 66.306270][ T4992] ? search_by_key+0x4b60/0x4b60 [ 66.311196][ T4992] ? __mutex_unlock_slowpath+0x21c/0x750 [ 66.316832][ T4992] ? make_cpu_key+0x2f/0x230 [ 66.321413][ T4992] reiserfs_do_truncate+0xa16/0x15c0 [ 66.326698][ T4992] ? reiserfs_delete_object+0x1a0/0x1a0 [ 66.332238][ T4992] ? _compound_head+0x130/0x130 [ 66.337082][ T4992] ? journal_begin+0x1f3/0x360 [ 66.341837][ T4992] reiserfs_truncate_file+0x4da/0x820 [ 66.347201][ T4992] ? reiserfs_new_symlink+0x770/0x770 [ 66.352564][ T4992] ? journal_end+0x209/0x2c0 [ 66.357141][ T4992] reiserfs_file_release+0x8ca/0xaa0 [ 66.362420][ T4992] ? reiserfs_file_open+0x120/0x120 [ 66.367606][ T4992] ? integrity_iint_find+0x54/0x120 [ 66.372796][ T4992] ? ima_file_free+0xf3/0x3c0 [ 66.377465][ T4992] ? reiserfs_file_open+0x120/0x120 [ 66.382652][ T4992] __fput+0x3b7/0x890 [ 66.386623][ T4992] task_work_run+0x24a/0x300 [ 66.391199][ T4992] ? task_work_cancel+0x2b0/0x2b0 [ 66.396213][ T4992] ? exit_task_namespaces+0xe1/0xf0 [ 66.401403][ T4992] do_exit+0x68f/0x2290 [ 66.405553][ T4992] ? put_task_struct+0x80/0x80 [ 66.410301][ T4992] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 66.416269][ T4992] ? print_irqtrace_events+0x220/0x220 [ 66.421717][ T4992] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.426907][ T4992] ? lockdep_hardirqs_on+0x98/0x140 [ 66.432093][ T4992] do_group_exit+0x206/0x2c0 [ 66.436673][ T4992] __x64_sys_exit_group+0x3f/0x40 [ 66.441683][ T4992] do_syscall_64+0x41/0xc0 [ 66.446084][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.451967][ T4992] RIP: 0033:0x7f5c7cf1fcf9 [ 66.456371][ T4992] Code: Unable to access opcode bytes at 0x7f5c7cf1fccf. [ 66.463389][ T4992] RSP: 002b:00007ffcad3d5858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 66.471809][ T4992] RAX: ffffffffffffffda RBX: 00007f5c7cf95430 RCX: 00007f5c7cf1fcf9 [ 66.479775][ T4992] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 66.487740][ T4992] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 66.495701][ T4992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c7cf95430 [ 66.503662][ T4992] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 66.511626][ T4992] [ 66.514631][ T4992] Modules linked in: [ 66.518837][ T4992] ---[ end trace 0000000000000000 ]--- [ 66.524367][ T4992] RIP: 0010:prepare_for_delete_or_cut+0x18f/0x2240 [ 66.530882][ T4992] Code: d8 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 d0 17 00 00 4c 63 33 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 d2 55 b3 ff 4d 8b 3c 24 48 b8 00 [ 66.550531][ T4992] RSP: 0018:ffffc90003aff080 EFLAGS: 00010206 [ 66.556618][ T4992] RAX: 0000000000000005 RBX: ffffc90003aff860 RCX: dffffc0000000000 [ 66.564605][ T4992] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 66.572593][ T4992] RBP: ffffc90003aff208 R08: ffffffff823000d2 R09: ffffc90003aff6d0 [ 66.580546][ T4992] R10: 0000000000000002 R11: ffff888028da3b80 R12: 0000000000000028 [ 66.588524][ T4992] R13: 0000000000000fee R14: 0000000000000000 R15: dffffc0000000000 [ 66.596506][ T4992] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 66.605449][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.612042][ T4992] CR2: 00007f5c7cf63ee8 CR3: 000000000cd30000 CR4: 00000000003506e0 [ 66.619995][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.627996][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.635995][ T4992] Kernel panic - not syncing: Fatal exception [ 66.642230][ T4992] Kernel Offset: disabled [ 66.646542][ T4992] Rebooting in 86400 seconds..