VFS: Found a Xenix FS (block size = 512) on device loop1 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9770, name: syz-executor.1 3 locks held by syz-executor.1/9770: #0: (sb_writers#16){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#16){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 9770 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fc3db57a0a9 RSP: 002b:00007fc3d9aec168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fc3db699f80 RCX: 00007fc3db57a0a9 RDX: 0000000000000000 RSI: 0000000000008001 RDI: 000000002000a340 RBP: 00007fc3db5d5ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffefa37a4f R14: 00007fc3d9aec300 R15: 0000000000022000 audit: type=1800 audit(1672173749.361:10): pid=9781 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13932 res=0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1672173749.361:11): pid=9781 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1461914848/syzkaller.slCjZt/10/file0" dev="sda1" ino=13932 res=1 device batadv1 entered promiscuous mode BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9770, name: syz-executor.1 3 locks held by syz-executor.1/9770: #0: (sb_writers#16){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#16){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){++++}, at: [] find_shared fs/sysv/itree.c:290 [inline] #2: (pointers_lock){++++}, at: [] sysv_truncate+0x29c/0xd70 fs/sysv/itree.c:394 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 9770 Comm: syz-executor.1 Tainted: G W 4.14.302-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 find_shared fs/sysv/itree.c:291 [inline] sysv_truncate+0x2c2/0xd70 fs/sysv/itree.c:394 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fc3db57a0a9 RSP: 002b:00007fc3d9aec168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fc3db699f80 RCX: 00007fc3db57a0a9 RDX: 0000000000000000 RSI: 0000000000008001 RDI: 000000002000a340 RBP: 00007fc3db5d5ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffefa37a4f R14: 00007fc3d9aec300 R15: 0000000000022000 8021q: adding VLAN 0 to HW filter on device batadv1 audit: type=1800 audit(1672173749.411:12): pid=9791 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13933 res=0 NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1804 audit(1672173749.421:13): pid=9791 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir1261267635/syzkaller.vMVALm/19/file0" dev="sda1" ino=13933 res=1 audit: type=1800 audit(1672173756.647:14): pid=9824 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13904 res=0 audit: type=1804 audit(1672173756.667:15): pid=9824 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir1261267635/syzkaller.vMVALm/20/file0" dev="sda1" ino=13904 res=1 audit: type=1800 audit(1672173750.852:16): pid=9826 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13936 res=0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. overlayfs: unrecognized mount option "redirect_dir=./file0" or missing value audit: type=1800 audit(1672173751.862:17): pid=9867 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13951 res=0 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 audit: type=1800 audit(1672173752.442:18): pid=9883 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13937 res=0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1800 audit(1672173752.832:19): pid=9884 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13938 res=0 ====================================================== WARNING: the mand mount option is being deprecated and will be removed in v5.15! ====================================================== audit: type=1800 audit(1672173753.462:20): pid=9895 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13945 res=0 gretap0: Invalid MTU 0 requested, hw min 68 audit: type=1800 audit(1672173754.012:21): pid=9898 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13923 res=0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. REISERFS (device loop4): using ordered data mode netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 x_tables: ip_tables: socket match: used from hooks PREROUTING/INPUT/OUTPUT, but only valid from PREROUTING/INPUT netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. __ntfs_warning: 3 callbacks suppressed ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. ntfs: volume version 3.1. ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set cp864. You might want to try to use the mount option nls=utf8. ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4. REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal REISERFS (device loop5): using ordered data mode REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): using ordered data mode REISERFS (device loop5): checking transaction log (loop5) reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. syz-executor.1 (10031) used greatest stack depth: 23816 bytes left XFS (loop1): Unmounting Filesystem REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30