================================================================== BUG: KASAN: stack-out-of-bounds in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] BUG: KASAN: stack-out-of-bounds in jhash+0x52c/0x670 include/linux/jhash.h:82 Read of size 4 at addr ffffc9000116fa20 by task syz-executor.4/1810 CPU: 1 PID: 1810 Comm: syz-executor.4 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x41/0x5e lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x30a mm/kasan/report.c:256 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] jhash+0x52c/0x670 include/linux/jhash.h:82 hash kernel/bpf/bloom_filter.c:38 [inline] peek_elem+0x35e/0x4e0 kernel/bpf/bloom_filter.c:50 ____bpf_map_peek_elem kernel/bpf/helpers.c:108 [inline] bpf_map_peek_elem+0x51/0x80 kernel/bpf/helpers.c:106 ___bpf_prog_run+0x2ea0/0x7130 kernel/bpf/core.c:1549 __bpf_prog_run32+0x79/0xb0 kernel/bpf/core.c:1775 bpf_dispatcher_nop_func include/linux/bpf.h:721 [inline] __bpf_prog_run include/linux/filter.h:624 [inline] bpf_prog_run include/linux/filter.h:631 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1951 [inline] bpf_trace_run8+0xf3/0x1e0 kernel/trace/bpf_trace.c:1994 __traceiter_jbd2_handle_stats+0x83/0xe0 include/trace/events/jbd2.h:210 trace_jbd2_handle_stats include/trace/events/jbd2.h:210 [inline] jbd2_journal_stop+0x6f6/0xca0 fs/jbd2/transaction.c:1833 __ext4_journal_stop+0xc0/0x1a0 fs/ext4/ext4_jbd2.c:127 ext4_mkdir+0x4dc/0x860 fs/ext4/namei.c:2970 vfs_mkdir+0x442/0x730 fs/namei.c:3885 do_mkdirat+0x20f/0x280 fs/namei.c:3911 __do_sys_mkdirat fs/namei.c:3926 [inline] __se_sys_mkdirat fs/namei.c:3924 [inline] __x64_sys_mkdirat+0xef/0x140 fs/namei.c:3924 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f6273e498e7 Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffaad07a08 EFLAGS: 00000202 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007fffaad07a90 RCX: 00007f6273e498e7 RDX: 00000000000001ff RSI: 00007fffaad07a90 RDI: 00000000ffffff9c RBP: 0000000000000003 R08: 0000000000000003 R09: 00007fffaad077a7 R10: 0000000000000000 R11: 0000000000000202 R12: 00007f6273f46e28 R13: 00007f6273f46120 R14: 0000000000000003 R15: 00007fffaad07ad0 addr ffffc9000116fa20 is located in stack of task syz-executor.4/1810 at offset 64 in frame: __bpf_prog_run32+0x0/0xb0 this frame has 2 objects: [32, 64) 'stack' [96, 192) 'regs' Memory state around the buggy address: ffffc9000116f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000116f980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 >ffffc9000116fa00: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00 ^ ffffc9000116fa80: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 f1 f1 ffffc9000116fb00: f1 f1 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 ==================================================================