================================================================== BUG: KASAN: user-memory-access in pid_is_meaningful fs/gfs2/glock.c:1466 [inline] BUG: KASAN: user-memory-access in dump_holder fs/gfs2/glock.c:2326 [inline] BUG: KASAN: user-memory-access in gfs2_dump_glock+0x1010/0x1558 fs/gfs2/glock.c:2440 Read of size 2 at addr 0000000045e0362e by task syz.0.7/4395 CPU: 1 PID: 4395 Comm: syz.0.7 Not tainted 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_report+0xe4/0x4c0 mm/kasan/report.c:398 kasan_report+0xd4/0x130 mm/kasan/report.c:495 __asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349 pid_is_meaningful fs/gfs2/glock.c:1466 [inline] dump_holder fs/gfs2/glock.c:2326 [inline] gfs2_dump_glock+0x1010/0x1558 fs/gfs2/glock.c:2440 gfs2_consist_inode_i+0xe8/0x10c fs/gfs2/util.c:467 gfs2_dirent_scan+0x458/0x584 fs/gfs2/dir.c:602 gfs2_dirent_search+0x28c/0x790 fs/gfs2/dir.c:850 gfs2_dir_search+0xb8/0x280 fs/gfs2/dir.c:1650 gfs2_lookupi+0x3ec/0x564 fs/gfs2/inode.c:323 __gfs2_lookup+0xb0/0x28c fs/gfs2/inode.c:870 gfs2_lookup+0x2c/0x3c fs/gfs2/inode.c:904 __lookup_slow+0x250/0x374 fs/namei.c:1690 lookup_slow+0x60/0x84 fs/namei.c:1707 walk_component fs/namei.c:1998 [inline] link_path_walk+0x830/0xcc8 fs/namei.c:2325 path_lookupat+0x90/0x3d0 fs/namei.c:2478 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508 user_path_at_empty+0x5c/0x84 fs/namei.c:2905 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3396 [inline] __do_sys_mount fs/namespace.c:3607 [inline] __se_sys_mount fs/namespace.c:3584 [inline] __arm64_sys_mount+0x428/0x594 fs/namespace.c:3584 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 ================================================================== BUG: sleeping function called from invalid context at mm/memory.c:5321 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4395, name: syz.0.7 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. CPU: 1 PID: 4395 Comm: syz.0.7 Tainted: G B 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __might_resched+0x37c/0x4d8 kernel/sched/core.c:9955 __might_sleep+0x90/0xe4 kernel/sched/core.c:9884 get_mmap_lock_carefully mm/memory.c:5321 [inline] lock_mm_and_find_vma+0x68/0x2e8 mm/memory.c:5382 do_page_fault+0x2d0/0x890 arch/arm64/mm/fault.c:577 do_translation_fault+0x94/0xc8 arch/arm64/mm/fault.c:667 do_mem_abort+0x74/0x200 arch/arm64/mm/fault.c:803 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:580 pid_is_meaningful fs/gfs2/glock.c:1466 [inline] dump_holder fs/gfs2/glock.c:2326 [inline] gfs2_dump_glock+0xa74/0x1558 fs/gfs2/glock.c:2440 gfs2_consist_inode_i+0xe8/0x10c fs/gfs2/util.c:467 gfs2_dirent_scan+0x458/0x584 fs/gfs2/dir.c:602 gfs2_dirent_search+0x28c/0x790 fs/gfs2/dir.c:850 gfs2_dir_search+0xb8/0x280 fs/gfs2/dir.c:1650 gfs2_lookupi+0x3ec/0x564 fs/gfs2/inode.c:323 __gfs2_lookup+0xb0/0x28c fs/gfs2/inode.c:870 gfs2_lookup+0x2c/0x3c fs/gfs2/inode.c:904 __lookup_slow+0x250/0x374 fs/namei.c:1690 lookup_slow+0x60/0x84 fs/namei.c:1707 walk_component fs/namei.c:1998 [inline] link_path_walk+0x830/0xcc8 fs/namei.c:2325 path_lookupat+0x90/0x3d0 fs/namei.c:2478 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508 user_path_at_empty+0x5c/0x84 fs/namei.c:2905 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3396 [inline] __do_sys_mount fs/namespace.c:3607 [inline] __se_sys_mount fs/namespace.c:3584 [inline] __arm64_sys_mount+0x428/0x594 fs/namespace.c:3584 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Unable to handle kernel paging request at virtual address 0000000045e0362e Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000133c96000 [0000000045e0362e] pgd=08000001045f8003, p4d=08000001045f8003, pud=0000000000000000 Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 4395 Comm: syz.0.7 Tainted: G B W 6.1.119-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : pid_is_meaningful fs/gfs2/glock.c:1466 [inline] pc : dump_holder fs/gfs2/glock.c:2326 [inline] pc : gfs2_dump_glock+0xa74/0x1558 fs/gfs2/glock.c:2440 lr : pid_is_meaningful fs/gfs2/glock.c:1466 [inline] lr : dump_holder fs/gfs2/glock.c:2326 [inline] lr : gfs2_dump_glock+0x1010/0x1558 fs/gfs2/glock.c:2440 sp : ffff8000216b6ec0 x29: ffff8000216b71c0 x28: 0000000000000040 x27: ffff800021617410 x26: 0000000045e0362e x25: ffff8000216b6fa0 x24: 0000000045e0360e x23: dfff800000000000 x22: ffff8000183fb000 x21: ffff8000216b6fc0 x20: 0000000000000001 x19: 0000000008bc06c5 x18: 1fffe000367a0576 x17: ffff800015a7d000 x16: ffff800012325074 x15: ffff0001b3d02bbc x14: ffff0001b3d02bb8 x13: 1fffe000367a0576 x12: 0000000000080000 x11: 000000000007ffff x10: ffff80002336c000 x9 : 0000000000000000 x8 : ffff0000d24ab780 x7 : 1fffe000367a0577 x6 : ffff800008277348 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000081a7f78 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000001 Call trace: pid_is_meaningful fs/gfs2/glock.c:1466 [inline] dump_holder fs/gfs2/glock.c:2326 [inline] gfs2_dump_glock+0xa74/0x1558 fs/gfs2/glock.c:2440 gfs2_consist_inode_i+0xe8/0x10c fs/gfs2/util.c:467 gfs2_dirent_scan+0x458/0x584 fs/gfs2/dir.c:602 gfs2_dirent_search+0x28c/0x790 fs/gfs2/dir.c:850 gfs2_dir_search+0xb8/0x280 fs/gfs2/dir.c:1650 gfs2_lookupi+0x3ec/0x564 fs/gfs2/inode.c:323 __gfs2_lookup+0xb0/0x28c fs/gfs2/inode.c:870 gfs2_lookup+0x2c/0x3c fs/gfs2/inode.c:904 __lookup_slow+0x250/0x374 fs/namei.c:1690 lookup_slow+0x60/0x84 fs/namei.c:1707 walk_component fs/namei.c:1998 [inline] link_path_walk+0x830/0xcc8 fs/namei.c:2325 path_lookupat+0x90/0x3d0 fs/namei.c:2478 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508 user_path_at_empty+0x5c/0x84 fs/namei.c:2905 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3396 [inline] __do_sys_mount fs/namespace.c:3607 [inline] __se_sys_mount fs/namespace.c:3584 [inline] __arm64_sys_mount+0x428/0x594 fs/namespace.c:3584 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Code: 9100831a d343ff53 38f76a68 35002c48 (79400354) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 9100831a add x26, x24, #0x20 4: d343ff53 lsr x19, x26, #3 8: 38f76a68 ldrsb w8, [x19, x23] c: 35002c48 cbnz w8, 0x594 * 10: 79400354 ldrh w20, [x26] <-- trapping instruction