Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. 2024/12/29 18:17:48 ignoring optional flag "sandboxArg"="0" 2024/12/29 18:17:48 parsed 1 programs [ 57.487807][ T2020] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/12/29 18:17:53 executed programs: 0 [ 65.675456][ T2938] loop0: detected capacity change from 0 to 32768 [ 65.758374][ T2938] (syz.0.15,2938,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 65.766099][ T2938] (syz.0.15,2938,0):__ocfs2_find_path:1837 ERROR: status = -12 [ 65.774242][ T2938] (syz.0.15,2938,0):ocfs2_find_leaf:1933 ERROR: status = -12 [ 65.781641][ T2938] (syz.0.15,2938,0):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 65.789977][ T2938] (syz.0.15,2938,0):ocfs2_get_clusters:624 ERROR: status = -12 [ 65.797571][ T2938] (syz.0.15,2938,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 65.805921][ T2938] (syz.0.15,2938,0):ocfs2_read_virt_blocks:981 ERROR: status = -12 [ 65.813939][ T2938] (syz.0.15,2938,0):ocfs2_read_dir_block:511 ERROR: status = -12 [ 65.821882][ T2938] (syz.0.15,2938,0):ocfs2_init_global_system_inodes:462 ERROR: status = -22 [ 65.830675][ T2938] (syz.0.15,2938,0):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 65.830686][ T2938] (syz.0.15,2938,0):ocfs2_init_global_system_inodes:473 ERROR: status = -22 [ 65.851745][ T2938] (syz.0.15,2938,0):ocfs2_initialize_super:2278 ERROR: status = -22 [ 65.859976][ T2938] (syz.0.15,2938,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 66.173236][ T2941] loop0: detected capacity change from 0 to 32768 [ 66.254940][ T2941] ================================================================== [ 66.263111][ T2941] BUG: KASAN: use-after-free in __ocfs2_find_path+0x482/0x510 [ 66.270580][ T2941] Read of size 4 at addr ffff888064aac000 by task syz.0.16/2941 [ 66.278207][ T2941] [ 66.280519][ T2941] CPU: 0 PID: 2941 Comm: syz.0.16 Not tainted 5.15.175-syzkaller #0 [ 66.288490][ T2941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.298527][ T2941] Call Trace: [ 66.301793][ T2941] [ 66.304703][ T2941] dump_stack_lvl+0x57/0x7d [ 66.309199][ T2941] print_address_description.constprop.0.cold+0x6c/0x309 [ 66.316207][ T2941] ? __ocfs2_find_path+0x482/0x510 [ 66.321296][ T2941] ? __ocfs2_find_path+0x482/0x510 [ 66.326392][ T2941] kasan_report.cold+0x83/0xdf [ 66.331143][ T2941] ? __ocfs2_find_path+0x482/0x510 [ 66.336227][ T2941] __ocfs2_find_path+0x482/0x510 [ 66.341137][ T2941] ? find_path_ins+0x130/0x130 [ 66.345882][ T2941] ? ocfs2_extend_rotate_transaction.isra.0+0x180/0x180 [ 66.352957][ T2941] ? wait_for_completion+0x220/0x220 [ 66.358223][ T2941] ? ocfs2_set_buffer_uptodate.part.0+0x696/0xd80 [ 66.364612][ T2941] ocfs2_find_leaf+0x83/0x160 [ 66.369284][ T2941] ? submit_bh_wbc.constprop.0+0x424/0x5b0 [ 66.375080][ T2941] ? ocfs2_find_path+0xe0/0xe0 [ 66.379818][ T2941] ? ocfs2_read_blocks+0x984/0xe00 [ 66.384902][ T2941] ocfs2_get_clusters_nocache+0x163/0xd30 [ 66.390621][ T2941] ? ocfs2_read_blocks_sync+0x850/0x850 [ 66.396146][ T2941] ? ocfs2_figure_hole_clusters+0x560/0x560 [ 66.402017][ T2941] ? ocfs2_read_inode_block+0xbd/0x150 [ 66.407452][ T2941] ? ocfs2_read_inode_block_full+0x160/0x160 [ 66.413415][ T2941] ocfs2_get_clusters+0x248/0xb60 [ 66.418412][ T2941] ? ocfs2_xattr_get_clusters+0x970/0x970 [ 66.424104][ T2941] ? lock_acquire+0x194/0x480 [ 66.428765][ T2941] ? ocfs2_read_virt_blocks+0x1a8/0x650 [ 66.434281][ T2941] ? lock_release+0x5f0/0x5f0 [ 66.439464][ T2941] ocfs2_extent_map_get_blocks+0x14e/0x5a0 [ 66.445243][ T2941] ? ocfs2_get_clusters+0xb60/0xb60 [ 66.450417][ T2941] ? rwsem_down_read_slowpath+0x980/0x980 [ 66.456110][ T2941] ? mark_lock.part.0+0xee/0x25f0 [ 66.461107][ T2941] ocfs2_read_virt_blocks+0x1ca/0x650 [ 66.466464][ T2941] ? __ocfs2_delete_entry+0x640/0x640 [ 66.471817][ T2941] ? ocfs2_seek_data_hole_offset+0x6c0/0x6c0 [ 66.477798][ T2941] ocfs2_read_dir_block+0xa7/0x440 [ 66.482894][ T2941] ? ocfs2_read_dir_block_direct+0x3f0/0x3f0 [ 66.488874][ T2941] ? lockdep_hardirqs_on_prepare+0x280/0x280 [ 66.494846][ T2941] ocfs2_find_entry+0x80c/0x1230 [ 66.499766][ T2941] ? lock_release+0x5f0/0x5f0 [ 66.504432][ T2941] ? ocfs2_free_dir_lookup_result+0xd0/0xd0 [ 66.510311][ T2941] ? vsnprintf+0x192/0x1560 [ 66.514789][ T2941] ? pointer+0x700/0x700 [ 66.519025][ T2941] ocfs2_find_files_on_disk+0x65/0x270 [ 66.524466][ T2941] ocfs2_lookup_ino_from_name+0x87/0xd0 [ 66.529988][ T2941] ? ocfs2_find_files_on_disk+0x270/0x270 [ 66.535701][ T2941] ocfs2_get_system_file_inode+0x1d3/0x5e0 [ 66.541574][ T2941] ? do_raw_spin_unlock+0x171/0x230 [ 66.546751][ T2941] ? ocfs2_fast_symlink_readpage+0x370/0x370 [ 66.552700][ T2941] ? ocfs2_iget+0x618/0x7e0 [ 66.557193][ T2941] ? ocfs2_read_locked_inode+0xca0/0xca0 [ 66.562798][ T2941] ? __kasan_kmalloc+0x7c/0x90 [ 66.567550][ T2941] ? ocfs2_put_dlm_debug+0x40/0x40 [ 66.572632][ T2941] ? memcpy+0x39/0x60 [ 66.576585][ T2941] ocfs2_initialize_super.isra.0+0x1f15/0x3420 [ 66.582725][ T2941] ? ocfs2_remount+0xad0/0xad0 [ 66.587463][ T2941] ? lockdep_init_map_type+0x21c/0x620 [ 66.592898][ T2941] ? ocfs2_fill_super+0x6c0/0x2d60 [ 66.597982][ T2941] ocfs2_fill_super+0x6c0/0x2d60 [ 66.602896][ T2941] ? ocfs2_initialize_super.isra.0+0x3420/0x3420 [ 66.609204][ T2941] ? pointer+0x700/0x700 [ 66.613457][ T2941] ? up_write+0x17b/0x260 [ 66.617756][ T2941] ? sget+0x395/0x480 [ 66.621708][ T2941] mount_bdev+0x2c3/0x3a0 [ 66.626028][ T2941] ? ocfs2_initialize_super.isra.0+0x3420/0x3420 [ 66.632325][ T2941] ? trace_raw_output_ocfs2_buffer_cached_end+0xe0/0xe0 [ 66.639232][ T2941] legacy_get_tree+0xfa/0x1f0 [ 66.643883][ T2941] ? security_capable+0x4c/0x90 [ 66.648708][ T2941] vfs_get_tree+0x83/0x1b0 [ 66.653116][ T2941] path_mount+0x44f/0x1a60 [ 66.657515][ T2941] ? user_path_at_empty+0x40/0x50 [ 66.662509][ T2941] ? lockdep_hardirqs_on_prepare+0x207/0x280 [ 66.668459][ T2941] ? kasan_quarantine_put+0xd1/0x1f0 [ 66.673717][ T2941] ? finish_automount+0x8e0/0x8e0 [ 66.678714][ T2941] ? user_path_at_empty+0x40/0x50 [ 66.683703][ T2941] ? kmem_cache_free+0x7e/0x400 [ 66.688522][ T2941] __x64_sys_mount+0x1f5/0x260 [ 66.693270][ T2941] ? copy_mnt_ns+0xd20/0xd20 [ 66.697837][ T2941] ? lockdep_hardirqs_on_prepare+0x207/0x280 [ 66.703786][ T2941] ? syscall_enter_from_user_mode+0x21/0x60 [ 66.709662][ T2941] do_syscall_64+0x33/0x80 [ 66.714062][ T2941] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.719927][ T2941] RIP: 0033:0x7f6abbd7079a [ 66.724316][ T2941] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.744070][ T2941] RSP: 002b:00007f6abb7efe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 66.752470][ T2941] RAX: ffffffffffffffda RBX: 00007f6abb7efef0 RCX: 00007f6abbd7079a [ 66.760414][ T2941] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007f6abb7efeb0 [ 66.768361][ T2941] RBP: 0000000020004440 R08: 00007f6abb7efef0 R09: 0000000001000000 [ 66.776347][ T2941] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780 [ 66.784303][ T2941] R13: 00007f6abb7efeb0 R14: 000000000000444a R15: 00000000200005c0 [ 66.792249][ T2941] [ 66.795245][ T2941] [ 66.797566][ T2941] The buggy address belongs to the page: [ 66.803189][ T2941] page:ffffea000192ab00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x64aac [ 66.813312][ T2941] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 66.820409][ T2941] raw: 00fff00000000000 ffffea000192ab48 ffff8880ba03e3a0 0000000000000000 [ 66.828975][ T2941] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 66.837535][ T2941] page dumped because: kasan: bad access detected [ 66.843932][ T2941] page_owner tracks the page as freed [ 66.849267][ T2941] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2941, ts 66028169084, free_ts 66172814726 [ 66.864771][ T2941] get_page_from_freelist+0x137f/0x3210 [ 66.870291][ T2941] __alloc_pages+0x1b2/0x440 [ 66.874855][ T2941] alloc_pages_vma+0xe0/0x650 [ 66.879501][ T2941] __handle_mm_fault+0x1d94/0x33f0 [ 66.884577][ T2941] handle_mm_fault+0x12e/0x500 [ 66.889307][ T2941] do_user_addr_fault+0x2c9/0xc90 [ 66.894300][ T2941] exc_page_fault+0x5a/0xc0 [ 66.898771][ T2941] asm_exc_page_fault+0x22/0x30 [ 66.903605][ T2941] page last free stack trace: [ 66.908245][ T2941] free_pcp_prepare+0x379/0x850 [ 66.913063][ T2941] free_unref_page_list+0x16f/0xc20 [ 66.918230][ T2941] release_pages+0xadc/0x1380 [ 66.922885][ T2941] tlb_finish_mmu+0x127/0x790 [ 66.927544][ T2941] unmap_region+0x298/0x390 [ 66.932020][ T2941] __do_munmap+0x47e/0x10d0 [ 66.936493][ T2941] __vm_munmap+0xd2/0x1a0 [ 66.940803][ T2941] __x64_sys_munmap+0x5d/0x80 [ 66.945465][ T2941] do_syscall_64+0x33/0x80 [ 66.949849][ T2941] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.955707][ T2941] [ 66.958003][ T2941] Memory state around the buggy address: [ 66.963599][ T2941] ffff888064aabf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.971625][ T2941] ffff888064aabf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.979653][ T2941] >ffff888064aac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.987679][ T2941] ^ [ 66.991723][ T2941] ffff888064aac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.999747][ T2941] ffff888064aac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.007775][ T2941] ================================================================== [ 67.015824][ T2941] Disabling lock debugging due to kernel taint [ 67.023061][ T2941] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 67.030632][ T2941] Kernel Offset: disabled [ 67.034943][ T2941] Rebooting in 86400 seconds..