Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts.
executing program
[   35.577924][ T4292] loop0: detected capacity change from 0 to 32768
[   35.588651][ T4292] ==================================================================
[   35.590684][ T4292] BUG: KASAN: slab-out-of-bounds in diWrite+0xb48/0x15cc
[   35.592406][ T4292] Write of size 32 at addr ffff0000cb90a0c0 by task syz-executor209/4292
[   35.594535][ T4292] 
[   35.595123][ T4292] CPU: 1 PID: 4292 Comm: syz-executor209 Not tainted 6.1.128-syzkaller #0
[   35.597411][ T4292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   35.600071][ T4292] Call trace:
[   35.600905][ T4292]  dump_backtrace+0x1c8/0x1f4
[   35.602088][ T4292]  show_stack+0x2c/0x3c
[   35.603137][ T4292]  dump_stack_lvl+0x108/0x170
[   35.604276][ T4292]  print_report+0x174/0x4c0
[   35.605422][ T4292]  kasan_report+0xd4/0x130
[   35.606558][ T4292]  kasan_check_range+0x264/0x2a4
[   35.607824][ T4292]  memcpy+0x60/0x90
[   35.608719][ T4292]  diWrite+0xb48/0x15cc
[   35.609815][ T4292]  txCommit+0x750/0x5574
[   35.610906][ T4292]  add_missing_indices+0x760/0xa8c
[   35.612190][ T4292]  jfs_readdir+0x18ac/0x3030
[   35.613313][ T4292]  iterate_dir+0x1f4/0x4ec
[   35.614445][ T4292]  __arm64_sys_getdents64+0x1c4/0x4a0
[   35.615805][ T4292]  invoke_syscall+0x98/0x2bc
[   35.617032][ T4292]  el0_svc_common+0x138/0x258
[   35.618206][ T4292]  do_el0_svc+0x58/0x13c
[   35.619303][ T4292]  el0_svc+0x58/0x168
[   35.620274][ T4292]  el0t_64_sync_handler+0x84/0xf0
[   35.621600][ T4292]  el0t_64_sync+0x18c/0x190
[   35.622768][ T4292] 
[   35.623361][ T4292] Allocated by task 4291:
[   35.624469][ T4292]  kasan_set_track+0x4c/0x80
[   35.625654][ T4292]  kasan_save_alloc_info+0x24/0x30
[   35.626989][ T4292]  __kasan_slab_alloc+0x74/0x8c
[   35.628191][ T4292]  slab_post_alloc_hook+0x74/0x458
[   35.629476][ T4292]  kmem_cache_alloc+0x230/0x37c
[   35.630796][ T4292]  vm_area_alloc+0x2c/0xe0
[   35.631895][ T4292]  mmap_region+0x1118/0x2208
[   35.633115][ T4292]  do_mmap+0x9ac/0x110c
[   35.634174][ T4292]  vm_mmap_pgoff+0x1a4/0x2b4
[   35.635276][ T4292]  vm_mmap+0x90/0xbc
[   35.636231][ T4292]  elf_map+0xec/0x220
[   35.637301][ T4292]  load_elf_binary+0xc98/0x1d98
[   35.638495][ T4292]  bprm_execve+0x818/0x162c
[   35.639605][ T4292]  do_execveat_common+0x668/0x814
[   35.641057][ T4292]  __arm64_sys_execve+0x98/0xb0
[   35.642416][ T4292]  invoke_syscall+0x98/0x2bc
[   35.643684][ T4292]  el0_svc_common+0x138/0x258
[   35.644907][ T4292]  do_el0_svc+0x58/0x13c
[   35.645996][ T4292]  el0_svc+0x58/0x168
[   35.647190][ T4292]  el0t_64_sync_handler+0x84/0xf0
[   35.648507][ T4292]  el0t_64_sync+0x18c/0x190
[   35.649654][ T4292] 
[   35.650232][ T4292] Freed by task 4291:
[   35.651247][ T4292]  kasan_set_track+0x4c/0x80
[   35.652397][ T4292]  kasan_save_free_info+0x38/0x5c
[   35.653737][ T4292]  ____kasan_slab_free+0x144/0x1c0
[   35.655029][ T4292]  __kasan_slab_free+0x18/0x28
[   35.656265][ T4292]  kmem_cache_free+0x2f0/0x588
[   35.657543][ T4292]  vm_area_free+0x58/0x12c
[   35.658678][ T4292]  exit_mmap+0x40c/0xa0c
[   35.659802][ T4292]  __mmput+0xec/0x39c
[   35.660806][ T4292]  mmput+0x70/0xac
[   35.661807][ T4292]  exec_mmap+0x404/0x484
[   35.662917][ T4292]  begin_new_exec+0x6c8/0xf04
[   35.664156][ T4292]  load_elf_binary+0x748/0x1d98
[   35.665381][ T4292]  bprm_execve+0x818/0x162c
[   35.666536][ T4292]  do_execveat_common+0x668/0x814
[   35.667815][ T4292]  __arm64_sys_execve+0x98/0xb0
[   35.669049][ T4292]  invoke_syscall+0x98/0x2bc
[   35.670275][ T4292]  el0_svc_common+0x138/0x258
[   35.671467][ T4292]  do_el0_svc+0x58/0x13c
[   35.672522][ T4292]  el0_svc+0x58/0x168
[   35.673538][ T4292]  el0t_64_sync_handler+0x84/0xf0
[   35.674793][ T4292]  el0t_64_sync+0x18c/0x190
[   35.675897][ T4292] 
[   35.676508][ T4292] The buggy address belongs to the object at ffff0000cb90a000
[   35.676508][ T4292]  which belongs to the cache vm_area_struct of size 152
[   35.680162][ T4292] The buggy address is located 40 bytes to the right of
[   35.680162][ T4292]  152-byte region [ffff0000cb90a000, ffff0000cb90a098)
[   35.683638][ T4292] 
[   35.684227][ T4292] The buggy address belongs to the physical page:
[   35.685942][ T4292] page:0000000010b2216d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b90a
[   35.688649][ T4292] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   35.690633][ T4292] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c0851680
[   35.692799][ T4292] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000
[   35.694920][ T4292] page dumped because: kasan: bad access detected
[   35.696544][ T4292] 
[   35.697091][ T4292] Memory state around the buggy address:
[   35.698535][ T4292]  ffff0000cb909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.700541][ T4292]  ffff0000cb90a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.702696][ T4292] >ffff0000cb90a080: fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb
[   35.704757][ T4292]                                            ^
[   35.706250][ T4292]  ffff0000cb90a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   35.708263][ T4292]  ffff0000cb90a180: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[   35.710286][ T4292] ==================================================================
[   35.713005][ T4292] Disabling lock debugging due to kernel taint
[   35.714614][ T4292] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0
[   35.714614][ T4292] 
[   35.717561][ T4292] ERROR: (device loop0): remounting filesystem as read-only
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program