gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... ================================================================================ UBSAN: array-index-out-of-bounds in fs/gfs2/bmap.c:898:46 index 11 is out of range for type 'u64[11]' (aka 'unsigned long long[11]') CPU: 1 PID: 6504 Comm: syz-executor.0 Not tainted 6.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348 __gfs2_iomap_get+0x380/0x1058 fs/gfs2/bmap.c:898 gfs2_iomap_get fs/gfs2/bmap.c:1410 [inline] gfs2_block_map+0x2cc/0xca4 fs/gfs2/bmap.c:1225 gfs2_write_alloc_required+0x2dc/0x544 fs/gfs2/bmap.c:2333 gfs2_jdesc_check+0x19c/0x264 fs/gfs2/super.c:114 init_journal+0xb78/0x1fbc fs/gfs2/ops_fstype.c:804 init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1658/0x1fd4 fs/gfs2/ops_fstype.c:1253 get_tree_bdev+0x360/0x54c fs/super.c:1294 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1338 vfs_get_tree+0x90/0x274 fs/super.c:1501 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042 path_mount+0x590/0xe20 fs/namespace.c:3372 do_mount fs/namespace.c:3385 [inline] __do_sys_mount fs/namespace.c:3594 [inline] __se_sys_mount fs/namespace.c:3571 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 ================================================================================ ================================================================================ UBSAN: array-index-out-of-bounds in fs/gfs2/bmap.c:242:3 index 34 is out of range for type '__u16[10]' (aka 'unsigned short[10]') CPU: 1 PID: 6504 Comm: syz-executor.0 Not tainted 6.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348 find_metapath fs/gfs2/bmap.c:242 [inline] __gfs2_iomap_get+0x470/0x1058 fs/gfs2/bmap.c:900 gfs2_iomap_get fs/gfs2/bmap.c:1410 [inline] gfs2_block_map+0x2cc/0xca4 fs/gfs2/bmap.c:1225 gfs2_write_alloc_required+0x2dc/0x544 fs/gfs2/bmap.c:2333 gfs2_jdesc_check+0x19c/0x264 fs/gfs2/super.c:114 init_journal+0xb78/0x1fbc fs/gfs2/ops_fstype.c:804 init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1658/0x1fd4 fs/gfs2/ops_fstype.c:1253 get_tree_bdev+0x360/0x54c fs/super.c:1294 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1338 vfs_get_tree+0x90/0x274 fs/super.c:1501 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042 path_mount+0x590/0xe20 fs/namespace.c:3372 do_mount fs/namespace.c:3385 [inline] __do_sys_mount fs/namespace.c:3594 [inline] __se_sys_mount fs/namespace.c:3571 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 ================================================================================ ================================================================== BUG: KASAN: stack-out-of-bounds in find_metapath fs/gfs2/bmap.c:242 [inline] BUG: KASAN: stack-out-of-bounds in __gfs2_iomap_get+0x44c/0x1058 fs/gfs2/bmap.c:900 Write of size 2 at addr ffff80001e8a717e by task syz-executor.0/6504 CPU: 1 PID: 6504 Comm: syz-executor.0 Not tainted 6.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:319 [inline] print_report+0x174/0x514 mm/kasan/report.c:430 kasan_report+0xd4/0x130 mm/kasan/report.c:536 __asan_report_store2_noabort+0x2c/0x38 mm/kasan/report_generic.c:384 find_metapath fs/gfs2/bmap.c:242 [inline] __gfs2_iomap_get+0x44c/0x1058 fs/gfs2/bmap.c:900 gfs2_iomap_get fs/gfs2/bmap.c:1410 [inline] gfs2_block_map+0x2cc/0xca4 fs/gfs2/bmap.c:1225 gfs2_write_alloc_required+0x2dc/0x544 fs/gfs2/bmap.c:2333 gfs2_jdesc_check+0x19c/0x264 fs/gfs2/super.c:114 init_journal+0xb78/0x1fbc fs/gfs2/ops_fstype.c:804 init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1658/0x1fd4 fs/gfs2/ops_fstype.c:1253 get_tree_bdev+0x360/0x54c fs/super.c:1294 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1338 vfs_get_tree+0x90/0x274 fs/super.c:1501 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042 path_mount+0x590/0xe20 fs/namespace.c:3372 do_mount fs/namespace.c:3385 [inline] __do_sys_mount fs/namespace.c:3594 [inline] __se_sys_mount fs/namespace.c:3571 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 The buggy address belongs to stack of task syz-executor.0/6504 and is located at offset 318 in frame: arch_atomic64_or arch/arm64/include/asm/atomic.h:65 [inline] arch_atomic_long_or include/linux/atomic/atomic-long.h:329 [inline] arch_set_bit include/asm-generic/bitops/atomic.h:18 [inline] set_bit include/asm-generic/bitops/instrumented-atomic.h:29 [inline] gfs2_block_map+0x0/0xca4 fs/gfs2/bmap.c:1180 This frame has 3 objects: [32, 144) 'mp.i93' [176, 288) 'mp.i' [320, 400) 'iomap' The buggy address belongs to the virtual mapping at [ffff80001e8a0000, ffff80001e8a9000) created by: copy_process+0x4b8/0x3808 kernel/fork.c:2100 The buggy address belongs to the physical page: page:00000000bf55b6ac refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108fe7 memcg:ffff0000e38cec02 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff ffff0000e38cec02 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff80001e8a7000: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 ffff80001e8a7080: 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 >ffff80001e8a7100: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 ^ ffff80001e8a7180: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 ffff80001e8a7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== gfs2: fsid=syz:syz.0: fatal: filesystem consistency error inode = 1 71 function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 115 gfs2: fsid=syz:syz.0: G: s:SH n:2/47 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:889 gfs2: fsid=syz:syz.0: I: n:1/71 t:8 f:0x00 d:0x00000200 s:8388608 p:0 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 6504 Comm: syz-executor.0 Tainted: G B 6.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 gfs2_withdraw+0xf08/0x134c fs/gfs2/util.c:364 gfs2_consist_inode_i+0xf0/0x10c fs/gfs2/util.c:466 gfs2_jdesc_check+0x12c/0x264 init_journal+0xb78/0x1fbc fs/gfs2/ops_fstype.c:804 init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1658/0x1fd4 fs/gfs2/ops_fstype.c:1253 get_tree_bdev+0x360/0x54c fs/super.c:1294 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1338 vfs_get_tree+0x90/0x274 fs/super.c:1501 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042 path_mount+0x590/0xe20 fs/namespace.c:3372 do_mount fs/namespace.c:3385 [inline] __do_sys_mount fs/namespace.c:3594 [inline] __se_sys_mount fs/namespace.c:3571 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 gfs2: fsid=syz:syz.0: my journal (0) is bad: -5