[Cluster-devel] [PATCH] fs: dlm: fix return value check in dlm_memory_init()
It should check 'cb_cache', after calling kmem_cache_create("dlm_cb"). Fixes: 61bed0baa4db ("fs: dlm: use a non-static queue for callbacks") Signed-off-by: Yang Yingliang --- fs/dlm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/dlm/memory.c b/fs/dlm/memory.c index eb7a08641fcf..cdbaa452fc05 100644 --- a/fs/dlm/memory.c +++ b/fs/dlm/memory.c @@ -51,7 +51,7 @@ int __init dlm_memory_init(void) cb_cache = kmem_cache_create("dlm_cb", sizeof(struct dlm_callback), __alignof__(struct dlm_callback), 0, NULL); - if (!rsb_cache) + if (!cb_cache) goto cb; return 0; -- 2.25.1
[Cluster-devel] [syzbot] [gfs2?] BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=11859c5048 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101babb448 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10bfb18c48 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/0bee075b0175/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+da0fc229cc1ff4bb2...@syzkaller.appspotmail.com ri_length = 1 ri_data0 = 19 ri_data = 2060 ri_bitbytes = 514 start=0 len=514 offset=128 gfs2: fsid=syz:syz.s: R: n:18 f:00 b:0/0 i:0 q:0 r:0 e:0 Unable to handle kernel NULL pointer dereference at virtual address 0004 Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010e23f000 [0004] pgd=08010b804003, p4d=08010b804003, pud=08010a4e8003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3072 Comm: syz-executor147 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gfs2_rgrp_dump+0xa0/0x138 fs/gfs2/rgrp.c:2313 lr : gfs2_rgrp_dump+0x90/0x138 sp : 8fb93780 x29: 8fb937a0 x28: cb82a000 x27: cb82a000 x26: ca4de000 x25: 0808 x24: 080c x23: 0001c103 x22: ca4de000 x21: x20: 8fb937e0 x19: ca4de080 x18: 00c0 x17: 8dda8198 x16: 8dbe6158 x15: c680 x14: x13: x12: c680 x11: ff80892a5154 x10: x9 : 892a5154 x8 : x7 : 8c091ebc x6 : x5 : 0080 x4 : 0001 x3 : x2 : 0001fefbecd0 x1 : 8cc9c685 x0 : Call trace: gfs2_rgrp_dump+0xa0/0x138 fs/gfs2/rgrp.c:2312 gfs2_consist_rgrpd_i+0x78/0xe4 fs/gfs2/util.c:480 read_rindex_entry fs/gfs2/rgrp.c:931 [inline] gfs2_ri_update+0x398/0x7e4 fs/gfs2/rgrp.c:1001 gfs2_rindex_update+0x1b0/0x21c fs/gfs2/rgrp.c:1051 init_inodes+0x11c/0x184 fs/gfs2/ops_fstype.c:917 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: f94036c8 f001cfa1 911a1421 aa1503e0 (2940a909) ---[ end trace ]--- Code disassembly (best guess): 0: f94036c8ldr x8, [x22, #104] 4: f001cfa1adrpx1, 0x39f7000 8: 911a1421add x1, x1, #0x685 c: aa1503e0mov x0, x21 * 10: 2940a909ldp w9, w10, [x8, #4] <-- trapping instruction --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[Cluster-devel] [syzbot] [gfs2?] kernel panic: stack is corrupted in gfs2_block_map
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=10e77d2788 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=2b5229694171c6846a90 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11b3961048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a1c6f788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/72be6726ff4f/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2b5229694171c6846...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 125323 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: gfs2_block_map+0x33c/0x408 CPU: 1 PID: 3073 Comm: syz-executor388 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 panic+0x218/0x508 kernel/panic.c:274 warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:703 gfs2_block_map+0x33c/0x408 0x0 SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,040e0108,4c017203 Memory Limit: none Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in do_page_fault (3)
syzbot has found a reproducer for the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=11b7992848 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=2845b2dfa28dec36e215 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=156dcd5048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337f2e448 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9d323fcb08fb/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2845b2dfa28dec36e...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:4002 [syz-executor363] __gfs2_lookup+0x5c/0x1dc fs/gfs2/inode.c:870 BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:599 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4011, name: syz-executor363 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by syz-executor363/4011: #0: cfa98dd0 ( &type->i_mutex_dir_key #8 ){.+.+}-{3:3} , at: inode_lock_shared include/linux/fs.h:766 [inline] , at: open_last_lookups fs/namei.c:3480 [inline] , at: path_openat+0x2e4/0x11c4 fs/namei.c:3711 #1: 8d4a4640 ( rcu_read_lock ){}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:303 #2: c0e15648 ( &mm->mmap_lock){}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline] &mm->mmap_lock){}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:589 CPU: 1 PID: 4011 Comm: syz-executor363 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __might_resched+0x208/0x218 kernel/sched/core.c:9908 __might_sleep+0x48/0x78 kernel/sched/core.c:9837 do_page_fault+0x214/0x79c arch/arm64/mm/fault.c:599 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579 rcu_read_lock include/linux/rcupdate.h:739 [inline] dump_holder fs/gfs2/glock.c:2332 [inline] gfs2_dump_glock+0x4f4/0x904 fs/gfs2/glock.c:2447 gfs2_consist_inode_i+0x68/0x88 fs/gfs2/util.c:465 gfs2_dirent_scan+0x2dc/0x3b4 fs/gfs2/dir.c:602 gfs2_dirent_search+0x134/0x494 fs/gfs2/dir.c:850 gfs2_dir_search+0x58/0x130 fs/gfs2/dir.c:1650 gfs2_lookupi+0x23c/0x354 fs/gfs2/inode.c:323 __gfs2_lookup+0x5c/0x1dc fs/gfs2/inode.c:870 gfs2_atomic_open+0x74/0x148 fs/gfs2/inode.c:1274 atomic_open fs/namei.c:3276 [inline] lookup_open fs/namei.c:3384 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x67c/0x11c4 fs/namei.c:3711 do_filp_open+0xdc/0x1b8 fs/namei.c:3741 do_sys_openat2+0xb8/0x22c fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __arm64_sys_openat+0xb0/0xe0 fs/open.c:1337 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Unable to handle kernel NULL pointer dereference at virtual address 0021 Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000113364000 [0021] pgd=080111d8b003, p4d=080111d8b003, pud=080111d8c003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 4011 Comm: syz-executor
Re: [Cluster-devel] [syzbot] [gfs2?] possible deadlock in freeze_super (2)
syzbot has found a reproducer for the following issue on: HEAD commit:1b929c02afd3 Linux 6.2-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1144731248 kernel config: https://syzkaller.appspot.com/x/.config?x=68e0be42c8ee4bb4 dashboard link: https://syzkaller.appspot.com/bug?extid=be899d4f10b2a9522dce compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14b638c048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11b1727048 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2d8c5072480f/disk-1b929c02.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/46687f1395db/vmlinux-1b929c02.xz kernel image: https://storage.googleapis.com/syzbot-assets/26f1afa5ec00/bzImage-1b929c02.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/952580c084c8/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+be899d4f10b2a9522...@syzkaller.appspotmail.com == WARNING: possible circular locking dependency detected 6.2.0-rc1-syzkaller #0 Not tainted -- kworker/0:1H/52 is trying to acquire lock: 8880277440e0 (&type->s_umount_key#44){+.+.}-{3:3}, at: freeze_super+0x45/0x420 fs/super.c:1655 but task is already holding lock: c9bd7d00 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x831/0xdb0 kernel/workqueue.c:2264 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}: lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668 process_one_work+0x852/0xdb0 kernel/workqueue.c:2265 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 -> #1 ((wq_completion)glock_workqueue){+.+.}-{0:0}: lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668 __flush_workqueue+0x178/0x1680 kernel/workqueue.c:2809 gfs2_gl_hash_clear+0xa3/0x300 fs/gfs2/glock.c:2191 gfs2_put_super+0x862/0x8d0 fs/gfs2/super.c:627 generic_shutdown_super+0x130/0x310 fs/super.c:492 kill_block_super+0x79/0xd0 fs/super.c:1386 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1291 task_work_run+0x243/0x300 kernel/task_work.c:179 ptrace_notify+0x29a/0x340 kernel/signal.c:2354 ptrace_report_syscall include/linux/ptrace.h:411 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline] syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:251 syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:278 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:296 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (&type->s_umount_key#44){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain+0x1898/0x6ae0 kernel/locking/lockdep.c:3831 __lock_acquire+0x1292/0x1f60 kernel/locking/lockdep.c:5055 lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668 down_write+0x9c/0x270 kernel/locking/rwsem.c:1562 freeze_super+0x45/0x420 fs/super.c:1655 freeze_go_sync+0x178/0x340 fs/gfs2/glops.c:577 do_xmote+0x34d/0x13d0 fs/gfs2/glock.c:708 glock_work_func+0x2c2/0x450 fs/gfs2/glock.c:1056 process_one_work+0x877/0xdb0 kernel/workqueue.c:2289 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 other info that might help us debug this: Chain exists of: &type->s_umount_key#44 --> (wq_completion)glock_workqueue --> (work_completion)(&(&gl->gl_work)->work) Possible unsafe locking scenario: CPU0CPU1 lock((work_completion)(&(&gl->gl_work)->work)); lock((wq_completion)glock_workqueue); lock((work_completion)(&(&gl->gl_work)->work)); lock(&type->s_umount_key#44); *** DEADLOCK *** 2 locks held by kworker/0:1H/52: #0: 888018293938 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x7f2/0xdb0 #1: c9bd7d00 ((work_completion)(&(&gl->gl_work)->work) ){+.+.}-{0:0} , at: process_one_work+0x831/0xdb0 kernel/workqueue.c:2264 stack backtrace: CPU: 0 PID: 52 Comm: kworker/0:1H Not tainted 6.2.0-rc1-syzkalle
[Cluster-devel] [syzbot] [gfs2?] KASAN: use-after-free Read in qd_unlock (2)
Hello, syzbot found the following issue on: HEAD commit:1b929c02afd3 Linux 6.2-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1799c25048 kernel config: https://syzkaller.appspot.com/x/.config?x=68e0be42c8ee4bb4 dashboard link: https://syzkaller.appspot.com/bug?extid=3f6a670108ce43356017 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c4ea1848 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1359b33848 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2d8c5072480f/disk-1b929c02.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/46687f1395db/vmlinux-1b929c02.xz kernel image: https://storage.googleapis.com/syzbot-assets/26f1afa5ec00/bzImage-1b929c02.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/35edd581b491/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3f6a670108ce43356...@syzkaller.appspotmail.com R10: R11: 0246 R12: 7f2c431103d0 R13: 0001 R14: R15: 0001 == BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:72 [inline] BUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:490 Read of size 8 at addr 888073997090 by task syz-executor221/5069 CPU: 1 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:306 print_report+0x107/0x1f0 mm/kasan/report.c:417 kasan_report+0xcd/0x100 mm/kasan/report.c:517 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:72 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:490 gfs2_quota_sync+0x768/0x8b0 fs/gfs2/quota.c:1325 gfs2_sync_fs+0x49/0xb0 fs/gfs2/super.c:650 sync_filesystem+0xe8/0x220 fs/sync.c:56 generic_shutdown_super+0x6b/0x310 fs/super.c:474 kill_block_super+0x79/0xd0 fs/super.c:1386 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1291 task_work_run+0x243/0x300 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x644/0x2150 kernel/exit.c:867 do_group_exit+0x1fd/0x2b0 kernel/exit.c:1012 __do_sys_exit_group kernel/exit.c:1023 [inline] __se_sys_exit_group kernel/exit.c:1021 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1021 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2c4308d0c9 Code: Unable to access opcode bytes at 0x7f2c4308d09f. RSP: 002b:7ffcdd2f81f8 EFLAGS: 0246 ORIG_RAX: 00e7 RAX: ffda RBX: 7f2c431103d0 RCX: 7f2c4308d0c9 RDX: 003c RSI: 00e7 RDI: 0001 RBP: 0001 R08: ffc0 R09: 00012550 R10: R11: 0246 R12: 7f2c431103d0 R13: 0001 R14: R15: 0001 Allocated by task 5069: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 __kasan_slab_alloc+0x65/0x70 mm/kasan/common.c:325 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slab.h:761 [inline] slab_alloc_node mm/slub.c:3452 [inline] slab_alloc mm/slub.c:3460 [inline] __kmem_cache_alloc_lru mm/slub.c:3467 [inline] kmem_cache_alloc+0x1b3/0x350 mm/slub.c:3476 kmem_cache_zalloc include/linux/slab.h:710 [inline] qd_alloc+0x51/0x250 fs/gfs2/quota.c:216 gfs2_quota_init+0x7c4/0x10e0 fs/gfs2/quota.c:1415 gfs2_make_fs_rw+0x48e/0x590 fs/gfs2/super.c:153 gfs2_fill_super+0x2357/0x2700 fs/gfs2/ops_fstype.c:1274 get_tree_bdev+0x400/0x620 fs/super.c:1282 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 0: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518 kasan_slab_free
Re: [Cluster-devel] [syzbot] [gfs2?] INFO: task hung in gfs2_jhead_process_page
syzbot has found a reproducer for the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=172de6df88 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=b9c5afe053a08cd29468 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=116fc08848 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1756e06048 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/aa84169739f7/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b9c5afe053a08cd29...@syzkaller.appspotmail.com INFO: task kworker/1:2:2221 blocked for more than 143 seconds. Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:2 state:D stack:0 pid:2221 ppid:2 flags:0x0008 Workqueue: gfs_recovery gfs2_recover_func Call trace: __switch_to+0x180/0x298 arch/arm64/kernel/process.c:555 context_switch kernel/sched/core.c:5209 [inline] __schedule+0x408/0x594 kernel/sched/core.c:6521 schedule+0x64/0xa4 kernel/sched/core.c:6597 io_schedule+0x38/0xbc kernel/sched/core.c:8741 folio_wait_bit_common+0x430/0x97c mm/filemap.c:1296 folio_wait_bit+0x30/0x40 mm/filemap.c:1440 folio_wait_locked include/linux/pagemap.h:1022 [inline] gfs2_jhead_process_page+0xb4/0x40c fs/gfs2/lops.c:476 gfs2_find_jhead+0x450/0x50c fs/gfs2/lops.c:594 gfs2_recover_func+0x278/0xcc8 fs/gfs2/recovery.c:460 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 INFO: task syz-executor189:3110 blocked for more than 143 seconds. Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor189 state:D stack:0 pid:3110 ppid:3109 flags:0x0009 Call trace: __switch_to+0x180/0x298 arch/arm64/kernel/process.c:555 context_switch kernel/sched/core.c:5209 [inline] __schedule+0x408/0x594 kernel/sched/core.c:6521 schedule+0x64/0xa4 kernel/sched/core.c:6597 bit_wait+0x18/0x60 kernel/sched/wait_bit.c:199 __wait_on_bit kernel/sched/wait_bit.c:49 [inline] out_of_line_wait_on_bit+0xc8/0x140 kernel/sched/wait_bit.c:64 wait_on_bit include/linux/wait_bit.h:76 [inline] gfs2_recover_journal+0xc0/0x104 fs/gfs2/recovery.c:577 init_journal+0x930/0xcbc fs/gfs2/ops_fstype.c:835 init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/11: #0: 8d4a4768 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x3c/0x450 kernel/rcu/tasks.h:507 1 lock held by rcu_tasks_trace/12: #0: 8d4a4db8 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x3c/0x450 kernel/rcu/tasks.h:507 1 lock held by khungtaskd/27: #0: 8d4a4640 (rcu_read_lock){}-{1:2}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:303 2 locks held by kworker/1:2/2221: #0: c028d138 ((wq_completion)gfs_recovery){+.+.}-{0:0}, at: process_one_work+0x270/0x504 kernel/workqueue.c:2262 #1: 800015de3d80 ((work_completion)(&jd->jd_work)){+.+.}-{0:0}, at: process_one_work+0x29c/0x504 kernel/workqueue.c:2264 2 locks held by getty/2758: #0: c535f098 (&tty->ldisc_sem){}-{0:0}, at: tty_ldisc_ref_w
[Cluster-devel] [syzbot] [gfs2?] BUG: unable to handle kernel NULL pointer dereference in gfs2_rindex_update
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1130468c48 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=2b32df23ff6b5b307565 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141a939048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166a031788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9bf67d96dec4/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2b32df23ff6b5b307...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 32768 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms Unable to handle kernel NULL pointer dereference at virtual address 04b8 Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010d0e4000 [04b8] pgd=08010d0ef003, p4d=08010d0ef003, pud=08010c843003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3073 Comm: syz-executor647 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gfs2_rindex_update+0x4c/0x21c fs/gfs2/rgrp.c:1037 lr : gfs2_rindex_update+0x3c/0x21c fs/gfs2/rgrp.c:1035 sp : 800012f13610 x29: 800012f13650 x28: x27: x26: ca97a580 x25: cb5ee000 x24: cb5ee174 x23: x22: 8925c6b0 x21: 800012f13850 x20: cb5ee000 x19: x18: 800012f132d0 x17: 8dda8198 x16: 8dbe6158 x15: c99bcec0 x14: x13: x12: c99bcec0 x11: ff80892a1b7c x10: x9 : 892a1b7c x8 : c99bcec0 x7 : 8846001c x6 : x5 : x4 : x3 : 0002 x2 : x1 : x0 : Call trace: gfs2_rindex_update+0x4c/0x21c fs/gfs2/rgrp.c:1038 punch_hole+0x578/0x18b8 fs/gfs2/bmap.c:1796 gfs2_truncatei_resume+0x28/0x68 fs/gfs2/bmap.c:2154 inode_go_held+0xb8/0xe0 fs/gfs2/glops.c:513 gfs2_instantiate+0xf0/0x208 fs/gfs2/glock.c:529 gfs2_glock_holder_ready fs/gfs2/glock.c:1326 [inline] gfs2_glock_wait+0x10c/0x164 fs/gfs2/glock.c:1346 gfs2_glock_nq+0x104/0x220 fs/gfs2/glock.c:1596 gfs2_glock_nq_init fs/gfs2/glock.h:264 [inline] init_statfs fs/gfs2/ops_fstype.c:696 [inline] init_journal+0x7a8/0xcbc fs/gfs2/ops_fstype.c:820 init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: f943a293 b947c697 2a1f03e0 a902 (f9425e75) ---[ end trace ]--- Code disassembly (best guess): 0: f943a293ldr x19, [x20, #1856] 4: b947c697ldr w23, [x20, #1988] 8: 2a1f03e0mov w0, wzr c: a902stp xzr, xzr, [sp, #40] * 10: f9425e75ldr x21, [x19, #1208] <-- trapping instruction --- Thi
Re: [Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_evict_inode (2)
syzbot has found a reproducer for the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1555132788 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1718796f88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1735df8f88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/b4c763067524/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8a5fc6416c175cece...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: error recovering journal 0: -5 Unable to handle kernel NULL pointer dereference at virtual address 008c Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010dd7c000 [008c] pgd=08010bf77003, p4d=08010bf77003, pud=08010a9f1003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 3071 Comm: syz-executor179 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : evict_linked_inode fs/gfs2/super.c:1330 [inline] pc : gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385 lr : evict_linked_inode fs/gfs2/super.c:1328 [inline] lr : gfs2_evict_inode+0x6ec/0x918 fs/gfs2/super.c:1385 sp : 8ff73830 x29: 8ff738a0 x28: x27: x26: cb74c728 x25: 8004 x24: c9b25110 x23: cb74c000 x22: c9b24e70 x21: cb74c000 x20: ca579770 x19: ca5792c0 x18: 00c0 x17: 8dda8198 x16: 8dbe6158 x15: c407cec0 x14: 00b8 x13: x12: c407cec0 x11: ff8089278314 x10: x9 : 89278314 x8 : x7 : 8862aa80 x6 : x5 : x4 : 0001 x3 : x2 : 0001 x1 : x0 : cb74c000 Call trace: evict_linked_inode fs/gfs2/super.c:1330 [inline] gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385 evict+0xec/0x334 fs/inode.c:664 iput_final fs/inode.c:1747 [inline] iput+0x2c4/0x324 fs/inode.c:1773 gfs2_jindex_free+0x10c/0x16c fs/gfs2/super.c:75 init_journal+0x518/0xcbc fs/gfs2/ops_fstype.c:871 init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: 97ff3736 f94482e8 aa1703e0 2a1f03e1 (b9408d02) ---[ end trace ]--- Code disassembly (best guess): 0: 97ff3736bl 0xfffcdcd8 4: f94482e8ldr x8, [x23, #2304] 8: aa1703e0mov x0, x23 c: 2a1f03e1mov w1, wzr * 10: b9408d02ldr w2, [x8, #140] <-- trapping instruction
[Cluster-devel] [syzbot] [gfs2?] UBSAN: array-index-out-of-bounds in __gfs2_iomap_get
Hello, syzbot found the following issue on: HEAD commit:77856d911a8c Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=155a666388 kernel config: https://syzkaller.appspot.com/x/.config?x=f967143badd2fa39 dashboard link: https://syzkaller.appspot.com/bug?extid=45d4691b1ed3c48eba05 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160f494f88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123f957788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b424d9203f5/disk-77856d91.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/47fd68051834/vmlinux-77856d91.xz kernel image: https://storage.googleapis.com/syzbot-assets/d3091f087a86/bzImage-77856d91.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/67525acd7f1d/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+45d4691b1ed3c48eb...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 125323 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... UBSAN: array-index-out-of-bounds in fs/gfs2/bmap.c:901:46 index 11 is out of range for type 'u64 [11]' CPU: 0 PID: 5067 Comm: syz-executor164 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xe0/0x110 lib/ubsan.c:282 __gfs2_iomap_get+0x4a4/0x16e0 fs/gfs2/bmap.c:901 gfs2_iomap_get fs/gfs2/bmap.c:1399 [inline] gfs2_block_map+0x28f/0x7f0 fs/gfs2/bmap.c:1214 gfs2_write_alloc_required+0x441/0x6e0 fs/gfs2/bmap.c:2322 gfs2_jdesc_check+0x1b9/0x290 fs/gfs2/super.c:114 init_journal+0x5a4/0x22c0 fs/gfs2/ops_fstype.c:804 init_inodes+0xdc/0x340 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1bb2/0x2700 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x400/0x620 fs/super.c:1282 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2c63567aca Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd0e3a28d8 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 0003 RCX: 7f2c63567aca RDX: 20037f40 RSI: 20037f80 RDI: 7ffd0e3a28e0 RBP: 7ffd0e3a28e0 R08: 7ffd0e3a2920 R09: 00043350 R10: 0211 R11: 0282 R12: 0004 R13: 567192c0 R14: 7ffd0e3a2920 R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches