================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:886:2
index -134217728 is out of range for type 'struct mutex[128]'
CPU: 0 PID: 239 Comm: jfsCommit Not tainted 5.15.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x108/0x15c lib/ubsan.c:282
 diFree+0x1994/0x26c0 fs/jfs/jfs_imap.c:886
 jfs_evict_inode+0x2d8/0x408 fs/jfs/inode.c:156
 evict+0x260/0x68c fs/inode.c:587
 iput_final fs/inode.c:1705 [inline]
 iput+0x744/0x824 fs/inode.c:1731
 txUpdateMap+0x76c/0x914 fs/jfs/jfs_txnmgr.c:2401
 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline]
 jfs_lazycommit+0x3b0/0xa40 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
================================================================================
Unable to handle kernel paging request at virtual address ffff5fff8b2b0123
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001b498e000
[ffff5fff8b2b0123] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 239 Comm: jfsCommit Not tainted 5.15.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mutex_lock_common+0xf8/0x2154 kernel/locking/mutex.c:575
lr : __mutex_lock_common+0xd0/0x2154 kernel/locking/mutex.c:573
sp : ffff80001afd75a0
x29: ffff80001afd7730 x28: dfff800000000000 x27: 1ffff0000308a5a4
x26: ffff800018452000 x25: ffff7000035faed0 x24: 0000000000000000
x23: 0000000000000000 x22: ffff8000098aab90 x21: 0000000000000000
x20: 0000000000000000 x19: fffefffc595808b8 x18: 0000000000000001
x17: 0000000000000000 x16: ffff8000082ea3dc x15: 00000000ffffffff
x14: ffff0000c65cd1c0 x13: 0000000000000001 x12: 0000000000000005
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003
x8 : 1fffdfff8b2b0123 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000000 x1 : ffff800011afbfc0 x0 : fffefffc59580918
Call trace:
 __mutex_lock_common+0xf8/0x2154 kernel/locking/mutex.c:575
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0xa4/0xf8 kernel/locking/mutex.c:743
 diFree+0x2cc/0x26c0 fs/jfs/jfs_imap.c:886
 jfs_evict_inode+0x2d8/0x408 fs/jfs/inode.c:156
 evict+0x260/0x68c fs/inode.c:587
 iput_final fs/inode.c:1705 [inline]
 iput+0x744/0x824 fs/inode.c:1731
 txUpdateMap+0x76c/0x914 fs/jfs/jfs_txnmgr.c:2401
 txLazyCommit fs/jfs/jfs_txnmgr.c:2698 [inline]
 jfs_lazycommit+0x3b0/0xa40 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
Code: b94d2348 35000128 91018260 d343fc08 (387c6908) 
---[ end trace 9f68e3a993536d4d ]---
----------------
Code disassembly (best guess):
   0:	b94d2348 	ldr	w8, [x26, #3360]
   4:	35000128 	cbnz	w8, 0x28
   8:	91018260 	add	x0, x19, #0x60
   c:	d343fc08 	lsr	x8, x0, #3
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction