------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2902:18
index -3 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 UID: 0 PID: 6673 Comm: syz.1.40 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:119
 dump_stack+0x1c/0x28 lib/dump_stack.c:128
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0xf8/0x148 lib/ubsan.c:429
 dbAdjTree+0x2f4/0x480 fs/jfs/jfs_dmap.c:2902
 dbSplit+0x14c/0x1d8 fs/jfs/jfs_dmap.c:2660
 dbAllocBits+0x440/0x8e4 fs/jfs/jfs_dmap.c:2193
 dbAllocDmap+0x6c/0x128 fs/jfs/jfs_dmap.c:2034
 dbAllocNext+0x364/0x3a8 fs/jfs/jfs_dmap.c:1182
 dbAlloc+0x3d8/0xb68 fs/jfs/jfs_dmap.c:816
 extBalloc fs/jfs/jfs_extent.c:326 [inline]
 extAlloc+0x404/0xdec fs/jfs/jfs_extent.c:122
 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248
 __block_write_begin_int+0x580/0x166c fs/buffer.c:2125
 __block_write_begin fs/buffer.c:2174 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2235
 jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299
 generic_perform_write+0x2e8/0x8e0 mm/filemap.c:4019
 __generic_file_write_iter+0xfc/0x204 mm/filemap.c:4121
 generic_file_write_iter+0xb8/0x2b4 mm/filemap.c:4147
 __kernel_write_iter+0x328/0x77c fs/read_write.c:523
 dump_emit_page fs/coredump.c:893 [inline]
 dump_user_range+0x378/0x6b4 fs/coredump.c:954
 elf_core_dump+0x30a8/0x3854 fs/binfmt_elf.c:2116
 do_coredump+0x1440/0x2258 fs/coredump.c:767
 get_signal+0xf9c/0x1530 kernel/signal.c:2902
 do_signal+0x1c0/0x4364 arch/arm64/kernel/signal.c:1370
 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_da+0xbc/0x178 arch/arm64/kernel/entry-common.c:581
 el0t_64_sync_handler+0xcc/0xfc arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---[ end trace ]---
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2907:7
index -1 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 UID: 0 PID: 6673 Comm: syz.1.40 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:119
 dump_stack+0x1c/0x28 lib/dump_stack.c:128
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0xf8/0x148 lib/ubsan.c:429
 dbAdjTree+0x308/0x480 fs/jfs/jfs_dmap.c:2907
 dbSplit+0x14c/0x1d8 fs/jfs/jfs_dmap.c:2660
 dbAllocBits+0x440/0x8e4 fs/jfs/jfs_dmap.c:2193
 dbAllocDmap+0x6c/0x128 fs/jfs/jfs_dmap.c:2034
 dbAllocNext+0x364/0x3a8 fs/jfs/jfs_dmap.c:1182
 dbAlloc+0x3d8/0xb68 fs/jfs/jfs_dmap.c:816
 extBalloc fs/jfs/jfs_extent.c:326 [inline]
 extAlloc+0x404/0xdec fs/jfs/jfs_extent.c:122
 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248
 __block_write_begin_int+0x580/0x166c fs/buffer.c:2125
 __block_write_begin fs/buffer.c:2174 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2235
 jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299
 generic_perform_write+0x2e8/0x8e0 mm/filemap.c:4019
 __generic_file_write_iter+0xfc/0x204 mm/filemap.c:4121
 generic_file_write_iter+0xb8/0x2b4 mm/filemap.c:4147
 __kernel_write_iter+0x328/0x77c fs/read_write.c:523
 dump_emit_page fs/coredump.c:893 [inline]
 dump_user_range+0x378/0x6b4 fs/coredump.c:954
 elf_core_dump+0x30a8/0x3854 fs/binfmt_elf.c:2116
 do_coredump+0x1440/0x2258 fs/coredump.c:767
 get_signal+0xf9c/0x1530 kernel/signal.c:2902
 do_signal+0x1c0/0x4364 arch/arm64/kernel/signal.c:1370
 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_da+0xbc/0x178 arch/arm64/kernel/entry-common.c:581
 el0t_64_sync_handler+0xcc/0xfc arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---[ end trace ]---
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2912:3
index -1 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 UID: 0 PID: 6673 Comm: syz.1.40 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:119
 dump_stack+0x1c/0x28 lib/dump_stack.c:128
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0xf8/0x148 lib/ubsan.c:429
 dbAdjTree+0x34c/0x480 fs/jfs/jfs_dmap.c:2912
 dbSplit+0x14c/0x1d8 fs/jfs/jfs_dmap.c:2660
 dbAllocBits+0x440/0x8e4 fs/jfs/jfs_dmap.c:2193
 dbAllocDmap+0x6c/0x128 fs/jfs/jfs_dmap.c:2034
 dbAllocNext+0x364/0x3a8 fs/jfs/jfs_dmap.c:1182
 dbAlloc+0x3d8/0xb68 fs/jfs/jfs_dmap.c:816
 extBalloc fs/jfs/jfs_extent.c:326 [inline]
 extAlloc+0x404/0xdec fs/jfs/jfs_extent.c:122
 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248
 __block_write_begin_int+0x580/0x166c fs/buffer.c:2125
 __block_write_begin fs/buffer.c:2174 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2235
 jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299
 generic_perform_write+0x2e8/0x8e0 mm/filemap.c:4019
 __generic_file_write_iter+0xfc/0x204 mm/filemap.c:4121
 generic_file_write_iter+0xb8/0x2b4 mm/filemap.c:4147
 __kernel_write_iter+0x328/0x77c fs/read_write.c:523
 dump_emit_page fs/coredump.c:893 [inline]
 dump_user_range+0x378/0x6b4 fs/coredump.c:954
 elf_core_dump+0x30a8/0x3854 fs/binfmt_elf.c:2116
 do_coredump+0x1440/0x2258 fs/coredump.c:767
 get_signal+0xf9c/0x1530 kernel/signal.c:2902
 do_signal+0x1c0/0x4364 arch/arm64/kernel/signal.c:1370
 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_da+0xbc/0x178 arch/arm64/kernel/entry-common.c:581
 el0t_64_sync_handler+0xcc/0xfc arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---[ end trace ]---
read_mapping_page failed!