VFS: Found a Xenix FS (block size = 512) on device loop5 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9870, name: syz-executor.5 3 locks held by syz-executor.5/9870: #0: (sb_writers#17){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#17){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#24){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#24){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock#2){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 9870 Comm: syz-executor.5 Not tainted 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f18846ba0c9 RSP: 002b:00007f1882c2c168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f18847d9f80 RCX: 00007f18846ba0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f1884715ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffda11b377f R14: 00007f1882c2c300 R15: 0000000000022000 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9870, name: syz-executor.5 3 locks held by syz-executor.5/9870: #0: (sb_writers#17){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#17){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#24){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#24){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock#2){++++}, at: [] find_shared fs/sysv/itree.c:290 [inline] #2: (pointers_lock#2){++++}, at: [] sysv_truncate+0x29c/0xd70 fs/sysv/itree.c:394 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 9870 Comm: syz-executor.5 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 find_shared fs/sysv/itree.c:291 [inline] sysv_truncate+0x2c2/0xd70 fs/sysv/itree.c:394 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f18846ba0c9 RSP: 002b:00007f1882c2c168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f18847d9f80 RCX: 00007f18846ba0c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f1884715ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffda11b377f R14: 00007f1882c2c300 R15: 0000000000022000 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 audit: type=1800 audit(1675418351.182:6): pid=9921 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13961 res=0 A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. IPv6: ADDRCONF(NETDEV_UP): macvlan2: link is not ready audit: type=1800 audit(1675418355.522:7): pid=9966 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="loop5" ino=7 res=0 : renamed from syz_tun FAT-fs (loop1): Directory bread(block 64) failed FAT-fs (loop1): Directory bread(block 65) failed FAT-fs (loop1): Directory bread(block 66) failed FAT-fs (loop1): Directory bread(block 67) failed FAT-fs (loop1): Directory bread(block 68) failed FAT-fs (loop1): Directory bread(block 69) failed FAT-fs (loop1): Directory bread(block 70) failed FAT-fs (loop1): Directory bread(block 71) failed FAT-fs (loop1): Directory bread(block 72) failed FAT-fs (loop1): Directory bread(block 73) failed raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it! FAT-fs (loop1): Directory bread(block 64) failed FAT-fs (loop1): Directory bread(block 65) failed FAT-fs (loop1): Directory bread(block 66) failed FAT-fs (loop1): Directory bread(block 67) failed FAT-fs (loop1): Directory bread(block 68) failed FAT-fs (loop1): Directory bread(block 69) failed FAT-fs (loop1): Directory bread(block 70) failed FAT-fs (loop1): Directory bread(block 71) failed FAT-fs (loop1): Directory bread(block 72) failed FAT-fs (loop1): Directory bread(block 73) failed audit: type=1800 audit(1675418356.372:8): pid=10032 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="loop5" ino=7 res=0 F2FS-fs (loop2): Found nat_bits in checkpoint FAT-fs (loop1): Directory bread(block 64) failed FAT-fs (loop1): Directory bread(block 65) failed FAT-fs (loop1): Directory bread(block 66) failed F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 audit: type=1800 audit(1675418356.812:9): pid=10045 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=10 res=0 FAT-fs (loop1): Directory bread(block 67) failed audit: type=1804 audit(1675418356.842:10): pid=10045 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1491105279/syzkaller.OatUcQ/10/file0/file0" dev="loop2" ino=10 res=1 FAT-fs (loop1): Directory bread(block 68) failed FAT-fs (loop1): Directory bread(block 69) failed FAT-fs (loop1): Directory bread(block 70) failed FAT-fs (loop1): Directory bread(block 71) failed FAT-fs (loop1): Directory bread(block 72) failed attempt to access beyond end of device FAT-fs (loop1): Directory bread(block 73) failed loop2: rw=2049, want=45104, limit=40427 audit: type=1800 audit(1675418357.392:11): pid=10114 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="loop5" ino=7 res=0 F2FS-fs (loop4): Found nat_bits in checkpoint FAT-fs (loop1): Directory bread(block 64) failed FAT-fs (loop1): Directory bread(block 65) failed FAT-fs (loop1): Directory bread(block 66) failed FAT-fs (loop1): Directory bread(block 67) failed FAT-fs (loop1): Directory bread(block 68) failed F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 FAT-fs (loop1): Directory bread(block 69) failed FAT-fs (loop1): Directory bread(block 70) failed FAT-fs (loop1): Directory bread(block 71) failed FAT-fs (loop1): Directory bread(block 72) failed FAT-fs (loop1): Directory bread(block 73) failed audit: type=1800 audit(1675418357.852:12): pid=10128 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="loop4" ino=10 res=0 audit: type=1804 audit(1675418357.882:13): pid=10128 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir780824385/syzkaller.WmC9Cr/19/file0/file0" dev="loop4" ino=10 res=1 F2FS-fs (loop2): Found nat_bits in checkpoint attempt to access beyond end of device loop4: rw=2049, want=45104, limit=40427 F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 audit: type=1800 audit(1675418358.182:14): pid=10149 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=10 res=0 audit: type=1804 audit(1675418358.202:15): pid=10149 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1491105279/syzkaller.OatUcQ/11/file0/file0" dev="loop2" ino=10 res=1 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1675418358.292:16): pid=10187 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="loop5" ino=7 res=0 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. attempt to access beyond end of device loop2: rw=2049, want=45104, limit=40427 bond1: Enslaving vlan2 as an active interface with an up link