==================================================================
BUG: KASAN: slab-out-of-bounds in dtSplitRoot+0x140a/0x1590 fs/jfs/jfs_dtree.c:1985
Read of size 1 at addr ffff8880b5217fc0 by task syz-executor379/8101
CPU: 0 PID: 8101 Comm: syz-executor379 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_address_description.cold+0x54/0x219 mm/kasan/report.c:256
kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
kasan_report mm/kasan/report.c:412 [inline]
__asan_report_load1_noabort+0x88/0x90 mm/kasan/report.c:430
dtSplitRoot+0x140a/0x1590 fs/jfs/jfs_dtree.c:1985
dtSplitUp+0x10ce/0x4e70 fs/jfs/jfs_dtree.c:998
dtInsert+0x7fd/0xa00 fs/jfs/jfs_dtree.c:876
jfs_mkdir.part.0+0x3ef/0x870 fs/jfs/namei.c:282
jfs_mkdir+0x3f/0x60 fs/jfs/namei.c:222
vfs_mkdir+0x508/0x7a0 fs/namei.c:3819
do_mkdirat+0x262/0x2d0 fs/namei.c:3842
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fdddb73ffb9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc410adce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdddb73ffb9
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
RBP: 00007fdddb6ff820 R08: 0000000000000000 R09: 00007fdddb6ff820
R10: 0000555555b0d2c0 R11: 0000000000000246 R12: 00000000f8008000
R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000
Allocated by task 1:
kmem_cache_alloc+0x122/0x370 mm/slab.c:3559
kmem_cache_zalloc include/linux/slab.h:699 [inline]
__alloc_file+0x21/0x340 fs/file_table.c:100
alloc_empty_file+0x6d/0x170 fs/file_table.c:150
path_openat+0xe9/0x2df0 fs/namei.c:3526
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 9:
__cache_free mm/slab.c:3503 [inline]
kmem_cache_free+0x7f/0x260 mm/slab.c:3765
__rcu_reclaim kernel/rcu/rcu.h:236 [inline]
rcu_do_batch kernel/rcu/tree.c:2584 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2864 [inline]
rcu_process_callbacks+0x8ff/0x18b0 kernel/rcu/tree.c:2881
__do_softirq+0x265/0x980 kernel/softirq.c:292
The buggy address belongs to the object at ffff8880b5217cc0
which belongs to the cache filp of size 456
The buggy address is located 312 bytes to the right of
456-byte region [ffff8880b5217cc0, ffff8880b5217e88)
The buggy address belongs to the page:
page:ffffea0002d485c0 count:1 mapcount:0 mapping:ffff88813be45080 index:0x0
flags: 0xfff00000000100(slab)
raw: 00fff00000000100 ffffea0002d48588 ffffea0002782a88 ffff88813be45080
raw: 0000000000000000 ffff8880b5217040 0000000100000006 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880b5217e80: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880b5217f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880b5217f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8880b5218000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8880b5218080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================