[ 19.732836][ T3696] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: [ 19.786563][ T555] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 19.790095][ T555] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. executing program syzkaller login: [ 42.941278][ T4022] loop0: detected capacity change from 0 to 32768 [ 43.042943][ T4022] [ 43.042943][ T4022] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 43.042943][ T4022] [ 43.052352][ T4022] read_mapping_page failed! [ 43.053906][ T4022] ERROR: (device loop0): txAbort: [ 43.053906][ T4022] [ 43.058383][ T4022] read_mapping_page failed! [ 43.059685][ T4022] ERROR: (device loop0): txAbort: [ 43.059685][ T4022] [ 43.062852][ T4022] read_mapping_page failed! [ 43.064095][ T4022] ERROR: (device loop0): txAbort: [ 43.064095][ T4022] [ 43.067596][ T4022] ================================================================== [ 43.069851][ T4022] BUG: KASAN: slab-out-of-bounds in dtSplitPage+0xcf8/0x2888 [ 43.071835][ T4022] Read of size 1 at addr ffff0000e3004055 by task syz-executor157/4022 [ 43.074122][ T4022] [ 43.074777][ T4022] CPU: 1 PID: 4022 Comm: syz-executor157 Not tainted 5.15.185-syzkaller #0 [ 43.077138][ T4022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.079944][ T4022] Call trace: [ 43.080865][ T4022] dump_backtrace+0x0/0x43c [ 43.082100][ T4022] show_stack+0x2c/0x3c [ 43.083230][ T4022] __dump_stack+0x30/0x40 [ 43.084383][ T4022] dump_stack_lvl+0xf8/0x160 [ 43.085629][ T4022] print_address_description+0x78/0x30c [ 43.087102][ T4022] kasan_report+0xec/0x15c [ 43.088318][ T4022] __asan_report_load1_noabort+0x44/0x50 [ 43.089872][ T4022] dtSplitPage+0xcf8/0x2888 [ 43.091087][ T4022] dtInsert+0xc3c/0x5634 [ 43.092278][ T4022] jfs_mkdir+0x5a4/0x8b4 [ 43.093450][ T4022] vfs_mkdir+0x314/0x4d4 [ 43.094667][ T4022] do_mkdirat+0x1bc/0x508 [ 43.095844][ T4022] __arm64_sys_mkdirat+0x90/0xa8 [ 43.097220][ T4022] invoke_syscall+0x98/0x2b8 [ 43.098507][ T4022] el0_svc_common+0x138/0x258 [ 43.099792][ T4022] do_el0_svc+0x58/0x14c [ 43.100937][ T4022] el0_svc+0x78/0x1e0 [ 43.102057][ T4022] el0t_64_sync_handler+0xcc/0xe4 [ 43.103439][ T4022] el0t_64_sync+0x1a0/0x1a4 [ 43.104688][ T4022] [ 43.105311][ T4022] Allocated by task 4022: [ 43.106448][ T4022] __kasan_slab_alloc+0x8c/0xcc [ 43.107774][ T4022] slab_post_alloc_hook+0x74/0x408 [ 43.109183][ T4022] kmem_cache_alloc+0x1e0/0x3e4 [ 43.110624][ T4022] jfs_alloc_inode+0x24/0x60 [ 43.111899][ T4022] iget_locked+0x178/0x710 [ 43.113173][ T4022] jfs_iget+0x30/0x374 [ 43.114293][ T4022] jfs_lookup+0x198/0x32c [ 43.115485][ T4022] __lookup_slow+0x24c/0x380 [ 43.116737][ T4022] lookup_slow+0x5c/0x80 [ 43.117894][ T4022] walk_component+0x2b0/0x3a8 [ 43.119170][ T4022] link_path_walk+0x590/0xb8c [ 43.120452][ T4022] __filename_parentat+0x1b0/0x510 [ 43.121912][ T4022] do_renameat2+0x224/0xcdc [ 43.123129][ T4022] __arm64_sys_renameat2+0xe0/0xfc [ 43.124549][ T4022] invoke_syscall+0x98/0x2b8 [ 43.125783][ T4022] el0_svc_common+0x138/0x258 [ 43.127060][ T4022] do_el0_svc+0x58/0x14c [ 43.128244][ T4022] el0_svc+0x78/0x1e0 [ 43.129327][ T4022] el0t_64_sync_handler+0xcc/0xe4 [ 43.130711][ T4022] el0t_64_sync+0x1a0/0x1a4 [ 43.131981][ T4022] [ 43.132608][ T4022] The buggy address belongs to the object at ffff0000e3003780 [ 43.132608][ T4022] which belongs to the cache jfs_ip of size 2240 [ 43.136443][ T4022] The buggy address is located 21 bytes to the right of [ 43.136443][ T4022] 2240-byte region [ffff0000e3003780, ffff0000e3004040) [ 43.140325][ T4022] The buggy address belongs to the page: [ 43.141880][ T4022] page:00000000ae17d785 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123000 [ 43.144739][ T4022] head:00000000ae17d785 order:3 compound_mapcount:0 compound_pincount:0 [ 43.147184][ T4022] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 43.149450][ T4022] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c69c3c80 [ 43.151894][ T4022] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 43.154431][ T4022] page dumped because: kasan: bad access detected [ 43.156265][ T4022] [ 43.156944][ T4022] Memory state around the buggy address: [ 43.158550][ T4022] ffff0000e3003f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.160824][ T4022] ffff0000e3003f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.163114][ T4022] >ffff0000e3004000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 43.165320][ T4022] ^ [ 43.167174][ T4022] ffff0000e3004080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 43.169525][ T4022] ffff0000e3004100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.171805][ T4022] ================================================================== [ 43.174090][ T4022] Disabling lock debugging due to kernel taint [ 43.176029][ T4022] find_entry called with index = 0 [ 43.177703][ T4022] read_mapping_page failed! [ 43.178875][ T4022] ERROR: (device loop0): txAbort: [ 43.178875][ T4022] [ 48.097923][ T555] ERROR: (device loop0): diWrite: ixpxd invalid [ 48.097923][ T555] [ 48.100352][ T555] ERROR: (device loop0): txAbort: [ 48.100352][ T555] [ 48.102418][ T555] jfs_write_inode: jfs_commit_inode failed! [ 48.104197][ T555] [ 48.104197][ T555] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 48.104197][ T555] [ 48.107058][ T555] [ 48.107058][ T555] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 48.107058][ T555] [ 48.111077][ T241] [ 48.111077][ T241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 48.111077][ T241]