attempt to access beyond end of device loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10361, name: syz-executor.5 2 locks held by syz-executor.5/10361: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) print_req_error: 44 callbacks suppressed print_req_error: I/O error, dev loop4, sector 608 CPU: 1 PID: 10361 Comm: syz-executor.5 Not tainted 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: print_req_error: I/O error, dev loop4, sector 608 __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 print_req_error: I/O error, dev loop4, sector 609 read_pages mm/readahead.c:131 [inline] __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199 print_req_error: I/O error, dev loop4, sector 610 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 print_req_error: I/O error, dev loop4, sector 611 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 print_req_error: I/O error, dev loop4, sector 612 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 print_req_error: I/O error, dev loop4, sector 613 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 print_req_error: I/O error, dev loop4, sector 614 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 audit: type=1804 audit(1670266476.017:2): pid=10362 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir1818244702/syzkaller.x8tDRl/31/file0" dev="loop5" ino=2 res=1 print_req_error: I/O error, dev loop4, sector 615 print_req_error: I/O error, dev loop4, sector 208 attempt to access beyond end of device loop5: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop5: rw=0, want=8769404, limit=128 sysv_free_block: flc_count > flc_size A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. VFS: Found a Xenix FS (block size = 512) on device loop5 VFS: Found a Xenix FS (block size = 512) on device loop0 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=3245513, limit=128 A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. attempt to access beyond end of device audit: type=1804 audit(1670266476.768:3): pid=10468 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir1818244702/syzkaller.x8tDRl/32/file0" dev="loop5" ino=2 res=1 loop5: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop0: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop0: rw=0, want=8767868, limit=128 loop5: rw=0, want=13269810, limit=128 attempt to access beyond end of device audit: type=1804 audit(1670266476.818:4): pid=10472 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir3893492471/syzkaller.Cdoiti/38/file0" dev="loop0" ino=2 res=1 attempt to access beyond end of device loop0: rw=0, want=13269810, limit=128 attempt to access beyond end of device IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready loop0: rw=0, want=8073606, limit=128 A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop0: rw=0, want=3245516, limit=128 loop5: rw=0, want=3245516, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop0: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop5: rw=0, want=8768636, limit=128 loop0: rw=0, want=13466418, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 loop0: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size buffer_io_error: 136 callbacks suppressed Buffer I/O error on dev loop4p7, logical block 8, async page read Buffer I/O error on dev loop4p2, logical block 8, async page read Buffer I/O error on dev loop4p2, logical block 9, async page read Buffer I/O error on dev loop4p2, logical block 10, async page read Buffer I/O error on dev loop4p2, logical block 11, async page read Buffer I/O error on dev loop4p2, logical block 12, async page read Buffer I/O error on dev loop4p2, logical block 13, async page read Buffer I/O error on dev loop4p2, logical block 14, async page read Buffer I/O error on dev loop4p2, logical block 15, async page read sysv_free_block: flc_count > flc_size Buffer I/O error on dev loop4p7, logical block 9, async page read sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop0 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready attempt to access beyond end of device VFS: Found a Xenix FS (block size = 512) on device loop5 A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. loop0: rw=0, want=3245513, limit=128 attempt to access beyond end of device audit: type=1804 audit(1670266477.598:5): pid=10546 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir3893492471/syzkaller.Cdoiti/39/file0" dev="loop0" ino=2 res=1 loop5: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop0: rw=0, want=8767868, limit=128 audit: type=1804 audit(1670266477.648:6): pid=10550 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir1818244702/syzkaller.x8tDRl/33/file0" dev="loop5" ino=2 res=1 attempt to access beyond end of device loop5: rw=0, want=8767868, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=13269810, limit=128 loop0: rw=0, want=13269810, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop0: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop5: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop0: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop0: rw=0, want=8768636, limit=128 loop5: rw=0, want=8768636, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop0: rw=0, want=13466418, limit=128 loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 loop0: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop0 VFS: Found a Xenix FS (block size = 512) on device loop5 attempt to access beyond end of device loop0: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop5: rw=0, want=3245513, limit=128 attempt to access beyond end of device audit: type=1804 audit(1670266478.158:7): pid=10605 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir3893492471/syzkaller.Cdoiti/40/file0" dev="loop0" ino=2 res=1 loop0: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop5: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop5: rw=0, want=13269810, limit=128 audit: type=1800 audit(1670266478.208:8): pid=10604 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=13943 res=0 attempt to access beyond end of device audit: type=1804 audit(1670266478.218:9): pid=10610 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir1818244702/syzkaller.x8tDRl/34/file0" dev="loop5" ino=2 res=1 attempt to access beyond end of device loop0: rw=0, want=13269810, limit=128 loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop5: rw=0, want=3245516, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop0: rw=0, want=8073606, limit=128 loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop0: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop0: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop0: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop0: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop5: rw=0, want=3245513, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device loop5: rw=0, want=8767868, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop5: rw=0, want=13269810, limit=128 attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop5: rw=0, want=3245516, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop5: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670266478.608:10): pid=10586 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.5" name="/" dev="loop5" ino=2 res=0 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size audit: type=1800 audit(1670266479.208:11): pid=10710 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13897 res=0 INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 0 PID: 10704 Comm: syz-executor.1 Tainted: G W 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 register_lock_class+0x389/0x1180 kernel/locking/lockdep.c:768 __lock_acquire+0x167/0x3f20 kernel/locking/lockdep.c:3378 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 smc_close_active+0x7e2/0xbb0 net/smc/smc_close.c:207 smc_release+0x3e1/0x5d0 net/smc/af_smc.c:131 __sock_release+0xcd/0x2b0 net/socket.c:602 sock_close+0x15/0x20 net/socket.c:1139 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 PM: Basic memory bitmaps created tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 PM: Basic memory bitmaps freed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. PM: Basic memory bitmaps created PM: Basic memory bitmaps freed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. PM: Marking nosave pages: [mem 0x00000000-0x00000fff] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. kauditd_printk_skb: 8 callbacks suppressed audit: type=1800 audit(1670266480.978:20): pid=10814 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13958 res=0 PM: Basic memory bitmaps created audit: type=1804 audit(1670266480.988:21): pid=10814 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir1821285079/syzkaller.8vSPCI/36/file0" dev="sda1" ino=13958 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. print_req_error: 260 callbacks suppressed print_req_error: I/O error, dev loop4, sector 208 print_req_error: I/O error, dev loop4, sector 608 PM: Basic memory bitmaps freed print_req_error: I/O error, dev loop4, sector 408 print_req_error: I/O error, dev loop4, sector 608 print_req_error: I/O error, dev loop4, sector 609 print_req_error: I/O error, dev loop4, sector 610 print_req_error: I/O error, dev loop4, sector 611 print_req_error: I/O error, dev loop4, sector 612 print_req_error: I/O error, dev loop4, sector 613 print_req_error: I/O error, dev loop4, sector 614 audit: type=1804 audit(1670266480.988:22): pid=10814 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir1821285079/syzkaller.8vSPCI/36/file0" dev="sda1" ino=13958 res=1 audit: type=1800 audit(1670266481.498:23): pid=10840 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13979 res=0 audit: type=1804 audit(1670266481.518:24): pid=10840 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir465256613/syzkaller.7yLABq/60/file0" dev="sda1" ino=13979 res=1 audit: type=1804 audit(1670266481.518:25): pid=10840 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir465256613/syzkaller.7yLABq/60/file0" dev="sda1" ino=13979 res=1 audit: type=1800 audit(1670266481.868:26): pid=10871 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13978 res=0 audit: type=1804 audit(1670266481.878:27): pid=10871 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir1821285079/syzkaller.8vSPCI/37/file0" dev="sda1" ino=13978 res=1 audit: type=1804 audit(1670266481.888:28): pid=10871 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir1821285079/syzkaller.8vSPCI/37/file0" dev="sda1" ino=13978 res=1 audit: type=1800 audit(1670266482.338:29): pid=10909 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13897 res=0 buffer_io_error: 246 callbacks suppressed Buffer I/O error on dev loop4p7, logical block 8, async page read Buffer I/O error on dev loop4p2, logical block 8, async page read Buffer I/O error on dev loop4p2, logical block 9, async page read Buffer I/O error on dev loop4p2, logical block 10, async page read Buffer I/O error on dev loop4p2, logical block 11, async page read Buffer I/O error on dev loop4p2, logical block 12, async page read Buffer I/O error on dev loop4p2, logical block 13, async page read Buffer I/O error on dev loop4p2, logical block 14, async page read Buffer I/O error on dev loop4p2, logical block 15, async page read Buffer I/O error on dev loop4p7, logical block 9, async page read UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue syz-executor.0 (11100) used greatest stack depth: 24144 bytes left EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Bluetooth: hci5 command 0x0405 tx timeout EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue