VFS: Found a Xenix FS (block size = 512) on device loop3 SQUASHFS error: squashfs_read_data failed to read block 0x1e8 BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 23147, name: syz-executor.3 squashfs: SQUASHFS error: unable to read xattr id index table 3 locks held by syz-executor.3/23147: #0: 000000001bc79081 (sb_writers#33){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000001bc79081 (sb_writers#33){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000b13f616a (&sb->s_type->i_mutex_key#37){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000b13f616a (&sb->s_type->i_mutex_key#37){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 0000000095d79db7 (pointers_lock#2){++++}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217 Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 23147 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 sysv_truncate+0x20c/0xec0 fs/sysv/itree.c:383 sysv_setattr+0x146/0x1b0 fs/sysv/file.c:47 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f31b26360c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f31b0ba8168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f31b2755f80 RCX: 00007f31b26360c9 RDX: 0000000000000000 RSI: 00000000000077bd RDI: 0000000020000100 RBP: 00007f31b2691ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdaa562bdf R14: 00007f31b0ba8300 R15: 0000000000022000 audit: type=1800 audit(1674826244.481:219): pid=23093 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=13922 res=0 SQUASHFS error: squashfs_read_data failed to read block 0x1e8 squashfs: SQUASHFS error: unable to read xattr id index table VFS: Found a Xenix FS (block size = 512) on device loop3 SQUASHFS error: squashfs_read_data failed to read block 0x1e8 squashfs: SQUASHFS error: unable to read xattr id index table device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode VFS: Found a Xenix FS (block size = 512) on device loop3 device gretap0 left promiscuous mode audit: type=1804 audit(1674826245.251:220): pid=23141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3651172249/syzkaller.t7bMGW/472/bus" dev="sda1" ino=13937 res=1 audit: type=1804 audit(1674826245.291:221): pid=23141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir3651172249/syzkaller.t7bMGW/472/bus" dev="sda1" ino=13937 res=1 audit: type=1804 audit(1674826245.531:222): pid=23222 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3651172249/syzkaller.t7bMGW/473/bus" dev="sda1" ino=14828 res=1 netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1674826245.531:223): pid=23222 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir3651172249/syzkaller.t7bMGW/473/bus" dev="sda1" ino=14828 res=1 VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 audit: type=1804 audit(1674826247.461:224): pid=23317 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3651172249/syzkaller.t7bMGW/474/bus" dev="sda1" ino=14800 res=1 audit: type=1800 audit(1674826247.461:225): pid=23333 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=14823 res=0 VFS: Found a Xenix FS (block size = 512) on device loop3 IPv6: sit1: Disabled Multicast RS VFS: Found a Xenix FS (block size = 512) on device loop3 IPVS: ftp: loaded support on port[0] = 21 VFS: Found a Xenix FS (block size = 512) on device loop3 BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 23420, name: syz-executor.3 3 locks held by syz-executor.3/23420: #0: 00000000248713a4 (sb_writers#33){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000248713a4 (sb_writers#33){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 000000002b8bf8d5 (&sb->s_type->i_mutex_key#37){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 000000002b8bf8d5 (&sb->s_type->i_mutex_key#37){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 0000000095d79db7 (pointers_lock#2){++++}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217 Preemption disabled at: [<0000000000000000>] (null) CPU: 1 PID: 23420 Comm: syz-executor.3 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 sysv_truncate+0x20c/0xec0 fs/sysv/itree.c:383 sysv_setattr+0x146/0x1b0 fs/sysv/file.c:47 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f31b26360c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f31b0ba8168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f31b2755f80 RCX: 00007f31b26360c9 RDX: 0000000000000000 RSI: 00000000000077bd RDI: 0000000020000100 RBP: 00007f31b2691ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdaa562bdf R14: 00007f31b0ba8300 R15: 0000000000022000 kauditd_printk_skb: 5 callbacks suppressed audit: type=1800 audit(1674826248.531:231): pid=23472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=13923 res=0 VFS: Found a Xenix FS (block size = 512) on device loop3 overlayfs: unrecognized mount option "0x0000000000000003" or missing value VFS: Found a Xenix FS (block size = 512) on device loop3 VFS: Found a Xenix FS (block size = 512) on device loop3 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. sysv_free_block: flc_count > flc_size audit: type=1800 audit(1674826249.572:232): pid=23554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=13892 res=0 audit: type=1804 audit(1674826249.612:233): pid=23554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir740118295/syzkaller.bN5lQ3/466/file0" dev="sda1" ino=13892 res=1 netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. overlayfs: unrecognized mount option "0x0000000000000003" or missing value VFS: Found a Xenix FS (block size = 512) on device loop3 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size IPVS: ftp: loaded support on port[0] = 21 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size overlayfs: unrecognized mount option "0x0000000000000003" or missing value VFS: Found a Xenix FS (block size = 512) on device loop3 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size IPVS: ftp: loaded support on port[0] = 21 sysv_free_block: flc_count > flc_size audit: type=1800 audit(1674826251.622:234): pid=23617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=13878 res=0 audit: type=1804 audit(1674826251.682:235): pid=23617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir740118295/syzkaller.bN5lQ3/467/file0" dev="sda1" ino=13878 res=1 IPVS: ftp: loaded support on port[0] = 21 VFS: Found a Xenix FS (block size = 512) on device loop3 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size audit: type=1800 audit(1674826252.542:236): pid=23750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=14531 res=0 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size audit: type=1804 audit(1674826252.582:237): pid=23750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir740118295/syzkaller.bN5lQ3/468/file0" dev="sda1" ino=14531 res=1 VFS: Found a Xenix FS (block size = 512) on device loop3 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size