REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 533. Fsck?
REISERFS (device loop0): Remounting filesystem read-only
REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 533. Fsck?
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 1 PID: 5481 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-15365-g305230142ae0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:reiserfs_node_data fs/reiserfs/reiserfs.h:2183 [inline]
RIP: 0010:item_head fs/reiserfs/reiserfs.h:2199 [inline]
RIP: 0010:tp_item_head fs/reiserfs/reiserfs.h:2225 [inline]
RIP: 0010:prepare_for_delete_or_cut+0x18f/0x2240 fs/reiserfs/stree.c:1050
Code: d8 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 d0 17 00 00 4c 63 33 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 32 0c b2 ff 4d 8b 3c 24 48 b8 00
RSP: 0018:ffffc90005b7f320 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffffc90005b7fae0 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008
RBP: ffffc90005b7f4a8 R08: ffffffff8238d102 R09: ffffc90005b7f970
R10: 0000000000000002 R11: ffff88801a69d940 R12: 0000000000000028
R13: 0000000000000fcb R14: 0000000000000000 R15: dffffc0000000000
FS:  0000555556693480(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc30382068 CR3: 000000006afaf000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 reiserfs_cut_from_item+0x3af/0x2580 fs/reiserfs/stree.c:1680
 reiserfs_do_truncate+0x9b9/0x14c0 fs/reiserfs/stree.c:1971
 reiserfs_truncate_file+0x4da/0x820 fs/reiserfs/inode.c:2302
 reiserfs_file_release+0x8ca/0xaa0 fs/reiserfs/file.c:109
 __fput+0x3cc/0xa10 fs/file_table.c:394
 __do_sys_close fs/open.c:1590 [inline]
 __se_sys_close+0x15f/0x220 fs/open.c:1575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f400427b9da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
RSP: 002b:00007fffddc73c50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f400427b9da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000032 R08: 0000001b2e260000 R09: 00007f400439bf8c
R10: 00007fffddc73da0 R11: 0000000000000293 R12: 00007f4003e01770
R13: ffffffffffffffff R14: 00007f4003e00000 R15: 0000000000014f62
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:reiserfs_node_data fs/reiserfs/reiserfs.h:2183 [inline]
RIP: 0010:item_head fs/reiserfs/reiserfs.h:2199 [inline]
RIP: 0010:tp_item_head fs/reiserfs/reiserfs.h:2225 [inline]
RIP: 0010:prepare_for_delete_or_cut+0x18f/0x2240 fs/reiserfs/stree.c:1050
Code: d8 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 d0 17 00 00 4c 63 33 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 e7 e8 32 0c b2 ff 4d 8b 3c 24 48 b8 00
RSP: 0018:ffffc90005b7f320 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffffc90005b7fae0 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008
RBP: ffffc90005b7f4a8 R08: ffffffff8238d102 R09: ffffc90005b7f970
R10: 0000000000000002 R11: ffff88801a69d940 R12: 0000000000000028
R13: 0000000000000fcb R14: 0000000000000000 R15: dffffc0000000000
FS:  0000555556693480(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559869209680 CR3: 000000006afaf000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	48 c1 e8 03          	shr    $0x3,%rax
   4:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
   b:	fc ff df
   e:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax
  13:	84 c0                	test   %al,%al
  15:	0f 85 d0 17 00 00    	jne    0x17eb
  1b:	4c 63 33             	movslq (%rbx),%r14
  1e:	49 83 c4 28          	add    $0x28,%r12
  22:	4c 89 e0             	mov    %r12,%rax
  25:	48 c1 e8 03          	shr    $0x3,%rax
* 29:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 32 0c b2 ff       	call   0xffb20c6a
  38:	4d 8b 3c 24          	mov    (%r12),%r15
  3c:	48                   	rex.W
  3d:	b8                   	.byte 0xb8