Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts. executing program [ 29.570027][ T6094] loop0: detected capacity change from 0 to 32768 [ 29.579739][ T6094] ================================================================================ [ 29.581943][ T6094] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 [ 29.583637][ T6094] index 134217728 is out of range for type 'struct iagctl[128]' [ 29.585271][ T6094] CPU: 1 PID: 6094 Comm: syz-executor537 Not tainted 6.7.0-rc8-syzkaller-g0802e17d9aca #0 [ 29.587433][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.589624][ T6094] Call trace: [ 29.590321][ T6094] dump_backtrace+0x1b8/0x1e4 [ 29.591370][ T6094] show_stack+0x2c/0x3c [ 29.592350][ T6094] dump_stack_lvl+0xd0/0x124 [ 29.593424][ T6094] dump_stack+0x1c/0x28 [ 29.594373][ T6094] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 29.595710][ T6094] diNewExt+0x280c/0x2b44 [ 29.596719][ T6094] diAllocAG+0xa68/0x1b8c [ 29.597762][ T6094] diAlloc+0x17c/0x15c4 [ 29.598661][ T6094] ialloc+0x84/0x78c [ 29.599530][ T6094] jfs_mkdir+0x190/0x9f4 [ 29.600451][ T6094] vfs_mkdir+0x27c/0x3e4 [ 29.601439][ T6094] do_mkdirat+0x248/0x574 [ 29.602427][ T6094] __arm64_sys_mkdirat+0x90/0xa8 [ 29.603559][ T6094] invoke_syscall+0x98/0x2b8 [ 29.604620][ T6094] el0_svc_common+0x130/0x23c [ 29.605703][ T6094] do_el0_svc+0x48/0x58 [ 29.606620][ T6094] el0_svc+0x54/0x158 [ 29.607601][ T6094] el0t_64_sync_handler+0x84/0xfc [ 29.608745][ T6094] el0t_64_sync+0x190/0x194 [ 29.609907][ T6094] ================================================================================ [ 29.612066][ T6094] ================================================================== [ 29.613885][ T6094] BUG: KASAN: use-after-free in diNewExt+0x2af0/0x2b44 [ 29.615374][ T6094] Read of size 4 at addr ffff00015216802c by task syz-executor537/6094 [ 29.617087][ T6094] [ 29.617598][ T6094] CPU: 1 PID: 6094 Comm: syz-executor537 Not tainted 6.7.0-rc8-syzkaller-g0802e17d9aca #0 [ 29.619756][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.621837][ T6094] Call trace: [ 29.622545][ T6094] dump_backtrace+0x1b8/0x1e4 [ 29.623654][ T6094] show_stack+0x2c/0x3c [ 29.624660][ T6094] dump_stack_lvl+0xd0/0x124 [ 29.625682][ T6094] print_report+0x174/0x514 [ 29.626759][ T6094] kasan_report+0xd8/0x138 [ 29.627706][ T6094] __asan_report_load4_noabort+0x20/0x2c [ 29.628981][ T6094] diNewExt+0x2af0/0x2b44 [ 29.629958][ T6094] diAllocAG+0xa68/0x1b8c [ 29.630877][ T6094] diAlloc+0x17c/0x15c4 [ 29.631844][ T6094] ialloc+0x84/0x78c [ 29.632739][ T6094] jfs_mkdir+0x190/0x9f4 [ 29.633709][ T6094] vfs_mkdir+0x27c/0x3e4 [ 29.634654][ T6094] do_mkdirat+0x248/0x574 [ 29.635601][ T6094] __arm64_sys_mkdirat+0x90/0xa8 [ 29.636629][ T6094] invoke_syscall+0x98/0x2b8 [ 29.637728][ T6094] el0_svc_common+0x130/0x23c [ 29.638716][ T6094] do_el0_svc+0x48/0x58 [ 29.639602][ T6094] el0_svc+0x54/0x158 [ 29.640436][ T6094] el0t_64_sync_handler+0x84/0xfc [ 29.641533][ T6094] el0t_64_sync+0x190/0x194 [ 29.642473][ T6094] [ 29.642999][ T6094] The buggy address belongs to the physical page: [ 29.644361][ T6094] page:00000000d9c30e88 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x192168 [ 29.646601][ T6094] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 29.648150][ T6094] page_type: 0xffffffff() [ 29.649103][ T6094] raw: 05ffc00000000000 fffffc0005485a08 fffffc0005485a08 0000000000000000 [ 29.650994][ T6094] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.652811][ T6094] page dumped because: kasan: bad access detected [ 29.654281][ T6094] [ 29.654819][ T6094] Memory state around the buggy address: [ 29.656040][ T6094] ffff000152167f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.657911][ T6094] ffff000152167f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.659679][ T6094] >ffff000152168000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.661443][ T6094] ^ [ 29.662766][ T6094] ffff000152168080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.664432][ T6094] ffff000152168100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.666257][ T6094] ================================================================== [ 29.668069][ T6094] Disabling lock debugging due to kernel taint [ 29.669409][ T6094] ================================================================================ [ 29.671462][ T6094] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2361:2 [ 29.673030][ T6094] index 134217728 is out of range for type 'struct iagctl[128]' [ 29.674708][ T6094] CPU: 1 PID: 6094 Comm: syz-executor537 Tainted: G B 6.7.0-rc8-syzkaller-g0802e17d9aca #0 [ 29.677091][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 29.679252][ T6094] Call trace: [ 29.679897][ T6094] dump_backtrace+0x1b8/0x1e4 [ 29.680999][ T6094] show_stack+0x2c/0x3c [ 29.681896][ T6094] dump_stack_lvl+0xd0/0x124 [ 29.682947][ T6094] dump_stack+0x1c/0x28 [ 29.683852][ T6094] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 29.685190][ T6094] diNewExt+0x2840/0x2b44 [ 29.686143][ T6094] diAllocAG+0xa68/0x1b8c [ 29.687202][ T6094] diAlloc+0x17c/0x15c4 [ 29.688149][ T6094] ialloc+0x84/0x78c [ 29.689034][ T6094] jfs_mkdir+0x190/0x9f4 [ 29.689981][ T6094] vfs_mkdir+0x27c/0x3e4 [ 29.690971][ T6094] do_mkdirat+0x248/0x574 [ 29.691917][ T6094] __arm64_sys_mkdirat+0x90/0xa8 [ 29.692987][ T6094] invoke_syscall+0x98/0x2b8 [ 29.694034][ T6094] el0_svc_common+0x130/0x23c [ 29.695113][ T