[syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    499551201b5f Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=13a76f30580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6a2b862bf4a5409f
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17483cf8580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17a76f30580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/12df04796e30/disk-49955120.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/48be851df472/vmlinux-49955120.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ca727608fc80/bzImage-49955120.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/afa847f269d7/mount_0.gz

Bisection is inconclusive: the issue happens on the oldest tested release.

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=14de1fe8580000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=16de1fe8580000
console output: https://syzkaller.appspot.com/x/log.txt?x=12de1fe8580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
------------[ cut here ]------------
kernel BUG at fs/ocfs2/uptodate.c:509!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5831 Comm: syz-executor214 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ocfs2_set_new_buffer_uptodate+0x145/0x160 fs/ocfs2/uptodate.c:509
Code: 03 42 80 3c 20 00 74 08 48 89 df e8 75 af 63 fe 4c 8b 1b 4c 89 ff 5b 41 5c 41 5d 41 5e 41 5f e9 31 6c 29 08 e8 7c 4e fd fd 90 <0f> 0b e8 74 4e fd fd 90 0f 0b e8 6c 4e fd fd 90 0f 0b e8 64 4e fd
RSP: 0018:ffffc900033cfa30 EFLAGS: 00010293
RAX: ffffffff83a22574 RBX: 0000000000000001 RCX: ffff888034a03c00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc900033cfcf0 R08: ffffffff83a2245e R09: 1ffffffff2032fae
R10: dffffc0000000000 R11: fffffbfff2032faf R12: ffff8880754fcfb8
R13: dffffc0000000000 R14: ffff88807b765570 R15: ffff8880754f8830
FS:  0000555565eff380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000033ee0000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ocfs2_group_add+0x3a3/0x15a0 fs/ocfs2/resize.c:507
 ocfs2_ioctl+0x65e/0x7d0 fs/ocfs2/ioctl.c:891
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf7/0x170 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0b996cd6f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcd6119cf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f0b996cd6f9
RDX: 00000000200000c0 RSI: 0000000040186f02 RDI: 0000000000000004
RBP: 00007f0b99744610 R08: 0000000000000000 R09: 00007ffcd6119ec8
R10: 00007f0b99708ab3 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcd6119eb8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_set_new_buffer_uptodate+0x145/0x160 fs/ocfs2/uptodate.c:509
Code: 03 42 80 3c 20 00 74 08 48 89 df e8 75 af 63 fe 4c 8b 1b 4c 89 ff 5b 41 5c 41 5d 41 5e 41 5f e9 31 6c 29 08 e8 7c 4e fd fd 90 <0f> 0b e8 74 4e fd fd 90 0f 0b e8 6c 4e fd fd 90 0f 0b e8 64 4e fd
RSP: 0018:ffffc900033cfa30 EFLAGS: 00010293
RAX: ffffffff83a22574 RBX: 0000000000000001 RCX: ffff888034a03c00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc900033cfcf0 R08: ffffffff83a2245e R09: 1ffffffff2032fae
R10: dffffc0000000000 R11: fffffbfff2032faf R12: ffff8880754fcfb8
R13: dffffc0000000000 R14: ffff88807b765570 R15: ffff8880754f8830
FS:  0000555565eff380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000033ee0000 CR4: 0000000000350ef0


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         9b2ffa61 Merge tag 'mtd/fixes-for-6.13-rc5' of git://g..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=12a15adf980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=d269ef41b9262400
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11ae5adf980000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ocfs2_set_new_buffer_uptodate

------------[ cut here ]------------
kernel BUG at fs/ocfs2/uptodate.c:509!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 10858 Comm: syz.3.713 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ocfs2_set_new_buffer_uptodate+0x145/0x160 fs/ocfs2/uptodate.c:509
Code: 03 42 80 3c 20 00 74 08 48 89 df e8 65 ae 63 fe 4c 8b 1b 4c 89 ff 5b 41 5c 41 5d 41 5e 41 5f 41 ff e3 cc 90 e8 ac d1 ff fd 90 <0f> 0b e8 a4 d1 ff fd 90 0f 0b e8 9c d1 ff fd 90 0f 0b e8 94 d1 ff
RSP: 0018:ffffc9000c947a30 EFLAGS: 00010293
RAX: ffffffff839fa234 RBX: 0000000000000001 RCX: ffff888030438000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c947cf0 R08: ffffffff839fa11e R09: 1ffffffff2030a4e
R10: dffffc0000000000 R11: fffffbfff2030a4f R12: ffff8880586616b8
R13: dffffc0000000000 R14: ffff88805b8eaae0 R15: ffff88805b9f8830
FS:  00007fd029a316c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe9b947f000 CR3: 00000000283fa000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ocfs2_group_add+0x3a3/0x15a0 fs/ocfs2/resize.c:507
 ocfs2_ioctl+0x65e/0x7d0 fs/ocfs2/ioctl.c:891
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd028b85d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd029a31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd028d76080 RCX: 00007fd028b85d29
RDX: 00000000200000c0 RSI: 0000000040186f02 RDI: 0000000000000004
RBP: 00007fd028c01b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd028d76080 R15: 00007ffd6ac0c628
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_set_new_buffer_uptodate+0x145/0x160 fs/ocfs2/uptodate.c:509
Code: 03 42 80 3c 20 00 74 08 48 89 df e8 65 ae 63 fe 4c 8b 1b 4c 89 ff 5b 41 5c 41 5d 41 5e 41 5f 41 ff e3 cc 90 e8 ac d1 ff fd 90 <0f> 0b e8 a4 d1 ff fd 90 0f 0b e8 9c d1 ff fd 90 0f 0b e8 94 d1 ff
RSP: 0018:ffffc9000c947a30 EFLAGS: 00010293
RAX: ffffffff839fa234 RBX: 0000000000000001 RCX: ffff888030438000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c947cf0 R08: ffffffff839fa11e R09: 1ffffffff2030a4e
R10: dffffc0000000000 R11: fffffbfff2030a4f R12: ffff8880586616b8
R13: dffffc0000000000 R14: ffff88805b8eaae0 R15: ffff88805b9f8830
FS:  00007fd029a316c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe9ba1ff000 CR3: 00000000283fa000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


Tested on:

commit:         d6ef8b40 Merge tag 'sound-6.13-rc5' of git://git.kerne..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1319d90f980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4c4096b0d467a682
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1520badf980000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         552c5071 Merge tag 'vfio-v6.18-rc3' of https://github...
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1046ce7c580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b1620e3721dc97c0
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10ba43e2580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

ace will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.395182][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.416728][ T5971] device hsr_slave_0 entered promiscuous mode
[   47.423245][ T5971] device hsr_slave_1 entered promiscuous mode
[   47.471639][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.480389][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.489086][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.497565][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.513466][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.520632][ T5971] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.528003][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.535131][ T5971] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.561198][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.573567][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.582072][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.589977][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.597565][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   47.607679][ T5971] 8021q: adding VLAN 0 to HW filter on device team0
[   47.616985][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.625385][  T677] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.632487][  T677] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.642855][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.651418][  T677] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.658498][  T677] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.672523][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.681721][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.691754][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.702417][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.713153][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.723012][ T5971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.769360][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   47.776980][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   47.788069][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.802087][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.817286][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.825559][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   47.833747][  T786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   47.843065][ T5971] device veth0_vlan entered promiscuous mode
[   47.853007][ T5971] device veth1_vlan entered promiscuous mode
[   47.868131][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   47.876210][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   47.884528][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.894414][ T5971] device veth0_macvtap entered promiscuous mode
[   47.903703][ T5971] device veth1_macvtap entered promiscuous mode
[   47.916303][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.924143][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.932868][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   47.943246][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.950987][  T677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.961028][ T5971] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.969989][ T5971] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.978838][ T5971] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.987799][ T5971] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.035897][    C1] ================================================================================
[   48.045345][    C1] UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
[   48.053952][    C1] 1251854394 + 1856889025 cannot be represented in type 'int'
[   48.061418][    C1] CPU: 1 PID: 5984 Comm: modprobe Not tainted syzkaller #0
[   48.068591][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   48.078727][    C1] Call Trace:
[   48.081999][    C1]  <IRQ>
[   48.084847][    C1]  dump_stack+0xfd/0x16e
[   48.089084][    C1]  ubsan_epilogue+0xa/0x30
[   48.093473][    C1]  handle_overflow+0x192/0x1b0
[   48.098230][    C1]  ? prandom_u32+0x1d/0x1f0
[   48.102709][    C1]  ip_idents_reserve+0x14a/0x170
[   48.107672][    C1]  __ip_select_ident+0xe4/0x1c0
[   48.112497][    C1]  iptunnel_xmit+0x466/0x7b0
[   48.117065][    C1]  udp_tunnel_xmit_skb+0x1ba/0x290
[   48.122153][    C1]  geneve_xmit+0x1d05/0x2140
[   48.126729][    C1]  dev_hard_start_xmit+0x294/0x780
[   48.132192][    C1]  __dev_queue_xmit+0x1678/0x28b0
[   48.137274][    C1]  ip6_finish_output2+0x1020/0x1490
[   48.142557][    C1]  NF_HOOK+0x45/0x2c0
[   48.146551][    C1]  ? NF_HOOK+0x2c0/0x2c0
[   48.150889][    C1]  mld_sendpack+0x5f9/0xa70
[   48.155387][    C1]  mld_ifc_timer_expire+0x7e1/0x990
[   48.160579][    C1]  ? lock_acquire+0x78/0x310
[   48.165155][    C1]  ? lock_release+0x69/0x610
[   48.169820][    C1]  ? debug_object_deactivate+0x9b/0x250
[   48.175350][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   48.180456][    C1]  call_timer_fn+0x105/0x440
[   48.185031][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   48.190128][    C1]  __run_timers+0x5d8/0x7a0
[   48.194970][    C1]  ? __do_softirq+0x164/0x8ae
[   48.199635][    C1]  run_timer_softirq+0x19/0x30
[   48.204496][    C1]  __do_softirq+0x23c/0x8ae
[   48.208985][    C1]  ? asm_call_irq_on_stack+0xf/0x20
[   48.214251][    C1]  asm_call_irq_on_stack+0xf/0x20
[   48.219386][    C1]  </IRQ>
[   48.222309][    C1]  do_softirq_own_stack+0x6d/0xb0
[   48.227317][    C1]  __irq_exit_rcu+0x1e1/0x1f0
[   48.231975][    C1]  irq_exit_rcu+0x5/0x20
[   48.236201][    C1]  sysvec_apic_timer_interrupt+0x9d/0xb0
[   48.241991][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   48.247952][    C1] RIP: 0010:xas_next_entry+0x96/0x3d0
[   48.253418][    C1] Code: b6 04 18 84 c0 0f 85 19 03 00 00 41 0f b6 2c 24 31 ff 89 ee e8 1b 31 de ff 85 ed 0f 85 f5 02 00 00 4c 89 64 24 18 49 8d 4f 12 <48> 89 0c 24 48 c1 e9 03 48 89 4c 24 20 0f b6 04 19 84 c0 0f 85 fc
[   48.273552][    C1] RSP: 0000:ffffc900018ffc60 EFLAGS: 00000246
[   48.279869][    C1] RAX: ffffffff81918485 RBX: dffffc0000000000 RCX: ffffc900018ffd2a
[   48.287824][    C1] RDX: ffff888021f18000 RSI: 0000000000000000 RDI: 0000000000000000
[   48.295956][    C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffff940000ad161
[   48.304003][    C1] R10: fffff940000ad161 R11: 1ffffd40000ad160 R12: ffff8880245a3180
[   48.312223][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc900018ffd18
[   48.320216][    C1]  ? xas_next_entry+0x85/0x3d0
[   48.324967][    C1]  ? unlock_page+0x17c/0x210
[   48.329645][    C1]  filemap_map_pages+0x5fe/0xa30
[   48.334573][    C1]  handle_mm_fault+0x16b8/0x2930
[   48.339498][    C1]  do_user_addr_fault+0x468/0xa50
[   48.344635][    C1]  ? asm_exc_page_fault+0x8/0x30
[   48.349551][    C1]  exc_page_fault+0x67/0x100
[   48.354134][    C1]  asm_exc_page_fault+0x1e/0x30
[   48.359062][    C1] RIP: 0033:0x7f8f0a2e0a55
[   48.363612][    C1] Code: d2 39 c1 0f 8f 7c 00 00 00 2d 80 0f 00 00 0f 86 a8 fc ff ff 45 31 c0 83 e8 60 0f 8f 8d 00 00 00 0f 1f 44 00 00 c5 fe 6f 04 17 <c5> fd 74 0c 16 c5 85 74 d0 c5 ed df c9 c5 fd d7 c9 ff c1 75 28 83
[   48.383203][    C1] RSP: 002b:00007ffe9e48a9e8 EFLAGS: 00010283
[   48.389369][    C1] RAX: 00000000ffffffbf RBX: 0000560d57518000 RCX: 00000000000003f0
[   48.397494][    C1] RDX: 0000000000000000 RSI: 00007f8f0a4003f0 RDI: 00007ffe9e48af9f
[   48.405577][    C1] RBP: 00007ffe9e48ab38 R08: 0000000000000000 R09: 00007f8f0a42fa60
[   48.413539][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   48.421495][    C1] R13: 00007ffe9e48ab60 R14: 00007f8f0a460000 R15: 0000560d57519d98
[   48.429493][    C1] ================================================================================
[   48.438917][    C1] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   48.446229][    C1] CPU: 1 PID: 5984 Comm: modprobe Not tainted syzkaller #0
[   48.453574][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   48.463620][    C1] Call Trace:
[   48.466930][    C1]  <IRQ>
[   48.469786][    C1]  dump_stack+0xfd/0x16e
[   48.474260][    C1]  panic+0x2f0/0x9c0
[   48.478304][    C1]  check_panic_on_warn+0x95/0xe0
[   48.483324][    C1]  handle_overflow+0x192/0x1b0
[   48.488166][    C1]  ? prandom_u32+0x1d/0x1f0
[   48.492648][    C1]  ip_idents_reserve+0x14a/0x170
[   48.497566][    C1]  __ip_select_ident+0xe4/0x1c0
[   48.502403][    C1]  iptunnel_xmit+0x466/0x7b0
[   48.507007][    C1]  udp_tunnel_xmit_skb+0x1ba/0x290
[   48.512102][    C1]  geneve_xmit+0x1d05/0x2140
[   48.516699][    C1]  dev_hard_start_xmit+0x294/0x780
[   48.521904][    C1]  __dev_queue_xmit+0x1678/0x28b0
[   48.526917][    C1]  ip6_finish_output2+0x1020/0x1490
[   48.532265][    C1]  NF_HOOK+0x45/0x2c0
[   48.536362][    C1]  ? NF_HOOK+0x2c0/0x2c0
[   48.540600][    C1]  mld_sendpack+0x5f9/0xa70
[   48.545084][    C1]  mld_ifc_timer_expire+0x7e1/0x990
[   48.550256][    C1]  ? lock_acquire+0x78/0x310
[   48.554818][    C1]  ? lock_release+0x69/0x610
[   48.559386][    C1]  ? debug_object_deactivate+0x9b/0x250
[   48.564916][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   48.570159][    C1]  call_timer_fn+0x105/0x440
[   48.574730][    C1]  ? mld_gq_timer_expire+0xe0/0xe0
[   48.580362][    C1]  __run_timers+0x5d8/0x7a0
[   48.584876][    C1]  ? __do_softirq+0x164/0x8ae
[   48.589741][    C1]  run_timer_softirq+0x19/0x30
[   48.594575][    C1]  __do_softirq+0x23c/0x8ae
[   48.599107][    C1]  ? asm_call_irq_on_stack+0xf/0x20
[   48.604286][    C1]  asm_call_irq_on_stack+0xf/0x20
[   48.609288][    C1]  </IRQ>
[   48.612210][    C1]  do_softirq_own_stack+0x6d/0xb0
[   48.617294][    C1]  __irq_exit_rcu+0x1e1/0x1f0
[   48.621954][    C1]  irq_exit_rcu+0x5/0x20
[   48.626175][    C1]  sysvec_apic_timer_interrupt+0x9d/0xb0
[   48.631799][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   48.637759][    C1] RIP: 0010:xas_next_entry+0x96/0x3d0
[   48.643107][    C1] Code: b6 04 18 84 c0 0f 85 19 03 00 00 41 0f b6 2c 24 31 ff 89 ee e8 1b 31 de ff 85 ed 0f 85 f5 02 00 00 4c 89 64 24 18 49 8d 4f 12 <48> 89 0c 24 48 c1 e9 03 48 89 4c 24 20 0f b6 04 19 84 c0 0f 85 fc
[   48.662984][    C1] RSP: 0000:ffffc900018ffc60 EFLAGS: 00000246
[   48.669035][    C1] RAX: ffffffff81918485 RBX: dffffc0000000000 RCX: ffffc900018ffd2a
[   48.677198][    C1] RDX: ffff888021f18000 RSI: 0000000000000000 RDI: 0000000000000000
[   48.685542][    C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffff940000ad161
[   48.693603][    C1] R10: fffff940000ad161 R11: 1ffffd40000ad160 R12: ffff8880245a3180
[   48.701553][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc900018ffd18
[   48.709709][    C1]  ? xas_next_entry+0x85/0x3d0
[   48.714730][    C1]  ? unlock_page+0x17c/0x210
[   48.719314][    C1]  filemap_map_pages+0x5fe/0xa30
[   48.724318][    C1]  handle_mm_fault+0x16b8/0x2930
[   48.729240][    C1]  do_user_addr_fault+0x468/0xa50
[   48.734236][    C1]  ? asm_exc_page_fault+0x8/0x30
[   48.739360][    C1]  exc_page_fault+0x67/0x100
[   48.743925][    C1]  asm_exc_page_fault+0x1e/0x30
[   48.748752][    C1] RIP: 0033:0x7f8f0a2e0a55
[   48.753345][    C1] Code: d2 39 c1 0f 8f 7c 00 00 00 2d 80 0f 00 00 0f 86 a8 fc ff ff 45 31 c0 83 e8 60 0f 8f 8d 00 00 00 0f 1f 44 00 00 c5 fe 6f 04 17 <c5> fd 74 0c 16 c5 85 74 d0 c5 ed df c9 c5 fd d7 c9 ff c1 75 28 83
[   48.773588][    C1] RSP: 002b:00007ffe9e48a9e8 EFLAGS: 00010283
[   48.779672][    C1] RAX: 00000000ffffffbf RBX: 0000560d57518000 RCX: 00000000000003f0
[   48.787743][    C1] RDX: 0000000000000000 RSI: 00007f8f0a4003f0 RDI: 00007ffe9e48af9f
[   48.796300][    C1] RBP: 00007ffe9e48ab38 R08: 0000000000000000 R09: 00007f8f0a42fa60
[   48.804330][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   48.812278][    C1] R13: 00007ffe9e48ab60 R14: 00007f8f0a460000 R15: 0000560d57519d98
[   48.820381][    C1] Kernel Offset: disabled
[   48.824731][    C1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3457238269=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at e2beed91937
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"e2beed91937c0ace342f19a2e9afb67adb3a828a\"
/usr/bin/ld: /tmp/cciE1xKJ.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=166e93e2580000


Tested on:

commit:         d3d0b4e2 Linux 5.10.245
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=39182a54870857eb
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=111d0be2580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         8e6e2188 Linux 6.1.157
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14017734580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3fff88b67220f824
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=167dc614580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         4fc43deb Linux 6.12.55
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10e363cd980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1729db04580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-5.10.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-5.10.y"]: exit status 128


Tested on:

commit:         [unknown 
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-5.10.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11fa5e7c580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-6.1.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-6.1.y"]: exit status 128


Tested on:

commit:         [unknown 
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-6.1.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=112a6c92580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-6.12.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-6.12.y"]: exit status 128


Tested on:

commit:         [unknown 
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-6.12.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13f157e2580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/ocfs2_fs.h:474:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:489:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:502:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:646:26: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:659:16: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:807:37: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:943:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:1030:39: error: expected ';' at end of declaration list


Tested on:

commit:         d3d0b4e2 Linux 5.10.245
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13cc432f980000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/ocfs2_fs.h:472:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:487:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:500:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:644:26: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:657:16: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:805:37: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:941:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:1028:39: error: expected ';' at end of declaration list


Tested on:

commit:         8e6e2188 Linux 6.1.157
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17d377e2580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         4fc43deb Linux 6.12.55
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y
console output: https://syzkaller.appspot.com/x/log.txt?x=177e6fe2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=16ac432f980000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: signed-integer-overflow in ip_idents_reserve

================================================================================
UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
-936049278 + -1759288793 cannot be represented in type 'int'
CPU: 0 PID: 6874 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <IRQ>
 dump_stack+0xfd/0x16e lib/dump_stack.c:118
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:148
 handle_overflow+0x192/0x1b0 lib/ubsan.c:180
 arch_atomic_add_return arch/x86/include/asm/atomic.h:165 [inline]
 atomic_add_return include/asm-generic/atomic-instrumented.h:73 [inline]
 ip_idents_reserve+0x14a/0x170 net/ipv4/route.c:521
 __ip_select_ident+0xe4/0x1c0 net/ipv4/route.c:538
 iptunnel_xmit+0x466/0x7b0 net/ipv4/ip_tunnel_core.c:80
 udp_tunnel_xmit_skb+0x1ba/0x290 net/ipv4/udp_tunnel_core.c:190
 geneve_xmit_skb drivers/net/geneve.c:1004 [inline]
 geneve_xmit+0x1d05/0x2140 drivers/net/geneve.c:1117
 __netdev_start_xmit include/linux/netdevice.h:4824 [inline]
 netdev_start_xmit include/linux/netdevice.h:4838 [inline]
 xmit_one net/core/dev.c:3601 [inline]
 dev_hard_start_xmit+0x294/0x780 net/core/dev.c:3617
 __dev_queue_xmit+0x1678/0x28b0 net/core/dev.c:4203
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x1020/0x1490 net/ipv6/ip6_output.c:130
 NF_HOOK+0x45/0x2c0 include/linux/netfilter.h:297
 mld_sendpack+0x5f9/0xa70 net/ipv6/mcast.c:1676
 mld_send_cr net/ipv6/mcast.c:1972 [inline]
 mld_ifc_timer_expire+0x7e1/0x990 net/ipv6/mcast.c:2471
 call_timer_fn+0x105/0x440 kernel/time/timer.c:1444
 expire_timers kernel/time/timer.c:1489 [inline]
 __run_timers+0x5d8/0x7a0 kernel/time/timer.c:1783
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1796
 __do_softirq+0x23c/0x8ae kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x6d/0xb0 arch/x86/kernel/irq_64.c:77
 do_softirq+0xa9/0xf0 kernel/softirq.c:343
 __local_bh_enable_ip+0x10e/0x170 kernel/softirq.c:195
 rcu_read_unlock_bh include/linux/rcupdate.h:806 [inline]
 __dev_queue_xmit+0x1824/0x28b0 net/core/dev.c:4230
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:297 [inline]
 __netlink_deliver_tap+0x50e/0x740 net/netlink/af_netlink.c:315
 netlink_deliver_tap+0x175/0x180 net/netlink/af_netlink.c:328
 __netlink_sendskb net/netlink/af_netlink.c:1257 [inline]
 netlink_sendskb+0x64/0x140 net/netlink/af_netlink.c:1266
 netlink_ack+0x8c0/0xc00 net/netlink/af_netlink.c:2473
 netlink_rcv_skb+0x1fc/0x390 net/netlink/af_netlink.c:2509
 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
 netlink_unicast+0x7b7/0x9b0 net/netlink/af_netlink.c:1340
 netlink_sendmsg+0x968/0xb50 net/netlink/af_netlink.c:1914
 sock_sendmsg_nosec net/socket.c:651 [inline]
 __sock_sendmsg+0x15c/0x170 net/socket.c:663
 __sys_sendto+0x323/0x430 net/socket.c:2005
 __do_sys_sendto net/socket.c:2017 [inline]
 __se_sys_sendto net/socket.c:2013 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:2013
 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f2fd8c899e3
Code: 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d 81 7b 21 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
RSP: 002b:00007fff58713e38 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f2fd99fd620 RCX: 00007f2fd8c899e3
RDX: 0000000000000020 RSI: 00007f2fd99fd670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007fff58713e54 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f2fd99fd670 R15: 0000000000000000
================================================================================


Tested on:

commit:         d3d0b4e2 Linux 5.10.245
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12be9932580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=39182a54870857eb
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=16911258580000

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         8e6e2188 Linux 6.1.157
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1564efe2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3fff88b67220f824
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1094bd42580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com
Tested-by: syzbot+7aef76bdb53b83d62a9e@syzkaller.appspotmail.com

Tested on:

commit:         4408a3d6 Linux 6.12.56
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14310e14580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11db6fe2580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)

[syzbot]

syzbot suspects this issue was fixed by commit:

commit 93ce0ff117b0c468961d7c296a03ad57e1e8da9f
Author: Deepanshu Kartikey <kartikey406@gmail.com>
Date:   Thu Oct 30 15:30:03 2025 +0000

    ocfs2: validate cl_bpc in allocator inodes to prevent divide-by-zero

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=143ebd9a580000
start commit:   499551201b5f Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=6a2b862bf4a5409f
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=136ab2df980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=124f6f30580000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: ocfs2: validate cl_bpc in allocator inodes to prevent divide-by-zero

For information about bisection process see: https://goo.gl/tpsmEJ#bisection