audit: type=1804 audit(1677949885.615:21816): pid=26678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1765296461/syzkaller.YlyWnI/466/bus" dev="sda1" ino=14002 res=1 audit: type=1800 audit(1677949885.615:21817): pid=26678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=14002 res=0 FAT-fs (loop2): Unrecognized mount option "î" or missing value INFO: task kworker/u4:9:10842 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 audit: type=1804 audit(1677949885.805:21818): pid=26695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir1765296461/syzkaller.YlyWnI/466/bus" dev="sda1" ino=14002 res=1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:9 D26176 10842 2 0x80000000 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 f2fs_balance_fs+0x709/0xd80 fs/f2fs/segment.c:512 f2fs_write_inode+0x500/0x600 fs/f2fs/inode.c:630 write_inode fs/fs-writeback.c:1244 [inline] __writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442 writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647 __writeback_inodes_wb+0xc6/0x280 fs/fs-writeback.c:1716 wb_writeback+0x841/0xcc0 fs/fs-writeback.c:1822 wb_check_old_data_flush fs/fs-writeback.c:1924 [inline] wb_do_writeback fs/fs-writeback.c:1977 [inline] wb_workfn+0x8ba/0x1250 fs/fs-writeback.c:2006 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 f2fs_msg: 188 callbacks suppressed F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Showing all locks held in the system: F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 1 lock held by khungtaskd/1568: #0: 00000000c3248047 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7847: #0: 000000005e0fec69 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 4 locks held by kworker/u4:9/10842: #0: 000000004fc9c0b9 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000033e3fd58 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000b781a532 (&type->s_umount_key#64){++++}, at: trylock_super+0x1d/0x100 fs/super.c:412 F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 #3: 000000001b730e3d (&sbi->gc_mutex){+.+.}, at: f2fs_balance_fs+0x709/0xd80 fs/f2fs/segment.c:512 3 locks held by syz-executor.0/17675: 3 locks held by kworker/u4:10/20027: #0: 00000000f73e6416 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 #1: 00000000419fa0fa (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 #2: 00000000ecce2e37 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 F2FS-fs (loop0): sanity_check_inode: inode (ino=8) has corrupted i_extra_isize: 36, max: 24 2 locks held by syz-executor.1/26623: #0: 00000000371f4ff7 (rtnl_mutex){+.+.}, at: ppp_release+0x11d/0x1e0 drivers/net/ppp/ppp_generic.c:407 #1: 00000000b4469d70 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #1: 00000000b4469d70 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1568 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 17675 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:26 [inline] RIP: 0010:__orc_find+0x7c/0xf0 arch/x86/kernel/unwind_orc.c:48 Code: e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 <84> d2 75 48 48 63 03 48 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec RSP: 0018:ffff8880ba0076c0 EFLAGS: 00000202 RAX: 0000000000000007 RBX: ffffffff8b3051cc RCX: ffffffff810059a3 RDX: 0000000000000000 RSI: ffffffff8b8cd712 RDI: ffffffff8b3051c0 RBP: ffffffff8b3051c0 R08: 0000000000000000 R09: ffffffff8b8cd712 R10: ffff8880ba007897 R11: 0000000000074071 R12: ffffffff8b3051dc R13: ffffffff8b3051c0 R14: ffffffff8b3051c0 R15: dffffc0000000000 FS: 00007f0ace549700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2dd27000 CR3: 0000000093c6a000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: orc_find arch/x86/kernel/unwind_orc.c:159 [inline] unwind_next_frame+0x339/0x1400 arch/x86/kernel/unwind_orc.c:422 __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 kmem_cache_alloc_node_trace+0x151/0x3b0 mm/slab.c:3668 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0xae/0x560 net/core/skbuff.c:205 __netdev_alloc_skb+0x76/0x460 net/core/skbuff.c:407 netdev_alloc_skb include/linux/skbuff.h:2680 [inline] dev_alloc_skb include/linux/skbuff.h:2693 [inline] __ieee80211_beacon_get+0xc7d/0x1a30 net/mac80211/tx.c:4352 ieee80211_beacon_get_tim+0x88/0x890 net/mac80211/tx.c:4463 ieee80211_beacon_get include/net/mac80211.h:4484 [inline] mac80211_hwsim_beacon_tx+0xff/0x680 drivers/net/wireless/mac80211_hwsim.c:1577 __iterate_interfaces+0x2e1/0x4a0 net/mac80211/util.c:614 ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:650 mac80211_hwsim_beacon+0xc9/0x190 drivers/net/wireless/mac80211_hwsim.c:1615 __tasklet_hrtimer_trampoline+0x29/0xa0 kernel/softirq.c:601 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:console_unlock+0xe7b/0x1110 kernel/printk/printk.c:2468 Code: ff df 48 c1 e8 03 80 3c 08 00 0f 85 66 02 00 00 48 83 3d cf c3 a3 08 00 0f 84 9e 00 00 00 e8 ac c6 14 00 48 8b 7c 24 30 57 9d <0f> 1f 44 00 00 e9 9b fc ff ff e8 96 c6 14 00 0f 0b e8 8f c6 14 00 RSP: 0018:ffff88809202e2b8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff888041a98300 RBX: 0000000000000200 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffffff814dbec4 RDI: 0000000000000293 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8446efa0 R13: 000000000000006b R14: 0000000000000000 R15: ffffffff8a6dd090 vprintk_emit+0x2d1/0x740 kernel/printk/printk.c:1965 vprintk_func+0x79/0x180 kernel/printk/printk_safe.c:405 printk+0xba/0xed kernel/printk/printk.c:2040 f2fs_msg.cold+0x20/0x25 fs/f2fs/super.c:210 sanity_check_inode fs/f2fs/inode.c:246 [inline] do_read_inode fs/f2fs/inode.c:362 [inline] f2fs_iget+0x1db8/0x4ce0 fs/f2fs/inode.c:439 gc_data_segment fs/f2fs/gc.c:955 [inline] do_garbage_collect fs/f2fs/gc.c:1109 [inline] f2fs_gc+0x2992/0x8c90 fs/f2fs/gc.c:1196 f2fs_balance_fs+0x71a/0xd80 fs/f2fs/segment.c:513 __write_data_page+0xab8/0x22d0 fs/f2fs/data.c:1975 f2fs_write_cache_pages+0x96e/0x13e0 fs/f2fs/data.c:2107 __f2fs_write_data_pages fs/f2fs/data.c:2217 [inline] f2fs_write_data_pages+0xcc3/0x1060 fs/f2fs/data.c:2244 do_writepages+0xe5/0x290 mm/page-writeback.c:2344 __filemap_fdatawrite_range+0x27d/0x350 mm/filemap.c:446 file_write_and_wait_range+0x93/0x100 mm/filemap.c:776 f2fs_do_sync_file+0x2eb/0x2550 fs/f2fs/file.c:228 f2fs_sync_file+0x136/0x190 fs/f2fs/file.c:334 vfs_fsync_range+0x13a/0x220 fs/sync.c:197 generic_write_sync include/linux/fs.h:2750 [inline] f2fs_file_write_iter+0x64b/0xbe0 fs/f2fs/file.c:3044 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 __kernel_write+0x109/0x370 fs/read_write.c:506 dump_emit+0x183/0x300 fs/coredump.c:801 elf_core_dump+0x33c0/0x4c10 fs/binfmt_elf.c:2392 do_coredump+0x1d4e/0x2d60 fs/coredump.c:765 get_signal+0xed9/0x1f70 kernel/signal.c:2583 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198  Lost 10 message(s)!