VFS: Found a Xenix FS (block size = 512) on device loop4 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 11607, name: syz-executor.4 3 locks held by syz-executor.4/11607: #0: (sb_writers#21){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#21){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock#2){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 11607 Comm: syz-executor.4 Not tainted 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fa0173300c9 RSP: 002b:00007fa0158a2168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fa01744ff80 RCX: 00007fa0173300c9 RDX: 0000000000000000 RSI: 0000000000007b31 RDI: 00000000200001c0 RBP: 00007fa01738bae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc99336e8f R14: 00007fa0158a2300 R15: 0000000000022000 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=216, limit=128 loop4: rw=0, want=616, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=209, limit=128 attempt to access beyond end of device loop4: rw=0, want=416, limit=128 attempt to access beyond end of device loop4: rw=0, want=609, limit=128 loop4: rw=0, want=210, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=409, limit=128 loop4: rw=0, want=610, limit=128 loop4: rw=0, want=211, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=611, limit=128 loop4: rw=0, want=410, limit=128 loop4: rw=0, want=212, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=411, limit=128 loop4: rw=0, want=612, limit=128 loop4: rw=0, want=213, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=412, limit=128 loop4: rw=0, want=214, limit=128 loop4: rw=0, want=613, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=215, limit=128 loop4: rw=0, want=413, limit=128 attempt to access beyond end of device loop4: rw=0, want=614, limit=128 loop4: rw=0, want=216, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=414, limit=128 EXT4-fs error (device loop3): ext4_ext_check_inode:510: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) loop4: rw=0, want=615, limit=128 attempt to access beyond end of device EXT4-fs error (device loop3): ext4_orphan_get:1244: comm syz-executor.3: couldn't read orphan inode 15 (err -117) loop4: rw=0, want=415, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=616, limit=128 loop4: rw=0, want=416, limit=128 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue overlayfs: fs on './file0' does not support file handles, falling back to index=off. kvm [11633]: vcpu0, guest rIP: 0x918f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x920f disabled perfctr wrmsr: 0xc1 data 0xfc00 overlayfs: upper fs needs to support d_type. kvm [11633]: vcpu0, guest rIP: 0x928f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x930f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x938f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x940f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x948f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x950f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x958f disabled perfctr wrmsr: 0xc1 data 0xfc00 kvm [11633]: vcpu0, guest rIP: 0x960f disabled perfctr wrmsr: 0xc1 data 0xfc00 audit: type=1800 audit(1675098530.044:15): pid=11669 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14183 res=0 VFS: Found a Xenix FS (block size = 512) on device loop4 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 11665, name: syz-executor.4 3 locks held by syz-executor.4/11665: #0: (sb_writers#21){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#21){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock#2){++++}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 11665 Comm: syz-executor.4 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fa0173300c9 RSP: 002b:00007fa0158a2168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fa01744ff80 RCX: 00007fa0173300c9 RDX: 0000000000000000 RSI: 0000000000007b31 RDI: 00000000200001c0 RBP: 00007fa01738bae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc99336e8f R14: 00007fa0158a2300 R15: 0000000000022000 attempt to access beyond end of device loop4: rw=0, want=616, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=416, limit=128 loop4: rw=0, want=216, limit=128 loop4: rw=0, want=609, limit=128 attempt to access beyond end of device attempt to access beyond end of device buffer_io_error: 86 callbacks suppressed Buffer I/O error on dev loop4p2, logical block 8, async page read loop4: rw=0, want=209, limit=128 loop4: rw=0, want=409, limit=128 Buffer I/O error on dev loop4p7, logical block 8, async page read attempt to access beyond end of device attempt to access beyond end of device Buffer I/O error on dev loop4p3, logical block 8, async page read loop4: rw=0, want=410, limit=128 attempt to access beyond end of device Buffer I/O error on dev loop4p7, logical block 9, async page read loop4: rw=0, want=610, limit=128 loop4: rw=0, want=210, limit=128 attempt to access beyond end of device loop4: rw=0, want=411, limit=128 Buffer I/O error on dev loop4p3, logical block 9, async page read Buffer I/O error on dev loop4p7, logical block 10, async page read Buffer I/O error on dev loop4p2, logical block 9, async page read attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=611, limit=128 attempt to access beyond end of device loop4: rw=0, want=412, limit=128 Buffer I/O error on dev loop4p2, logical block 10, async page read loop4: rw=0, want=211, limit=128 Buffer I/O error on dev loop4p7, logical block 11, async page read Buffer I/O error on dev loop4p3, logical block 10, async page read attempt to access beyond end of device loop4: rw=0, want=612, limit=128 attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=613, limit=128 loop4: rw=0, want=212, limit=128 loop4: rw=0, want=413, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=213, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=614, limit=128 loop4: rw=0, want=214, limit=128 loop4: rw=0, want=414, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=215, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=615, limit=128 loop4: rw=0, want=216, limit=128 loop4: rw=0, want=415, limit=128 attempt to access beyond end of device attempt to access beyond end of device BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 11665, name: syz-executor.4 loop4: rw=0, want=616, limit=128 3 locks held by syz-executor.4/11665: #0: (sb_writers#21){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#21){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#27){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: loop4: rw=0, want=416, limit=128 (pointers_lock#2){++++}, at: [] find_shared fs/sysv/itree.c:290 [inline] (pointers_lock#2){++++}, at: [] sysv_truncate+0x29c/0xd70 fs/sysv/itree.c:394 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 11665 Comm: syz-executor.4 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 find_shared fs/sysv/itree.c:291 [inline] sysv_truncate+0x2c2/0xd70 fs/sysv/itree.c:394 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fa0173300c9 RSP: 002b:00007fa0158a2168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fa01744ff80 RCX: 00007fa0173300c9 RDX: 0000000000000000 RSI: 0000000000007b31 RDI: 00000000200001c0 RBP: 00007fa01738bae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc99336e8f R14: 00007fa0158a2300 R15: 0000000000022000 print_req_error: 233 callbacks suppressed print_req_error: I/O error, dev loop4, sector 608 print_req_error: I/O error, dev loop4, sector 208 print_req_error: I/O error, dev loop4, sector 608 print_req_error: I/O error, dev loop4, sector 208 print_req_error: I/O error, dev loop4, sector 209 print_req_error: I/O error, dev loop4, sector 210 print_req_error: I/O error, dev loop4, sector 211 print_req_error: I/O error, dev loop4, sector 212 print_req_error: I/O error, dev loop4, sector 213 print_req_error: I/O error, dev loop4, sector 214 VFS: Found a Xenix FS (block size = 512) on device loop4 audit: type=1800 audit(1675098533.825:16): pid=11745 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14179 res=0 VFS: Found a Xenix FS (block size = 512) on device loop4 kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns Cannot find add_set index 0 as target kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. buffer_io_error: 254 callbacks suppressed Buffer I/O error on dev loop4p2, logical block 8, async page read BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 Buffer I/O error on dev loop4p2, logical block 9, async page read Buffer I/O error on dev loop4p2, logical block 10, async page read devid 1 transid 8 /dev/loop5 Buffer I/O error on dev loop4p2, logical block 11, async page read Buffer I/O error on dev loop4p2, logical block 12, async page read Buffer I/O error on dev loop4p2, logical block 13, async page read Buffer I/O error on dev loop4p2, logical block 14, async page read Buffer I/O error on dev loop4p2, logical block 15, async page read Buffer I/O error on dev loop4p3, logical block 8, async page read Buffer I/O error on dev loop4p3, logical block 9, async page read BTRFS info (device loop5): enabling inode map caching netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS warning (device loop5): excessive commit interval 622039222 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. BTRFS info (device loop5): force zlib compression BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents