./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2150185528 <...> DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90 forked to background, child pid 4660 [ 30.675254][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.687123][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. execve("./syz-executor2150185528", ["./syz-executor2150185528"], 0x7fff947613a0 /* 10 vars */) = 0 brk(NULL) = 0x555557543000 brk(0x555557543c40) = 0x555557543c40 arch_prctl(ARCH_SET_FS, 0x555557543300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2150185528", 4096) = 28 brk(0x555557564c40) = 0x555557564c40 brk(0x555557565000) = 0x555557565000 mprotect(0x7f5c5a106000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 open("./file0", O_RDWR|O_CREAT|0x3c, 000) = 3 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c51c43000 write(4, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 munmap(0x7f5c51c43000, 65536) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = 0 close(4) = 0 mkdir("./file0", 0777) = -1 EEXIST (File exists) mount("/dev/loop0", "./file0", "sysv", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory) ioctl(5, LOOP_CLR_FD) = 0 close(5) = 0 syzkaller login: [ 55.132296][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor215' [ 55.148321][ T4992] loop0: detected capacity change from 0 to 128 [ 55.160034][ T4992] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 55.172407][ T4992] syz-executor215: attempt to access beyond end of device [ 55.172407][ T4992] loop0: rw=0, sector=3245512, nr_sectors = 1 limit=128 [ 55.186986][ T4992] Buffer I/O error on dev loop0, logical block 3245512, async page read [ 55.196033][ T4992] syz-executor215: attempt to access beyond end of device [ 55.196033][ T4992] loop0: rw=0, sector=8767867, nr_sectors = 1 limit=128 [ 55.210195][ T4992] Buffer I/O error on dev loop0, logical block 8767867, async page read [ 55.218562][ T4992] syz-executor215: attempt to access beyond end of device [ 55.218562][ T4992] loop0: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 55.232752][ T4992] Buffer I/O error on dev loop0, logical block 13269809, async page read [ 55.241585][ T4992] syz-executor215: attempt to access beyond end of device [ 55.241585][ T4992] loop0: rw=0, sector=8073605, nr_sectors = 1 limit=128 [ 55.255610][ T4992] Buffer I/O error on dev loop0, logical block 8073605, async page read [ 55.264056][ T4992] syz-executor215: attempt to access beyond end of device [ 55.264056][ T4992] loop0: rw=0, sector=3245515, nr_sectors = 1 limit=128 [ 55.278519][ T4992] Buffer I/O error on dev loop0, logical block 3245515, async page read [ 55.287015][ T4992] syz-executor215: attempt to access beyond end of device [ 55.287015][ T4992] loop0: rw=0, sector=8768635, nr_sectors = 1 limit=128 [ 55.300985][ T4992] Buffer I/O error on dev loop0, logical block 8768635, async page read [ 55.309738][ T4992] syz-executor215: attempt to access beyond end of device [ 55.309738][ T4992] loop0: rw=0, sector=13466417, nr_sectors = 1 limit=128 [ 55.323884][ T4992] Buffer I/O error on dev loop0, logical block 13466417, async page read [ 55.332471][ T4992] syz-executor215: attempt to access beyond end of device [ 55.332471][ T4992] loop0: rw=0, sector=8073605, nr_sectors = 1 limit=128 [ 55.346477][ T4992] Buffer I/O error on dev loop0, logical block 8073605, async page read [ 55.355007][ T4992] BUG: sleeping function called from invalid context at fs/buffer.c:1380 [ 55.363700][ T4992] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4992, name: syz-executor215 [ 55.373339][ T4992] preempt_count: 1, expected: 0 [ 55.378376][ T4992] RCU nest depth: 0, expected: 0 [ 55.383384][ T4992] 3 locks held by syz-executor215/4992: [ 55.388950][ T4992] #0: ffff888027c6e860 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c0/0x1ce0 [ 55.399927][ T4992] #1: ffff888077e20328 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xf1/0x7c0 [ 55.411168][ T4992] #2: ffffffff8d1f0238 (pointers_lock){.+.+}-{2:2}, at: get_block+0x15f/0x16a0 [ 55.420495][ T4992] Preemption disabled at: [ 55.420506][ T4992] [<0000000000000000>] 0x0 [ 55.429241][ T4992] CPU: 0 PID: 4992 Comm: syz-executor215 Not tainted 6.4.0-rc1-syzkaller-00026-g80e62bc8487b #0 [ 55.439654][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 55.449715][ T4992] Call Trace: [ 55.452985][ T4992] [ 55.455909][ T4992] dump_stack_lvl+0x1e7/0x2d0 [ 55.460582][ T4992] ? nf_tcp_handle_invalid+0x650/0x650 [ 55.466031][ T4992] ? panic+0x770/0x770 [ 55.470197][ T4992] __might_resched+0x5cf/0x780 [ 55.474970][ T4992] ? __might_sleep+0xc0/0xc0 [ 55.479644][ T4992] __getblk_gfp+0x45/0xcc0 [ 55.484138][ T4992] ? read_lock_is_recursive+0x20/0x20 [ 55.489505][ T4992] ? get_block+0x18b/0x16a0 [ 55.494014][ T4992] __bread_gfp+0x2e/0x380 [ 55.498343][ T4992] get_branch+0x2af/0x660 [ 55.502708][ T4992] get_block+0x17c/0x16a0 [ 55.507058][ T4992] ? folio_create_buffers+0x132/0x250 [ 55.512433][ T4992] ? sysv_truncate+0x1050/0x1050 [ 55.517400][ T4992] ? _raw_spin_unlock+0x28/0x40 [ 55.522259][ T4992] ? folio_create_buffers+0x132/0x250 [ 55.527638][ T4992] block_read_full_folio+0x47b/0x1000 [ 55.533020][ T4992] ? sysv_truncate+0x1050/0x1050 [ 55.537957][ T4992] ? block_is_partially_uptodate+0x590/0x590 [ 55.543955][ T4992] ? readahead_folio+0x32d/0x620 [ 55.548894][ T4992] ? sysv_writepage+0x30/0x30 [ 55.553572][ T4992] read_pages+0x5fa/0x830 [ 55.557910][ T4992] ? page_cache_ra_unbounded+0x7c0/0x7c0 [ 55.563548][ T4992] ? __filemap_add_folio+0x1b60/0x1b60 [ 55.569033][ T4992] ? __down_read_common+0x184/0x2c0 [ 55.574245][ T4992] page_cache_ra_unbounded+0x697/0x7c0 [ 55.579715][ T4992] filemap_get_pages+0x49c/0x20c0 [ 55.584747][ T4992] ? __lock_acquire+0x1295/0x2000 [ 55.589903][ T4992] ? filemap_read+0x1170/0x1170 [ 55.594775][ T4992] ? __might_sleep+0xc0/0xc0 [ 55.599381][ T4992] filemap_read+0x45a/0x1170 [ 55.603987][ T4992] ? lockdep_hardirqs_on+0x98/0x140 [ 55.609192][ T4992] ? filemap_get_folios_tag+0x8b0/0x8b0 [ 55.614739][ T4992] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 55.620730][ T4992] ? generic_file_read_iter+0x94/0x540 [ 55.626199][ T4992] ? iov_iter_kvec+0x4e/0x1e0 [ 55.630889][ T4992] __kernel_read+0x422/0x8a0 [ 55.635639][ T4992] ? kasan_set_track+0x4f/0x70 [ 55.640430][ T4992] ? rw_verify_area+0x1a0/0x1a0 [ 55.645317][ T4992] integrity_kernel_read+0xb0/0xf0 [ 55.650433][ T4992] ? integrity_inode_free+0x240/0x240 [ 55.655829][ T4992] ima_calc_file_hash+0x1643/0x1d20 [ 55.661062][ T4992] ? register_lock_class+0x104/0x990 [ 55.666402][ T4992] ? ima_alloc_tfm+0x310/0x310 [ 55.671269][ T4992] ? read_lock_is_recursive+0x20/0x20 [ 55.676661][ T4992] ? __mutex_trylock_common+0x182/0x2e0 [ 55.682219][ T4992] ? __might_sleep+0xc0/0xc0 [ 55.686905][ T4992] ? inode_query_iversion+0x183/0x200 [ 55.692287][ T4992] ? inode_maybe_inc_iversion+0x1f0/0x1f0 [ 55.698007][ T4992] ? rcu_is_watching+0x15/0xb0 [ 55.702770][ T4992] ? trace_contention_end+0x3c/0xf0 [ 55.708323][ T4992] ima_collect_measurement+0x3a7/0x880 [ 55.713794][ T4992] ? ima_get_action+0xb0/0xb0 [ 55.718476][ T4992] ? is_bad_inode+0xd/0x40 [ 55.722916][ T4992] process_measurement+0xfdb/0x1ce0 [ 55.728136][ T4992] ? ima_file_mmap+0x2b0/0x2b0 [ 55.732929][ T4992] ? smk_access+0x4b0/0x4b0 [ 55.737455][ T4992] ? smack_file_receive+0x4e0/0x4e0 [ 55.742665][ T4992] ? do_raw_spin_unlock+0x13b/0x8b0 [ 55.747871][ T4992] ? smack_current_getsecid_subj+0x22/0xf0 [ 55.753708][ T4992] ima_file_check+0xf1/0x170 [ 55.758318][ T4992] ? do_dentry_open+0xc1d/0x10f0 [ 55.763283][ T4992] ? ima_bprm_check+0x2b0/0x2b0 [ 55.768264][ T4992] path_openat+0x280a/0x3170 [ 55.773015][ T4992] ? do_filp_open+0x490/0x490 [ 55.777780][ T4992] do_filp_open+0x234/0x490 [ 55.782842][ T4992] ? vfs_tmpfile+0x4a0/0x4a0 [ 55.787489][ T4992] ? _raw_spin_unlock+0x28/0x40 [ 55.792423][ T4992] ? alloc_fd+0x59c/0x640 [ 55.796767][ T4992] do_sys_openat2+0x13f/0x500 [ 55.801451][ T4992] ? print_irqtrace_events+0x220/0x220 [ 55.807018][ T4992] ? do_sys_open+0x230/0x230 [ 55.811611][ T4992] ? lockdep_hardirqs_on+0x98/0x140 [ 55.816827][ T4992] ? _raw_spin_unlock_irq+0x2e/0x50 [ 55.822036][ T4992] ? ptrace_notify+0x278/0x380 [ 55.826907][ T4992] __x64_sys_open+0x225/0x270 [ 55.831620][ T4992] ? do_sys_openat2+0x500/0x500 [ 55.836493][ T4992] ? syscall_enter_from_user_mode+0x32/0x230 [ 55.842506][ T4992] ? syscall_enter_from_user_mode+0x8c/0x230 [ 55.848537][ T4992] do_syscall_64+0x41/0xc0 [ 55.852979][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.858903][ T4992] RIP: 0033:0x7f5c5a08f789 [ 55.863349][ T4992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.883075][ T4992] RSP: 002b:00007ffc94400328 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 55.891493][ T4992] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f5c5a08f789 [ 55.899466][ T4992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 55.907438][ T4992] RBP: 00007f5c5a04f020 R08: 0000000000009e07 R09: 0000000000000000 [ 55.915417][ T4992] R10: 00007ffc944001f0 R11: 0000000000000246 R12: 00007f5c5a04f0b0 [ 55.923471][ T4992] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 55.931542][ T4992] [ 55.935411][ T4992] syz-executor215: attempt to access beyond end of device [ 55.935411][ T4992] loop0: rw=0, sector=3245518, nr_sectors = 1 limit=128 [ 55.949592][ T4992] Buffer I/O error on dev loop0, logical block 3245518, async page read [ 55.957963][ T4992] syz-executor215: attempt to access beyond end of device [ 55.957963][ T4992] loop0: rw=0, sector=8769403, nr_sectors = 1 limit=128 [ 55.971996][ T4992] Buffer I/O error on dev loop0, logical block 8769403, async page read open("./file0", O_RDONLY) = 4 exit_group(0) = ? +++ exited with 0 +++ [ 55.981476][ T27] audit: type=1800 audit(1683820810.881