[ 18.115117][ T3638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.122992][ T3638] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.163429][ T153] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.166898][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts. executing program syzkaller login: [ 37.271953][ T3964] loop0: detected capacity change from 0 to 32768 [ 37.338058][ T3964] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 37.340359][ T3964] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 37.355590][ T3964] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 37.359635][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 37.361497][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 37.387423][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms [ 37.389684][ T7] gfs2: fsid=syz:syz.0: jid=0: Done [ 37.391214][ T3964] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 37.474452][ T3964] ================================================================== [ 37.476728][ T3964] BUG: KASAN: stack-out-of-bounds in gfs2_file_buffered_write+0x4c8/0x874 [ 37.478914][ T3964] Read of size 8 at addr ffff80001ca86fb0 by task syz-executor161/3964 [ 37.481094][ T3964] [ 37.481638][ T3964] CPU: 1 PID: 3964 Comm: syz-executor161 Not tainted 5.15.154-syzkaller #0 [ 37.483870][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.486526][ T3964] Call trace: [ 37.487389][ T3964] dump_backtrace+0x0/0x530 [ 37.488673][ T3964] show_stack+0x2c/0x3c [ 37.489755][ T3964] dump_stack_lvl+0x108/0x170 [ 37.490971][ T3964] print_address_description+0x7c/0x3f0 [ 37.492483][ T3964] kasan_report+0x174/0x1e4 [ 37.493704][ T3964] __asan_report_load8_noabort+0x44/0x50 [ 37.495229][ T3964] gfs2_file_buffered_write+0x4c8/0x874 [ 37.496640][ T3964] gfs2_file_write_iter+0x3b8/0xc80 [ 37.498031][ T3964] __kernel_write+0x488/0x8b0 [ 37.499256][ T3964] __dump_emit+0x200/0x338 [ 37.500444][ T3964] dump_emit+0x288/0x36c [ 37.501525][ T3964] elf_core_dump+0x2598/0x3640 [ 37.502792][ T3964] do_coredump+0x12c8/0x2890 [ 37.504011][ T3964] get_signal+0x3dc/0x1550 [ 37.505172][ T3964] do_notify_resume+0x320/0x32b8 [ 37.506495][ T3964] el0_da+0x118/0x20c [ 37.507524][ T3964] el0t_64_sync_handler+0xc0/0xe4 [ 37.508905][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 37.510154][ T3964] [ 37.510748][ T3964] [ 37.511341][ T3964] addr ffff80001ca86fb0 is located in stack of task syz-executor161/3964 at offset 48 in frame: [ 37.513937][ T3964] __kernel_write+0x0/0x8b0 [ 37.515081][ T3964] [ 37.515753][ T3964] this frame has 3 objects: [ 37.516883][ T3964] [32, 48) 'iov' [ 37.516893][ T3964] [64, 112) 'kiocb' [ 37.517794][ T3964] [144, 184) 'iter' [ 37.518822][ T3964] [ 37.520463][ T3964] Memory state around the buggy address: [ 37.521968][ T3964] ffff80001ca86e80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.524062][ T3964] ffff80001ca86f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.526153][ T3964] >ffff80001ca86f80: f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 00 00 f2 f2 [ 37.528278][ T3964] ^ [ 37.529785][ T3964] ffff80001ca87000: f2 f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 37.531896][ T3964] ffff80001ca87080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.534042][ T3964] ================================================================== [ 37.536204][ T3964] Disabling lock debugging due to kernel taint