./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3605238765 <...> Warning: Permanently added '10.128.0.221' (ED25519) to the list of known hosts. execve("./syz-executor3605238765", ["./syz-executor3605238765"], 0x7ffddeab8a10 /* 10 vars */) = 0 brk(NULL) = 0x555572219000 brk(0x555572219d00) = 0x555572219d00 arch_prctl(ARCH_SET_FS, 0x555572219380) = 0 set_tid_address(0x555572219650) = 5826 set_robust_list(0x555572219660, 24) = 0 rseq(0x555572219ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3605238765", 4096) = 28 getrandom("\x7c\xed\xd3\xb0\xff\x1d\xcd\x6f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555572219d00 brk(0x55557223ad00) = 0x55557223ad00 brk(0x55557223b000) = 0x55557223b000 mprotect(0x7f6c7809b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached [pid 5827] set_robust_list(0x555572219660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555572219650) = 5827 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 [pid 5827] write(1, "executing program\n", 18executing program ) = 18 [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5827] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5827] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file1", 0777) = 0 syzkaller login: [ 75.371970][ T5827] loop0: detected capacity change from 0 to 32768 [ 75.433094][ T5827] OCFS2: ERROR (device loop0): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 66 has bad blkno in extent list at depth 65533 (index 52) [ 75.453405][ T5827] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 75.463733][ T5827] OCFS2: File system is now read-only. [ 75.469622][ T5827] (syz-executor360,5827,1):ocfs2_find_leaf:1940 ERROR: status = -30 [ 75.478052][ T5827] (syz-executor360,5827,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 75.487707][ T5827] (syz-executor360,5827,1):ocfs2_get_clusters:624 ERROR: status = -30 [ 75.496068][ T5827] (syz-executor360,5827,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 75.505206][ T5827] (syz-executor360,5827,1):ocfs2_read_virt_blocks:987 ERROR: status = -30 [ 75.514511][ T5827] (syz-executor360,5827,1):ocfs2_read_dir_block:511 ERROR: status = -30 [ 75.524234][ T5827] (syz-executor360,5827,1):ocfs2_init_global_system_inodes:461 ERROR: status = -30 [pid 5827] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EROFS (Read-only file system) [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = 0 [ 75.534005][ T5827] (syz-executor360,5827,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 75.534043][ T5827] (syz-executor360,5827,1):ocfs2_init_global_system_inodes:472 ERROR: status = -30 [ 75.556154][ T5827] (syz-executor360,5827,1):ocfs2_initialize_super:2250 ERROR: status = -30 [ 75.565154][ T5827] (syz-executor360,5827,1):ocfs2_fill_super:1178 ERROR: status = -30 [pid 5827] close(3) = 0 [pid 5827] exit_group(0) = ? [pid 5827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5827, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached [pid 5829] set_robust_list(0x555572219660, 24) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5826] <... clone resumed>, child_tidptr=0x555572219650) = 5829 [pid 5829] <... prctl resumed>) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] memfd_create("syzkaller", 0) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5829] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5829] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 75.975024][ T5829] loop0: detected capacity change from 0 to 32768 [ 76.032738][ T5829] OCFS2: ERROR (device loop0): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 66 has bad blkno in extent list at depth 65533 (index 583) [ 76.053238][ T5829] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 76.063895][ T5829] OCFS2: File system is now read-only. [ 76.069509][ T5829] (syz-executor360,5829,0):ocfs2_find_leaf:1940 ERROR: status = -30 [ 76.078564][ T5829] (syz-executor360,5829,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 76.087509][ T5829] (syz-executor360,5829,0):ocfs2_get_clusters:624 ERROR: status = -30 [ 76.095721][ T5829] (syz-executor360,5829,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 76.104768][ T5829] (syz-executor360,5829,0):ocfs2_read_virt_blocks:987 ERROR: status = -30 [ 76.113383][ T5829] (syz-executor360,5829,0):ocfs2_read_dir_block:511 ERROR: status = -30 [ 76.122008][ T5829] (syz-executor360,5829,0):ocfs2_init_global_system_inodes:461 ERROR: status = -30 [pid 5829] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EROFS (Read-only file system) [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [ 76.131487][ T5829] (syz-executor360,5829,0):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 76.131522][ T5829] (syz-executor360,5829,0):ocfs2_init_global_system_inodes:472 ERROR: status = -30 [ 76.153758][ T5829] (syz-executor360,5829,1):ocfs2_initialize_super:2250 ERROR: status = -30 [ 76.162672][ T5829] (syz-executor360,5829,0):ocfs2_fill_super:1178 ERROR: status = -30 [pid 5829] close(3) = 0 [pid 5829] exit_group(0) = ? [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x555572219660, 24) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x555572219650) = 5830 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] write(1, "executing program\n", 18executing program ) = 18 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5830] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5830] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 76.590325][ T5830] loop0: detected capacity change from 0 to 32768 [ 76.633315][ T5830] grow_buffers: requested out-of-range block 31634547644825615 for device loop0 [ 76.642710][ T5830] (syz-executor360,5830,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 76.650966][ T5830] (syz-executor360,5830,1):__ocfs2_find_path:1844 ERROR: status = -12 [ 76.659256][ T5830] (syz-executor360,5830,1):ocfs2_find_leaf:1940 ERROR: status = -12 [ 76.667320][ T5830] (syz-executor360,5830,1):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 76.676199][ T5830] (syz-executor360,5830,1):ocfs2_get_clusters:624 ERROR: status = -12 [ 76.684425][ T5830] (syz-executor360,5830,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 76.693465][ T5830] (syz-executor360,5830,1):ocfs2_read_virt_blocks:987 ERROR: status = -12 [ 76.702493][ T5830] (syz-executor360,5830,1):ocfs2_read_dir_block:511 ERROR: status = -12 [ 76.711113][ T5830] (syz-executor360,5830,1):ocfs2_init_global_system_inodes:461 ERROR: status = -22 [ 76.720511][ T5830] (syz-executor360,5830,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [pid 5830] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [ 76.720546][ T5830] (syz-executor360,5830,1):ocfs2_init_global_system_inodes:472 ERROR: status = -22 [ 76.742632][ T5830] (syz-executor360,5830,1):ocfs2_initialize_super:2250 ERROR: status = -22 [ 76.751395][ T5830] (syz-executor360,5830,1):ocfs2_fill_super:1178 ERROR: status = -22 [pid 5830] close(3) = 0 [pid 5830] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x555572219660, 24) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x555572219650) = 5831 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 executing program [pid 5831] write(1, "executing program\n", 18) = 18 [pid 5831] memfd_create("syzkaller", 0) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5831] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5831] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 77.237904][ T5831] loop0: detected capacity change from 0 to 32768 [ 77.272478][ T5831] (syz-executor360,5831,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 77.280983][ T5831] (syz-executor360,5831,1):__ocfs2_find_path:1844 ERROR: status = -12 [ 77.289330][ T5831] (syz-executor360,5831,1):ocfs2_find_leaf:1940 ERROR: status = -12 [ 77.297512][ T5831] (syz-executor360,5831,1):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 77.307035][ T5831] (syz-executor360,5831,1):ocfs2_get_clusters:624 ERROR: status = -12 [ 77.315360][ T5831] (syz-executor360,5831,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 77.324447][ T5831] (syz-executor360,5831,1):ocfs2_read_virt_blocks:987 ERROR: status = -12 [ 77.333013][ T5831] (syz-executor360,5831,1):ocfs2_read_dir_block:511 ERROR: status = -12 [ 77.341579][ T5831] (syz-executor360,5831,1):ocfs2_init_global_system_inodes:461 ERROR: status = -22 [ 77.350933][ T5831] (syz-executor360,5831,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 77.350958][ T5831] (syz-executor360,5831,1):ocfs2_init_global_system_inodes:472 ERROR: status = -22 [ 77.373003][ T5831] (syz-executor360,5831,1):ocfs2_initialize_super:2250 ERROR: status = -22 [pid 5831] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [ 77.381773][ T5831] (syz-executor360,5831,1):ocfs2_fill_super:1178 ERROR: status = -22 [pid 5831] close(3) = 0 [pid 5831] exit_group(0) = ? [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x555572219650) = 5832 [pid 5832] set_robust_list(0x555572219660, 24) = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3executing program ) = 0 [pid 5832] write(1, "executing program\n", 18) = 18 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5832] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5832] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 77.837972][ T5832] loop0: detected capacity change from 0 to 32768 [ 77.872499][ T5832] grow_buffers: requested out-of-range block 16501751984854467073 for device loop0 [ 77.881970][ T5832] (syz-executor360,5832,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 77.890628][ T5832] (syz-executor360,5832,0):__ocfs2_find_path:1844 ERROR: status = -12 [ 77.899417][ T5832] (syz-executor360,5832,0):ocfs2_find_leaf:1940 ERROR: status = -12 [ 77.908578][ T5832] (syz-executor360,5832,0):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 77.917555][ T5832] (syz-executor360,5832,0):ocfs2_get_clusters:624 ERROR: status = -12 [ 77.925757][ T5832] (syz-executor360,5832,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 77.934810][ T5832] (syz-executor360,5832,0):ocfs2_read_virt_blocks:987 ERROR: status = -12 [ 77.943533][ T5832] (syz-executor360,5832,0):ocfs2_read_dir_block:511 ERROR: status = -12 [ 77.952081][ T5832] (syz-executor360,5832,0):ocfs2_init_global_system_inodes:461 ERROR: status = -22 [ 77.961475][ T5832] (syz-executor360,5832,0):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 77.961501][ T5832] (syz-executor360,5832,0):ocfs2_init_global_system_inodes:472 ERROR: status = -22 [pid 5832] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [ 77.984132][ T5832] (syz-executor360,5832,0):ocfs2_initialize_super:2250 ERROR: status = -22 [ 77.992907][ T5832] (syz-executor360,5832,0):ocfs2_fill_super:1178 ERROR: status = -22 [pid 5832] close(3) = 0 [pid 5832] exit_group(0) = ? [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x555572219660, 24) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5826] <... clone resumed>, child_tidptr=0x555572219650) = 5833 [pid 5833] <... prctl resumed>) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5833] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5833] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 78.425332][ T5833] loop0: detected capacity change from 0 to 32768 [ 78.459328][ T5833] OCFS2: ERROR (device loop0): int ocfs2_validate_extent_block(struct super_block *, struct buffer_head *): Extent block #6 has bad signature [ 78.474187][ T5833] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 78.484236][ T5833] OCFS2: File system is now read-only. [ 78.490015][ T5833] (syz-executor360,5833,0):__ocfs2_find_path:1844 ERROR: status = -30 [ 78.498303][ T5833] (syz-executor360,5833,0):ocfs2_find_leaf:1940 ERROR: status = -30 [ 78.506359][ T5833] (syz-executor360,5833,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 78.515239][ T5833] (syz-executor360,5833,0):ocfs2_get_clusters:624 ERROR: status = -30 [ 78.523471][ T5833] (syz-executor360,5833,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 78.532461][ T5833] (syz-executor360,5833,0):ocfs2_read_virt_blocks:987 ERROR: status = -30 [ 78.541079][ T5833] (syz-executor360,5833,0):ocfs2_read_dir_block:511 ERROR: status = -30 [ 78.549854][ T5833] (syz-executor360,5833,0):ocfs2_init_global_system_inodes:461 ERROR: status = -30 [ 78.559258][ T5833] (syz-executor360,5833,0):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [pid 5833] mount("/dev/loop0", "./file1", "ocfs2", MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = -1 EROFS (Read-only file system) [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 78.559293][ T5833] (syz-executor360,5833,0):ocfs2_init_global_system_inodes:472 ERROR: status = -30 [ 78.581565][ T5833] (syz-executor360,5833,0):ocfs2_initialize_super:2250 ERROR: status = -30 [ 78.590331][ T5833] (syz-executor360,5833,0):ocfs2_fill_super:1178 ERROR: status = -30 [pid 5833] close(3) = 0 [pid 5833] exit_group(0) = ? [pid 5833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 78.711510][ T5833] syz-executor360 (5833) used greatest stack depth: 19072 bytes left close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached , child_tidptr=0x555572219650) = 5834 [pid 5834] set_robust_list(0x555572219660, 24) = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 executing program [pid 5834] write(1, "executing program\n", 18) = 18 [pid 5834] memfd_create("syzkaller", 0) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c6fa00000 [pid 5834] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5834] munmap(0x7f6c6fa00000, 138412032) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5834] close(3) = 0 [pid 5834] close(4) = 0 [pid 5834] mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 79.091452][ T5834] loop0: detected capacity change from 0 to 32768 [ 79.123669][ T5834] ================================================================== [ 79.131805][ T5834] BUG: KASAN: use-after-free in __ocfs2_find_path+0x203/0x7e0 [ 79.139360][ T5834] Read of size 4 at addr ffff888071aa1000 by task syz-executor360/5834 [ 79.147636][ T5834] [ 79.149982][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor360 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 79.161114][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 79.171196][ T5834] Call Trace: [ 79.174519][ T5834] [ 79.177499][ T5834] dump_stack_lvl+0x241/0x360 [ 79.182229][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.187440][ T5834] ? __pfx__printk+0x10/0x10 [ 79.192041][ T5834] ? _printk+0xd5/0x120 [ 79.196257][ T5834] ? __virt_addr_valid+0x183/0x530 [ 79.201400][ T5834] ? __virt_addr_valid+0x183/0x530 [ 79.206521][ T5834] print_report+0x169/0x550 [ 79.211042][ T5834] ? __virt_addr_valid+0x183/0x530 [ 79.216154][ T5834] ? __virt_addr_valid+0x183/0x530 [ 79.221263][ T5834] ? __virt_addr_valid+0x45f/0x530 [ 79.226387][ T5834] ? __phys_addr+0xba/0x170 [ 79.230893][ T5834] ? __ocfs2_find_path+0x203/0x7e0 [ 79.236013][ T5834] kasan_report+0x143/0x180 [ 79.240527][ T5834] ? __ocfs2_find_path+0x203/0x7e0 [ 79.245645][ T5834] __ocfs2_find_path+0x203/0x7e0 [ 79.250591][ T5834] ? __pfx_find_leaf_ins+0x10/0x10 [ 79.255715][ T5834] ? __pfx___ocfs2_find_path+0x10/0x10 [ 79.261188][ T5834] ? __pfx_ocfs2_validate_inode_block+0x10/0x10 [ 79.267438][ T5834] ocfs2_find_leaf+0xcf/0x230 [ 79.272124][ T5834] ? __pfx_ocfs2_find_leaf+0x10/0x10 [ 79.277415][ T5834] ? __pfx_ocfs2_validate_inode_block+0x10/0x10 [ 79.283666][ T5834] ocfs2_get_clusters_nocache+0x1ad/0xbf0 [ 79.289403][ T5834] ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10 [ 79.295649][ T5834] ? ocfs2_read_inode_block+0x14c/0x1e0 [ 79.301207][ T5834] ? __pfx_ocfs2_read_inode_block+0x10/0x10 [ 79.307122][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 79.312356][ T5834] ocfs2_get_clusters+0x5bd/0xbd0 [ 79.317408][ T5834] ? __pfx_ocfs2_get_clusters+0x10/0x10 [ 79.322975][ T5834] ? mark_lock+0x9a/0x360 [ 79.327305][ T5834] ? __pfx_lock_acquire+0x10/0x10 [ 79.332336][ T5834] ? validate_chain+0x11e/0x5920 [ 79.337279][ T5834] ocfs2_extent_map_get_blocks+0x24c/0x7d0 [ 79.343098][ T5834] ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10 [ 79.349455][ T5834] ocfs2_read_virt_blocks+0x313/0xb20 [ 79.354856][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 79.360074][ T5834] ? __pfx_ocfs2_validate_dir_block+0x10/0x10 [ 79.366154][ T5834] ? __pfx_ocfs2_read_virt_blocks+0x10/0x10 [ 79.372058][ T5834] ? __lock_acquire+0x1384/0x2050 [ 79.377093][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 79.382296][ T5834] ocfs2_find_entry+0x43b/0x2780 [ 79.387316][ T5834] ? __pfx_ocfs2_find_entry+0x10/0x10 [ 79.392737][ T5834] ? __asan_memset+0x23/0x50 [ 79.397338][ T5834] ? lockdep_init_map_type+0xa1/0x910 [ 79.402722][ T5834] ? __pfx_register_lock_class+0x10/0x10 [ 79.408369][ T5834] ? mark_lock+0x9a/0x360 [ 79.412709][ T5834] ? __lock_acquire+0x1384/0x2050 [ 79.417848][ T5834] ? format_decode+0xc5f/0x1bb0 [ 79.422720][ T5834] ? __pfx_format_decode+0x10/0x10 [ 79.427844][ T5834] ? string+0x26a/0x2b0 [ 79.432008][ T5834] ? widen_string+0x3a/0x310 [ 79.436623][ T5834] ? string+0x26a/0x2b0 [ 79.440796][ T5834] ? vsnprintf+0x1ccd/0x1da0 [ 79.445407][ T5834] ocfs2_find_files_on_disk+0xff/0x360 [ 79.450890][ T5834] ocfs2_lookup_ino_from_name+0xb1/0x1e0 [ 79.456565][ T5834] ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10 [ 79.462824][ T5834] ? kasan_save_track+0x51/0x80 [ 79.467681][ T5834] ? kasan_save_track+0x3f/0x80 [ 79.472573][ T5834] ? __kasan_kmalloc+0x98/0xb0 [ 79.477355][ T5834] ? ocfs2_new_dlm_debug+0x97/0x200 [ 79.482572][ T5834] ocfs2_get_system_file_inode+0x305/0x7b0 [ 79.488387][ T5834] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10 [ 79.494729][ T5834] ocfs2_init_global_system_inodes+0x32c/0x730 [ 79.500898][ T5834] ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10 [ 79.507610][ T5834] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 79.513253][ T5834] ? ocfs2_new_dlm_debug+0xb5/0x200 [ 79.518458][ T5834] ? __pfx_ocfs2_new_dlm_debug+0x10/0x10 [ 79.524130][ T5834] ? rcu_is_watching+0x15/0xb0 [ 79.528900][ T5834] ? trace_ocfs2_initialize_super+0x9e/0x230 [ 79.534886][ T5834] ocfs2_fill_super+0x2f47/0x5750 [ 79.539922][ T5834] ? __pfx_ocfs2_fill_super+0x10/0x10 [ 79.545298][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 79.550505][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 79.555717][ T5834] ? preempt_count_add+0x93/0x190 [ 79.560760][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 79.565969][ T5834] ? mark_lock+0x9a/0x360 [ 79.570308][ T5834] ? __lock_acquire+0x1384/0x2050 [ 79.575355][ T5834] ? validate_chain+0x11e/0x5920 [ 79.580320][ T5834] ? __lock_acquire+0x1384/0x2050 [ 79.585393][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 79.590613][ T5834] ? string+0x26a/0x2b0 [ 79.594774][ T5834] ? widen_string+0x3a/0x310 [ 79.599374][ T5834] ? string+0x26a/0x2b0 [ 79.603542][ T5834] ? bdev_name+0x2b1/0x3c0 [ 79.607967][ T5834] ? pointer+0x703/0x1210 [ 79.612303][ T5834] ? __pfx_pointer+0x10/0x10 [ 79.616907][ T5834] ? __pfx_format_decode+0x10/0x10 [ 79.622051][ T5834] ? __lock_acquire+0x1384/0x2050 [ 79.627112][ T5834] ? vsnprintf+0x1ccd/0x1da0 [ 79.631713][ T5834] ? snprintf+0xda/0x120 [ 79.635961][ T5834] ? __pfx_lock_release+0x10/0x10 [ 79.641005][ T5834] ? do_raw_spin_lock+0x14f/0x370 [ 79.646052][ T5834] ? __pfx_snprintf+0x10/0x10 [ 79.650739][ T5834] ? set_blocksize+0x1f9/0x360 [ 79.655536][ T5834] ? sb_set_blocksize+0x98/0xf0 [ 79.660393][ T5834] ? setup_bdev_super+0x4e6/0x5d0 [ 79.665425][ T5834] mount_bdev+0x20a/0x2d0 [ 79.669771][ T5834] ? __pfx_ocfs2_fill_super+0x10/0x10 [ 79.675151][ T5834] ? __pfx_mount_bdev+0x10/0x10 [ 79.680015][ T5834] ? vfs_parse_fs_string+0x190/0x230 [ 79.685307][ T5834] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 79.690947][ T5834] legacy_get_tree+0xee/0x190 [ 79.695629][ T5834] ? __pfx_ocfs2_mount+0x10/0x10 [ 79.700569][ T5834] vfs_get_tree+0x90/0x2b0 [ 79.705024][ T5834] do_new_mount+0x2be/0xb40 [ 79.709543][ T5834] ? __pfx_do_new_mount+0x10/0x10 [ 79.714596][ T5834] __se_sys_mount+0x2d6/0x3c0 [ 79.719283][ T5834] ? __pfx___se_sys_mount+0x10/0x10 [ 79.724491][ T5834] ? do_syscall_64+0x100/0x230 [ 79.729354][ T5834] ? __x64_sys_mount+0x20/0xc0 [ 79.734123][ T5834] do_syscall_64+0xf3/0x230 [ 79.738636][ T5834] ? clear_bhb_loop+0x35/0x90 [ 79.743315][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.749239][ T5834] RIP: 0033:0x7f6c78024dea [ 79.753683][ T5834] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.773312][ T5834] RSP: 002b:00007ffd80bf5ee8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 79.781747][ T5834] RAX: ffffffffffffffda RBX: 00007ffd80bf5f00 RCX: 00007f6c78024dea [ 79.789764][ T5834] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007ffd80bf5f00 [ 79.797749][ T5834] RBP: 0000000000000004 R08: 00007ffd80bf5f40 R09: 0000000000004444 [ 79.805730][ T5834] R10: 0000000001000000 R11: 0000000000000282 R12: 0000000001000000 [ 79.813730][ T5834] R13: 00007ffd80bf5f40 R14: 0000000000000003 R15: 0000000001000000 [ 79.821714][ T5834] [ 79.824746][ T5834] [ 79.827065][ T5834] The buggy address belongs to the physical page: [ 79.833496][ T5834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71aa1 [ 79.842269][ T5834] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 79.849382][ T5834] raw: 00fff00000000000 ffffea0001c51ac8 ffff8880b8644af0 0000000000000000 [ 79.858075][ T5834] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 79.866651][ T5834] page dumped because: kasan: bad access detected [ 79.873067][ T5834] page_owner tracks the page as freed [ 79.878429][ T5834] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5828, tgid 5828 (udevd), ts 79137090338, free_ts 79139322731 [ 79.895647][ T5834] post_alloc_hook+0x1f3/0x230 [ 79.900416][ T5834] get_page_from_freelist+0x3039/0x3180 [ 79.905980][ T5834] __alloc_pages_noprof+0x292/0x710 [ 79.911195][ T5834] alloc_pages_mpol_noprof+0x3e8/0x680 [ 79.916668][ T5834] folio_alloc_mpol_noprof+0x36/0x50 [ 79.921969][ T5834] shmem_alloc_and_add_folio+0x49b/0x13d0 [ 79.928047][ T5834] shmem_get_folio_gfp+0x5a9/0x20a0 [ 79.933253][ T5834] shmem_write_begin+0x17e/0x460 [ 79.938235][ T5834] generic_perform_write+0x344/0x6d0 [ 79.943527][ T5834] shmem_file_write_iter+0xf9/0x120 [ 79.948730][ T5834] vfs_write+0xaeb/0xd30 [ 79.952978][ T5834] ksys_write+0x183/0x2b0 [ 79.957311][ T5834] do_syscall_64+0xf3/0x230 [ 79.961819][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.967723][ T5834] page last free pid 5828 tgid 5828 stack trace: [ 79.974056][ T5834] free_unref_folios+0xee2/0x18a0 [ 79.979096][ T5834] folios_put_refs+0x76c/0x860 [ 79.983865][ T5834] shmem_undo_range+0x64c/0x1cf0 [ 79.988806][ T5834] shmem_evict_inode+0x29b/0xa80 [ 79.993740][ T5834] evict+0x4e8/0x9b0 [ 79.997637][ T5834] __dentry_kill+0x20d/0x630 [ 80.002228][ T5834] dput+0x19f/0x2b0 [ 80.006033][ T5834] do_renameat2+0xda1/0x13f0 [ 80.010632][ T5834] __x64_sys_rename+0x82/0x90 [ 80.015321][ T5834] do_syscall_64+0xf3/0x230 [ 80.019835][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.025765][ T5834] [ 80.028094][ T5834] Memory state around the buggy address: [ 80.033724][ T5834] ffff888071aa0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.041808][ T5834] ffff888071aa0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.049873][ T5834] >ffff888071aa1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.057942][ T5834] ^ [ 80.062032][ T5834] ffff888071aa1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.070097][ T5834] ffff888071aa1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.078155][ T5834] ================================================================== [ 80.087477][ T5834] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.094741][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor360 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 [ 80.105950][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 80.116018][ T5834] Call Trace: [ 80.119306][ T5834] [ 80.122241][ T5834] dump_stack_lvl+0x241/0x360 [ 80.126949][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.132165][ T5834] ? __pfx__printk+0x10/0x10 [ 80.136768][ T5834] ? preempt_schedule+0xe1/0xf0 [ 80.141625][ T5834] ? vscnprintf+0x5d/0x90 [ 80.145965][ T5834] panic+0x349/0x880 [ 80.149884][ T5834] ? check_panic_on_warn+0x21/0xb0 [ 80.155019][ T5834] ? __pfx_panic+0x10/0x10 [ 80.159449][ T5834] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 80.165444][ T5834] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 80.171788][ T5834] ? print_report+0x502/0x550 [ 80.176481][ T5834] check_panic_on_warn+0x86/0xb0 [ 80.181422][ T5834] ? __ocfs2_find_path+0x203/0x7e0 [ 80.186545][ T5834] end_report+0x77/0x160 [ 80.190808][ T5834] kasan_report+0x154/0x180 [ 80.195336][ T5834] ? __ocfs2_find_path+0x203/0x7e0 [ 80.200462][ T5834] __ocfs2_find_path+0x203/0x7e0 [ 80.205415][ T5834] ? __pfx_find_leaf_ins+0x10/0x10 [ 80.210532][ T5834] ? __pfx___ocfs2_find_path+0x10/0x10 [ 80.216001][ T5834] ? __pfx_ocfs2_validate_inode_block+0x10/0x10 [ 80.222252][ T5834] ocfs2_find_leaf+0xcf/0x230 [ 80.226939][ T5834] ? __pfx_ocfs2_find_leaf+0x10/0x10 [ 80.232232][ T5834] ? __pfx_ocfs2_validate_inode_block+0x10/0x10 [ 80.238510][ T5834] ocfs2_get_clusters_nocache+0x1ad/0xbf0 [ 80.244242][ T5834] ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10 [ 80.250582][ T5834] ? ocfs2_read_inode_block+0x14c/0x1e0 [ 80.256154][ T5834] ? __pfx_ocfs2_read_inode_block+0x10/0x10 [ 80.262065][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 80.267284][ T5834] ocfs2_get_clusters+0x5bd/0xbd0 [ 80.272318][ T5834] ? __pfx_ocfs2_get_clusters+0x10/0x10 [ 80.277872][ T5834] ? mark_lock+0x9a/0x360 [ 80.282205][ T5834] ? __pfx_lock_acquire+0x10/0x10 [ 80.287242][ T5834] ? validate_chain+0x11e/0x5920 [ 80.292189][ T5834] ocfs2_extent_map_get_blocks+0x24c/0x7d0 [ 80.298010][ T5834] ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10 [ 80.304362][ T5834] ocfs2_read_virt_blocks+0x313/0xb20 [ 80.309749][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 80.314962][ T5834] ? __pfx_ocfs2_validate_dir_block+0x10/0x10 [ 80.321093][ T5834] ? __pfx_ocfs2_read_virt_blocks+0x10/0x10 [ 80.327019][ T5834] ? __lock_acquire+0x1384/0x2050 [ 80.332074][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 80.337298][ T5834] ocfs2_find_entry+0x43b/0x2780 [ 80.342292][ T5834] ? __pfx_ocfs2_find_entry+0x10/0x10 [ 80.347701][ T5834] ? __asan_memset+0x23/0x50 [ 80.352398][ T5834] ? lockdep_init_map_type+0xa1/0x910 [ 80.357787][ T5834] ? __pfx_register_lock_class+0x10/0x10 [ 80.363440][ T5834] ? mark_lock+0x9a/0x360 [ 80.367779][ T5834] ? __lock_acquire+0x1384/0x2050 [ 80.372828][ T5834] ? format_decode+0xc5f/0x1bb0 [ 80.377700][ T5834] ? __pfx_format_decode+0x10/0x10 [ 80.382831][ T5834] ? string+0x26a/0x2b0 [ 80.387006][ T5834] ? widen_string+0x3a/0x310 [ 80.391613][ T5834] ? string+0x26a/0x2b0 [ 80.395781][ T5834] ? vsnprintf+0x1ccd/0x1da0 [ 80.400392][ T5834] ocfs2_find_files_on_disk+0xff/0x360 [ 80.405876][ T5834] ocfs2_lookup_ino_from_name+0xb1/0x1e0 [ 80.411530][ T5834] ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10 [ 80.417800][ T5834] ? kasan_save_track+0x51/0x80 [ 80.422667][ T5834] ? kasan_save_track+0x3f/0x80 [ 80.427533][ T5834] ? __kasan_kmalloc+0x98/0xb0 [ 80.432323][ T5834] ? ocfs2_new_dlm_debug+0x97/0x200 [ 80.437536][ T5834] ocfs2_get_system_file_inode+0x305/0x7b0 [ 80.443359][ T5834] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10 [ 80.449709][ T5834] ocfs2_init_global_system_inodes+0x32c/0x730 [ 80.455881][ T5834] ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10 [ 80.462573][ T5834] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 80.468131][ T5834] ? ocfs2_new_dlm_debug+0xb5/0x200 [ 80.473341][ T5834] ? __pfx_ocfs2_new_dlm_debug+0x10/0x10 [ 80.479030][ T5834] ? rcu_is_watching+0x15/0xb0 [ 80.483906][ T5834] ? trace_ocfs2_initialize_super+0x9e/0x230 [ 80.489901][ T5834] ocfs2_fill_super+0x2f47/0x5750 [ 80.494937][ T5834] ? __pfx_ocfs2_fill_super+0x10/0x10 [ 80.500315][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 80.505524][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 80.510734][ T5834] ? preempt_count_add+0x93/0x190 [ 80.515776][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 80.520991][ T5834] ? mark_lock+0x9a/0x360 [ 80.525327][ T5834] ? __lock_acquire+0x1384/0x2050 [ 80.530392][ T5834] ? validate_chain+0x11e/0x5920 [ 80.535346][ T5834] ? __lock_acquire+0x1384/0x2050 [ 80.540385][ T5834] ? __pfx_validate_chain+0x10/0x10 [ 80.545603][ T5834] ? string+0x26a/0x2b0 [ 80.549862][ T5834] ? widen_string+0x3a/0x310 [ 80.554463][ T5834] ? string+0x26a/0x2b0 [ 80.558639][ T5834] ? bdev_name+0x2b1/0x3c0 [ 80.563066][ T5834] ? pointer+0x703/0x1210 [ 80.567497][ T5834] ? __pfx_pointer+0x10/0x10 [ 80.572117][ T5834] ? __pfx_format_decode+0x10/0x10 [ 80.577257][ T5834] ? __lock_acquire+0x1384/0x2050 [ 80.582301][ T5834] ? vsnprintf+0x1ccd/0x1da0 [ 80.586912][ T5834] ? snprintf+0xda/0x120 [ 80.591164][ T5834] ? __pfx_lock_release+0x10/0x10 [ 80.596200][ T5834] ? do_raw_spin_lock+0x14f/0x370 [ 80.601235][ T5834] ? __pfx_snprintf+0x10/0x10 [ 80.605924][ T5834] ? set_blocksize+0x1f9/0x360 [ 80.610694][ T5834] ? sb_set_blocksize+0x98/0xf0 [ 80.615553][ T5834] ? setup_bdev_super+0x4e6/0x5d0 [ 80.620593][ T5834] mount_bdev+0x20a/0x2d0 [ 80.624932][ T5834] ? __pfx_ocfs2_fill_super+0x10/0x10 [ 80.630311][ T5834] ? __pfx_mount_bdev+0x10/0x10 [ 80.635171][ T5834] ? vfs_parse_fs_string+0x190/0x230 [ 80.640471][ T5834] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 80.646120][ T5834] legacy_get_tree+0xee/0x190 [ 80.650810][ T5834] ? __pfx_ocfs2_mount+0x10/0x10 [ 80.655757][ T5834] vfs_get_tree+0x90/0x2b0 [ 80.660190][ T5834] do_new_mount+0x2be/0xb40 [ 80.664710][ T5834] ? __pfx_do_new_mount+0x10/0x10 [ 80.669754][ T5834] __se_sys_mount+0x2d6/0x3c0 [ 80.674446][ T5834] ? __pfx___se_sys_mount+0x10/0x10 [ 80.679657][ T5834] ? do_syscall_64+0x100/0x230 [ 80.684514][ T5834] ? __x64_sys_mount+0x20/0xc0 [ 80.689293][ T5834] do_syscall_64+0xf3/0x230 [ 80.693803][ T5834] ? clear_bhb_loop+0x35/0x90 [ 80.698484][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.704386][ T5834] RIP: 0033:0x7f6c78024dea [ 80.708809][ T5834] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.728509][ T5834] RSP: 002b:00007ffd80bf5ee8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 80.736962][ T5834] RAX: ffffffffffffffda RBX: 00007ffd80bf5f00 RCX: 00007f6c78024dea [ 80.745039][ T5834] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007ffd80bf5f00 [ 80.753023][ T5834] RBP: 0000000000000004 R08: 00007ffd80bf5f40 R09: 0000000000004444 [ 80.761009][ T5834] R10: 0000000001000000 R11: 0000000000000282 R12: 0000000001000000 [ 80.768984][ T5834] R13: 00007ffd80bf5f40 R14: 0000000000000003 R15: 0000000001000000 [ 80.776966][ T5834] [ 80.780298][ T5834] Kernel Offset: disabled [ 80.784644][ T5834] Rebooting in 86400 seconds..