./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2644999342 <...> Warning: Permanently added '10.128.0.38' (ED25519) to the list of known hosts. execve("./syz-executor2644999342", ["./syz-executor2644999342"], 0x7ffcdb3e94b0 /* 10 vars */) = 0 brk(NULL) = 0x55555e893000 brk(0x55555e893d00) = 0x55555e893d00 arch_prctl(ARCH_SET_FS, 0x55555e893380) = 0 set_tid_address(0x55555e893650) = 5840 set_robust_list(0x55555e893660, 24) = 0 rseq(0x55555e893ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2644999342", 4096) = 28 getrandom("\x5d\xf7\xd0\x81\xee\xa2\xdc\x76", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555e893d00 brk(0x55555e8b4d00) = 0x55555e8b4d00 brk(0x55555e8b5000) = 0x55555e8b5000 mprotect(0x7f1a33654000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a2b000000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f1a2b000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./bus", 0777) = 0 mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) chdir("./file0") = 0 [ 88.273118][ T5840] loop0: detected capacity change from 0 to 32768 [ 88.302035][ T5840] [ 88.302035][ T5840] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 88.302035][ T5840] creat("./file0", 000) = -1 EIO (Input/output error) creat("./file0", 0410) = -1 EIO (Input/output error) [ 88.325774][ T5840] read_mapping_page failed! [ 88.330505][ T5840] ERROR: (device loop0): txCommit: [ 88.330505][ T5840] [ 88.361290][ T5840] read_mapping_page failed! [ 88.366762][ T5840] ERROR: (device loop0): txCommit: [ 88.366762][ T5840] [ 88.398090][ T5840] ================================================================== [ 88.406209][ T5840] BUG: KASAN: slab-out-of-bounds in dtInsertEntry+0xe9a/0x1430 [ 88.413980][ T5840] Read of size 4 at addr ffff88807e69c01c by task syz-executor264/5840 [ 88.422255][ T5840] [ 88.424638][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor264 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 88.424666][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.424687][ T5840] Call Trace: [ 88.424700][ T5840] [ 88.424710][ T5840] dump_stack_lvl+0x189/0x250 [ 88.424738][ T5840] ? rcu_is_watching+0x15/0xb0 [ 88.424769][ T5840] ? __kasan_check_byte+0x12/0x40 [ 88.424804][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.424828][ T5840] ? rcu_is_watching+0x15/0xb0 [ 88.424852][ T5840] ? lock_release+0x4b/0x3e0 [ 88.424872][ T5840] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 88.424911][ T5840] ? __virt_addr_valid+0x1c8/0x5c0 [ 88.424938][ T5840] ? __virt_addr_valid+0x4a5/0x5c0 [ 88.424964][ T5840] print_report+0xd2/0x2b0 [ 88.424998][ T5840] ? dtInsertEntry+0xe9a/0x1430 [ 88.425021][ T5840] kasan_report+0x118/0x150 [ 88.425052][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.425087][ T5840] ? dtInsertEntry+0xe9a/0x1430 [ 88.425115][ T5840] dtInsertEntry+0xe9a/0x1430 [ 88.425152][ T5840] dtSplitPage+0x2a83/0x3b20 [ 88.425207][ T5840] dtInsert+0x109b/0x5f40 [ 88.425239][ T5840] ? kasan_quarantine_put+0xdd/0x220 [ 88.425268][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.425308][ T5840] ? __pfx_dtInsert+0x10/0x10 [ 88.425330][ T5840] ? dtSearch+0x1d29/0x21b0 [ 88.425371][ T5840] jfs_symlink+0x715/0xe60 [ 88.425405][ T5840] ? __pfx_jfs_symlink+0x10/0x10 [ 88.425431][ T5840] ? smk_access+0x14c/0x4e0 [ 88.425472][ T5840] ? generic_permission+0x2e5/0x690 [ 88.425501][ T5840] ? bpf_lsm_inode_symlink+0x9/0x20 [ 88.425534][ T5840] vfs_symlink+0x140/0x2f0 [ 88.425568][ T5840] do_symlinkat+0x1b1/0x3f0 [ 88.425600][ T5840] ? __pfx_do_symlinkat+0x10/0x10 [ 88.425631][ T5840] ? strncpy_from_user+0x150/0x290 [ 88.425662][ T5840] ? getname_flags+0x1e5/0x540 [ 88.425686][ T5840] __x64_sys_symlink+0x7a/0x90 [ 88.425718][ T5840] do_syscall_64+0xfa/0x3b0 [ 88.425738][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.425778][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.425799][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 88.425824][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.425845][ T5840] RIP: 0033:0x7f1a335db6b9 [ 88.425870][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.425889][ T5840] RSP: 002b:00007ffd5c318218 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 88.425911][ T5840] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f1a335db6b9 [ 88.425928][ T5840] RDX: 0000000000000073 RSI: 0000200000000040 RDI: 0000200000000080 [ 88.425942][ T5840] RBP: 0000200000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.425956][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.425969][ T5840] R13: 00007ffd5c3183f8 R14: 0000000000000001 R15: 0000000000000001 [ 88.425992][ T5840] [ 88.426000][ T5840] [ 88.712763][ T5840] Allocated by task 5840: [ 88.717096][ T5840] kasan_save_track+0x3e/0x80 [ 88.721796][ T5840] __kasan_slab_alloc+0x6c/0x80 [ 88.726660][ T5840] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 88.732480][ T5840] jfs_alloc_inode+0x28/0x70 [ 88.737070][ T5840] alloc_inode+0x6a/0x1b0 [ 88.741406][ T5840] iget_locked+0xf0/0x570 [ 88.745739][ T5840] jfs_iget+0x24/0x3e0 [ 88.749827][ T5840] jfs_lookup+0x1c5/0x380 [ 88.754164][ T5840] __lookup_slow+0x294/0x3d0 [ 88.758759][ T5840] lookup_slow+0x53/0x70 [ 88.763004][ T5840] walk_component+0x2d2/0x400 [ 88.767679][ T5840] path_lookupat+0x163/0x430 [ 88.772269][ T5840] filename_lookup+0x212/0x570 [ 88.777031][ T5840] user_path_at+0x3a/0x60 [ 88.781365][ T5840] __se_sys_chdir+0x91/0x280 [ 88.785968][ T5840] do_syscall_64+0xfa/0x3b0 [ 88.790475][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.796369][ T5840] [ 88.798692][ T5840] The buggy address belongs to the object at ffff88807e69b750 [ 88.798692][ T5840] which belongs to the cache jfs_ip of size 2232 [ 88.812395][ T5840] The buggy address is located 20 bytes to the right of [ 88.812395][ T5840] allocated 2232-byte region [ffff88807e69b750, ffff88807e69c008) [ 88.827061][ T5840] [ 88.829386][ T5840] The buggy address belongs to the physical page: [ 88.835791][ T5840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e698 [ 88.844551][ T5840] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 88.853045][ T5840] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 88.860596][ T5840] page_type: f5(slab) [ 88.864579][ T5840] raw: 00fff00000000040 ffff88801dba3b40 dead000000000122 0000000000000000 [ 88.873162][ T5840] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000 [ 88.881778][ T5840] head: 00fff00000000040 ffff88801dba3b40 dead000000000122 0000000000000000 [ 88.890461][ T5840] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000 [ 88.899149][ T5840] head: 00fff00000000003 ffffea0001f9a601 00000000ffffffff 00000000ffffffff [ 88.907819][ T5840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 88.916562][ T5840] page dumped because: kasan: bad access detected [ 88.922992][ T5840] page_owner tracks the page as allocated [ 88.928722][ T5840] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5840, tgid 5840 (syz-executor264), ts 88288691379, free_ts 31010856790 [ 88.951401][ T5840] post_alloc_hook+0x240/0x2a0 [ 88.956181][ T5840] get_page_from_freelist+0x21d5/0x22b0 [ 88.961740][ T5840] __alloc_frozen_pages_noprof+0x181/0x370 [ 88.967578][ T5840] alloc_pages_mpol+0x232/0x4a0 [ 88.972470][ T5840] allocate_slab+0x8a/0x3b0 [ 88.976975][ T5840] ___slab_alloc+0xbfc/0x1480 [ 88.981651][ T5840] kmem_cache_alloc_lru_noprof+0x288/0x3d0 [ 88.987474][ T5840] jfs_alloc_inode+0x28/0x70 [ 88.992065][ T5840] alloc_inode+0x6a/0x1b0 [ 88.996423][ T5840] new_inode+0x22/0x170 [ 89.000616][ T5840] jfs_fill_super+0x569/0xd90 [ 89.005296][ T5840] get_tree_bdev_flags+0x40b/0x4d0 [ 89.010422][ T5840] vfs_get_tree+0x8f/0x2b0 [ 89.014867][ T5840] do_new_mount+0x24a/0xa40 [ 89.019378][ T5840] __se_sys_mount+0x317/0x410 [ 89.024056][ T5840] do_syscall_64+0xfa/0x3b0 [ 89.028564][ T5840] page last free pid 1 tgid 1 stack trace: [ 89.034368][ T5840] __free_frozen_pages+0xc65/0xe60 [ 89.039481][ T5840] free_contig_range+0x1bd/0x4a0 [ 89.044434][ T5840] destroy_args+0x7e/0x5d0 [ 89.048887][ T5840] debug_vm_pgtable+0x412/0x450 [ 89.053756][ T5840] do_one_initcall+0x233/0x820 [ 89.058530][ T5840] do_initcall_level+0x137/0x1f0 [ 89.063476][ T5840] do_initcalls+0x69/0xd0 [ 89.067807][ T5840] kernel_init_freeable+0x3d9/0x570 [ 89.073010][ T5840] kernel_init+0x1d/0x1d0 [ 89.077348][ T5840] ret_from_fork+0x3fc/0x770 [ 89.081949][ T5840] ret_from_fork_asm+0x1a/0x30 [ 89.086723][ T5840] [ 89.089047][ T5840] Memory state around the buggy address: [ 89.094680][ T5840] ffff88807e69bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 89.102745][ T5840] ffff88807e69bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 89.110810][ T5840] >ffff88807e69c000: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.118876][ T5840] ^ [ 89.123725][ T5840] ffff88807e69c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.131880][ T5840] ffff88807e69c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.139955][ T5840] ================================================================== [ 89.148699][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 89.155950][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor264 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 89.168390][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.178508][ T5840] Call Trace: [ 89.181803][ T5840] [ 89.184749][ T5840] dump_stack_lvl+0x99/0x250 [ 89.189351][ T5840] ? __asan_memcpy+0x40/0x70 [ 89.193950][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.199152][ T5840] ? __pfx__printk+0x10/0x10 [ 89.203752][ T5840] panic+0x2db/0x790 [ 89.207654][ T5840] ? __pfx_preempt_schedule+0x10/0x10 [ 89.213035][ T5840] ? __pfx_panic+0x10/0x10 [ 89.217453][ T5840] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 89.223356][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 89.229693][ T5840] ? dtInsertEntry+0xe9a/0x1430 [ 89.234570][ T5840] check_panic_on_warn+0x89/0xb0 [ 89.239523][ T5840] ? dtInsertEntry+0xe9a/0x1430 [ 89.244380][ T5840] end_report+0x78/0x160 [ 89.248635][ T5840] kasan_report+0x129/0x150 [ 89.253149][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.258360][ T5840] ? dtInsertEntry+0xe9a/0x1430 [ 89.263217][ T5840] dtInsertEntry+0xe9a/0x1430 [ 89.267915][ T5840] dtSplitPage+0x2a83/0x3b20 [ 89.272528][ T5840] dtInsert+0x109b/0x5f40 [ 89.276886][ T5840] ? kasan_quarantine_put+0xdd/0x220 [ 89.282177][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.287388][ T5840] ? __pfx_dtInsert+0x10/0x10 [ 89.292066][ T5840] ? dtSearch+0x1d29/0x21b0 [ 89.296591][ T5840] jfs_symlink+0x715/0xe60 [ 89.301014][ T5840] ? __pfx_jfs_symlink+0x10/0x10 [ 89.305956][ T5840] ? smk_access+0x14c/0x4e0 [ 89.310481][ T5840] ? generic_permission+0x2e5/0x690 [ 89.315686][ T5840] ? bpf_lsm_inode_symlink+0x9/0x20 [ 89.320908][ T5840] vfs_symlink+0x140/0x2f0 [ 89.325337][ T5840] do_symlinkat+0x1b1/0x3f0 [ 89.329866][ T5840] ? __pfx_do_symlinkat+0x10/0x10 [ 89.334907][ T5840] ? strncpy_from_user+0x150/0x290 [ 89.340037][ T5840] ? getname_flags+0x1e5/0x540 [ 89.344833][ T5840] __x64_sys_symlink+0x7a/0x90 [ 89.349642][ T5840] do_syscall_64+0xfa/0x3b0 [ 89.354190][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.359430][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.365503][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 89.370186][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.376088][ T5840] RIP: 0033:0x7f1a335db6b9 [ 89.380513][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.400151][ T5840] RSP: 002b:00007ffd5c318218 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 89.408572][ T5840] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f1a335db6b9 [ 89.416546][ T5840] RDX: 0000000000000073 RSI: 0000200000000040 RDI: 0000200000000080 [ 89.424521][ T5840] RBP: 0000200000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.432586][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.440561][ T5840] R13: 00007ffd5c3183f8 R14: 0000000000000001 R15: 0000000000000001 [ 89.448546][ T5840] [ 89.451888][ T5840] Kernel Offset: disabled [ 89.456222][ T5840] Rebooting in 86400 seconds..