[syzbot] UBSAN: array-index-out-of-bounds in dbAdjTree

[syzbot] UBSAN: array-index-out-of-bounds in dbAdjTree

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    1a61b828566f Merge tag 'char-misc-6.0-rc7' of git://git.ke..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=141e2650880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15dde8a8880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12018470880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/367e34e7ff83/disk-1a61b828.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/91a2819fe451/vmlinux-1a61b828.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+39ba34a099ac2e9bd3cb@syzkaller.appspotmail.com

================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2841:19
index 262145 is out of range for type 's8 [1365]'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
 dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
 dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
 dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
 dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
 dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
 txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 panic+0x2c8/0x627 kernel/panic.c:274
 ubsan_epilogue+0x4a/0x50 lib/ubsan.c:158
 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
 dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
 dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
 dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
 dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
 dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
 txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches