loop2: detected capacity change from 0 to 32768
==================================================================
BUG: KASAN: slab-out-of-bounds in diWrite+0xd98/0x18d4 fs/jfs/jfs_imap.c:753
Write of size 32 at addr ffff0000ef8ce200 by task syz.2.44/6882

CPU: 0 UID: 0 PID: 6882 Comm: syz.2.44 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x238 mm/kasan/report.c:378
 print_report+0x68/0x84 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189
 __asan_memcpy+0x54/0x84 mm/kasan/shadow.c:106
 diWrite+0xd98/0x18d4 fs/jfs/jfs_imap.c:753
 txCommit+0x5d0/0x3e00 fs/jfs/jfs_txnmgr.c:1255
 add_missing_indices+0x710/0xadc fs/jfs/jfs_dtree.c:2674
 jfs_readdir+0x1758/0x3018 fs/jfs/jfs_dtree.c:3031
 wrap_directory_iterator+0x90/0xf0 fs/readdir.c:65
 shared_jfs_readdir+0x30/0x40 fs/jfs/namei.c:1540
 iterate_dir+0x2dc/0x478 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:410 [inline]
 __se_sys_getdents64 fs/readdir.c:396 [inline]
 __arm64_sys_getdents64+0x110/0x2fc fs/readdir.c:396
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Allocated by task 6563:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562
 unpoison_slab_object mm/kasan/common.c:330 [inline]
 __kasan_slab_alloc+0x70/0x88 mm/kasan/common.c:356
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4191 [inline]
 slab_alloc_node mm/slub.c:4240 [inline]
 kmem_cache_alloc_noprof+0x238/0x3e8 mm/slub.c:4247
 mempool_alloc_slab+0x58/0x74 mm/mempool.c:587
 mempool_alloc_noprof+0x150/0x3f4 mm/mempool.c:406
 bio_alloc_bioset+0x208/0xf9c block/bio.c:555
 bio_alloc include/linux/bio.h:372 [inline]
 do_mpage_readpage+0x13ac/0x16f8 fs/mpage.c:287
 mpage_readahead+0x2c8/0x530 fs/mpage.c:371
 blkdev_readahead+0x28/0x38 block/fops.c:497
 read_pages+0x13c/0x4c4 mm/readahead.c:160
 page_cache_ra_unbounded+0x628/0x71c mm/readahead.c:297
 do_page_cache_ra mm/readahead.c:327 [inline]
 force_page_cache_ra+0x228/0x28c mm/readahead.c:356
 page_cache_sync_ra+0x140/0x73c mm/readahead.c:572
 filemap_get_pages+0x2f4/0x19c8 mm/filemap.c:2603
 filemap_read+0x338/0xea8 mm/filemap.c:2712
 blkdev_read_iter+0x2b0/0x3dc block/fops.c:852
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x670/0x93c fs/read_write.c:572
 ksys_read+0x120/0x210 fs/read_write.c:715
 __do_sys_read fs/read_write.c:724 [inline]
 __se_sys_read fs/read_write.c:722 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:722
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Last potentially related work creation:
 kasan_save_stack+0x40/0x6c mm/kasan/common.c:47
 kasan_record_aux_stack+0xb0/0xc8 mm/kasan/generic.c:548
 slab_free_hook mm/slub.c:2383 [inline]
 slab_free mm/slub.c:4695 [inline]
 kmem_cache_free+0x354/0x550 mm/slub.c:4797
 mempool_free_slab+0x28/0x38 mm/mempool.c:594
 mempool_free+0xf8/0x5a0 mm/mempool.c:576
 bio_free+0x1fc/0x278 block/bio.c:237
 bio_put+0x1b8/0x934 block/bio.c:-1
 mpage_read_end_io+0xc8/0x10c fs/mpage.c:54
 bio_endio+0x858/0x894 block/bio.c:1651
 blk_update_request+0x474/0xba8 block/blk-mq.c:989
 blk_mq_end_request+0x54/0x88 block/blk-mq.c:1151
 lo_complete_rq+0x124/0x274 drivers/block/loop.c:314
 blk_complete_reqs block/blk-mq.c:1226 [inline]
 blk_done_softirq+0x11c/0x168 block/blk-mq.c:1231
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 run_ksoftirqd+0x70/0xc0 kernel/softirq.c:968
 smpboot_thread_fn+0x4d8/0x9cc kernel/smpboot.c:160
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

The buggy address belongs to the object at ffff0000ef8ce140
 which belongs to the cache bio-200 of size 200
The buggy address is located 192 bytes inside of
 allocated 200-byte region [ffff0000ef8ce140, ffff0000ef8ce208)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f8ce
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 05ffc00000000000 ffff0000c227a280 dead000000000122 0000000000000000
raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000ef8ce100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
 ffff0000ef8ce180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000ef8ce200: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff0000ef8ce280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000ef8ce300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
non-latin1 character 0xffff found in JFS file name
mount with iocharset=utf8 to access
non-latin1 character 0x163 found in JFS file name
mount with iocharset=utf8 to access