VFS: Found a Xenix FS (block size = 512) on device loop5 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10393, name: syz-executor.5 3 locks held by syz-executor.5/10393: #0: (sb_writers#16){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#16){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10393 Comm: syz-executor.5 Not tainted 4.14.304-syzkaller #0 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f30d4f4c0c9 RSP: 002b:00007f30d34be168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f30d506bf80 RCX: 00007f30d4f4c0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f30d4fa7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbd172d6f R14: 00007f30d34be300 R15: 0000000000022000 VFS: Found a Xenix FS (block size = 512) on device loop5 VFS: Found a Xenix FS (block size = 512) on device loop5 ucma_write: process 96 (syz-executor.3) changed security contexts after opening file descriptor, this is not allowed. audit: type=1800 audit(1675115613.424:11): pid=10496 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file2" dev="loop2" ino=3 res=0 audit: type=1800 audit(1675115613.544:12): pid=10495 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14000 res=0 attempt to access beyond end of device loop2: rw=2049, want=2056, limit=2048 VFS: Found a Xenix FS (block size = 512) on device loop5 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10507, name: syz-executor.5 3 locks held by syz-executor.5/10507: #0: (sb_writers#16){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#16){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){++++}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10507 Comm: syz-executor.5 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f30d4f4c0c9 RSP: 002b:00007f30d34be168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f30d506bf80 RCX: 00007f30d4f4c0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f30d4fa7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbd172d6f R14: 00007f30d34be300 R15: 0000000000022000 audit: type=1800 audit(1675115614.694:13): pid=10547 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file2" dev="sda1" ino=14026 res=0 audit: type=1800 audit(1675115614.874:14): pid=10552 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file2" dev="loop2" ino=4 res=0 audit: type=1800 audit(1675115615.404:15): pid=10568 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file2" dev="sda1" ino=13965 res=0 audit: type=1800 audit(1675115616.264:16): pid=10583 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file2" dev="loop2" ino=5 res=0 attempt to access beyond end of device loop2: rw=2049, want=2056, limit=2048 audit: type=1800 audit(1675115616.934:17): pid=10614 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file2" dev="sda1" ino=13965 res=0 ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. audit: type=1800 audit(1675115617.544:18): pid=10639 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file2" dev="loop2" ino=6 res=0 attempt to access beyond end of device loop2: rw=2049, want=2056, limit=2048 ntfs: volume version 3.1. EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1675115618.154:19): pid=10663 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/30/file0/bus" dev="loop1" ino=18 res=1 EXT4-fs error (device loop1): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop1): This should not happen!! Data will be lost EXT4-fs (loop1): Total free blocks count 0 EXT4-fs (loop1): Free/Dirty block details EXT4-fs (loop1): Online defrag not supported with bigalloc EXT4-fs (loop1): free_blocks=2415919104 EXT4-fs (loop1): dirty_blocks=48 EXT4-fs (loop1): Block reservation details EXT4-fs (loop1): i_reserved_data_blocks=1 EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 BTRFS info (device loop3): enabling inode map caching syz-executor.1 (10702) used greatest stack depth: 24840 bytes left BTRFS info (device loop3): trying to use backup root at mount time BTRFS info (device loop3): use zlib compression BTRFS info (device loop3): enabling ssd optimizations BTRFS info (device loop3): using spread ssd allocation scheme BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue kauditd_printk_skb: 1 callbacks suppressed audit: type=1804 audit(1675115618.904:21): pid=10732 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/31/file0/bus" dev="loop1" ino=18 res=1 audit: type=1804 audit(1675115618.914:22): pid=10732 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/31/file0/bus" dev="loop1" ino=18 res=1 EXT4-fs error (device loop1): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters audit: type=1800 audit(1675115619.044:23): pid=10681 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=263 res=0 EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop1): Online defrag not supported with bigalloc EXT4-fs (loop1): This should not happen!! Data will be lost EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem EXT4-fs (loop1): Total free blocks count 0 EXT4-fs (loop1): Free/Dirty block details EXT4-fs (loop1): free_blocks=2415919104 EXT4-fs error (device loop2): ext4_ext_check_inode:510: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) EXT4-fs (loop1): dirty_blocks=48 EXT4-fs error (device loop2): ext4_orphan_get:1244: comm syz-executor.2: couldn't read orphan inode 15 (err -117) EXT4-fs (loop1): Block reservation details EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop1): i_reserved_data_blocks=1 overlayfs: fs on './file0' does not support file handles, falling back to index=off. EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem xt_connlimit: cannot load conntrack support for address family 2 EXT4-fs error (device loop2): ext4_ext_check_inode:510: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem EXT4-fs error (device loop2): ext4_orphan_get:1244: comm syz-executor.2: couldn't read orphan inode 15 (err -117) EXT4-fs (loop3): failed to open journal device unknown-block(0,0): -6 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1675115619.934:24): pid=10816 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/32/file0/bus" dev="loop1" ino=18 res=1 EXT4-fs error (device loop1): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters audit: type=1804 audit(1675115619.934:25): pid=10816 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/32/file0/bus" dev="loop1" ino=18 res=1 overlayfs: fs on './file0' does not support file handles, falling back to index=off. EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop1): This should not happen!! Data will be lost EXT4-fs (loop1): Total free blocks count 0 EXT4-fs (loop1): Online defrag not supported with bigalloc EXT4-fs (loop1): Free/Dirty block details EXT4-fs (loop1): free_blocks=2415919104 EXT4-fs (loop1): dirty_blocks=48 ********************************************************** EXT4-fs (loop1): Block reservation details EXT4-fs (loop1): i_reserved_data_blocks=1 EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** syz-executor.1 (10816) used greatest stack depth: 24600 bytes left ** ** EXT4-fs error (device loop2): ext4_ext_check_inode:510: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) EXT4-fs error (device loop2): ext4_orphan_get:1244: comm syz-executor.2: couldn't read orphan inode 15 (err -117) EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue ** trace_printk() being used. Allocating extra memory. ** ** ** ** This means that this is a DEBUG kernel and it is ** overlayfs: fs on './file0' does not support file handles, falling back to index=off. ** unsafe for production use. ** ** ** ** If you see this message and you are not debugging ** ** the kernel, report this immediately to your vendor! ** ** ** ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** ********************************************************** EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop2): ext4_ext_check_inode:510: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) audit: type=1804 audit(1675115621.025:26): pid=10876 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/33/file0/bus" dev="loop1" ino=18 res=1 EXT4-fs error (device loop1): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters EXT4-fs error (device loop2): ext4_orphan_get:1244: comm syz-executor.2: couldn't read orphan inode 15 (err -117) audit: type=1804 audit(1675115621.055:27): pid=10876 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir4125407315/syzkaller.UEIzLO/33/file0/bus" dev="loop1" ino=18 res=1 EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 EXT4-fs (loop1): Online defrag not supported with bigalloc EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop1): This should not happen!! Data will be lost bond0: Releasing backup interface bond_slave_0 EXT4-fs (loop1): Total free blocks count 0 overlayfs: fs on './file0' does not support file handles, falling back to index=off. EXT4-fs (loop1): Free/Dirty block details EXT4-fs (loop1): free_blocks=2415919104 EXT4-fs (loop1): dirty_blocks=48 EXT4-fs (loop1): Block reservation details EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 32 with error 28 EXT4-fs (loop1): i_reserved_data_blocks=1 overlayfs: unrecognized mount option "xino=off" or missing value audit: type=1800 audit(1675115621.735:28): pid=10936 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14006 res=0 audit: type=1804 audit(1675115621.795:29): pid=10939 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir587643031/syzkaller.vpe1KF/58/bus" dev="sda1" ino=14006 res=1