Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program [ 40.596647][ T4030] loop4: detected capacity change from 0 to 32768 [ 40.675351][ T4030] [ 40.675351][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.675351][ T4030] [ 40.700721][ T4030] [ 40.700721][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.700721][ T4030] [ 40.703542][ T4030] [ 40.703542][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.703542][ T4030] [ 40.706251][ T4030] [ 40.706251][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.706251][ T4030] [ 40.708943][ T4030] [ 40.708943][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.708943][ T4030] [ 40.728669][ T4027] loop2: detected capacity change from 0 to 32768 [ 40.732410][ T241] [ 40.732410][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.732410][ T241] [ 40.740629][ T4030] ================================================================== [ 40.742793][ T4030] BUG: KASAN: slab-out-of-bounds in diWrite+0x91c/0x1218 [ 40.744625][ T4030] Read of size 32 at addr ffff0000de30c130 by task syz-executor164/4030 [ 40.746744][ T4030] [ 40.747313][ T4030] CPU: 0 PID: 4030 Comm: syz-executor164 Not tainted 5.15.181-syzkaller #0 [ 40.749501][ T4030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 40.752138][ T4030] Call trace: [ 40.752989][ T4030] dump_backtrace+0x0/0x43c [ 40.754173][ T4030] show_stack+0x2c/0x3c [ 40.755261][ T4030] __dump_stack+0x30/0x40 [ 40.756418][ T4030] dump_stack_lvl+0xf8/0x160 [ 40.757627][ T4030] print_address_description+0x78/0x30c [ 40.759085][ T4030] kasan_report+0xec/0x15c [ 40.760233][ T4030] kasan_check_range+0x270/0x2b0 [ 40.761530][ T4030] memcpy+0x90/0xe8 [ 40.762523][ T4030] diWrite+0x91c/0x1218 [ 40.763619][ T4030] txCommit+0x5d4/0x3c1c [ 40.764728][ T4030] add_missing_indices+0x6e4/0xa0c [ 40.766071][ T4030] jfs_readdir+0x1880/0x3024 [ 40.767256][ T4030] iterate_dir+0x1f0/0x4cc [ 40.768408][ T4030] __arm64_sys_getdents64+0x11c/0x340 [ 40.769826][ T4030] invoke_syscall+0x98/0x2b8 [ 40.771025][ T4030] el0_svc_common+0x138/0x258 [ 40.772288][ T4030] do_el0_svc+0x58/0x14c [ 40.773425][ T4030] el0_svc+0x78/0x1e0 [ 40.774482][ T4030] el0t_64_sync_handler+0xcc/0xe4 [ 40.775814][ T4030] el0t_64_sync+0x1a0/0x1a4 [ 40.776992][ T4030] [ 40.777591][ T4030] Allocated by task 0: [ 40.778645][ T4030] (stack is not available) [ 40.779794][ T4030] [ 40.780380][ T4030] The buggy address belongs to the object at ffff0000de30c0c0 [ 40.780380][ T4030] which belongs to the cache jfs_ip of size 2240 [ 40.783973][ T4030] The buggy address is located 112 bytes inside of [ 40.783973][ T4030] 2240-byte region [ffff0000de30c0c0, ffff0000de30c980) [ 40.787472][ T4030] The buggy address belongs to the page: [ 40.788952][ T4030] page:0000000071ee0ac3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e308 [ 40.791624][ T4030] head:0000000071ee0ac3 order:3 compound_mapcount:0 compound_pincount:0 [ 40.793796][ T4030] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 40.795948][ T4030] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c697c000 [ 40.798235][ T4030] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 40.800495][ T4030] page dumped because: kasan: bad access detected [ 40.802206][ T4030] [ 40.802858][ T4030] Memory state around the buggy address: [ 40.804369][ T4030] ffff0000de30c000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 40.806539][ T4030] ffff0000de30c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.808719][ T4030] >ffff0000de30c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.810872][ T4030] ^ [ 40.812356][ T4030] ffff0000de30c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.814528][ T4030] ffff0000de30c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.816669][ T4030] ================================================================== [ 40.818808][ T4030] Disabling lock debugging due to kernel taint [ 40.823936][ T4027] [ 40.823936][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.823936][ T4027] [ 40.829311][ T4030] [ 40.829311][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.829311][ T4030] [ 40.832447][ T4030] [ 40.832447][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.832447][ T4030] [ 40.835356][ T4030] [ 40.835356][ T4030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.835356][ T4030] [ 40.838188][ T4030] ERROR: (device loop4): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 40.838188][ T4030] [ 40.838308][ T241] [ 40.838308][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.838308][ T241] [ 40.841378][ T4030] ERROR: (device loop4): remounting filesystem as read-only [ 40.846271][ T4030] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 40.869517][ T4027] [ 40.869517][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.869517][ T4027] [ 40.872832][ T4027] [ 40.872832][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.872832][ T4027] [ 40.875682][ T4027] [ 40.875682][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.875682][ T4027] executing program [ 40.900075][ T4027] [ 40.900075][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.900075][ T4027] [ 40.903572][ T241] [ 40.903572][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.903572][ T241] [ 40.905704][ T4026] loop0: detected capacity change from 0 to 32768 [ 40.908740][ T4027] [ 40.908740][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.908740][ T4027] [ 40.912044][ T4028] loop3: detected capacity change from 0 to 32768 [ 40.915453][ T4027] [ 40.915453][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.915453][ T4027] [ 40.924140][ T4032] loop1: detected capacity change from 0 to 32768 [ 40.934279][ T4026] [ 40.934279][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.934279][ T4026] [ 40.937312][ T4027] [ 40.937312][ T4027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.937312][ T4027] [ 40.940836][ T4027] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 40.940836][ T4027] [ 40.940968][ T241] [ 40.940968][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.940968][ T241] [ 40.944275][ T4027] ERROR: (device loop2): remounting filesystem as read-only [ 40.948729][ T4027] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 40.957216][ T4028] [ 40.957216][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.957216][ T4028] [ 40.960129][ T4026] [ 40.960129][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.960129][ T4026] [ 40.963693][ T4026] [ 40.963693][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.963693][ T4026] [ 40.967080][ T4032] [ 40.967080][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.967080][ T4032] [ 40.970497][ T4026] [ 40.970497][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.970497][ T4026] [ 40.973512][ T4026] [ 40.973512][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.973512][ T4026] [ 40.983062][ T241] [ 40.983062][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.983062][ T241] [ 40.989173][ T4026] [ 40.989173][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 40.989173][ T4026] [ 41.000597][ T4026] [ 41.000597][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.000597][ T4026] [ 41.008863][ T4026] executing program [ 41.008863][ T4026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.008863][ T4026] [ 41.020264][ T4026] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 41.020264][ T4026] [ 41.020379][ T241] [ 41.020379][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.020379][ T241] [ 41.023647][ T4026] ERROR: (device loop0): remounting filesystem as read-only [ 41.027981][ T4026] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 41.030902][ T4032] [ 41.030902][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.030902][ T4032] [ 41.033823][ T4032] [ 41.033823][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.033823][ T4032] [ 41.036971][ T4028] [ 41.036971][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.036971][ T4028] [ 41.039632][ T4028] [ 41.039632][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.039632][ T4028] [ 41.046815][ T4032] [ 41.046815][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.046815][ T4032] [ 41.050193][ T4028] [ 41.050193][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.050193][ T4028] [ 41.052975][ T4028] [ 41.052975][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.052975][ T4028] [ 41.056328][ T241] [ 41.056328][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.056328][ T241] [ 41.067861][ T4032] [ 41.067861][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.067861][ T4032] executing program [ 41.077755][ T241] [ 41.077755][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.077755][ T241] [ 41.080923][ T4032] [ 41.080923][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.080923][ T4032] [ 41.083785][ T4032] [ 41.083785][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.083785][ T4032] [ 41.086610][ T4032] [ 41.086610][ T4032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.086610][ T4032] [ 41.099904][ T4028] [ 41.099904][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.099904][ T4028] [ 41.104596][ T4034] BUG: Bad page map in process syz-executor164 pte:dae14ead000000c1 pmd:8000001091b9003 [ 41.107180][ T4034] addr:0000ffff8ee9d000 vm_flags:00100073 anon_vma:ffff0000c9a06cc0 mapping:0000000000000000 index:ffff8ee9d [ 41.109870][ T4028] [ 41.109870][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.109870][ T4028] [ 41.110461][ T4034] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 41.113726][ T4032] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 41.113726][ T4032] [ 41.114874][ T4034] CPU: 0 PID: 4034 Comm: syz-executor164 Tainted: G B 5.15.181-syzkaller #0 [ 41.117967][ T4028] [ 41.117967][ T4028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.117967][ T4028] [ 41.120495][ T4034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 41.120505][ T4034] Call trace: [ 41.120508][ T4034] dump_backtrace+0x0/0x43c [ 41.120524][ T4034] show_stack+0x2c/0x3c [ 41.120533][ T4034] __dump_stack+0x30/0x40 [ 41.130019][ T4034] dump_stack_lvl+0xf8/0x160 [ 41.130092][ T4028] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 41.130092][ T4028] [ 41.131272][ T4034] dump_stack+0x1c/0x5c [ 41.135363][ T4034] print_bad_pte+0x4d0/0x504 [ 41.136691][ T4034] handle_mm_fault+0x2594/0x2950 [ 41.138059][ T4034] do_page_fault+0x694/0xad4 [ 41.139282][ T4034] do_translation_fault+0xe0/0x130 [ 41.140633][ T4034] do_mem_abort+0x6c/0x1ac [ 41.141849][ T4034] el1_abort+0x3c/0x5c [ 41.142947][ T4034] el1h_64_sync_handler+0x80/0xcc [ 41.144318][ T4034] el1h_64_sync+0x78/0x7c [ 41.145540][ T4034] fault_in_readable+0x268/0x354 [ 41.146877][ T4034] fault_in_iov_iter_readable+0x120/0x248 [ 41.148410][ T4034] generic_perform_write+0x14c/0x480 [ 41.149880][ T4034] __generic_file_write_iter+0x23c/0x454 [ 41.151425][ T4034] generic_file_write_iter+0xb0/0x1b4 [ 41.152864][ T4034] vfs_write+0x7c8/0xa2c [ 41.153998][ T4034] ksys_write+0x120/0x210 [ 41.155134][ T4034] __arm64_sys_write+0x7c/0x90 [ 41.156420][ T4034] invoke_syscall+0x98/0x2b8 [ 41.157691][ T4034] el0_svc_common+0x138/0x258 [ 41.158890][ T4034] do_el0_svc+0x58/0x14c [ 41.160004][ T4034] el0_svc+0x78/0x1e0 [ 41.161050][ T4034] el0t_64_sync_handler+0xcc/0xe4 [ 41.162431][ T4034] el0t_64_sync+0x1a0/0x1a4 [ 41.165538][ T241] [ 41.165538][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.165538][ T241] [ 41.165582][ T240] [ 41.165582][ T240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 41.165582][ T240] [ 41.168461][ T4032] ERROR: (device loop1): remounting filesystem as read-only [ 41.173869][ T4028] ERROR: (device loop3): remounting filesystem as read-only [ 41.176051][ T4028] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 41.178717][ T4032] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program