Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. executing program [ 42.448127][ T4216] loop0: detected capacity change from 0 to 32768 [ 42.466184][ T4216] ================================================================================ [ 42.468326][ T4216] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2238:2 [ 42.469968][ T4216] index 2000 is out of range for type 's64[128]' (aka 'long long[128]') [ 42.471760][ T4216] CPU: 1 PID: 4216 Comm: syz-executor247 Not tainted 6.1.29-syzkaller #0 [ 42.473522][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 42.475726][ T4216] Call trace: [ 42.476401][ T4216] dump_backtrace+0x1c8/0x1f4 [ 42.477429][ T4216] show_stack+0x2c/0x3c [ 42.478462][ T4216] dump_stack_lvl+0x108/0x170 [ 42.479500][ T4216] dump_stack+0x1c/0x5c [ 42.480450][ T4216] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 42.481736][ T4216] dbAllocBits+0x8a4/0x8d0 [ 42.482720][ T4216] dbAllocNear+0x224/0x334 [ 42.483736][ T4216] dbAlloc+0x8b4/0xb68 [ 42.484602][ T4216] ea_get+0x6f8/0xef0 [ 42.485444][ T4216] __jfs_setxattr+0x41c/0x1338 [ 42.486516][ T4216] __jfs_set_acl+0x108/0x1a4 [ 42.487523][ T4216] jfs_set_acl+0x1f0/0x45c [ 42.488484][ T4216] posix_acl_xattr_set+0x2f8/0x398 [ 42.489600][ T4216] __vfs_setxattr+0x388/0x3a4 [ 42.490700][ T4216] __vfs_setxattr_noperm+0x110/0x528 [ 42.491819][ T4216] __vfs_setxattr_locked+0x1ec/0x218 [ 42.493000][ T4216] vfs_setxattr+0x1a8/0x344 [ 42.494052][ T4216] setxattr+0x230/0x294 [ 42.494883][ T4216] path_setxattr+0x17c/0x258 [ 42.495860][ T4216] __arm64_sys_lsetxattr+0xbc/0xd8 [ 42.496908][ T4216] invoke_syscall+0x98/0x2c0 [ 42.497875][ T4216] el0_svc_common+0x138/0x258 [ 42.498922][ T4216] do_el0_svc+0x64/0x218 [ 42.499830][ T4216] el0_svc+0x58/0x168 [ 42.500683][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 42.501980][ T4216] el0t_64_sync+0x18c/0x190 [ 42.503063][ T4216] ================================================================================ [ 42.505082][ T4216] ================================================================== [ 42.506804][ T4216] BUG: KASAN: slab-out-of-bounds in dbAllocBits+0x7a8/0x8d0 [ 42.508484][ T4216] Read of size 8 at addr ffff0000d2446eb8 by task syz-executor247/4216 [ 42.510322][ T4216] [ 42.510836][ T4216] CPU: 1 PID: 4216 Comm: syz-executor247 Not tainted 6.1.29-syzkaller #0 [ 42.512631][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 42.514851][ T4216] Call trace: [ 42.515559][ T4216] dump_backtrace+0x1c8/0x1f4 [ 42.516552][ T4216] show_stack+0x2c/0x3c [ 42.517482][ T4216] dump_stack_lvl+0x108/0x170 [ 42.518551][ T4216] print_report+0x174/0x4c0 [ 42.519540][ T4216] kasan_report+0xd4/0x130 [ 42.520498][ T4216] __asan_report_load8_noabort+0x2c/0x38 [ 42.521839][ T4216] dbAllocBits+0x7a8/0x8d0 [ 42.522813][ T4216] dbAllocNear+0x224/0x334 [ 42.523785][ T4216] dbAlloc+0x8b4/0xb68 [ 42.524652][ T4216] ea_get+0x6f8/0xef0 [ 42.525513][ T4216] __jfs_setxattr+0x41c/0x1338 [ 42.526591][ T4216] __jfs_set_acl+0x108/0x1a4 [ 42.527595][ T4216] jfs_set_acl+0x1f0/0x45c [ 42.528555][ T4216] posix_acl_xattr_set+0x2f8/0x398 [ 42.529705][ T4216] __vfs_setxattr+0x388/0x3a4 [ 42.530806][ T4216] __vfs_setxattr_noperm+0x110/0x528 [ 42.532003][ T4216] __vfs_setxattr_locked+0x1ec/0x218 [ 42.533216][ T4216] vfs_setxattr+0x1a8/0x344 [ 42.534185][ T4216] setxattr+0x230/0x294 [ 42.535100][ T4216] path_setxattr+0x17c/0x258 [ 42.536122][ T4216] __arm64_sys_lsetxattr+0xbc/0xd8 [ 42.537226][ T4216] invoke_syscall+0x98/0x2c0 [ 42.538257][ T4216] el0_svc_common+0x138/0x258 [ 42.539303][ T4216] do_el0_svc+0x64/0x218 [ 42.540222][ T4216] el0_svc+0x58/0x168 [ 42.541068][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 42.542162][ T4216] el0t_64_sync+0x18c/0x190 [ 42.543141][ T4216] [ 42.543691][ T4216] The buggy address belongs to the object at ffff0000d2446000 [ 42.543691][ T4216] which belongs to the cache kmalloc-2k of size 2048 [ 42.546981][ T4216] The buggy address is located 1720 bytes to the right of [ 42.546981][ T4216] 2048-byte region [ffff0000d2446000, ffff0000d2446800) [ 42.549980][ T4216] [ 42.550510][ T4216] The buggy address belongs to the physical page: [ 42.551953][ T4216] page:000000005eac5069 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112440 [ 42.554158][ T4216] head:000000005eac5069 order:3 compound_mapcount:0 compound_pincount:0 [ 42.556084][ T4216] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 42.557815][ T4216] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 42.559673][ T4216] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 42.561540][ T4216] page dumped because: kasan: bad access detected [ 42.562911][ T4216] [ 42.563381][ T4216] Memory state around the buggy address: [ 42.564531][ T4216] ffff0000d2446d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.566343][ T4216] ffff0000d2446e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.568052][ T4216] >ffff0000d2446e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.569863][ T4216] ^ [ 42.571112][ T4216] ffff0000d2446f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.572941][ T4216] ffff0000d2446f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.574607][ T4216] ================================================================== [ 42.576421][ T4216] Disabling lock debugging due to kernel taint [ 42.577858][ T4216] JFS: metapage_get_blocks failed [ 42.578926][ T4216] ERROR: (device loop0): release_metapage: write_one_page() failed [ 42.578926][ T4216] [ 42.581335][ T4216] ERROR: (device loop0): remounting filesystem as read-only