Warning: Permanently added '10.128.0.193' (ED25519) to the list of known hosts.
executing program
[   35.916945][ T3958] loop0: detected capacity change from 0 to 32768
[   36.017693][ T3958] ================================================================================
[   36.019865][ T3958] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3190:30
[   36.022082][ T3958] index -1 is out of range for type 'struct dtslot[128]'
[   36.023535][ T3958] CPU: 1 PID: 3958 Comm: syz-executor101 Not tainted 5.15.153-syzkaller #0
[   36.025414][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.027498][ T3958] Call trace:
[   36.028226][ T3958]  dump_backtrace+0x0/0x530
[   36.029217][ T3958]  show_stack+0x2c/0x3c
[   36.030085][ T3958]  dump_stack_lvl+0x108/0x170
[   36.031143][ T3958]  dump_stack+0x1c/0x58
[   36.032059][ T3958]  __ubsan_handle_out_of_bounds+0x108/0x15c
[   36.033446][ T3958]  jfs_readdir+0x16a4/0x385c
[   36.034535][ T3958]  iterate_dir+0x1f4/0x4e4
[   36.035544][ T3958]  __arm64_sys_getdents64+0x1c4/0x4c4
[   36.036669][ T3958]  invoke_syscall+0x98/0x2b8
[   36.037653][ T3958]  el0_svc_common+0x138/0x258
[   36.038631][ T3958]  do_el0_svc+0x58/0x14c
[   36.039630][ T3958]  el0_svc+0x7c/0x1f0
[   36.040575][ T3958]  el0t_64_sync_handler+0x84/0xe4
[   36.041672][ T3958]  el0t_64_sync+0x1a0/0x1a4
[   36.043681][ T3958] ================================================================================
[   36.045851][ T3958] ================================================================================
[   36.047878][ T3958] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:2945:28
[   36.049334][ T3958] index -1 is out of range for type 'struct dtslot[128]'
[   36.050766][ T3958] CPU: 1 PID: 3958 Comm: syz-executor101 Not tainted 5.15.153-syzkaller #0
[   36.052637][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.054904][ T3958] Call trace:
[   36.055702][ T3958]  dump_backtrace+0x0/0x530
[   36.056680][ T3958]  show_stack+0x2c/0x3c
[   36.057588][ T3958]  dump_stack_lvl+0x108/0x170
[   36.058617][ T3958]  dump_stack+0x1c/0x58
[   36.059479][ T3958]  __ubsan_handle_out_of_bounds+0x108/0x15c
[   36.060674][ T3958]  jfs_readdir+0x1f54/0x385c
[   36.061683][ T3958]  iterate_dir+0x1f4/0x4e4
[   36.062631][ T3958]  __arm64_sys_getdents64+0x1c4/0x4c4
[   36.063851][ T3958]  invoke_syscall+0x98/0x2b8
[   36.064928][ T3958]  el0_svc_common+0x138/0x258
[   36.065969][ T3958]  do_el0_svc+0x58/0x14c
[   36.067046][ T3958]  el0_svc+0x7c/0x1f0
[   36.067984][ T3958]  el0t_64_sync_handler+0x84/0xe4
[   36.069040][ T3958]  el0t_64_sync+0x1a0/0x1a4
[   36.070821][ T3958] ================================================================================
[   36.072601][ T3958] ================================================================================
[   36.074275][ T3958] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:750:12
[   36.075912][ T3958] index 255 is out of range for type 'struct dtslot[128]'
[   36.077526][ T3958] CPU: 1 PID: 3958 Comm: syz-executor101 Not tainted 5.15.153-syzkaller #0
[   36.079289][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.081483][ T3958] Call trace:
[   36.082222][ T3958]  dump_backtrace+0x0/0x530
[   36.083250][ T3958]  show_stack+0x2c/0x3c
[   36.084077][ T3958]  dump_stack_lvl+0x108/0x170
[   36.085042][ T3958]  dump_stack+0x1c/0x58
[   36.085986][ T3958]  __ubsan_handle_out_of_bounds+0x108/0x15c
[   36.087306][ T3958]  diWrite+0xbcc/0x1604
[   36.088269][ T3958]  txCommit+0x754/0x55b0
[   36.089210][ T3958]  jfs_readdir+0x1fd0/0x385c
[   36.090352][ T3958]  iterate_dir+0x1f4/0x4e4
[   36.091277][ T3958]  __arm64_sys_getdents64+0x1c4/0x4c4
[   36.092402][ T3958]  invoke_syscall+0x98/0x2b8
[   36.093304][ T3958]  el0_svc_common+0x138/0x258
[   36.094333][ T3958]  do_el0_svc+0x58/0x14c
[   36.095357][ T3958]  el0_svc+0x7c/0x1f0
[   36.096282][ T3958]  el0t_64_sync_handler+0x84/0xe4
[   36.097432][ T3958]  el0t_64_sync+0x1a0/0x1a4
[   36.099625][ T3958] ================================================================================
[   36.101785][ T3958] ================================================================================
[   36.103722][ T3958] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:750:35
[   36.105409][ T3958] index 255 is out of range for type 'struct dtslot[128]'
[   36.106850][ T3958] CPU: 1 PID: 3958 Comm: syz-executor101 Not tainted 5.15.153-syzkaller #0
[   36.108666][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.110832][ T3958] Call trace:
[   36.111601][ T3958]  dump_backtrace+0x0/0x530
[   36.112626][ T3958]  show_stack+0x2c/0x3c
[   36.113511][ T3958]  dump_stack_lvl+0x108/0x170
[   36.114602][ T3958]  dump_stack+0x1c/0x58
[   36.115547][ T3958]  __ubsan_handle_out_of_bounds+0x108/0x15c
[   36.116873][ T3958]  diWrite+0xc24/0x1604
[   36.117918][ T3958]  txCommit+0x754/0x55b0
[   36.118885][ T3958]  jfs_readdir+0x1fd0/0x385c
[   36.119977][ T3958]  iterate_dir+0x1f4/0x4e4
[   36.120984][ T3958]  __arm64_sys_getdents64+0x1c4/0x4c4
[   36.122211][ T3958]  invoke_syscall+0x98/0x2b8
[   36.123323][ T3958]  el0_svc_common+0x138/0x258
[   36.124421][ T3958]  do_el0_svc+0x58/0x14c
[   36.125418][ T3958]  el0_svc+0x7c/0x1f0
[   36.126319][ T3958]  el0t_64_sync_handler+0x84/0xe4
[   36.127542][ T3958]  el0t_64_sync+0x1a0/0x1a4
[   36.128783][ T3958] ================================================================================
[   36.130905][ T3958] ==================================================================
[   36.132796][ T3958] BUG: KASAN: slab-out-of-bounds in diWrite+0xb48/0x1604
[   36.134353][ T3958] Read of size 32 at addr ffff0000df8e5110 by task syz-executor101/3958
[   36.136178][ T3958] 
[   36.136711][ T3958] CPU: 1 PID: 3958 Comm: syz-executor101 Not tainted 5.15.153-syzkaller #0
[   36.138763][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   36.141128][ T3958] Call trace:
[   36.141795][ T3958]  dump_backtrace+0x0/0x530
[   36.142792][ T3958]  show_stack+0x2c/0x3c
[   36.143687][ T3958]  dump_stack_lvl+0x108/0x170
[   36.144728][ T3958]  print_address_description+0x7c/0x3f0
[   36.145811][ T3958]  kasan_report+0x174/0x1e4
[   36.146797][ T3958]  kasan_check_range+0x274/0x2b4
[   36.147931][ T3958]  memcpy+0x90/0xe8
[   36.148822][ T3958]  diWrite+0xb48/0x1604
[   36.149694][ T3958]  txCommit+0x754/0x55b0
[   36.150645][ T3958]  jfs_readdir+0x1fd0/0x385c
[   36.151578][ T3958]  iterate_dir+0x1f4/0x4e4
[   36.152560][ T3958]  __arm64_sys_getdents64+0x1c4/0x4c4
[   36.153741][ T3958]  invoke_syscall+0x98/0x2b8
[   36.154769][ T3958]  el0_svc_common+0x138/0x258
[   36.155773][ T3958]  do_el0_svc+0x58/0x14c
[   36.156646][ T3958]  el0_svc+0x7c/0x1f0
[   36.157445][ T3958]  el0t_64_sync_handler+0x84/0xe4
[   36.158651][ T3958]  el0t_64_sync+0x1a0/0x1a4
[   36.159614][ T3958] 
[   36.160123][ T3958] Allocated by task 0:
[   36.161138][ T3958] (stack is not available)
[   36.162132][ T3958] 
[   36.162675][ T3958] The buggy address belongs to the object at ffff0000df8e4a00
[   36.162675][ T3958]  which belongs to the cache jfs_ip of size 2240
[   36.165771][ T3958] The buggy address is located 1808 bytes inside of
[   36.165771][ T3958]  2240-byte region [ffff0000df8e4a00, ffff0000df8e52c0)
[   36.168991][ T3958] The buggy address belongs to the page:
[   36.170365][ T3958] page:00000000b0f34806 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f8e0
[   36.172640][ T3958] head:00000000b0f34806 order:3 compound_mapcount:0 compound_pincount:0
[   36.174512][ T3958] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   36.176365][ T3958] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c650b380
[   36.178302][ T3958] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000
[   36.180234][ T3958] page dumped because: kasan: bad access detected
[   36.181688][ T3958] 
[   36.182194][ T3958] Memory state around the buggy address:
[   36.183428][ T3958]  ffff0000df8e5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.185287][ T3958]  ffff0000df8e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.187090][ T3958] >ffff0000df8e5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.188811][ T3958]                          ^
[   36.189859][ T3958]  ffff0000df8e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.191748][ T3958]  ffff0000df8e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.193494][ T3958] ==================================================================
[   36.195284][ T3958] Disabling lock debugging due to kernel taint
[   36.196804][ T3958] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0
[   36.196804][ T3958] 
[   36.199575][ T3958] ERROR: (device loop0): remounting filesystem as read-only
[   36.201187][ T3958] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[   36.201187][ T3958] 
[   36.203605][ T3958] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 2
[   36.203605][ T3958] 
[   36.206051][ T3958] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3
[   36.206051][ T3958] 
[   36.208534][ T3958] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   36.208534][ T3958]