attempt to access beyond end of device loop2: rw=0, want=8073606, limit=128 Buffer I/O error on dev loop2, logical block 8073605, async page read BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9756, name: syz-executor.2 2 locks held by syz-executor.2/9756: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 9756 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 read_pages mm/readahead.c:131 [inline] __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f9d12f720a9 RSP: 002b:00007f9d114e4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f9d13091f80 RCX: 00007f9d12f720a9 RDX: 0000000000000000 RSI: 000000000000007e RDI: 0000000020000180 RBP: 00007f9d12fcdae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe2a24ca3f R14: 00007f9d114e4300 R15: 0000000000022000 attempt to access beyond end of device loop2: rw=0, want=3245519, limit=128 Buffer I/O error on dev loop2, logical block 3245518, async page read attempt to access beyond end of device loop2: rw=0, want=8769404, limit=128 Buffer I/O error on dev loop2, logical block 8769403, async page read attempt to access beyond end of device loop2: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop2: rw=0, want=8767868, limit=128 attempt to access beyond end of device XFS (loop0): Mounting V4 Filesystem loop2: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop2: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop2: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop2: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop2: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop2: rw=0, want=8073606, limit=128 audit: type=1800 audit(1672258271.279:2): pid=9756 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="/" dev="loop2" ino=2 res=0 XFS (loop0): Ending clean mount XFS (loop0): Unmounting Filesystem L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount XFS (loop0): Unmounting Filesystem kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns device lo entered promiscuous mode Y4`Ҙ: renamed from lo EXT4-fs (loop1): Ignoring removed mblk_io_submit option EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258275.739:3): pid=10088 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/6/file0/bus" dev="loop0" ino=18 res=1 audit: type=1804 audit(1672258275.780:4): pid=10051 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/6/file0/bus" dev="loop0" ino=18 res=1 F2FS-fs (loop3): Corrupted extension count (4278190117 > 64) F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop3): invalid crc value F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 F2FS-fs (loop3): Corrupted max_depth of 3: 2049 xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258276.430:5): pid=10141 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/7/bus" dev="sda1" ino=13956 res=1 EXT4-fs (loop0): Unrecognized mount option "./bus" or missing value xt_conntrack: cannot load conntrack support for proto=10 EXT4-fs (loop1): Ignoring removed mblk_io_submit option audit: type=1804 audit(1672258276.460:6): pid=10141 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/7/bus" dev="sda1" ino=13956 res=1 EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258276.980:7): pid=10204 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir124721549/syzkaller.JlMsez/16/file0/bus" dev="loop2" ino=18 res=1 audit: type=1804 audit(1672258277.000:8): pid=10136 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir124721549/syzkaller.JlMsez/16/file0/bus" dev="loop2" ino=18 res=1 EXT4-fs (loop1): Ignoring removed mblk_io_submit option EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258277.420:9): pid=10241 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/8/bus" dev="sda1" ino=13931 res=1 EXT4-fs (loop1): Ignoring removed mblk_io_submit option xt_conntrack: cannot load conntrack support for proto=10 EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities EXT4-fs (loop0): Unrecognized mount option "./bus" or missing value xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258277.470:10): pid=10239 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir983513077/syzkaller.lDkVkm/8/bus" dev="sda1" ino=13931 res=1 print_req_error: I/O error, dev loop1, sector 0 buffer_io_error: 8 callbacks suppressed Buffer I/O error on dev loop1, logical block 0, async page read print_req_error: I/O error, dev loop1, sector 4 Buffer I/O error on dev loop1, logical block 2, async page read print_req_error: I/O error, dev loop1, sector 6 Buffer I/O error on dev loop1, logical block 3, async page read device lo entered promiscuous mode Y4`Ҙ: renamed from lo audit: type=1804 audit(1672258277.480:11): pid=10210 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir4073931817/syzkaller.La1kGV/14/file0/bus" dev="loop5" ino=18 res=1 device lo entered promiscuous mode Y4`Ҙ: renamed from lo EXT4-fs error (device loop5): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 audit: type=1804 audit(1672258277.500:12): pid=10210 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir4073931817/syzkaller.La1kGV/14/file0/bus" dev="loop5" ino=18 res=1 EXT4-fs (loop5): This should not happen!! Data will be lost EXT4-fs (loop5): Total free blocks count 0 EXT4-fs (loop5): Free/Dirty block details EXT4-fs (loop5): free_blocks=2415919104 xt_conntrack: cannot load conntrack support for proto=10 EXT4-fs (loop5): dirty_blocks=16 EXT4-fs (loop5): Block reservation details EXT4-fs (loop5): i_reserved_data_blocks=1 *** Guest State *** syz-executor.5 (10210) used greatest stack depth: 24488 bytes left CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 F2FS-fs (loop4): Corrupted extension count (4278190117 > 64) Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock RIP = 0xffffffff8116183e RSP = 0xffff88804771f9b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f34c2d7d700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000 F2FS-fs (loop4): invalid crc value GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000000b4732000 CR4=00000000003426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401780 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff605214cbca EPT pointer = 0x00000000b068e01e Virtual processor ID = 0x0001 xt_conntrack: cannot load conntrack support for proto=10 audit: type=1804 audit(1672258279.700:13): pid=10376 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir997959169/syzkaller.l9e6eT/16/bus" dev="sda1" ino=13993 res=1 EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1672258279.730:14): pid=10376 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir997959169/syzkaller.l9e6eT/16/bus" dev="sda1" ino=13993 res=1 xt_conntrack: cannot load conntrack support for proto=10 EXT4-fs error (device loop5): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop5): This should not happen!! Data will be lost EXT4-fs (loop5): Total free blocks count 0 EXT4-fs (loop5): Free/Dirty block details EXT4-fs (loop5): free_blocks=2415919104 EXT4-fs (loop5): dirty_blocks=16 EXT4-fs (loop5): Block reservation details EXT4-fs (loop5): i_reserved_data_blocks=1