xt_hashlimit: size too large, truncated to 1048576 VFS: Found a Xenix FS (block size = 512) on device loop4 xt_hashlimit: overflow, try lower: 0/0 BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 25309, name: syz-executor.4 3 locks held by syz-executor.4/25309: #0: 000000003a5d7ec9 (sb_writers#29){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000003a5d7ec9 (sb_writers#29){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 0000000082b35ec1 (&sb->s_type->i_mutex_key#35){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 0000000082b35ec1 (&sb->s_type->i_mutex_key#35){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 00000000218cc923 (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217 Preemption disabled at: [<0000000000000000>] (null) CPU: 1 PID: 25309 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 sysv_truncate+0x20c/0xec0 fs/sysv/itree.c:383 sysv_setattr+0x146/0x1b0 fs/sysv/file.c:47 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f14cafea0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f14c955c168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f14cb109f80 RCX: 00007f14cafea0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f14cb045ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff3bbf17cf R14: 00007f14c955c300 R15: 0000000000022000 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # VFS: Found a Xenix FS (block size = 512) on device loop4 wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) EXT4-fs (loop2): no journal found netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. VFS: Found a Xenix FS (block size = 512) on device loop4 BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 25371, name: syz-executor.4 3 locks held by syz-executor.4/25371: #0: 00000000f9ae71b3 (sb_writers#29){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000f9ae71b3 (sb_writers#29){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000d770617d (&sb->s_type->i_mutex_key#35){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000d770617d (&sb->s_type->i_mutex_key#35){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 00000000218cc923 (pointers_lock){++++}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217 Preemption disabled at: [<0000000000000000>] (null) CPU: 1 PID: 25371 Comm: syz-executor.4 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 sysv_truncate+0x20c/0xec0 fs/sysv/itree.c:383 sysv_setattr+0x146/0x1b0 fs/sysv/file.c:47 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f14cafea0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f14c955c168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f14cb109f80 RCX: 00007f14cafea0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f14cb045ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff3bbf17cf R14: 00007f14c955c300 R15: 0000000000022000 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found netlink: 296 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 296 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found netlink: 296 bytes leftover after parsing attributes in process `syz-executor.5'. IPVS: ftp: loaded support on port[0] = 21 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found Left network mode overlayfs: unrecognized mount option "group_id=00000000000000000000" or missing value IPVS: ftp: loaded support on port[0] = 21 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found audit: type=1800 audit(1674854261.154:293): pid=25592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15262 res=0 audit: type=1800 audit(1674854261.524:294): pid=25678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=15255 res=0 audit: type=1804 audit(1674854261.534:295): pid=25678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir206636497/syzkaller.8mfVMr/120/file0" dev="sda1" ino=15255 res=1 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # overlayfs: unrecognized mount option "group_id=00000000000000000000" or missing value EXT4-fs (loop2): no journal found IPVS: ftp: loaded support on port[0] = 21 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found audit: type=1800 audit(1674854262.524:296): pid=25743 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=14753 res=0 audit: type=1804 audit(1674854262.534:297): pid=25743 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir206636497/syzkaller.8mfVMr/121/file0" dev="sda1" ino=14753 res=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1800 audit(1674854264.224:298): pid=25819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=15284 res=0 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # audit: type=1804 audit(1674854264.224:299): pid=25819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir206636497/syzkaller.8mfVMr/122/file0" dev="sda1" ino=15284 res=1 EXT4-fs (loop2): no journal found netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # EXT4-fs (loop2): no journal found ubi0: attaching mtd0 EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # ubi0: scanning is finished ubi0: empty MTD device detected EXT4-fs (loop2): no journal found overlayfs: unrecognized mount option "index=ogf" or missing value ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) EXT4-fs error (device loop2): ext4_get_journal_inode:4708: comm syz-executor.2: inode #16777216: comm syz-executor.2: iget: illegal inode # ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 EXT4-fs (loop2): no journal found ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1217153130 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 26053 ubi: mtd0 is already attached to ubi0