================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:628:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 0 PID: 4398 Comm: syz.2.9 Not tainted 6.1.132-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:282
 dtSearch+0x1718/0x1f34 fs/jfs/jfs_dtree.c:628
 jfs_lookup+0x164/0x39c fs/jfs/namei.c:1459
 lookup_one_qstr_excl+0x108/0x230 fs/namei.c:1605
 filename_create+0x230/0x468 fs/namei.c:3877
 do_mkdirat+0xac/0x510 fs/namei.c:4121
 __do_sys_mkdirat fs/namei.c:4146 [inline]
 __se_sys_mkdirat fs/namei.c:4144 [inline]
 __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
================================================================================
MetaData crosses page boundary!!
lblock = 6300000010, size  = -820051968
CPU: 0 PID: 4398 Comm: syz.2.9 Not tainted 6.1.132-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 __get_metapage+0xb48/0x1050 fs/jfs/jfs_metapage.c:596
 dtSearch+0x4e8/0x1f34 fs/jfs/jfs_dtree.c:623
 jfs_lookup+0x164/0x39c fs/jfs/namei.c:1459
 lookup_one_qstr_excl+0x108/0x230 fs/namei.c:1605
 filename_create+0x230/0x468 fs/namei.c:3877
 do_mkdirat+0xac/0x510 fs/namei.c:4121
 __do_sys_mkdirat fs/namei.c:4146 [inline]
 __se_sys_mkdirat fs/namei.c:4144 [inline]
 __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
bread failed!
jfs_lookup: dtSearch returned -5
MetaData crosses page boundary!!
lblock = 6300000010, size  = -820051968
CPU: 0 PID: 4398 Comm: syz.2.9 Not tainted 6.1.132-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 __get_metapage+0xb48/0x1050 fs/jfs/jfs_metapage.c:596
 dtSearch+0x4e8/0x1f34 fs/jfs/jfs_dtree.c:623
 jfs_lookup+0x164/0x39c fs/jfs/namei.c:1459
 __lookup_slow+0x250/0x374 fs/namei.c:1690
 lookup_slow+0x60/0x84 fs/namei.c:1707
 walk_component+0x280/0x36c fs/namei.c:1998
 lookup_last fs/namei.c:2455 [inline]
 path_lookupat+0x13c/0x3d0 fs/namei.c:2479
 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508
 user_path_at_empty+0x5c/0x84 fs/namei.c:2905
 user_path_at include/linux/namei.h:57 [inline]
 do_mount fs/namespace.c:3396 [inline]
 __do_sys_mount fs/namespace.c:3607 [inline]
 __se_sys_mount fs/namespace.c:3584 [inline]
 __arm64_sys_mount+0x460/0x588 fs/namespace.c:3584
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
bread failed!
jfs_lookup: dtSearch returned -5