Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts. executing program [ 36.437781][ T4221] loop0: detected capacity change from 0 to 32768 [ 36.449233][ T4221] ================================================================================ [ 36.451402][ T4221] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 [ 36.453071][ T4221] index 134217728 is out of range for type 'struct iagctl[128]' [ 36.454780][ T4221] CPU: 1 PID: 4221 Comm: syz-executor958 Not tainted 6.1.74-syzkaller #0 [ 36.456620][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 36.458740][ T4221] Call trace: [ 36.459518][ T4221] dump_backtrace+0x1c8/0x1f4 [ 36.460634][ T4221] show_stack+0x2c/0x3c [ 36.461557][ T4221] dump_stack_lvl+0x108/0x170 [ 36.462614][ T4221] dump_stack+0x1c/0x58 [ 36.463539][ T4221] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 36.464848][ T4221] diNewExt+0x280c/0x2b44 [ 36.465812][ T4221] diAllocAG+0xa68/0x1b8c [ 36.466783][ T4221] diAlloc+0x17c/0x15c4 [ 36.467707][ T4221] ialloc+0x84/0x7c0 [ 36.468584][ T4221] jfs_mkdir+0x190/0xa0c [ 36.469538][ T4221] vfs_mkdir+0x334/0x4e4 [ 36.470475][ T4221] do_mkdirat+0x220/0x510 [ 36.471430][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 36.472547][ T4221] invoke_syscall+0x98/0x2c0 [ 36.473503][ T4221] el0_svc_common+0x138/0x258 [ 36.474524][ T4221] do_el0_svc+0x64/0x218 [ 36.475475][ T4221] el0_svc+0x58/0x168 [ 36.476328][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 36.477432][ T4221] el0t_64_sync+0x18c/0x190 [ 36.481233][ T4221] ================================================================================ [ 36.483236][ T4221] ================================================================== [ 36.484917][ T4221] BUG: KASAN: use-after-free in diNewExt+0x2af0/0x2b44 [ 36.486333][ T4221] Read of size 4 at addr ffff000157e7802c by task syz-executor958/4221 [ 36.488049][ T4221] [ 36.488527][ T4221] CPU: 1 PID: 4221 Comm: syz-executor958 Not tainted 6.1.74-syzkaller #0 [ 36.490220][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 36.492349][ T4221] Call trace: [ 36.493082][ T4221] dump_backtrace+0x1c8/0x1f4 [ 36.494086][ T4221] show_stack+0x2c/0x3c [ 36.495038][ T4221] dump_stack_lvl+0x108/0x170 [ 36.496037][ T4221] print_report+0x174/0x4c0 [ 36.497044][ T4221] kasan_report+0xd4/0x130 [ 36.497988][ T4221] __asan_report_load4_noabort+0x2c/0x38 [ 36.499192][ T4221] diNewExt+0x2af0/0x2b44 [ 36.500094][ T4221] diAllocAG+0xa68/0x1b8c [ 36.500995][ T4221] diAlloc+0x17c/0x15c4 [ 36.501927][ T4221] ialloc+0x84/0x7c0 [ 36.502771][ T4221] jfs_mkdir+0x190/0xa0c [ 36.503705][ T4221] vfs_mkdir+0x334/0x4e4 [ 36.504663][ T4221] do_mkdirat+0x220/0x510 [ 36.505578][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 36.506661][ T4221] invoke_syscall+0x98/0x2c0 [ 36.507672][ T4221] el0_svc_common+0x138/0x258 [ 36.508705][ T4221] do_el0_svc+0x64/0x218 [ 36.509673][ T4221] el0_svc+0x58/0x168 [ 36.510638][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 36.511718][ T4221] el0t_64_sync+0x18c/0x190 [ 36.512681][ T4221] [ 36.513161][ T4221] The buggy address belongs to the physical page: [ 36.514555][ T4221] page:000000009e7d2aa3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x197e78 [ 36.516812][ T4221] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 36.518350][ T4221] raw: 05ffc00000000000 fffffc00055f9e08 fffffc00055f9e08 0000000000000000 [ 36.520232][ T4221] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 36.522081][ T4221] page dumped because: kasan: bad access detected [ 36.523453][ T4221] [ 36.523943][ T4221] Memory state around the buggy address: [ 36.525162][ T4221] ffff000157e77f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.526911][ T4221] ffff000157e77f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.528685][ T4221] >ffff000157e78000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.530442][ T4221] ^ [ 36.531578][ T4221] ffff000157e78080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.533325][ T4221] ffff000157e78100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.535065][ T4221] ================================================================== [ 36.540032][ T4221] Disabling lock debugging due to kernel taint [ 36.541546][ T4221] ================================================================================ [ 36.543558][ T4221] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2361:2 [ 36.545194][ T4221] index 134217728 is out of range for type 'struct iagctl[128]' [ 36.546856][ T4221] CPU: 1 PID: 4221 Comm: syz-executor958 Tainted: G B 6.1.74-syzkaller #0 [ 36.548943][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 36.551078][ T4221] Call trace: [ 36.551792][ T4221] dump_backtrace+0x1c8/0x1f4 [ 36.552779][ T4221] show_stack+0x2c/0x3c [ 36.553696][ T4221] dump_stack_lvl+0x108/0x170 [ 36.554703][ T4221] dump_stack+0x1c/0x58 [ 36.555622][ T4221] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 36.556908][ T4221] diNewExt+0x2840/0x2b44 [ 36.557844][ T4221] diAllocAG+0xa68/0x1b8c [ 36.558739][ T4221] diAlloc+0x17c/0x15c4 [ 36.559657][ T4221] ialloc+0x84/0x7c0 [ 36.560495][ T4221] jfs_mkdir+0x190/0xa0c [ 36.561396][ T4221] vfs_mkdir+0x334/0x4e4 [ 36.562287][ T4221] do_mkdirat+0x220/0x510 [ 36.563247][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 36.564319][ T4221] invoke_syscall+0x98/0x2c0 [ 36.565393][ T4221] el0_svc_common+0x138/0x258 [ 36.566415][ T4221] do_el0_svc+0x64/0x218 [ 36.567328][ T4221] el0_svc+0x58/0x168 [ 36.568221][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 36.569320][ T4221] el0t_64_sync+0x18c/0x190 [ 36.571856][ T4221] ================================================================================