syzkaller login: [ 12.114558][ T933] udevd (933) used greatest stack depth: 25384 bytes left [ 17.997705][ T1041] sftp-server (1041) used greatest stack depth: 25248 bytes left [ 24.144005][ T1057] cgroup: Unknown subsys name 'net' [ 24.149592][ T1057] cgroup: Unknown subsys name 'net_prio' [ 24.155785][ T1057] cgroup: Unknown subsys name 'devices' [ 24.161553][ T1057] cgroup: Unknown subsys name 'blkio' [ 24.284938][ T1057] cgroup: Unknown subsys name 'hugetlb' [ 24.290795][ T1057] cgroup: Unknown subsys name 'rlimit' [ 24.451721][ T1057] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.580582][ T1060] syz-executor.0 (1060) used greatest stack depth: 24504 bytes left Warning: Permanently added '10.128.0.204' (ED25519) to the list of known hosts. 2024/03/07 03:18:59 ignoring optional flag "sandboxArg"="0" 2024/03/07 03:18:59 parsed 1 programs 2024/03/07 03:18:59 executed programs: 0 [ 45.540475][ T1586] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.788718][ T2010] loop0: detected capacity change from 0 to 8192 [ 47.873793][ T2010] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.883184][ T2010] REISERFS (device loop0): using ordered data mode [ 47.890106][ T2010] reiserfs: using flush barriers [ 47.895914][ T2010] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 47.912853][ T2010] REISERFS (device loop0): checking transaction log (loop0) [ 47.920935][ T2010] REISERFS (device loop0): Using r5 hash to sort names [ 47.975373][ T1592] ================================================================== [ 47.983448][ T1592] BUG: KASAN: vmalloc-out-of-bounds in cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 47.992740][ T1592] Read of size 8 at addr ffffc90000cfb008 by task syz-executor.0/1592 [ 48.000858][ T1592] [ 48.003243][ T1592] CPU: 0 PID: 1592 Comm: syz-executor.0 Not tainted 5.15.151-syzkaller #0 [ 48.011794][ T1592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 48.021902][ T1592] Call Trace: [ 48.025240][ T1592] [ 48.028235][ T1592] dump_stack_lvl+0x41/0x5e [ 48.032707][ T1592] print_address_description.constprop.0.cold+0xf/0x309 [ 48.039886][ T1592] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 48.046019][ T1592] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 48.051961][ T1592] kasan_report.cold+0x83/0xdf [ 48.056702][ T1592] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 48.062569][ T1592] cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 48.068287][ T1592] ? free_journal_ram+0x100/0x590 [ 48.073717][ T1592] free_journal_ram+0x140/0x590 [ 48.078717][ T1592] ? do_raw_spin_unlock+0x171/0x230 [ 48.083971][ T1592] journal_release+0x228/0x590 [ 48.088787][ T1592] ? reiserfs_end_persistent_transaction+0x190/0x190 [ 48.095513][ T1592] ? do_raw_spin_unlock+0x171/0x230 [ 48.100692][ T1592] reiserfs_put_super+0xc4/0x560 [ 48.106034][ T1592] ? reiserfs_quota_read+0x440/0x440 [ 48.111465][ T1592] ? dispose_list+0x190/0x190 [ 48.116198][ T1592] generic_shutdown_super+0x129/0x320 [ 48.121726][ T1592] kill_block_super+0x93/0xd0 [ 48.126475][ T1592] deactivate_locked_super+0x7b/0x130 [ 48.132000][ T1592] cleanup_mnt+0x2b8/0x3e0 [ 48.136821][ T1592] task_work_run+0xb8/0x140 [ 48.141475][ T1592] exit_to_user_mode_prepare+0x15a/0x160 [ 48.147184][ T1592] syscall_exit_to_user_mode+0x12/0x30 [ 48.152716][ T1592] do_syscall_64+0x42/0x80 [ 48.157107][ T1592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.163058][ T1592] RIP: 0033:0x7f96d83da0d7 [ 48.167713][ T1592] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 48.188179][ T1592] RSP: 002b:00007ffc123ccc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 48.196739][ T1592] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f96d83da0d7 [ 48.204991][ T1592] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc123ccd10 [ 48.213025][ T1592] RBP: 00007ffc123ccd10 R08: 0000000000000000 R09: 0000000000000000 [ 48.221080][ T1592] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc123cddd0 [ 48.229490][ T1592] R13: 00007f96d84243b9 R14: 000000000000ba7b R15: 0000000000000005 [ 48.237793][ T1592] [ 48.240790][ T1592] [ 48.243085][ T1592] [ 48.245379][ T1592] Memory state around the buggy address: [ 48.251012][ T1592] ffffc90000cfaf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.259162][ T1592] ffffc90000cfaf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.267439][ T1592] >ffffc90000cfb000: 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.275567][ T1592] ^ [ 48.279867][ T1592] ffffc90000cfb080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.288073][ T1592] ffffc90000cfb100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.296191][ T1592] ================================================================== [ 48.304316][ T1592] Disabling lock debugging due to kernel taint [ 48.310786][ T1592] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.318323][ T1592] Kernel Offset: disabled [ 48.322641][ T1592] Rebooting in 86400 seconds..