Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts. 2025/03/17 05:47:39 ignoring optional flag "sandboxArg"="0" 2025/03/17 05:47:39 parsed 1 programs [ 52.967751][ T2019] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/03/17 05:47:43 executed programs: 0 [ 59.299992][ T2935] loop0: detected capacity change from 0 to 32768 [ 59.386232][ T2935] (syz.0.15,2935,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 59.393721][ T2935] (syz.0.15,2935,1):__ocfs2_find_path:1837 ERROR: status = -12 [ 59.401309][ T2935] (syz.0.15,2935,1):ocfs2_find_leaf:1933 ERROR: status = -12 [ 59.408709][ T2935] (syz.0.15,2935,1):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 59.417012][ T2935] (syz.0.15,2935,1):ocfs2_get_clusters:624 ERROR: status = -12 [ 59.424575][ T2935] (syz.0.15,2935,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 59.432878][ T2935] (syz.0.15,2935,1):ocfs2_read_virt_blocks:981 ERROR: status = -12 [ 59.440790][ T2935] (syz.0.15,2935,1):ocfs2_read_dir_block:511 ERROR: status = -12 [ 59.448730][ T2935] (syz.0.15,2935,1):ocfs2_init_global_system_inodes:462 ERROR: status = -22 [ 59.457429][ T2935] (syz.0.15,2935,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 59.457441][ T2935] (syz.0.15,2935,1):ocfs2_init_global_system_inodes:473 ERROR: status = -22 [ 59.478206][ T2935] (syz.0.15,2935,1):ocfs2_initialize_super:2278 ERROR: status = -22 [ 59.486341][ T2935] (syz.0.15,2935,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 59.744685][ T2937] loop0: detected capacity change from 0 to 32768 [ 59.865268][ T2937] ================================================================== [ 59.873574][ T2937] BUG: KASAN: use-after-free in __ocfs2_find_path+0x482/0x510 [ 59.881400][ T2937] Read of size 4 at addr ffff888064403000 by task syz.0.16/2937 [ 59.889017][ T2937] [ 59.891366][ T2937] CPU: 1 PID: 2937 Comm: syz.0.16 Not tainted 5.15.179-syzkaller #0 [ 59.899326][ T2937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 59.909363][ T2937] Call Trace: [ 59.912622][ T2937] [ 59.915529][ T2937] dump_stack_lvl+0x41/0x5e [ 59.920008][ T2937] print_address_description.constprop.0.cold+0x6c/0x309 [ 59.927000][ T2937] ? __ocfs2_find_path+0x482/0x510 [ 59.934604][ T2937] ? __ocfs2_find_path+0x482/0x510 [ 59.939690][ T2937] kasan_report.cold+0x83/0xdf [ 59.944426][ T2937] ? __ocfs2_find_path+0x482/0x510 [ 59.949523][ T2937] __ocfs2_find_path+0x482/0x510 [ 59.954446][ T2937] ? find_path_ins+0x130/0x130 [ 59.959191][ T2937] ? ocfs2_extend_rotate_transaction.isra.0+0x180/0x180 [ 59.966096][ T2937] ? wait_for_completion+0x220/0x220 [ 59.971374][ T2937] ? ocfs2_set_buffer_uptodate.part.0+0x696/0xd80 [ 59.977859][ T2937] ocfs2_find_leaf+0x83/0x160 [ 59.982547][ T2937] ? submit_bh_wbc.constprop.0+0x424/0x5b0 [ 59.988323][ T2937] ? ocfs2_find_path+0xe0/0xe0 [ 59.993059][ T2937] ? ocfs2_read_blocks+0x984/0xe00 [ 59.998142][ T2937] ocfs2_get_clusters_nocache+0x163/0xd30 [ 60.003842][ T2937] ? ocfs2_read_blocks_sync+0x850/0x850 [ 60.009376][ T2937] ? ocfs2_figure_hole_clusters+0x560/0x560 [ 60.015279][ T2937] ? ocfs2_read_inode_block+0xbd/0x150 [ 60.020715][ T2937] ? ocfs2_read_inode_block_full+0x160/0x160 [ 60.026668][ T2937] ocfs2_get_clusters+0x248/0xb60 [ 60.031667][ T2937] ? rcu_preempt_deferred_qs_irqrestore+0x4ac/0xb30 [ 60.038248][ T2937] ? ocfs2_xattr_get_clusters+0x970/0x970 [ 60.043963][ T2937] ? __lock_acquire.constprop.0+0x478/0xb30 [ 60.049828][ T2937] ocfs2_extent_map_get_blocks+0x14e/0x5a0 [ 60.055607][ T2937] ? ocfs2_get_clusters+0xb60/0xb60 [ 60.060785][ T2937] ? rwsem_down_read_slowpath+0x980/0x980 [ 60.066494][ T2937] ? blk_mq_try_issue_directly+0xfc/0x1b0 [ 60.072208][ T2937] ? blk_mq_request_bypass_insert+0x290/0x290 [ 60.078268][ T2937] ocfs2_read_virt_blocks+0x1ca/0x650 [ 60.083614][ T2937] ? __ocfs2_delete_entry+0x640/0x640 [ 60.089049][ T2937] ? format_decode+0x6d0/0x6d0 [ 60.093897][ T2937] ? ocfs2_seek_data_hole_offset+0x6c0/0x6c0 [ 60.099862][ T2937] ? put_dec+0x90/0x90 [ 60.103914][ T2937] ? format_decode+0x4ea/0x6d0 [ 60.108654][ T2937] ocfs2_read_dir_block+0xa7/0x440 [ 60.113740][ T2937] ? ocfs2_read_dir_block_direct+0x3f0/0x3f0 [ 60.119690][ T2937] ? vsnprintf+0xc55/0x1560 [ 60.124170][ T2937] ocfs2_find_entry_el.constprop.0+0x583/0xa90 [ 60.130386][ T2937] ? ocfs2_validate_dir_block+0x320/0x320 [ 60.136168][ T2937] ? do_raw_spin_unlock+0x171/0x230 [ 60.141359][ T2937] ? format_decode+0x6d0/0x6d0 [ 60.146096][ T2937] ? ocfs2_add_lockres_tracking+0x15e/0x1d0 [ 60.152057][ T2937] ? ocfs2_data_convert_worker+0x2a0/0x2a0 [ 60.157839][ T2937] ocfs2_find_entry+0x483/0xa80 [ 60.162677][ T2937] ? ocfs2_free_dir_lookup_result+0xd0/0xd0 [ 60.168543][ T2937] ? vsnprintf+0x192/0x1560 [ 60.173018][ T2937] ? pointer+0x700/0x700 [ 60.177272][ T2937] ocfs2_find_files_on_disk+0x65/0x270 [ 60.182703][ T2937] ocfs2_lookup_ino_from_name+0x87/0xd0 [ 60.188220][ T2937] ? ocfs2_find_files_on_disk+0x270/0x270 [ 60.193911][ T2937] ocfs2_get_system_file_inode+0x1d3/0x5e0 [ 60.199689][ T2937] ? do_raw_spin_unlock+0x171/0x230 [ 60.204861][ T2937] ? ocfs2_fast_symlink_readpage+0x370/0x370 [ 60.210809][ T2937] ? ocfs2_iget+0x618/0x7e0 [ 60.215282][ T2937] ? ocfs2_read_locked_inode+0xca0/0xca0 [ 60.220882][ T2937] ? __kasan_kmalloc+0x7c/0x90 [ 60.225701][ T2937] ? ocfs2_put_dlm_debug+0x40/0x40 [ 60.230784][ T2937] ? memcpy+0x39/0x60 [ 60.234829][ T2937] ocfs2_initialize_super.isra.0+0x1f15/0x3420 [ 60.240954][ T2937] ? ocfs2_remount+0xad0/0xad0 [ 60.245688][ T2937] ? lockdep_init_map_type+0x2c1/0x5e0 [ 60.251115][ T2937] ? lock_downgrade+0x4f0/0x4f0 [ 60.255937][ T2937] ? ocfs2_fill_super+0x6c0/0x2d60 [ 60.261054][ T2937] ocfs2_fill_super+0x6c0/0x2d60 [ 60.266155][ T2937] ? ocfs2_initialize_super.isra.0+0x3420/0x3420 [ 60.272454][ T2937] ? pointer+0x700/0x700 [ 60.276675][ T2937] ? up_write+0x138/0x200 [ 60.280978][ T2937] ? sget+0x390/0x470 [ 60.284930][ T2937] mount_bdev+0x2c3/0x3a0 [ 60.289231][ T2937] ? ocfs2_initialize_super.isra.0+0x3420/0x3420 [ 60.295529][ T2937] ? trace_raw_output_ocfs2_buffer_cached_end+0xe0/0xe0 [ 60.302447][ T2937] legacy_get_tree+0xfa/0x1f0 [ 60.307182][ T2937] ? security_capable+0x4c/0x90 [ 60.312002][ T2937] vfs_get_tree+0x83/0x1b0 [ 60.316397][ T2937] path_mount+0x44f/0x1a60 [ 60.320795][ T2937] ? finish_automount+0x7d0/0x7d0 [ 60.325788][ T2937] ? kasan_set_free_info+0x20/0x30 [ 60.330869][ T2937] ? user_path_at_empty+0x40/0x50 [ 60.335864][ T2937] ? kmem_cache_free+0x7e/0x470 [ 60.340686][ T2937] __x64_sys_mount+0x1f5/0x260 [ 60.345419][ T2937] ? copy_mnt_ns+0xd20/0xd20 [ 60.349979][ T2937] ? vtime_user_exit+0xde/0x180 [ 60.354808][ T2937] do_syscall_64+0x33/0x80 [ 60.359199][ T2937] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.365087][ T2937] RIP: 0033:0x7f1707ce279a [ 60.369479][ T2937] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.389075][ T2937] RSP: 002b:00007f1707761e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.397464][ T2937] RAX: ffffffffffffffda RBX: 00007f1707761ef0 RCX: 00007f1707ce279a [ 60.405505][ T2937] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007f1707761eb0 [ 60.413448][ T2937] RBP: 0000000020004440 R08: 00007f1707761ef0 R09: 0000000001000000 [ 60.421394][ T2937] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780 [ 60.429356][ T2937] R13: 00007f1707761eb0 R14: 000000000000444a R15: 00000000200005c0 [ 60.437301][ T2937] [ 60.440298][ T2937] [ 60.442626][ T2937] The buggy address belongs to the page: [ 60.448235][ T2937] page:ffffea00019100c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x64403 [ 60.458358][ T2937] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 60.465470][ T2937] raw: 00fff00000000000 ffffea0001910108 ffff8880ba73e060 0000000000000000 [ 60.474040][ T2937] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 60.482608][ T2937] page dumped because: kasan: bad access detected [ 60.488998][ T2937] page_owner tracks the page as freed [ 60.494340][ T2937] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 2935, ts 59299299596, free_ts 59653904169 [ 60.508972][ T2937] get_page_from_freelist+0x1369/0x31f0 [ 60.514514][ T2937] __alloc_pages+0x1b2/0x440 [ 60.519074][ T2937] alloc_pages_vma+0xe0/0x650 [ 60.523738][ T2937] shmem_alloc_page+0x104/0x1b0 [ 60.528559][ T2937] shmem_alloc_and_acct_page+0xff/0x730 [ 60.534082][ T2937] shmem_getpage_gfp.constprop.0+0x42a/0x1790 [ 60.540121][ T2937] generic_perform_write+0x1d6/0x430 [ 60.545551][ T2937] __generic_file_write_iter+0x2f0/0x560 [ 60.551169][ T2937] generic_file_write_iter+0xb9/0x1c0 [ 60.556514][ T2937] new_sync_write+0x35d/0x5f0 [ 60.561182][ T2937] vfs_write+0x577/0x7e0 [ 60.565591][ T2937] ksys_write+0xf4/0x1d0 [ 60.569802][ T2937] do_syscall_64+0x33/0x80 [ 60.574192][ T2937] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.580209][ T2937] page last free stack trace: [ 60.584859][ T2937] free_pcp_prepare+0x379/0x850 [ 60.589718][ T2937] free_unref_page_list+0x16f/0xbd0 [ 60.594897][ T2937] release_pages+0xb3a/0x1480 [ 60.599550][ T2937] __pagevec_release+0x59/0xe0 [ 60.604308][ T2937] shmem_undo_range+0x505/0xeb0 [ 60.609220][ T2937] shmem_evict_inode+0x313/0xa40 [ 60.614214][ T2937] evict+0x322/0x770 [ 60.618144][ T2937] __dentry_kill+0x315/0x5e0 [ 60.622789][ T2937] __fput+0x2f1/0x9a0 [ 60.626742][ T2937] task_work_run+0xb8/0x140 [ 60.631236][ T2937] exit_to_user_mode_prepare+0x15d/0x160 [ 60.636844][ T2937] syscall_exit_to_user_mode+0x12/0x30 [ 60.642310][ T2937] do_syscall_64+0x40/0x80 [ 60.646721][ T2937] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.652584][ T2937] [ 60.654883][ T2937] Memory state around the buggy address: [ 60.660484][ T2937] ffff888064402f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.668589][ T2937] ffff888064402f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.676630][ T2937] >ffff888064403000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.684670][ T2937] ^ [ 60.688709][ T2937] ffff888064403080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.696757][ T2937] ffff888064403100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.704972][ T2937] ================================================================== [ 60.713010][ T2937] Disabling lock debugging due to kernel taint [ 60.719434][ T2937] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.726816][ T2937] Kernel Offset: disabled [ 60.731134][ T2937] Rebooting in 86400 seconds..