Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. executing program [ 33.609702][ T6169] loop0: detected capacity change from 0 to 32768 [ 33.620630][ T6169] read_mapping_page failed! [ 33.621971][ T6169] ERROR: (device loop0): txAbort: [ 33.621971][ T6169] [ 33.624062][ T6169] ERROR: (device loop0): remounting filesystem as read-only [ 33.629059][ T6169] BUG: spinlock bad magic on CPU#1, syz-executor174/6169 [ 33.630551][ T6169] ================================================================== [ 33.632305][ T6169] BUG: KASAN: slab-out-of-bounds in string+0x1dc/0x264 [ 33.633847][ T6169] Read of size 1 at addr ffff0000de835300 by task syz-executor174/6169 [ 33.635635][ T6169] [ 33.636125][ T6169] CPU: 1 PID: 6169 Comm: syz-executor174 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 33.638249][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.640374][ T6169] Call trace: [ 33.641054][ T6169] dump_backtrace+0x1b8/0x1e4 [ 33.642138][ T6169] show_stack+0x2c/0x3c [ 33.643103][ T6169] dump_stack_lvl+0xd0/0x124 [ 33.644126][ T6169] print_report+0x178/0x518 [ 33.645159][ T6169] kasan_report+0xd8/0x138 [ 33.646166][ T6169] __asan_report_load1_noabort+0x20/0x2c [ 33.647429][ T6169] string+0x1dc/0x264 [ 33.648326][ T6169] vsnprintf+0xe9c/0x1a8c [ 33.649287][ T6169] vprintk_store+0x38c/0xd80 [ 33.650265][ T6169] vprintk_emit+0x110/0x2e8 [ 33.651268][ T6169] vprintk_default+0xa0/0xe4 [ 33.652233][ T6169] vprintk+0x200/0x2d4 [ 33.653122][ T6169] _printk+0xdc/0x128 [ 33.654022][ T6169] spin_bug+0x120/0x240 [ 33.654905][ T6169] do_raw_spin_lock+0x1f0/0x348 [ 33.655921][ T6169] _raw_spin_lock_irqsave+0x64/0x7c [ 33.657089][ T6169] __wake_up+0x38/0x1b0 [ 33.658073][ T6169] release_metapage+0x19c/0xc4c [ 33.659206][ T6169] xtTruncate+0xc78/0x2a08 [ 33.660240][ T6169] jfs_free_zero_link+0x374/0x598 [ 33.661450][ T6169] jfs_evict_inode+0x300/0x3f4 [ 33.662479][ T6169] evict+0x260/0x68c [ 33.663341][ T6169] iput+0x734/0x818 [ 33.664129][ T6169] dentry_unlink_inode+0x36c/0x4ac [ 33.665230][ T6169] __dentry_kill+0x178/0x5e8 [ 33.666283][ T6169] shrink_kill+0xd4/0x2cc [ 33.667312][ T6169] shrink_dentry_list+0x31c/0x768 [ 33.668484][ T6169] shrink_dcache_parent+0xc4/0x374 [ 33.669607][ T6169] do_one_tree+0x30/0xfc [ 33.670493][ T6169] shrink_dcache_for_umount+0x80/0x12c [ 33.671707][ T6169] generic_shutdown_super+0x68/0x2b8 [ 33.672853][ T6169] kill_block_super+0x44/0x90 [ 33.673868][ T6169] deactivate_locked_super+0xc4/0x12c [ 33.675128][ T6169] deactivate_super+0xe0/0x100 [ 33.676249][ T6169] cleanup_mnt+0x34c/0x3dc [ 33.677279][ T6169] __cleanup_mnt+0x20/0x30 [ 33.678289][ T6169] task_work_run+0x230/0x2e0 [ 33.679343][ T6169] do_exit+0x618/0x1f64 [ 33.680380][ T6169] do_group_exit+0x194/0x22c [ 33.681484][ T6169] pid_child_should_wake+0x0/0x1dc [ 33.682626][ T6169] invoke_syscall+0x98/0x2b8 [ 33.683686][ T6169] el0_svc_common+0x130/0x23c [ 33.684795][ T6169] do_el0_svc+0x48/0x58 [ 33.685725][ T6169] el0_svc+0x54/0x168 [ 33.686612][ T6169] el0t_64_sync_handler+0x84/0xfc [ 33.687708][ T6169] el0t_64_sync+0x190/0x194 [ 33.688664][ T6169] [ 33.689202][ T6169] Allocated by task 6169: [ 33.690127][ T6169] kasan_save_track+0x40/0x78 [ 33.691211][ T6169] kasan_save_alloc_info+0x40/0x50 [ 33.692344][ T6169] __kasan_slab_alloc+0x74/0x8c [ 33.693343][ T6169] kmem_cache_alloc_lru+0x1e0/0x48c [ 33.694461][ T6169] jfs_alloc_inode+0x2c/0x68 [ 33.695368][ T6169] iget_locked+0x168/0x7a8 [ 33.696310][ T6169] jfs_iget+0x30/0x364 [ 33.697191][ T6169] jfs_lookup+0x1e8/0x39c [ 33.698218][ T6169] lookup_one_qstr_excl+0x108/0x230 [ 33.699325][ T6169] do_renameat2+0x584/0xe40 [ 33.700279][ T6169] __arm64_sys_renameat2+0xe0/0xfc [ 33.701407][ T6169] invoke_syscall+0x98/0x2b8 [ 33.702386][ T6169] el0_svc_common+0x130/0x23c [ 33.703425][ T6169] do_el0_svc+0x48/0x58 [ 33.704362][ T6169] el0_svc+0x54/0x168 [ 33.705252][ T6169] el0t_64_sync_handler+0x84/0xfc [ 33.706332][ T6169] el0t_64_sync+0x190/0x194 [ 33.707269][ T6169] [ 33.707878][ T6169] The buggy address belongs to the object at ffff0000de834a00 [ 33.707878][ T6169] which belongs to the cache jfs_ip of size 2240 [ 33.710830][ T6169] The buggy address is located 64 bytes to the right of [ 33.710830][ T6169] allocated 2240-byte region [ffff0000de834a00, ffff0000de8352c0) [ 33.714072][ T6169] [ 33.714585][ T6169] The buggy address belongs to the physical page: [ 33.716019][ T6169] page:00000000ef2d9769 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e830 [ 33.718217][ T6169] head:00000000ef2d9769 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.720160][ T6169] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 33.722096][ T6169] page_type: 0xffffffff() [ 33.723023][ T6169] raw: 05ffc00000000840 ffff0000c4426780 dead000000000122 0000000000000000 [ 33.724875][ T6169] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 33.726790][ T6169] page dumped because: kasan: bad access detected [ 33.728213][ T6169] [ 33.728760][ T6169] Memory state around the buggy address: [ 33.729944][ T6169] ffff0000de835200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.731740][ T6169] ffff0000de835280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.733605][ T6169] >ffff0000de835300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.735396][ T6169] ^ [ 33.736339][ T6169] ffff0000de835380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.738193][ T6169] ffff0000de835400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.739986][ T6169] ================================================================== [ 33.630545][ T6169] lock: 0xffff0000de834aa8, .magic: ffff8000, .owner: /0, .owner_cpu: 512 [ 33.743552][ T6169] CPU: 1 PID: 6169 Comm: syz-executor174 Tainted: G B 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 33.746129][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.748401][ T6169] Call trace: [ 33.749126][ T6169] dump_backtrace+0x1b8/0x1e4 [ 33.750077][ T6169] show_stack+0x2c/0x3c [ 33.750975][ T6169] dump_stack_lvl+0xd0/0x124 [ 33.751941][ T6169] dump_stack+0x1c/0x28 [ 33.752812][ T6169] spin_bug+0x124/0x240 [ 33.753715][ T6169] do_raw_spin_lock+0x1f0/0x348 [ 33.754783][ T6169] _raw_spin_lock_irqsave+0x64/0x7c [ 33.755873][ T6169] __wake_up+0x38/0x1b0 [ 33.756765][ T6169] release_metapage+0x19c/0xc4c [ 33.757880][ T6169] xtTruncate+0xc78/0x2a08 [ 33.758927][ T6169] jfs_free_zero_link+0x374/0x598 [ 33.759986][ T6169] jfs_evict_inode+0x300/0x3f4 [ 33.761013][ T6169] evict+0x260/0x68c [ 33.761844][ T6169] iput+0x734/0x818 [ 33.762687][ T6169] dentry_unlink_inode+0x36c/0x4ac [ 33.763780][ T6169] __dentry_kill+0x178/0x5e8 [ 33.764825][ T6169] shrink_kill+0xd4/0x2cc [ 33.765801][ T6169] shrink_dentry_list+0x31c/0x768 [ 33.766945][ T6169] shrink_dcache_parent+0xc4/0x374 [ 33.768063][ T6169] do_one_tree+0x30/0xfc [ 33.768948][ T6169] shrink_dcache_for_umount+0x80/0x12c [ 33.770130][ T6169] generic_shutdown_super+0x68/0x2b8 [ 33.771297][ T6169] kill_block_super+0x44/0x90 [ 33.772346][ T6169] deactivate_locked_super+0xc4/0x12c [ 33.773554][ T6169] deactivate_super+0xe0/0x100 [ 33.774582][ T6169] cleanup_mnt+0x34c/0x3dc [ 33.775567][ T6169] __cleanup_mnt+0x20/0x30 [ 33.776496][ T6169] task_work_run+0x230/0x2e0 [ 33.777522][ T6169] do_exit+0x618/0x1f64 [ 33.778498][ T6169] do_group_exit+0x194/0x22c [ 33.779571][ T6169] pid_child_should_wake+0x0/0x1dc [ 33.780696][ T6169] invoke_syscall+0x98/0x2b8 [ 33.781712][ T6169] el0_svc_common+0x130/0x23c [ 33.782717][ T6169] do_el0_svc+0x48/0x58 [ 33.783681][ T6169] el0_svc+0x54/0x168 [ 33.784556][ T6169] el0t_64_sync_handler+0x84/0xfc [ 33.785574][ T6169] el0t_64_sync+0x190/0x194 [ 33.786620][ T6169] ------------[ cut here ]------------ [ 33.787849][ T6169] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 33.789659][ T6169] index 8904 is out of range for type 'unsigned long[8]' [ 33.791114][ T6169] CPU: 1 PID: 6169 Comm: syz-executor174 Tainted: G B 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 33.793563][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.795732][ T6169] Call trace: [ 33.796488][ T6169] dump_backtrace+0x1b8/0x1e4 [ 33.797554][ T6169] show_stack+0x2c/0x3c [ 33.798532][ T6169] dump_stack_lvl+0xd0/0x124 [ 33.799585][ T6169] dump_stack+0x1c/0x28 [ 33.800546][ T6169] __ubsan_handle_out_of_bounds+0xf8/0x148 [ 33.801805][ T6169] queued_spin_lock_slowpath+0x944/0xcf8 [ 33.803043][ T6169] do_raw_spin_lock+0x320/0x348 [ 33.804113][ T6169] _raw_spin_lock_irqsave+0x64/0x7c [ 33.805281][ T6169] __wake_up+0x38/0x1b0 [ 33.806232][ T6169] release_metapage+0x19c/0xc4c [ 33.807278][ T6169] xtTruncate+0xc78/0x2a08 [ 33.808230][ T6169] jfs_free_zero_link+0x374/0x598 [ 33.809358][ T6169] jfs_evict_inode+0x300/0x3f4 [ 33.810445][ T6169] evict+0x260/0x68c [ 33.811252][ T6169] iput+0x734/0x818 [ 33.812147][ T6169] dentry_unlink_inode+0x36c/0x4ac [ 33.813260][ T6169] __dentry_kill+0x178/0x5e8 [ 33.814349][ T6169] shrink_kill+0xd4/0x2cc [ 33.815315][ T6169] shrink_dentry_list+0x31c/0x768 [ 33.816365][ T6169] shrink_dcache_parent+0xc4/0x374 [ 33.817489][ T6169] do_one_tree+0x30/0xfc [ 33.818470][ T6169] shrink_dcache_for_umount+0x80/0x12c [ 33.819681][ T6169] generic_shutdown_super+0x68/0x2b8 [ 33.820835][ T6169] kill_block_super+0x44/0x90 [ 33.821881][ T6169] deactivate_locked_super+0xc4/0x12c [ 33.823196][ T6169] deactivate_super+0xe0/0x100 [ 33.824255][ T6169] cleanup_mnt+0x34c/0x3dc [ 33.825226][ T6169] __cleanup_mnt+0x20/0x30 [ 33.826157][ T6169] task_work_run+0x230/0x2e0 [ 33.827272][ T6169] do_exit+0x618/0x1f64 [ 33.828201][ T6169] do_group_exit+0x194/0x22c [ 33.829179][ T6169] pid_child_should_wake+0x0/0x1dc [ 33.830293][ T6169] invoke_syscall+0x98/0x2b8 [ 33.831334][ T6169] el0_svc_common+0x130/0x23c [ 33.832361][ T6169] do_el0_svc+0x48/0x58 [ 33.833253][ T6169] el0_svc+0x54/0x168 [ 33.834181][ T6169] el0t_64_sync_handler+0x84/0xfc [ 33.835364][ T6169] el0t_64_sync+0x190/0x194 [ 33.836367][ T6169] ---[ end trace ]--- [ 33.837252][ T6169] Unable to handle kernel paging request at virtual address ffff7e6e7f860e20 [ 33.839185][ T6169] KASAN: probably wild-memory-access in range [0xfffff373fc307100-0xfffff373fc307107] [ 33.841342][ T6169] Mem abort info: [ 33.842104][ T6169] ESR = 0x0000000096000004 [ 33.843031][ T6169] EC = 0x25: DABT (current EL), IL = 32 bits [ 33.844494][ T6169] SET = 0, FnV = 0 [ 33.845336][ T6169] EA = 0, S1PTW = 0 [ 33.846183][ T6169] FSC = 0x04: level 0 translation fault [ 33.847404][ T6169] Data abort info: [ 33.848282][ T6169] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 33.849600][ T6169] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 33.850973][ T6169] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 33.852229][ T6169] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001adbd5000 [ 33.853962][ T6169] [ffff7e6e7f860e20] pgd=0000000000000000, p4d=0000000000000000 [ 33.855710][ T6169] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 33.857359][ T6169] Modules linked in: [ 33.858266][ T6169] CPU: 1 PID: 6169 Comm: syz-executor174 Tainted: G B 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 33.860662][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.862809][ T6169] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 33.864502][ T6169] pc : queued_spin_lock_slowpath+0x3b0/0xcf8 [ 33.865805][ T6169] lr : queued_spin_lock_slowpath+0x944/0xcf8 [ 33.867097][ T6169] sp : ffff8000977d6e20 [ 33.867994][ T6169] x29: ffff8000977d6ec0 x28: 0000000000008b25 x27: 1ffff00012efadd0 [ 33.869686][ T6169] x26: dfff800000000000 x25: 1fffe0001bd06955 x24: 0000000000080000 [ 33.871371][ T6169] x23: ffff0001b4036d88 x22: fffff373fc307104 x21: ffff0001b4036d80 [ 33.873152][ T6169] x20: 1fffe00036806db0 x19: ffff0000de834aa8 x18: ffff8000977d6b20 [ 33.874978][ T6169] x17: 0000000000000000 x16: ffff80008ad6b09c x15: ffff7000123e3bf0 [ 33.876642][ T6169] x14: 1ffff000123e3bf0 x13: 0000000000000004 x12: ffffffffffffffff [ 33.878424][ T6169] x11: ffff7000123e3bf0 x10: ffff80008ec00d80 x9 : 0000000000000001 [ 33.880213][ T6169] x8 : 1ffffe6e7f860e20 x7 : 0000000000000001 x6 : 0000000000000001 [ 33.881944][ T6169] x5 : ffff8000977d66d8 x4 : ffff80008ed822c0 x3 : ffff8000801c14f0 [ 33.883743][ T6169] x2 : 0000000000000001 x1 : 0000000000000002 x0 : 00000000ffffffff [ 33.885435][ T6169] Call trace: [ 33.886159][ T6169] queued_spin_lock_slowpath+0x3b0/0xcf8 [ 33.887341][ T6169] do_raw_spin_lock+0x320/0x348 [ 33.888380][ T6169] _raw_spin_lock_irqsave+0x64/0x7c [ 33.889526][ T6169] __wake_up+0x38/0x1b0 [ 33.890521][ T6169] release_metapage+0x19c/0xc4c [ 33.891617][ T6169] xtTruncate+0xc78/0x2a08 [ 33.892603][ T6169] jfs_free_zero_link+0x374/0x598 [ 33.893715][ T6169] jfs_evict_inode+0x300/0x3f4 [ 33.894788][ T6169] evict+0x260/0x68c [ 33.895582][ T6169] iput+0x734/0x818 [ 33.896390][ T6169] dentry_unlink_inode+0x36c/0x4ac [ 33.897519][ T6169] __dentry_kill+0x178/0x5e8 [ 33.898521][ T6169] shrink_kill+0xd4/0x2cc [ 33.899474][ T6169] shrink_dentry_list+0x31c/0x768 [ 33.900597][ T6169] shrink_dcache_parent+0xc4/0x374 [ 33.901622][ T6169] do_one_tree+0x30/0xfc [ 33.902491][ T6169] shrink_dcache_for_umount+0x80/0x12c [ 33.903718][ T6169] generic_shutdown_super+0x68/0x2b8 [ 33.904865][ T6169] kill_block_super+0x44/0x90 [ 33.905839][ T6169] deactivate_locked_super+0xc4/0x12c [ 33.907125][ T6169] deactivate_super+0xe0/0x100 [ 33.908174][ T6169] cleanup_mnt+0x34c/0x3dc [ 33.909143][ T6169] __cleanup_mnt+0x20/0x30 [ 33.910097][ T6169] task_work_run+0x230/0x2e0 [ 33.911184][ T6169] do_exit+0x618/0x1f64 [ 33.912064][ T6169] do_group_exit+0x194/0x22c [ 33.913181][ T6169] pid_child_should_wake+0x0/0x1dc [ 33.914308][ T6169] invoke_syscall+0x98/0x2b8 [ 33.915351][ T6169] el0_svc_common+0x130/0x23c [ 33.916349][ T6169] do_el0_svc+0x48/0x58 [ 33.917265][ T6169] el0_svc+0x54/0x168 [ 33.918152][ T6169] el0t_64_sync_handler+0x84/0xfc [ 33.919209][ T6169] el0t_64_sync+0x190/0x194 [ 33.920134][ T6169] Code: f94002c8 8b190116 f9400bf9 d343fec8 (387a6908) [ 33.921756][ T6169] ---[ end trace 0000000000000000 ]--- [ 34.222488][ T6169] Kernel panic - not syncing: Oops: Fatal exception [ 34.223943][ T6169] SMP: stopping secondary CPUs [ 34.225064][ T6169] Kernel Offset: disabled [ 34.225966][ T6169] CPU features: 0x0,00000081,c0080094,42017203 [ 34.227334][ T6169] Memory Limit: none [ 34.520961][ T6169] Rebooting in 86400 seconds..