Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts. executing program [ 34.373306][ T4220] loop0: detected capacity change from 0 to 32768 [ 34.383248][ T4220] ================================================================================ [ 34.385812][ T4220] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:2892:30 [ 34.387808][ T4220] index -1 is out of range for type 'struct dtslot[128]' [ 34.390289][ T4220] CPU: 0 PID: 4220 Comm: syz-executor108 Not tainted 6.1.83-syzkaller #0 [ 34.392540][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.395130][ T4220] Call trace: [ 34.395956][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.397190][ T4220] show_stack+0x2c/0x3c [ 34.398285][ T4220] dump_stack_lvl+0x108/0x170 [ 34.399534][ T4220] dump_stack+0x1c/0x5c [ 34.400654][ T4220] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 34.402288][ T4220] jfs_readdir+0x1580/0x37bc [ 34.403522][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.404726][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.406173][ T4220] invoke_syscall+0x98/0x2c0 [ 34.407454][ T4220] el0_svc_common+0x138/0x258 [ 34.408739][ T4220] do_el0_svc+0x64/0x218 [ 34.409902][ T4220] el0_svc+0x58/0x168 [ 34.410950][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.412283][ T4220] el0t_64_sync+0x18c/0x190 [ 34.415031][ T4220] ================================================================================ [ 34.417515][ T4220] ================================================================================ [ 34.420346][ T4220] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:2647:28 [ 34.422403][ T4220] index -1 is out of range for type 'struct dtslot[128]' [ 34.424202][ T4220] CPU: 0 PID: 4220 Comm: syz-executor108 Not tainted 6.1.83-syzkaller #0 [ 34.426181][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.428724][ T4220] Call trace: [ 34.429625][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.430879][ T4220] show_stack+0x2c/0x3c [ 34.431983][ T4220] dump_stack_lvl+0x108/0x170 [ 34.433213][ T4220] dump_stack+0x1c/0x5c [ 34.434327][ T4220] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 34.435841][ T4220] jfs_readdir+0x1dfc/0x37bc [ 34.437122][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.438281][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.439695][ T4220] invoke_syscall+0x98/0x2c0 [ 34.440938][ T4220] el0_svc_common+0x138/0x258 [ 34.442194][ T4220] do_el0_svc+0x64/0x218 [ 34.443353][ T4220] el0_svc+0x58/0x168 [ 34.444396][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.445753][ T4220] el0t_64_sync+0x18c/0x190 [ 34.448584][ T4220] ================================================================================ [ 34.451174][ T4220] ================================================================================ [ 34.453546][ T4220] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:750:12 [ 34.455564][ T4220] index 255 is out of range for type 'struct dtslot[128]' [ 34.457365][ T4220] CPU: 0 PID: 4220 Comm: syz-executor108 Not tainted 6.1.83-syzkaller #0 [ 34.459536][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.462189][ T4220] Call trace: [ 34.463083][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.464341][ T4220] show_stack+0x2c/0x3c [ 34.465424][ T4220] dump_stack_lvl+0x108/0x170 [ 34.466682][ T4220] dump_stack+0x1c/0x5c [ 34.467780][ T4220] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 34.469347][ T4220] diWrite+0xbcc/0x15cc [ 34.470494][ T4220] txCommit+0x750/0x5574 [ 34.471654][ T4220] jfs_readdir+0x1e80/0x37bc [ 34.472912][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.474091][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.475513][ T4220] invoke_syscall+0x98/0x2c0 [ 34.476725][ T4220] el0_svc_common+0x138/0x258 [ 34.477982][ T4220] do_el0_svc+0x64/0x218 [ 34.479181][ T4220] el0_svc+0x58/0x168 [ 34.480276][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.481594][ T4220] el0t_64_sync+0x18c/0x190 [ 34.484672][ T4220] ================================================================================ [ 34.487074][ T4220] ================================================================================ [ 34.489617][ T4220] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:750:35 [ 34.491609][ T4220] index 255 is out of range for type 'struct dtslot[128]' [ 34.493430][ T4220] CPU: 0 PID: 4220 Comm: syz-executor108 Not tainted 6.1.83-syzkaller #0 [ 34.495568][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.498182][ T4220] Call trace: [ 34.499091][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.500316][ T4220] show_stack+0x2c/0x3c [ 34.501458][ T4220] dump_stack_lvl+0x108/0x170 [ 34.502683][ T4220] dump_stack+0x1c/0x5c [ 34.503826][ T4220] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 34.505339][ T4220] diWrite+0xc24/0x15cc [ 34.506458][ T4220] txCommit+0x750/0x5574 [ 34.507640][ T4220] jfs_readdir+0x1e80/0x37bc [ 34.508944][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.510170][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.511640][ T4220] invoke_syscall+0x98/0x2c0 [ 34.512853][ T4220] el0_svc_common+0x138/0x258 [ 34.514109][ T4220] do_el0_svc+0x64/0x218 [ 34.515230][ T4220] el0_svc+0x58/0x168 [ 34.516309][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.517645][ T4220] el0t_64_sync+0x18c/0x190 [ 34.518874][ T4220] ================================================================================ [ 34.521277][ T4220] ================================================================== [ 34.523344][ T4220] BUG: KASAN: slab-out-of-bounds in diWrite+0xb48/0x15cc [ 34.525095][ T4220] Read of size 32 at addr ffff0000e2d15110 by task syz-executor108/4220 [ 34.527192][ T4220] [ 34.527783][ T4220] CPU: 0 PID: 4220 Comm: syz-executor108 Not tainted 6.1.83-syzkaller #0 [ 34.529971][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.532672][ T4220] Call trace: [ 34.533528][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.534742][ T4220] show_stack+0x2c/0x3c [ 34.535845][ T4220] dump_stack_lvl+0x108/0x170 [ 34.537088][ T4220] print_report+0x174/0x4c0 [ 34.538242][ T4220] kasan_report+0xd4/0x130 [ 34.539424][ T4220] kasan_check_range+0x264/0x2a4 [ 34.540678][ T4220] memcpy+0x48/0x90 [ 34.541693][ T4220] diWrite+0xb48/0x15cc [ 34.542852][ T4220] txCommit+0x750/0x5574 [ 34.543984][ T4220] jfs_readdir+0x1e80/0x37bc [ 34.545162][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.546325][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.547692][ T4220] invoke_syscall+0x98/0x2c0 [ 34.548874][ T4220] el0_svc_common+0x138/0x258 [ 34.550076][ T4220] do_el0_svc+0x64/0x218 [ 34.551259][ T4220] el0_svc+0x58/0x168 [ 34.552314][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.553676][ T4220] el0t_64_sync+0x18c/0x190 [ 34.554909][ T4220] [ 34.555528][ T4220] The buggy address belongs to the object at ffff0000e2d14a00 [ 34.555528][ T4220] which belongs to the cache jfs_ip of size 2240 [ 34.559187][ T4220] The buggy address is located 1808 bytes inside of [ 34.559187][ T4220] 2240-byte region [ffff0000e2d14a00, ffff0000e2d152c0) [ 34.562827][ T4220] [ 34.563446][ T4220] The buggy address belongs to the physical page: [ 34.565132][ T4220] page:000000005f409038 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122d10 [ 34.567803][ T4220] head:000000005f409038 order:3 compound_mapcount:0 compound_pincount:0 [ 34.569939][ T4220] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 34.572027][ T4220] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c7412f00 [ 34.574318][ T4220] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 34.576568][ T4220] page dumped because: kasan: bad access detected [ 34.578326][ T4220] [ 34.578921][ T4220] Memory state around the buggy address: [ 34.580410][ T4220] ffff0000e2d15000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.582578][ T4220] ffff0000e2d15080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.584747][ T4220] >ffff0000e2d15100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.586839][ T4220] ^ [ 34.588032][ T4220] ffff0000e2d15180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.590213][ T4220] ffff0000e2d15200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.592396][ T4220] ================================================================== [ 34.594651][ T4220] Disabling lock debugging due to kernel taint [ 34.596218][ T4220] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 34.596218][ T4220] [ 34.599294][ T4220] ERROR: (device loop0): remounting filesystem as read-only [ 34.601138][ T4220] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 34.601138][ T4220] [ 34.603997][ T4220] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 2 [ 34.603997][ T4220] [ 34.606878][ T4220] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3 [ 34.606878][ T4220] [ 34.609788][ T4220] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4 [ 34.609788][ T4220]