syzkaller login: [ 12.457327][ T1043] udevd (1043) used greatest stack depth: 25344 bytes left [ 21.422210][ T1166] sftp-server (1166) used greatest stack depth: 25224 bytes left [ 28.979860][ T1183] cgroup: Unknown subsys name 'net' [ 28.985296][ T1183] cgroup: Unknown subsys name 'net_prio' [ 28.991107][ T1183] cgroup: Unknown subsys name 'devices' [ 28.997271][ T1183] cgroup: Unknown subsys name 'blkio' [ 29.089904][ T1183] cgroup: Unknown subsys name 'hugetlb' [ 29.095727][ T1183] cgroup: Unknown subsys name 'rlimit' [ 29.276338][ T1183] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 32.712747][ T1226] syz-executor (1226) used greatest stack depth: 23552 bytes left Warning: Permanently added '10.128.10.26' (ED25519) to the list of known hosts. 2025/03/22 18:51:19 ignoring optional flag "sandboxArg"="0" 2025/03/22 18:51:19 parsed 1 programs [ 55.007924][ T2130] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/03/22 18:51:23 executed programs: 0 [ 61.585774][ T3050] loop3: detected capacity change from 0 to 8192 [ 61.678137][ T3050] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 61.687808][ T3050] REISERFS (device loop3): using ordered data mode [ 61.694396][ T3050] reiserfs: using flush barriers [ 61.700033][ T3050] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 61.716628][ T3050] REISERFS (device loop3): checking transaction log (loop3) [ 61.740706][ T3050] REISERFS (device loop3): Using tea hash to sort names [ 61.748165][ T3050] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 61.774640][ T2631] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [1 2 0x0 SD] stat data [ 61.787883][ T2631] REISERFS (device loop3): Remounting filesystem read-only [ 61.798105][ T2631] ================================================================== [ 61.806265][ T2631] BUG: KASAN: vmalloc-out-of-bounds in cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 61.815104][ T2631] Read of size 8 at addr ffffc900010a5008 by task syz-executor/2631 [ 61.823085][ T2631] [ 61.825476][ T2631] CPU: 1 PID: 2631 Comm: syz-executor Not tainted 5.15.179-syzkaller #0 [ 61.833939][ T2631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.845214][ T2631] Call Trace: [ 61.848530][ T2631] [ 61.851528][ T2631] dump_stack_lvl+0x41/0x5e [ 61.856065][ T2631] print_address_description.constprop.0.cold+0xf/0x309 [ 61.863230][ T2631] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 61.869316][ T2631] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 61.875424][ T2631] kasan_report.cold+0x83/0xdf [ 61.880211][ T2631] ? cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 61.886088][ T2631] cleanup_bitmap_list.part.0+0x4d1/0x7a0 [ 61.891785][ T2631] ? __find_get_block+0x611/0x7d0 [ 61.896877][ T2631] flush_commit_list.isra.0+0x1086/0x1b50 [ 61.902606][ T2631] ? write_ordered_buffers.constprop.0+0xa10/0xa10 [ 61.909093][ T2631] ? __raw_spin_lock_init+0x36/0x110 [ 61.914449][ T2631] ? debug_mutex_init+0x33/0x60 [ 61.919300][ T2631] do_journal_end+0x315e/0x46f0 [ 61.924197][ T2631] journal_release+0x432/0x590 [ 61.928964][ T2631] ? reiserfs_end_persistent_transaction+0x190/0x190 [ 61.935708][ T2631] reiserfs_put_super+0xc4/0x560 [ 61.940625][ T2631] ? reiserfs_quota_read+0x440/0x440 [ 61.945886][ T2631] ? dispose_list+0x190/0x190 [ 61.950579][ T2631] generic_shutdown_super+0x129/0x3a0 [ 61.955934][ T2631] kill_block_super+0x93/0xd0 [ 61.960792][ T2631] deactivate_locked_super+0x7b/0x130 [ 61.966245][ T2631] cleanup_mnt+0x2b8/0x3e0 [ 61.970731][ T2631] task_work_run+0xb8/0x140 [ 61.975392][ T2631] do_exit+0x904/0x2200 [ 61.979550][ T2631] ? lock_downgrade+0x4f0/0x4f0 [ 61.984385][ T2631] ? mm_update_next_owner+0x6f0/0x6f0 [ 61.989730][ T2631] do_group_exit+0xe7/0x290 [ 61.994209][ T2631] __x64_sys_exit_group+0x35/0x40 [ 61.999212][ T2631] do_syscall_64+0x33/0x80 [ 62.003702][ T2631] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.009678][ T2631] RIP: 0033:0x7fc7a797dd29 [ 62.014084][ T2631] Code: Unable to access opcode bytes at RIP 0x7fc7a797dcff. [ 62.021585][ T2631] RSP: 002b:00007ffd8d29c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 62.030063][ T2631] RAX: ffffffffffffffda RBX: 00007fc7a79f9966 RCX: 00007fc7a797dd29 [ 62.038109][ T2631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 62.046068][ T2631] RBP: 0000000000000010 R08: 00007ffd8d299e86 R09: 00007ffd8d29d3a0 [ 62.054286][ T2631] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd8d29d3a0 [ 62.062326][ T2631] R13: 00007fc7a79f98f4 R14: 00005555773084a8 R15: 0000000000000001 [ 62.070570][ T2631] [ 62.073671][ T2631] [ 62.076044][ T2631] [ 62.078461][ T2631] Memory state around the buggy address: [ 62.084420][ T2631] ffffc900010a4f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 62.092467][ T2631] ffffc900010a4f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 62.100526][ T2631] >ffffc900010a5000: 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 62.108565][ T2631] ^ [ 62.112966][ T2631] ffffc900010a5080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 62.121002][ T2631] ffffc900010a5100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 62.129045][ T2631] ================================================================== [ 62.137430][ T2631] Disabling lock debugging due to kernel taint [ 62.145285][ T2631] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.152902][ T2631] Kernel Offset: disabled [ 62.157627][ T2631] Rebooting in 86400 seconds..