Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.215660][ T3962] loop0: detected capacity change from 0 to 32768 [ 45.231598][ T3962] ================================================================================ [ 45.233709][ T3962] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2306:2 [ 45.235350][ T3962] index 2000 is out of range for type 's64[128]' (aka 'long long[128]') [ 45.237102][ T3962] CPU: 0 PID: 3962 Comm: syz-executor219 Not tainted 5.15.112-syzkaller #0 [ 45.239008][ T3962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 45.241202][ T3962] Call trace: [ 45.241927][ T3962] dump_backtrace+0x0/0x530 [ 45.242890][ T3962] show_stack+0x2c/0x3c [ 45.243749][ T3962] dump_stack_lvl+0x108/0x170 [ 45.244773][ T3962] dump_stack+0x1c/0x58 [ 45.245696][ T3962] __ubsan_handle_out_of_bounds+0x108/0x15c [ 45.246934][ T3962] dbAllocBits+0x8a4/0x8d0 [ 45.247892][ T3962] dbAllocNear+0x224/0x334 [ 45.248890][ T3962] dbAlloc+0x804/0xa18 [ 45.249792][ T3962] ea_get+0x6f8/0xef0 [ 45.250605][ T3962] __jfs_setxattr+0x41c/0x13ac [ 45.251685][ T3962] __jfs_set_acl+0x108/0x1a4 [ 45.252719][ T3962] jfs_set_acl+0x1f0/0x45c [ 45.253677][ T3962] posix_acl_xattr_set+0x2cc/0x378 [ 45.254781][ T3962] __vfs_setxattr+0x388/0x3a4 [ 45.255757][ T3962] __vfs_setxattr_noperm+0x110/0x528 [ 45.256982][ T3962] __vfs_setxattr_locked+0x1ec/0x218 [ 45.258161][ T3962] vfs_setxattr+0x1a8/0x344 [ 45.259184][ T3962] setxattr+0x250/0x2b4 [ 45.260089][ T3962] path_setxattr+0x17c/0x258 [ 45.261030][ T3962] __arm64_sys_lsetxattr+0xbc/0xd8 [ 45.262145][ T3962] invoke_syscall+0x98/0x2b8 [ 45.263135][ T3962] el0_svc_common+0x138/0x258 [ 45.264187][ T3962] do_el0_svc+0x58/0x14c [ 45.265091][ T3962] el0_svc+0x7c/0x1f0 [ 45.265925][ T3962] el0t_64_sync_handler+0x84/0xe4 [ 45.266974][ T3962] el0t_64_sync+0x1a0/0x1a4 [ 45.268463][ T3962] ================================================================================ [ 45.270654][ T3962] ================================================================== [ 45.272577][ T3962] BUG: KASAN: slab-out-of-bounds in dbAllocBits+0x7a8/0x8d0 [ 45.274200][ T3962] Read of size 8 at addr ffff0000c8ea3eb8 by task syz-executor219/3962 [ 45.276062][ T3962] [ 45.276531][ T3962] CPU: 0 PID: 3962 Comm: syz-executor219 Not tainted 5.15.112-syzkaller #0 [ 45.278409][ T3962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 45.280649][ T3962] Call trace: [ 45.281369][ T3962] dump_backtrace+0x0/0x530 [ 45.282338][ T3962] show_stack+0x2c/0x3c [ 45.283254][ T3962] dump_stack_lvl+0x108/0x170 [ 45.284281][ T3962] print_address_description+0x7c/0x3f0 [ 45.285414][ T3962] kasan_report+0x174/0x1e4 [ 45.286418][ T3962] __asan_report_load8_noabort+0x44/0x50 [ 45.287663][ T3962] dbAllocBits+0x7a8/0x8d0 [ 45.288594][ T3962] dbAllocNear+0x224/0x334 [ 45.289581][ T3962] dbAlloc+0x804/0xa18 [ 45.290471][ T3962] ea_get+0x6f8/0xef0 [ 45.291359][ T3962] __jfs_setxattr+0x41c/0x13ac [ 45.292364][ T3962] __jfs_set_acl+0x108/0x1a4 [ 45.293356][ T3962] jfs_set_acl+0x1f0/0x45c [ 45.294335][ T3962] posix_acl_xattr_set+0x2cc/0x378 [ 45.295510][ T3962] __vfs_setxattr+0x388/0x3a4 [ 45.296591][ T3962] __vfs_setxattr_noperm+0x110/0x528 [ 45.297775][ T3962] __vfs_setxattr_locked+0x1ec/0x218 [ 45.298912][ T3962] vfs_setxattr+0x1a8/0x344 [ 45.299848][ T3962] setxattr+0x250/0x2b4 [ 45.300779][ T3962] path_setxattr+0x17c/0x258 [ 45.301769][ T3962] __arm64_sys_lsetxattr+0xbc/0xd8 [ 45.302947][ T3962] invoke_syscall+0x98/0x2b8 [ 45.303974][ T3962] el0_svc_common+0x138/0x258 [ 45.305001][ T3962] do_el0_svc+0x58/0x14c [ 45.305904][ T3962] el0_svc+0x7c/0x1f0 [ 45.306828][ T3962] el0t_64_sync_handler+0x84/0xe4 [ 45.307840][ T3962] el0t_64_sync+0x1a0/0x1a4 [ 45.308867][ T3962] [ 45.309401][ T3962] Allocated by task 0: [ 45.310404][ T3962] (stack is not available) [ 45.311437][ T3962] [ 45.311949][ T3962] The buggy address belongs to the object at ffff0000c8ea3000 [ 45.311949][ T3962] which belongs to the cache kmalloc-2k of size 2048 [ 45.314946][ T3962] The buggy address is located 1720 bytes to the right of [ 45.314946][ T3962] 2048-byte region [ffff0000c8ea3000, ffff0000c8ea3800) [ 45.318015][ T3962] The buggy address belongs to the page: [ 45.319231][ T3962] page:00000000a47a5561 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ea0 [ 45.321489][ T3962] head:00000000a47a5561 order:3 compound_mapcount:0 compound_pincount:0 [ 45.323237][ T3962] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 45.325122][ T3962] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 45.326978][ T3962] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 45.328840][ T3962] page dumped because: kasan: bad access detected [ 45.330268][ T3962] [ 45.330769][ T3962] Memory state around the buggy address: [ 45.331973][ T3962] ffff0000c8ea3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.333749][ T3962] ffff0000c8ea3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.335433][ T3962] >ffff0000c8ea3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.337159][ T3962] ^ [ 45.338439][ T3962] ffff0000c8ea3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.340207][ T3962] ffff0000c8ea3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.341931][ T3962] ================================================================== [ 45.343667][ T3962] Disabling lock debugging due to kernel taint [ 45.345205][ T3962] JFS: metapage_get_blocks failed [ 45.346283][ T3962] ERROR: (device loop0): release_metapage: write_one_page() failed [ 45.346283][ T3962] [ 45.348773][ T3962] ERROR: (device loop0): remounting filesystem as read-only