loop3: detected capacity change from 0 to 32768 ================================================================== BUG: KASAN: slab-out-of-bounds in dtCompare fs/jfs/jfs_dtree.c:3333 [inline] BUG: KASAN: slab-out-of-bounds in dtSearch+0x12e4/0x1b28 fs/jfs/jfs_dtree.c:650 Read of size 1 at addr ffff0000f4f43e58 by task syz.3.883/6592 CPU: 1 PID: 6592 Comm: syz.3.883 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 print_address_description+0x88/0x218 mm/kasan/report.c:316 print_report+0x50/0x68 mm/kasan/report.c:420 kasan_report+0xa8/0x100 mm/kasan/report.c:524 __asan_report_load1_noabort+0x2c/0x38 mm/kasan/report_generic.c:348 dtCompare fs/jfs/jfs_dtree.c:3333 [inline] dtSearch+0x12e4/0x1b28 fs/jfs/jfs_dtree.c:650 jfs_lookup+0x13c/0x32c fs/jfs/namei.c:1459 __lookup_slow+0x24c/0x370 fs/namei.c:1698 lookup_slow+0x5c/0x80 fs/namei.c:1715 walk_component+0x270/0x364 fs/namei.c:2006 lookup_last fs/namei.c:2463 [inline] path_lookupat+0x13c/0x3d0 fs/namei.c:2487 filename_lookup+0x190/0x42c fs/namei.c:2516 user_path_at_empty+0x5c/0x84 fs/namei.c:2913 user_path_at include/linux/namei.h:57 [inline] __do_sys_chdir fs/open.c:514 [inline] __se_sys_chdir fs/open.c:508 [inline] __arm64_sys_chdir+0xb4/0x26c fs/open.c:508 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 The buggy address belongs to the object at ffff0000f4f43780 which belongs to the cache jfs_ip of size 2240 The buggy address is located 1752 bytes inside of 2240-byte region [ffff0000f4f43780, ffff0000f4f44040) The buggy address belongs to the physical page: page:0000000094bef9c2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x134f40 head:0000000094bef9c2 order:3 compound_mapcount:0 compound_pincount:0 memcg:ffff0000dd967101 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c6d01080 raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff0000dd967101 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000f4f43d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000f4f43d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff0000f4f43e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000f4f43e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000f4f43f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ERROR: (device loop3): dtSearch: stack overrun! ERROR: (device loop3): remounting filesystem as read-only btstack dump: bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 bn = 0, index = 0 jfs_lookup: dtSearch returned -5