Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts. executing program [ 38.627894][ T3960] loop0: detected capacity change from 0 to 32768 [ 38.738351][ T3960] ================================================================== [ 38.740568][ T3960] BUG: KASAN: slab-out-of-bounds in dtSearch+0x131c/0x1f34 [ 38.742462][ T3960] Read of size 1 at addr ffff0000de8b4058 by task syz-executor784/3960 [ 38.744635][ T3960] [ 38.745230][ T3960] CPU: 1 PID: 3960 Comm: syz-executor784 Not tainted 5.15.157-syzkaller #0 [ 38.747465][ T3960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 38.750056][ T3960] Call trace: [ 38.750921][ T3960] dump_backtrace+0x0/0x530 [ 38.752097][ T3960] show_stack+0x2c/0x3c [ 38.753181][ T3960] dump_stack_lvl+0x108/0x170 [ 38.754411][ T3960] print_address_description+0x7c/0x3f0 [ 38.755861][ T3960] kasan_report+0x174/0x1e4 [ 38.757005][ T3960] __asan_report_load1_noabort+0x44/0x50 [ 38.758557][ T3960] dtSearch+0x131c/0x1f34 [ 38.759770][ T3960] jfs_lookup+0x164/0x39c [ 38.760887][ T3960] __lookup_slow+0x250/0x388 [ 38.762013][ T3960] lookup_slow+0x60/0x84 [ 38.763045][ T3960] walk_component+0x394/0x4cc [ 38.764188][ T3960] link_path_walk+0x5a0/0xc38 [ 38.765339][ T3960] path_lookupat+0x90/0x3d0 [ 38.766538][ T3960] do_o_path+0xa8/0x214 [ 38.767583][ T3960] path_openat+0x216c/0x26cc [ 38.768724][ T3960] do_filp_open+0x1a8/0x3b4 [ 38.769832][ T3960] do_sys_openat2+0x128/0x3d8 [ 38.770942][ T3960] __arm64_sys_openat+0x1f0/0x240 [ 38.772248][ T3960] invoke_syscall+0x98/0x2b8 [ 38.773412][ T3960] el0_svc_common+0x138/0x258 [ 38.774654][ T3960] do_el0_svc+0x58/0x14c [ 38.775771][ T3960] el0_svc+0x7c/0x1f0 [ 38.776738][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 38.777886][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 38.779008][ T3960] [ 38.779575][ T3960] Allocated by task 3960: [ 38.780649][ T3960] __kasan_slab_alloc+0x8c/0xcc [ 38.781836][ T3960] slab_post_alloc_hook+0x74/0x3f4 [ 38.783133][ T3960] kmem_cache_alloc+0x1dc/0x45c [ 38.784340][ T3960] jfs_alloc_inode+0x24/0x60 [ 38.785517][ T3960] new_inode_pseudo+0x68/0x200 [ 38.786695][ T3960] new_inode+0x38/0x174 [ 38.787718][ T3960] ialloc+0x58/0x7c0 [ 38.788703][ T3960] jfs_create+0x190/0xa1c [ 38.789779][ T3960] path_openat+0xf18/0x26cc [ 38.790881][ T3960] do_filp_open+0x1a8/0x3b4 [ 38.792025][ T3960] do_sys_openat2+0x128/0x3d8 [ 38.793187][ T3960] __arm64_sys_openat+0x1f0/0x240 [ 38.794557][ T3960] invoke_syscall+0x98/0x2b8 [ 38.795797][ T3960] el0_svc_common+0x138/0x258 [ 38.797033][ T3960] do_el0_svc+0x58/0x14c [ 38.798132][ T3960] el0_svc+0x7c/0x1f0 [ 38.799159][ T3960] el0t_64_sync_handler+0x84/0xe4 [ 38.800444][ T3960] el0t_64_sync+0x1a0/0x1a4 [ 38.801528][ T3960] [ 38.802132][ T3960] The buggy address belongs to the object at ffff0000de8b3780 [ 38.802132][ T3960] which belongs to the cache jfs_ip of size 2240 [ 38.805503][ T3960] The buggy address is located 24 bytes to the right of [ 38.805503][ T3960] 2240-byte region [ffff0000de8b3780, ffff0000de8b4040) [ 38.808840][ T3960] The buggy address belongs to the page: [ 38.810197][ T3960] page:000000005a924bd1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e8b0 [ 38.812775][ T3960] head:000000005a924bd1 order:3 compound_mapcount:0 compound_pincount:0 [ 38.814827][ T3960] flags: 0x5ffe00000010200(slab|head|node=0|zone=2|lastcpupid=0xfff) [ 38.816805][ T3960] raw: 05ffe00000010200 0000000000000000 dead000000000122 ffff0000c61e5380 [ 38.818967][ T3960] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 38.821045][ T3960] page dumped because: kasan: bad access detected [ 38.822653][ T3960] [ 38.823221][ T3960] Memory state around the buggy address: [ 38.824746][ T3960] ffff0000de8b3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.826806][ T3960] ffff0000de8b3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.828919][ T3960] >ffff0000de8b4000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 38.831029][ T3960] ^ [ 38.832921][ T3960] ffff0000de8b4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.835030][ T3960] ffff0000de8b4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.837348][ T3960] ================================================================== [ 38.839437][ T3960] Disabling lock debugging due to kernel taint [ 38.841158][ T3960] ERROR: (device loop0): dtSearch: stack overrun! [ 38.841158][ T3960] [ 38.843604][ T3960] ERROR: (device loop0): remounting filesystem as read-only [ 38.845553][ T3960] btstack dump: [ 38.846443][ T3960] bn = 0, index = 0 [ 38.847380][ T3960] bn = 0, index = 0 [ 38.848344][ T3960] bn = 0, index = 0 [ 38.849393][ T3960] bn = 0, index = 0 [ 38.850353][ T3960] bn = 0, index = 0 [ 38.851317][ T3960] bn = 0, index = 0 [ 38.852292][ T3960] bn = 0, index = 0 [ 38.853263][ T3960] bn = 0, index = 0 [ 38.854145][ T3960] jfs_lookup: dtSearch returned -5