Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.689892][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor114'
[   55.788712][ T5076] loop0: detected capacity change from 0 to 32768
[   55.801864][ T5076] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   55.801864][ T5076] 
executing program
[   55.947813][ T5078] loop0: detected capacity change from 0 to 32768
[   55.958358][ T5078] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   55.958358][ T5078] 
executing program
[   56.369870][ T5079] loop0: detected capacity change from 0 to 32768
[   56.380578][ T5079] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   56.380578][ T5079] 
executing program
executing program
[   56.793920][ T5080] loop0: detected capacity change from 0 to 32768
[   56.806087][ T5080] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   56.806087][ T5080] 
executing program
[   56.947319][ T5081] loop0: detected capacity change from 0 to 32768
[   56.958998][ T5081] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   56.958998][ T5081] 
executing program
[   57.100203][ T5082] loop0: detected capacity change from 0 to 32768
[   57.110249][ T5082] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.110249][ T5082] 
executing program
[   57.251610][ T5083] loop0: detected capacity change from 0 to 32768
[   57.262009][ T5083] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.262009][ T5083] 
executing program
[   57.401945][ T5084] loop0: detected capacity change from 0 to 32768
[   57.412371][ T5084] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.412371][ T5084] 
executing program
[   57.548843][ T5085] loop0: detected capacity change from 0 to 32768
[   57.558936][ T5085] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.558936][ T5085] 
[   57.695900][ T5086] loop0: detected capacity change from 0 to 32768
[   57.706008][ T5086] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.706008][ T5086] 
executing program
[   57.844535][ T5087] loop0: detected capacity change from 0 to 32768
[   57.855412][ T5087] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   57.855412][ T5087] 
executing program
[   57.996931][ T5088] loop0: detected capacity change from 0 to 32768
[   58.007198][ T5088] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   58.007198][ T5088] 
executing program
[   58.417870][ T5089] loop0: detected capacity change from 0 to 32768
[   58.427882][ T5089] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   58.427882][ T5089] 
executing program
executing program
[   58.834002][ T5090] loop0: detected capacity change from 0 to 32768
[   58.844130][ T5090] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   58.844130][ T5090] 
executing program
[   58.979995][ T5091] loop0: detected capacity change from 0 to 32768
[   58.989781][ T5091] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   58.989781][ T5091] 
[   59.119487][ T5092] loop0: detected capacity change from 0 to 32768
[   59.129181][ T5092] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   59.129181][ T5092] 
executing program
[   59.535666][ T5093] loop0: detected capacity change from 0 to 32768
[   59.546049][ T5093] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   59.546049][ T5093] 
executing program
[   59.944164][ T5094] loop0: detected capacity change from 0 to 32768
[   59.954403][ T5094] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   59.954403][ T5094] 
executing program
executing program
[   60.097143][ T5095] loop0: detected capacity change from 0 to 32768
[   60.107245][ T5095] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   60.107245][ T5095] 
executing program
[   60.239191][ T5096] loop0: detected capacity change from 0 to 32768
[   60.249643][ T5096] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   60.249643][ T5096] 
[   60.390297][ T5097] loop0: detected capacity change from 0 to 32768
[   60.399981][ T5097] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   60.399981][ T5097] 
executing program
[   60.549910][ T5098] loop0: detected capacity change from 0 to 32768
[   60.570778][ T5098] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   60.570778][ T5098] 
executing program
executing program
[   60.992974][ T5099] loop0: detected capacity change from 0 to 32768
[   61.003306][ T5099] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   61.003306][ T5099] 
executing program
[   61.136242][ T5100] loop0: detected capacity change from 0 to 32768
[   61.146223][ T5100] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   61.146223][ T5100] 
[   61.277647][ T5101] loop0: detected capacity change from 0 to 32768
[   61.287511][ T5101] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   61.287511][ T5101] 
executing program
[   61.693024][ T5102] loop0: detected capacity change from 0 to 32768
[   61.703566][ T5102] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   61.703566][ T5102] 
executing program
executing program
[   62.103002][ T5103] loop0: detected capacity change from 0 to 32768
[   62.113182][ T5103] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   62.113182][ T5103] 
executing program
[   62.247140][ T5104] loop0: detected capacity change from 0 to 32768
[   62.257698][ T5104] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   62.257698][ T5104] 
[   62.400357][ T5105] loop0: detected capacity change from 0 to 32768
[   62.415332][ T5105] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[   62.415332][ T5105] 
executing program
[   62.816258][ T5106] loop0: detected capacity change from 0 to 32768
[   62.826326][ T5106] ==================================================================
[   62.834398][ T5106] BUG: KASAN: slab-out-of-bounds in jfs_readdir+0x3a89/0x4290
[   62.841843][ T5106] Read of size 1 at addr ffff888072df7f75 by task syz-executor114/5106
[   62.850088][ T5106] 
[   62.852414][ T5106] CPU: 1 PID: 5106 Comm: syz-executor114 Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[   62.862808][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   62.872937][ T5106] Call Trace:
[   62.876201][ T5106]  <TASK>
[   62.879129][ T5106]  dump_stack_lvl+0xd9/0x150
[   62.883712][ T5106]  print_address_description.constprop.0+0x2c/0x3c0
[   62.890299][ T5106]  ? jfs_readdir+0x3a89/0x4290
[   62.895050][ T5106]  kasan_report+0x11c/0x130
[   62.899546][ T5106]  ? jfs_readdir+0x3a89/0x4290
[   62.904301][ T5106]  jfs_readdir+0x3a89/0x4290
[   62.908882][ T5106]  ? dtDelete+0x2fe0/0x2fe0
[   62.913372][ T5106]  ? lock_release+0x670/0x670
[   62.918061][ T5106]  ? down_write_killable+0x15b/0x250
[   62.923350][ T5106]  ? down_write_killable_nested+0x250/0x250
[   62.929245][ T5106]  ? fsnotify_perm.part.0+0x221/0x610
[   62.934620][ T5106]  iterate_dir+0x1fd/0x6f0
[   62.939044][ T5106]  __x64_sys_getdents64+0x13e/0x2c0
[   62.944276][ T5106]  ? handle_mm_fault+0x397/0x9c0
[   62.949301][ T5106]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   62.954589][ T5106]  ? compat_filldir+0x6b0/0x6b0
[   62.959438][ T5106]  ? syscall_enter_from_user_mode+0x26/0xb0
[   62.965331][ T5106]  do_syscall_64+0x39/0xb0
[   62.969744][ T5106]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.975639][ T5106] RIP: 0033:0x7f27f3cd89b9
[   62.980044][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   62.999830][ T5106] RSP: 002b:00007ffe4cb73bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   63.008242][ T5106] RAX: ffffffffffffffda RBX: 000000000000f031 RCX: 00007f27f3cd89b9
[   63.016210][ T5106] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[   63.024264][ T5106] RBP: 0000000000000000 R08: 00007ffe4cb73c20 R09: 00007ffe4cb73c20
[   63.032230][ T5106] R10: 0000000000005d45 R11: 0000000000000246 R12: 00007ffe4cb73c1c
[   63.040199][ T5106] R13: 00007ffe4cb73c50 R14: 00007ffe4cb73c30 R15: 000000000000001d
[   63.048175][ T5106]  </TASK>
[   63.051183][ T5106] 
[   63.053503][ T5106] Allocated by task 5106:
[   63.057815][ T5106]  kasan_save_stack+0x22/0x40
[   63.062509][ T5106]  kasan_set_track+0x25/0x30
[   63.067098][ T5106]  __kasan_slab_alloc+0x7f/0x90
[   63.071945][ T5106]  kmem_cache_alloc_lru+0x20a/0x600
[   63.077140][ T5106]  jfs_alloc_inode+0x27/0x60
[   63.081723][ T5106]  alloc_inode+0x61/0x230
[   63.086052][ T5106]  new_inode+0x2b/0x280
[   63.090197][ T5106]  diReadSpecial+0x53/0x710
[   63.094697][ T5106]  jfs_mount+0x328/0x8b0
[   63.098934][ T5106]  jfs_fill_super+0x5a8/0xd40
[   63.103613][ T5106]  mount_bdev+0x351/0x410
[   63.107942][ T5106]  legacy_get_tree+0x109/0x220
[   63.112707][ T5106]  vfs_get_tree+0x8d/0x350
[   63.117119][ T5106]  path_mount+0x1342/0x1e40
[   63.121613][ T5106]  __x64_sys_mount+0x283/0x300
[   63.126375][ T5106]  do_syscall_64+0x39/0xb0
[   63.130782][ T5106]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.136677][ T5106] 
[   63.138992][ T5106] The buggy address belongs to the object at ffff888072df6f00
[   63.138992][ T5106]  which belongs to the cache jfs_ip of size 2240
[   63.152695][ T5106] The buggy address is located 1973 bytes to the right of
[   63.152695][ T5106]  allocated 2240-byte region [ffff888072df6f00, ffff888072df77c0)
[   63.167525][ T5106] 
[   63.169838][ T5106] The buggy address belongs to the physical page:
[   63.176238][ T5106] page:ffffea0001cb7c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72df0
[   63.186382][ T5106] head:ffffea0001cb7c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   63.195303][ T5106] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   63.203281][ T5106] raw: 00fff00000010200 ffff888019148c80 dead000000000122 0000000000000000
[   63.211861][ T5106] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[   63.220443][ T5106] page dumped because: kasan: bad access detected
[   63.226844][ T5106] page_owner tracks the page as allocated
[   63.232545][ T5106] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5104, tgid 5104 (syz-executor114), ts 62255649891, free_ts 9242485986
[   63.255036][ T5106]  get_page_from_freelist+0x1190/0x2e20
[   63.260581][ T5106]  __alloc_pages+0x1cb/0x4a0
[   63.265161][ T5106]  alloc_pages+0x1aa/0x270
[   63.269573][ T5106]  allocate_slab+0x25f/0x390
[   63.274157][ T5106]  ___slab_alloc+0xa91/0x1400
[   63.278826][ T5106]  __slab_alloc.constprop.0+0x56/0xa0
[   63.284196][ T5106]  kmem_cache_alloc_lru+0x4a8/0x600
[   63.289389][ T5106]  jfs_alloc_inode+0x27/0x60
[   63.293968][ T5106]  alloc_inode+0x61/0x230
[   63.298289][ T5106]  new_inode+0x2b/0x280
[   63.302435][ T5106]  diReadSpecial+0x53/0x710
[   63.306933][ T5106]  jfs_mount+0x328/0x8b0
[   63.311167][ T5106]  jfs_fill_super+0x5a8/0xd40
[   63.315831][ T5106]  mount_bdev+0x351/0x410
[   63.320151][ T5106]  legacy_get_tree+0x109/0x220
[   63.324906][ T5106]  vfs_get_tree+0x8d/0x350
[   63.329313][ T5106] page last free stack trace:
[   63.333968][ T5106]  free_pcp_prepare+0x5d5/0xa50
[   63.338837][ T5106]  free_unref_page+0x1d/0x490
[   63.343518][ T5106]  free_contig_range+0xb5/0x180
[   63.348387][ T5106]  destroy_args+0x6c4/0x920
[   63.352897][ T5106]  debug_vm_pgtable+0x242a/0x4640
[   63.357913][ T5106]  do_one_initcall+0x102/0x540
[   63.362673][ T5106]  kernel_init_freeable+0x696/0xc00
[   63.367857][ T5106]  kernel_init+0x1e/0x2c0
[   63.372183][ T5106]  ret_from_fork+0x1f/0x30
[   63.376595][ T5106] 
[   63.378907][ T5106] Memory state around the buggy address:
[   63.384519][ T5106]  ffff888072df7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.392563][ T5106]  ffff888072df7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.400638][ T5106] >ffff888072df7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.408682][ T5106]                                                              ^
[   63.416382][ T5106]  ffff888072df7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.424515][ T5106]  ffff888072df8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.432557][ T5106] ==================================================================
[   63.440991][ T5106] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   63.448195][ T5106] CPU: 0 PID: 5106 Comm: syz-executor114 Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[   63.458581][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   63.468611][ T5106] Call Trace:
[   63.471869][ T5106]  <TASK>
[   63.474778][ T5106]  dump_stack_lvl+0xd9/0x150
[   63.479352][ T5106]  panic+0x688/0x730
[   63.483232][ T5106]  ? panic_smp_self_stop+0x90/0x90
[   63.488324][ T5106]  ? preempt_schedule_thunk+0x1a/0x20
[   63.493679][ T5106]  ? preempt_schedule_common+0x45/0xb0
[   63.499116][ T5106]  check_panic_on_warn+0xb1/0xc0
[   63.504033][ T5106]  end_report+0xe9/0x120
[   63.508258][ T5106]  ? jfs_readdir+0x3a89/0x4290
[   63.513002][ T5106]  kasan_report+0xf9/0x130
[   63.517401][ T5106]  ? jfs_readdir+0x3a89/0x4290
[   63.522143][ T5106]  jfs_readdir+0x3a89/0x4290
[   63.526739][ T5106]  ? dtDelete+0x2fe0/0x2fe0
[   63.531217][ T5106]  ? lock_release+0x670/0x670
[   63.535902][ T5106]  ? down_write_killable+0x15b/0x250
[   63.541173][ T5106]  ? down_write_killable_nested+0x250/0x250
[   63.547051][ T5106]  ? fsnotify_perm.part.0+0x221/0x610
[   63.552423][ T5106]  iterate_dir+0x1fd/0x6f0
[   63.556841][ T5106]  __x64_sys_getdents64+0x13e/0x2c0
[   63.562024][ T5106]  ? handle_mm_fault+0x397/0x9c0
[   63.567040][ T5106]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   63.572316][ T5106]  ? compat_filldir+0x6b0/0x6b0
[   63.577156][ T5106]  ? syscall_enter_from_user_mode+0x26/0xb0
[   63.583061][ T5106]  do_syscall_64+0x39/0xb0
[   63.587504][ T5106]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.593412][ T5106] RIP: 0033:0x7f27f3cd89b9
[   63.597819][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   63.617508][ T5106] RSP: 002b:00007ffe4cb73bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   63.625927][ T5106] RAX: ffffffffffffffda RBX: 000000000000f031 RCX: 00007f27f3cd89b9
[   63.633882][ T5106] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[   63.641837][ T5106] RBP: 0000000000000000 R08: 00007ffe4cb73c20 R09: 00007ffe4cb73c20
[   63.649793][ T5106] R10: 0000000000005d45 R11: 0000000000000246 R12: 00007ffe4cb73c1c
[   63.657750][ T5106] R13: 00007ffe4cb73c50 R14: 00007ffe4cb73c30 R15: 000000000000001d
[   63.665709][ T5106]  </TASK>
[   63.669645][ T5106] Kernel Offset: disabled
[   63.673963][ T5106] Rebooting in 86400 seconds..