Warning: Permanently added '10.128.1.236' (ED25519) to the list of known hosts. 2024/11/10 01:02:59 ignoring optional flag "sandboxArg"="0" 2024/11/10 01:02:59 parsed 1 programs [ 65.147323][ T2032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/11/10 01:03:07 executed programs: 0 2024/11/10 01:03:13 executed programs: 2 [ 78.801249][ T2941] loop0: detected capacity change from 0 to 32768 [ 78.810656][ T2941] (syz.0.15,2941,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 78.818235][ T2941] (syz.0.15,2941,1):__ocfs2_find_path:1837 ERROR: status = -12 [ 78.826349][ T2941] (syz.0.15,2941,1):ocfs2_find_leaf:1933 ERROR: status = -12 [ 78.833967][ T2941] (syz.0.15,2941,1):ocfs2_get_clusters_nocache:421 ERROR: status = -12 [ 78.842220][ T2941] (syz.0.15,2941,1):ocfs2_get_clusters:624 ERROR: status = -12 [ 78.849862][ T2941] (syz.0.15,2941,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -12 [ 78.858240][ T2941] (syz.0.15,2941,1):ocfs2_read_virt_blocks:981 ERROR: status = -12 [ 78.866184][ T2941] (syz.0.15,2941,1):ocfs2_read_dir_block:511 ERROR: status = -12 [ 78.874181][ T2941] (syz.0.15,2941,1):ocfs2_init_global_system_inodes:461 ERROR: status = -22 [ 78.882879][ T2941] (syz.0.15,2941,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 78.882891][ T2941] (syz.0.15,2941,1):ocfs2_init_global_system_inodes:472 ERROR: status = -22 [ 78.903804][ T2941] (syz.0.15,2941,1):ocfs2_initialize_super:2252 ERROR: status = -22 [ 78.911935][ T2941] (syz.0.15,2941,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 79.124274][ T2944] loop0: detected capacity change from 0 to 32768 [ 79.132235][ T2944] ================================================================== [ 79.140314][ T2944] BUG: KASAN: use-after-free in __ocfs2_find_path+0x172/0x760 [ 79.147801][ T2944] Read of size 4 at addr ffff888067e77000 by task syz.0.16/2944 [ 79.155437][ T2944] [ 79.157765][ T2944] CPU: 1 PID: 2944 Comm: syz.0.16 Not tainted 6.1.116-syzkaller #0 [ 79.165762][ T2944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 79.176073][ T2944] Call Trace: [ 79.179344][ T2944] [ 79.182316][ T2944] dump_stack_lvl+0xf4/0x251 [ 79.186893][ T2944] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 79.192332][ T2944] ? panic+0x3fe/0x3fe [ 79.196381][ T2944] ? lock_acquire+0xbe/0x390 [ 79.200963][ T2944] ? read_lock_is_recursive+0x10/0x10 [ 79.206424][ T2944] ? __virt_addr_valid+0x139/0x270 [ 79.211528][ T2944] ? __virt_addr_valid+0x221/0x270 [ 79.216809][ T2944] print_report+0x15f/0x4f0 [ 79.221317][ T2944] ? __virt_addr_valid+0x139/0x270 [ 79.226422][ T2944] ? __virt_addr_valid+0x221/0x270 [ 79.231605][ T2944] ? __ocfs2_find_path+0x172/0x760 [ 79.236698][ T2944] kasan_report+0x136/0x160 [ 79.241182][ T2944] ? __ocfs2_find_path+0x172/0x760 [ 79.246359][ T2944] __ocfs2_find_path+0x172/0x760 [ 79.251312][ T2944] ? ocfs2_find_leaf+0x1e0/0x1e0 [ 79.256330][ T2944] ? ocfs2_find_path+0x120/0x120 [ 79.261279][ T2944] ? ocfs2_refresh_inode+0x9b0/0x9b0 [ 79.266576][ T2944] ocfs2_find_leaf+0xc0/0x1e0 [ 79.271323][ T2944] ? find_path_ins+0x150/0x150 [ 79.276170][ T2944] ? ocfs2_refresh_inode+0x9b0/0x9b0 [ 79.281434][ T2944] ocfs2_get_clusters_nocache+0x194/0xa20 [ 79.287139][ T2944] ? ocfs2_get_clusters+0xde0/0xde0 [ 79.292330][ T2944] ? ocfs2_read_inode_block+0x100/0x1c0 [ 79.297871][ T2944] ? ocfs2_read_inode_block_full+0x1c0/0x1c0 [ 79.303845][ T2944] ? do_raw_spin_unlock+0x137/0x8a0 [ 79.309026][ T2944] ? __lock_acquire+0x607/0xb70 [ 79.313861][ T2944] ocfs2_get_clusters+0x754/0xde0 [ 79.318874][ T2944] ? ocfs2_xattr_get_clusters+0x8c0/0x8c0 [ 79.324614][ T2944] ? down_read+0x8fd/0xba0 [ 79.329201][ T2944] ocfs2_extent_map_get_blocks+0x182/0x640 [ 79.335096][ T2944] ? ocfs2_get_clusters_nocache+0xa20/0xa20 [ 79.340988][ T2944] ? rcu_preempt_deferred_qs_irqrestore+0x5f2/0xa80 [ 79.347590][ T2944] ocfs2_read_virt_blocks+0x257/0x780 [ 79.352972][ T2944] ? ocfs2_validate_dx_leaf+0x1c0/0x1c0 [ 79.358533][ T2944] ? ocfs2_seek_data_hole_offset+0xb90/0xb90 [ 79.364602][ T2944] ? format_decode+0x8de/0x1d00 [ 79.369441][ T2944] ? pointer+0xc90/0xc90 [ 79.373668][ T2944] ? __lock_acquire+0x607/0xb70 [ 79.378499][ T2944] ocfs2_find_entry+0x3b1/0x1e80 [ 79.383441][ T2944] ? ocfs2_free_dir_lookup_result+0xc0/0xc0 [ 79.389334][ T2944] ? is_dynamic_key+0x1e0/0x1e0 [ 79.394179][ T2944] ? ocfs2_inode_lock_res_init+0x2c0/0x2c0 [ 79.399976][ T2944] ? __lock_acquire+0x607/0xb70 [ 79.404901][ T2944] ? vsnprintf+0x1970/0x1970 [ 79.409652][ T2944] ? rcu_is_watching+0x1b/0x90 [ 79.414399][ T2944] ? vsnprintf+0xb6e/0x1970 [ 79.418895][ T2944] ocfs2_find_files_on_disk+0x8c/0x200 [ 79.424343][ T2944] ocfs2_lookup_ino_from_name+0xa8/0x190 [ 79.429961][ T2944] ? ocfs2_find_files_on_disk+0x200/0x200 [ 79.435887][ T2944] ? __stack_depot_save+0x1d/0x460 [ 79.441168][ T2944] ocfs2_get_system_file_inode+0x3da/0x660 [ 79.447153][ T2944] ? mount_bdev+0x26b/0x340 [ 79.451656][ T2944] ? do_syscall_64+0x3b/0x80 [ 79.456237][ T2944] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.462287][ T2944] ? ocfs2_fast_symlink_read_folio+0x430/0x430 [ 79.468425][ T2944] ocfs2_init_global_system_inodes+0x275/0x560 [ 79.474562][ T2944] ? trace_ocfs2_initialize_super+0x100/0x100 [ 79.480699][ T2944] ? __kasan_kmalloc+0x97/0xb0 [ 79.485445][ T2944] ? ocfs2_new_dlm_debug+0xa7/0x1e0 [ 79.490720][ T2944] ? ocfs2_put_dlm_debug+0x40/0x40 [ 79.495840][ T2944] ocfs2_fill_super+0x3773/0x4a30 [ 79.500849][ T2944] ? ocfs2_mount+0x10/0x10 [ 79.505257][ T2944] ? nd_jump_root+0x257/0x370 [ 79.509916][ T2944] ? __lock_acquire+0xb70/0xb70 [ 79.514752][ T2944] ? deref_stack_reg+0x17c/0x210 [ 79.519672][ T2944] ? unwind_next_frame+0x1a3f/0x2220 [ 79.524937][ T2944] ? deref_stack_reg+0x17c/0x210 [ 79.529858][ T2944] ? preempt_count_add+0x8f/0x120 [ 79.535038][ T2944] ? unwind_next_frame+0x1a3f/0x2220 [ 79.540390][ T2944] ? stack_trace_save+0x1c0/0x1c0 [ 79.545483][ T2944] ? is_module_text_address+0xdf/0x140 [ 79.550924][ T2944] ? stack_trace_save+0x1c0/0x1c0 [ 79.555964][ T2944] ? kernel_text_address+0x82/0xc0 [ 79.561057][ T2944] ? __kernel_text_address+0x9/0x40 [ 79.566322][ T2944] ? unwind_get_return_address+0x49/0x80 [ 79.571933][ T2944] ? arch_stack_walk+0xf3/0x140 [ 79.576769][ T2944] ? __lock_acquire+0x607/0xb70 [ 79.581601][ T2944] ? __lock_acquire+0x607/0xb70 [ 79.586434][ T2944] ? reacquire_held_locks+0x39c/0x5a0 [ 79.591787][ T2944] ? alloc_super+0x1e0/0x8a0 [ 79.596363][ T2944] ? bdev_name+0x181/0x300 [ 79.600768][ T2944] ? pointer+0x1d3/0xc90 [ 79.605052][ T2944] ? string+0x240/0x240 [ 79.609293][ T2944] ? vsnprintf+0x1970/0x1970 [ 79.613905][ T2944] ? ptr_to_hashval+0x50/0x50 [ 79.618572][ T2944] ? mount_bdev+0xe8/0x340 [ 79.623002][ T2944] ? snprintf+0xcc/0x110 [ 79.627232][ T2944] ? __up_read+0x360/0x360 [ 79.631633][ T2944] ? vscnprintf+0x30/0x30 [ 79.636131][ T2944] ? mount_bdev+0x340/0x340 [ 79.640635][ T2944] mount_bdev+0x26b/0x340 [ 79.644966][ T2944] ? ocfs2_mount+0x10/0x10 [ 79.649373][ T2944] legacy_get_tree+0xe5/0x170 [ 79.654062][ T2944] ? trace_raw_output_ocfs2_buffer_cached_end+0xd0/0xd0 [ 79.660980][ T2944] vfs_get_tree+0x7a/0x170 [ 79.665381][ T2944] do_new_mount+0x21a/0x910 [ 79.669886][ T2944] ? do_move_mount_old+0x120/0x120 [ 79.674994][ T2944] __se_sys_mount+0x23e/0x2d0 [ 79.679668][ T2944] ? __x64_sys_mount+0xc0/0xc0 [ 79.684522][ T2944] do_syscall_64+0x3b/0x80 [ 79.688942][ T2944] ? clear_bhb_loop+0x45/0xa0 [ 79.693704][ T2944] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.699598][ T2944] RIP: 0033:0x7ff5e7f7f79a [ 79.704012][ T2944] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.723607][ T2944] RSP: 002b:00007ff5e8e0ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.732015][ T2944] RAX: ffffffffffffffda RBX: 00007ff5e8e0aef0 RCX: 00007ff5e7f7f79a [ 79.739981][ T2944] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007ff5e8e0aeb0 [ 79.748024][ T2944] RBP: 0000000020004440 R08: 00007ff5e8e0aef0 R09: 0000000001000000 [ 79.756073][ T2944] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780 [ 79.764024][ T2944] R13: 00007ff5e8e0aeb0 R14: 000000000000444a R15: 00000000200005c0 [ 79.771979][ T2944] [ 79.774986][ T2944] [ 79.777304][ T2944] The buggy address belongs to the physical page: [ 79.783797][ T2944] page:ffffea00019f9dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x67e77 [ 79.794029][ T2944] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 79.801164][ T2944] raw: 00fff00000000000 ffffea0001993588 ffffea00019ad8c8 0000000000000000 [ 79.809747][ T2944] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 79.818397][ T2944] page dumped because: kasan: bad access detected [ 79.824890][ T2944] page_owner tracks the page as freed [ 79.830245][ T2944] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 2941, tgid 2940 (syz.0.15), ts 78739841069, free_ts 78954230352 [ 79.847868][ T2944] post_alloc_hook+0x286/0x2b0 [ 79.852632][ T2944] get_page_from_freelist+0x340b/0x35b0 [ 79.858249][ T2944] __alloc_pages+0x251/0x640 [ 79.862825][ T2944] __folio_alloc+0xf/0x30 [ 79.867293][ T2944] vma_alloc_folio+0x484/0x9e0 [ 79.872050][ T2944] shmem_alloc_and_acct_folio+0x44a/0xaf0 [ 79.877761][ T2944] shmem_get_folio_gfp+0x1197/0x25e0 [ 79.883077][ T2944] shmem_write_begin+0x159/0x400 [ 79.887995][ T2944] generic_perform_write+0x2f1/0x530 [ 79.893262][ T2944] __generic_file_write_iter+0x13e/0x2f0 [ 79.898876][ T2944] generic_file_write_iter+0x99/0x230 [ 79.904318][ T2944] vfs_write+0x99b/0xcf0 [ 79.908541][ T2944] ksys_write+0x15f/0x240 [ 79.912851][ T2944] do_syscall_64+0x3b/0x80 [ 79.917260][ T2944] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.923178][ T2944] page last free stack trace: [ 79.927913][ T2944] free_unref_page_prepare+0xd6c/0xf00 [ 79.933357][ T2944] free_unref_page_list+0x54b/0x7e0 [ 79.938622][ T2944] release_pages+0x1e0a/0x1fe0 [ 79.943374][ T2944] __pagevec_release+0x62/0xd0 [ 79.948205][ T2944] shmem_undo_range+0x66b/0x1b00 [ 79.953130][ T2944] shmem_evict_inode+0x354/0x860 [ 79.958136][ T2944] evict+0x486/0x8c0 [ 79.962041][ T2944] __dentry_kill+0x380/0x5d0 [ 79.966614][ T2944] dentry_kill+0xbb/0x1e0 [ 79.970932][ T2944] dput+0x154/0x2d0 [ 79.974821][ T2944] __fput+0x369/0x720 [ 79.978869][ T2944] task_work_run+0x206/0x280 [ 79.983440][ T2944] exit_to_user_mode_loop+0xa9/0xc0 [ 79.988617][ T2944] exit_to_user_mode_prepare+0x64/0xb0 [ 79.994073][ T2944] syscall_exit_to_user_mode+0x27/0x1b0 [ 79.999607][ T2944] do_syscall_64+0x47/0x80 [ 80.004054][ T2944] [ 80.006373][ T2944] Memory state around the buggy address: [ 80.011984][ T2944] ffff888067e76f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.020025][ T2944] ffff888067e76f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.028065][ T2944] >ffff888067e77000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.036104][ T2944] ^ [ 80.040153][ T2944] ffff888067e77080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.048281][ T2944] ffff888067e77100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.056410][ T2944] ================================================================== [ 80.064921][ T2944] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.072478][ T2944] Kernel Offset: disabled [ 80.076803][ T2944] Rebooting in 86400 seconds..