Buffer I/O error on dev loop1, logical block 8073605, async page read BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10339, name: syz-executor.1 2 locks held by syz-executor.1/10339: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10339 Comm: syz-executor.1 Not tainted 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 read_pages mm/readahead.c:131 [inline] __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 attempt to access beyond end of device loop1: rw=0, want=3245519, limit=128 Buffer I/O error on dev loop1, logical block 3245518, async page read attempt to access beyond end of device loop1: rw=0, want=8769404, limit=128 Buffer I/O error on dev loop1, logical block 8769403, async page read attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670282177.445:4): pid=10339 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.1" name="/" dev="loop1" ino=2 res=0 audit: type=1804 audit(1670282177.445:5): pid=10339 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir3944503894/syzkaller.d8Lyb1/35/file0" dev="loop1" ino=2 res=1 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop4 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop4: rw=0, want=8769404, limit=128 VFS: Found a Xenix FS (block size = 512) on device loop1 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670282177.605:6): pid=10364 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.4" name="/" dev="loop4" ino=2 res=0 attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device audit: type=1804 audit(1670282177.615:7): pid=10364 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir56514595/syzkaller.NqLcI8/26/file0" dev="loop4" ino=2 res=1 loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop1: rw=0, want=8769404, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670282177.625:8): pid=10365 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.1" name="/" dev="loop1" ino=2 res=0 audit: type=1804 audit(1670282177.635:9): pid=10365 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir3944503894/syzkaller.d8Lyb1/36/file0" dev="loop1" ino=2 res=1 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop4 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10381, name: syz-executor.4 2 locks held by syz-executor.4/10381: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10381 Comm: syz-executor.4 Tainted: G W 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 read_pages mm/readahead.c:131 [inline] __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 attempt to access beyond end of device loop4: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop4: rw=0, want=8769404, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670282178.915:10): pid=10381 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.4" name="/" dev="loop4" ino=2 res=0 audit: type=1804 audit(1670282178.925:11): pid=10381 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir56514595/syzkaller.NqLcI8/27/file0" dev="loop4" ino=2 res=1 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop1 attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop1: rw=0, want=8769404, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 audit: type=1800 audit(1670282178.975:12): pid=10387 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.1" name="/" dev="loop1" ino=2 res=0 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size audit: type=1804 audit(1670282178.985:13): pid=10387 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir3944503894/syzkaller.d8Lyb1/37/file0" dev="loop1" ino=2 res=1 VFS: Found a Xenix FS (block size = 512) on device loop4 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop4: rw=0, want=8769404, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop4: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop1 attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245519, limit=128 attempt to access beyond end of device loop1: rw=0, want=8769404, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop1: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop1: rw=0, want=13269810, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop1: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop1: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop1: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop1: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. kvm: emulating exchange as write REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. ====================================================== WARNING: the mand mount option is being deprecated and will be removed in v5.15! ====================================================== cgroup: cgroup2: unknown option " " unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 hfsplus: xattr searching failed kauditd_printk_skb: 4 callbacks suppressed audit: type=1800 audit(1670282182.536:18): pid=10505 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="loop5" ino=25 res=0 REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. cgroup: cgroup2: unknown option " " audit: type=1800 audit(1670282183.946:19): pid=10561 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13910 res=0 audit: type=1804 audit(1670282183.946:20): pid=10561 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1590849323/syzkaller.bAHMGT/29/file0" dev="sda1" ino=13910 res=1 cgroup: cgroup2: unknown option " " cgroup: cgroup2: unknown option " " cgroup: cgroup2: unknown option " " audit: type=1800 audit(1670282186.866:21): pid=10587 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=14048 res=0