Warning: Permanently added '10.128.0.213' (ED25519) to the list of known hosts.
executing program
[   37.641148][ T4297] loop0: detected capacity change from 0 to 32768
[   37.655646][ T4297] ==================================================================
[   37.657491][ T4297] BUG: KASAN: slab-out-of-bounds in dtSearch+0x131c/0x1f34
[   37.659153][ T4297] Read of size 1 at addr ffff0000dfb64058 by task syz-executor236/4297
[   37.660919][ T4297] 
[   37.661410][ T4297] CPU: 1 PID: 4297 Comm: syz-executor236 Not tainted 6.1.119-syzkaller #0
[   37.663353][ T4297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.665403][ T4297] Call trace:
[   37.666107][ T4297]  dump_backtrace+0x1c8/0x1f4
[   37.667151][ T4297]  show_stack+0x2c/0x3c
[   37.668027][ T4297]  dump_stack_lvl+0x108/0x170
[   37.668957][ T4297]  print_report+0x174/0x4c0
[   37.669949][ T4297]  kasan_report+0xd4/0x130
[   37.670883][ T4297]  __asan_report_load1_noabort+0x2c/0x38
[   37.672073][ T4297]  dtSearch+0x131c/0x1f34
[   37.673011][ T4297]  jfs_lookup+0x164/0x39c
[   37.673924][ T4297]  lookup_one_qstr_excl+0x108/0x230
[   37.675128][ T4297]  do_renameat2+0x558/0xe64
[   37.676125][ T4297]  __arm64_sys_renameat2+0xe0/0xfc
[   37.677148][ T4297]  invoke_syscall+0x98/0x2bc
[   37.678147][ T4297]  el0_svc_common+0x138/0x258
[   37.679221][ T4297]  do_el0_svc+0x58/0x13c
[   37.680157][ T4297]  el0_svc+0x58/0x168
[   37.681014][ T4297]  el0t_64_sync_handler+0x84/0xf0
[   37.682062][ T4297]  el0t_64_sync+0x18c/0x190
[   37.683064][ T4297] 
[   37.683552][ T4297] Allocated by task 4297:
[   37.684506][ T4297]  kasan_set_track+0x4c/0x80
[   37.685441][ T4297]  kasan_save_alloc_info+0x24/0x30
[   37.686543][ T4297]  __kasan_slab_alloc+0x74/0x8c
[   37.687578][ T4297]  slab_post_alloc_hook+0x74/0x458
[   37.688725][ T4297]  kmem_cache_alloc_lru+0x1ac/0x2f8
[   37.689746][ T4297]  jfs_alloc_inode+0x2c/0x68
[   37.690794][ T4297]  new_inode_pseudo+0x68/0x1d0
[   37.691760][ T4297]  new_inode+0x38/0x174
[   37.692702][ T4297]  ialloc+0x58/0x7c0
[   37.693477][ T4297]  jfs_create+0x190/0xa1c
[   37.694363][ T4297]  path_openat+0xeac/0x2548
[   37.695325][ T4297]  do_filp_open+0x1bc/0x3cc
[   37.696302][ T4297]  do_sys_openat2+0x128/0x3e0
[   37.697251][ T4297]  __arm64_sys_openat+0x1f0/0x240
[   37.698345][ T4297]  invoke_syscall+0x98/0x2bc
[   37.699384][ T4297]  el0_svc_common+0x138/0x258
[   37.700368][ T4297]  do_el0_svc+0x58/0x13c
[   37.701328][ T4297]  el0_svc+0x58/0x168
[   37.702183][ T4297]  el0t_64_sync_handler+0x84/0xf0
[   37.703279][ T4297]  el0t_64_sync+0x18c/0x190
[   37.704257][ T4297] 
[   37.704768][ T4297] The buggy address belongs to the object at ffff0000dfb63780
[   37.704768][ T4297]  which belongs to the cache jfs_ip of size 2240
[   37.707646][ T4297] The buggy address is located 24 bytes to the right of
[   37.707646][ T4297]  2240-byte region [ffff0000dfb63780, ffff0000dfb64040)
[   37.710513][ T4297] 
[   37.711011][ T4297] The buggy address belongs to the physical page:
[   37.712341][ T4297] page:00000000cfba0be3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fb60
[   37.714434][ T4297] head:00000000cfba0be3 order:3 compound_mapcount:0 compound_pincount:0
[   37.716110][ T4297] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   37.717763][ T4297] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c6f9a300
[   37.719681][ T4297] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000
[   37.721522][ T4297] page dumped because: kasan: bad access detected
[   37.722888][ T4297] 
[   37.723379][ T4297] Memory state around the buggy address:
[   37.724544][ T4297]  ffff0000dfb63f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.726195][ T4297]  ffff0000dfb63f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.727817][ T4297] >ffff0000dfb64000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   37.729463][ T4297]                                                     ^
[   37.730864][ T4297]  ffff0000dfb64080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.732505][ T4297]  ffff0000dfb64100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.734162][ T4297] ==================================================================
[   37.735979][ T4297] Disabling lock debugging due to kernel taint
[   37.737320][ T4297] ERROR: (device loop0): dtSearch: stack overrun!
[   37.737320][ T4297] 
[   37.739433][ T4297] ERROR: (device loop0): remounting filesystem as read-only
[   37.741015][ T4297] btstack dump:
[   37.741665][ T4297] bn = 0, index = 0
[   37.742474][ T4297] bn = 0, index = 0
[   37.743230][ T4297] bn = 0, index = 0
[   37.743968][ T4297] bn = 0, index = 0
[   37.744721][ T4297] bn = 0, index = 0
[   37.745501][ T4297] bn = 0, index = 0
[   37.746320][ T4297] bn = 0, index = 0
[   37.747063][ T4297] bn = 0, index = 0
[   37.747882][ T4297] jfs_lookup: dtSearch returned -5