./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3191305956 <...> Warning: Permanently added '10.128.1.160' (ECDSA) to the list of known hosts. execve("./syz-executor3191305956", ["./syz-executor3191305956"], 0x7fffb38d7d20 /* 10 vars */) = 0 brk(NULL) = 0x555556e8b000 brk(0x555556e8bc40) = 0x555556e8bc40 arch_prctl(ARCH_SET_FS, 0x555556e8b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3191305956", 4096) = 28 brk(0x555556eacc40) = 0x555556eacc40 brk(0x555556ead000) = 0x555556ead000 mprotect(0x7fa3b9357000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 creat("./file1", 000) = 3 memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3b0e94000 write(4, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 munmap(0x7fa3b0e94000, 65536) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = 0 close(4) = 0 mkdir("./file1", 0777) = -1 EEXIST (File exists) mount("/dev/loop0", "./file1", "sysv", 0, "\xff\x03") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory) ioctl(5, LOOP_CLR_FD) = 0 close(5) = 0 syzkaller login: [ 71.369826][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor319' [ 71.387096][ T4994] loop0: detected capacity change from 0 to 128 [ 71.398179][ T4994] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 71.410775][ T4994] syz-executor319: attempt to access beyond end of device [ 71.410775][ T4994] loop0: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 71.426489][ T4994] Buffer I/O error on dev loop0, logical block 8767744, async page read [ 71.435593][ T4994] syz-executor319: attempt to access beyond end of device [ 71.435593][ T4994] loop0: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 71.449935][ T4994] Buffer I/O error on dev loop0, logical block 13269809, async page read [ 71.458694][ T4994] syz-executor319: attempt to access beyond end of device [ 71.458694][ T4994] loop0: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 71.472710][ T4994] Buffer I/O error on dev loop0, logical block 1157, async page read [ 71.481095][ T4994] syz-executor319: attempt to access beyond end of device [ 71.481095][ T4994] loop0: rw=0, sector=3211264, nr_sectors = 1 limit=128 [ 71.495344][ T4994] Buffer I/O error on dev loop0, logical block 3211264, async page read [ 71.503793][ T4994] syz-executor319: attempt to access beyond end of device [ 71.503793][ T4994] loop0: rw=0, sector=8768635, nr_sectors = 1 limit=128 [ 71.517810][ T4994] Buffer I/O error on dev loop0, logical block 8768635, async page read [ 71.526239][ T4994] syz-executor319: attempt to access beyond end of device [ 71.526239][ T4994] loop0: rw=0, sector=13466417, nr_sectors = 1 limit=128 [ 71.540276][ T4994] Buffer I/O error on dev loop0, logical block 13466417, async page read [ 71.548804][ T4994] syz-executor319: attempt to access beyond end of device [ 71.548804][ T4994] loop0: rw=0, sector=209285, nr_sectors = 1 limit=128 [ 71.562722][ T4994] Buffer I/O error on dev loop0, logical block 209285, async page read [ 71.571451][ T4994] BUG: sleeping function called from invalid context at fs/buffer.c:1380 [ 71.580117][ T4994] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4994, name: syz-executor319 [ 71.589669][ T4994] preempt_count: 1, expected: 0 [ 71.594583][ T4994] RCU nest depth: 0, expected: 0 [ 71.599551][ T4994] 3 locks held by syz-executor319/4994: [ 71.605145][ T4994] #0: ffff88802a8751a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c0/0x1ce0 [ 71.615124][ T4994] #1: ffff888073df8328 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xf1/0x7c0 [ 71.626386][ T4994] #2: ffffffff8d1f0378 (pointers_lock){.+.+}-{2:2}, at: get_block+0x15f/0x16a0 [ 71.635557][ T4994] Preemption disabled at: [ 71.635569][ T4994] [<0000000000000000>] 0x0 [ 71.644354][ T4994] CPU: 1 PID: 4994 Comm: syz-executor319 Not tainted 6.4.0-rc2-syzkaller-00018-g4d6d4c7f541d #0 [ 71.654786][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 71.664856][ T4994] Call Trace: [ 71.668151][ T4994] [ 71.671082][ T4994] dump_stack_lvl+0x1e7/0x2d0 [ 71.675777][ T4994] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.681257][ T4994] ? panic+0x770/0x770 [ 71.685340][ T4994] __might_resched+0x5cf/0x780 [ 71.690124][ T4994] ? __might_sleep+0xc0/0xc0 [ 71.694753][ T4994] __getblk_gfp+0x45/0xcc0 [ 71.699198][ T4994] ? read_lock_is_recursive+0x20/0x20 [ 71.704600][ T4994] ? get_block+0x18b/0x16a0 [ 71.709131][ T4994] __bread_gfp+0x2e/0x380 [ 71.713505][ T4994] get_branch+0x2af/0x660 [ 71.717964][ T4994] get_block+0x17c/0x16a0 [ 71.722316][ T4994] ? folio_create_buffers+0x132/0x250 [ 71.727702][ T4994] ? sysv_truncate+0x1050/0x1050 [ 71.732705][ T4994] ? zero_user_segments+0x2be/0x350 [ 71.737924][ T4994] block_read_full_folio+0x47b/0x1000 [ 71.743317][ T4994] ? sysv_truncate+0x1050/0x1050 [ 71.748262][ T4994] ? block_is_partially_uptodate+0x590/0x590 [ 71.754262][ T4994] ? readahead_folio+0x32d/0x620 [ 71.759211][ T4994] ? sysv_writepage+0x30/0x30 [ 71.763900][ T4994] read_pages+0x5fa/0x830 [ 71.768256][ T4994] ? page_cache_ra_unbounded+0x7c0/0x7c0 [ 71.773903][ T4994] ? __filemap_add_folio+0x1b60/0x1b60 [ 71.779397][ T4994] ? down_read+0x1b5/0x2f0 [ 71.783839][ T4994] page_cache_ra_unbounded+0x697/0x7c0 [ 71.789336][ T4994] filemap_get_pages+0x49c/0x20c0 [ 71.794586][ T4994] ? __lock_acquire+0x1295/0x2000 [ 71.799670][ T4994] ? filemap_read+0x1170/0x1170 [ 71.804540][ T4994] ? __might_sleep+0xc0/0xc0 [ 71.809160][ T4994] filemap_read+0x45a/0x1170 [ 71.813795][ T4994] ? lockdep_hardirqs_on+0x98/0x140 [ 71.819043][ T4994] ? filemap_get_folios_tag+0x8b0/0x8b0 [ 71.824625][ T4994] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 71.830573][ T4994] ? generic_file_read_iter+0x94/0x540 [ 71.836061][ T4994] ? iov_iter_kvec+0x4e/0x1e0 [ 71.840790][ T4994] __kernel_read+0x422/0x8a0 [ 71.845403][ T4994] ? kasan_set_track+0x4f/0x70 [ 71.850190][ T4994] ? rw_verify_area+0x1a0/0x1a0 [ 71.855079][ T4994] integrity_kernel_read+0xb0/0xf0 [ 71.860213][ T4994] ? integrity_inode_free+0x240/0x240 [ 71.865606][ T4994] ima_calc_file_hash+0x1643/0x1d20 [ 71.870847][ T4994] ? register_lock_class+0x104/0x990 [ 71.876160][ T4994] ? ima_alloc_tfm+0x310/0x310 [ 71.880973][ T4994] ? read_lock_is_recursive+0x20/0x20 [ 71.886471][ T4994] ? __mutex_trylock_common+0x182/0x2e0 [ 71.892055][ T4994] ? __might_sleep+0xc0/0xc0 [ 71.896682][ T4994] ? inode_query_iversion+0x183/0x200 [ 71.902070][ T4994] ? inode_maybe_inc_iversion+0x1f0/0x1f0 [ 71.907803][ T4994] ? rcu_is_watching+0x15/0xb0 [ 71.912597][ T4994] ? trace_contention_end+0x3c/0xf0 [ 71.917846][ T4994] ima_collect_measurement+0x3a7/0x880 [ 71.923345][ T4994] ? ima_get_action+0xb0/0xb0 [ 71.928042][ T4994] ? is_bad_inode+0xd/0x40 [ 71.932579][ T4994] process_measurement+0xfdb/0x1ce0 [ 71.937820][ T4994] ? ima_file_mmap+0x2b0/0x2b0 [ 71.942603][ T4994] ? smk_access+0x4b0/0x4b0 [ 71.947147][ T4994] ? smack_file_receive+0x4e0/0x4e0 [ 71.952372][ T4994] ? do_raw_spin_unlock+0x13b/0x8b0 [ 71.957589][ T4994] ? smack_current_getsecid_subj+0x22/0xf0 [ 71.963445][ T4994] ima_file_check+0xf1/0x170 [ 71.968071][ T4994] ? do_dentry_open+0xc1d/0x10f0 [ 71.973032][ T4994] ? ima_bprm_check+0x2b0/0x2b0 [ 71.977908][ T4994] path_openat+0x280a/0x3170 [ 71.982534][ T4994] ? do_filp_open+0x490/0x490 [ 71.987236][ T4994] do_filp_open+0x234/0x490 [ 71.991752][ T4994] ? vfs_tmpfile+0x4a0/0x4a0 [ 71.996459][ T4994] ? _raw_spin_unlock+0x28/0x40 [ 72.001327][ T4994] ? alloc_fd+0x59c/0x640 [ 72.005684][ T4994] do_sys_openat2+0x13f/0x500 [ 72.010636][ T4994] ? print_irqtrace_events+0x220/0x220 [ 72.016213][ T4994] ? do_sys_open+0x230/0x230 [ 72.020944][ T4994] ? lockdep_hardirqs_on+0x98/0x140 [ 72.026157][ T4994] ? _raw_spin_unlock_irq+0x2e/0x50 [ 72.031365][ T4994] ? ptrace_notify+0x278/0x380 [ 72.036146][ T4994] __x64_sys_open+0x225/0x270 [ 72.040843][ T4994] ? do_sys_openat2+0x500/0x500 [ 72.045734][ T4994] ? syscall_enter_from_user_mode+0x32/0x230 [ 72.051732][ T4994] ? syscall_enter_from_user_mode+0x8c/0x230 [ 72.057739][ T4994] do_syscall_64+0x41/0xc0 [ 72.062175][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.068166][ T4994] RIP: 0033:0x7fa3b92e0b59 [ 72.072593][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.092384][ T4994] RSP: 002b:00007ffe386d2448 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 72.100813][ T4994] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fa3b92e0b59 [ 72.108795][ T4994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 72.116771][ T4994] RBP: 00007fa3b92a0190 R08: 0000000000009e5d R09: 0000000000000000 [ 72.124748][ T4994] R10: 00007ffe386d2310 R11: 0000000000000246 R12: 00007fa3b92a0220 [ 72.132729][ T4994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.140723][ T4994] [ 72.149791][ T4994] syz-executor319: attempt to access beyond end of device [ 72.149791][ T4994] loop0: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 72.163841][ T4994] Buffer I/O error on dev loop0, logical block 8767744, async page read open("./file1", O_RDONLY) = 4 exit_group(0) = ? [ 72.172207][ T4994] syz-executor319: attempt to access beyond end of device [ 72.172207][ T4994] loop0: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 72.186269][ T4994] Buffer I/O error on dev loop0, logical block 13269809, async page read [ 72.194858][ T4994] syz-executor319: attempt to access beyond end of device [ 72.194858][ T4994] loop0: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 72.208685][ T4994] Buffer I/O error on dev loop0, logical block 1157, async page read +++ exited with 0 +++ [ 72.217776][ T27] audit: type=1800 audit(1684433868.790:2): pi