IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready VFS: Found a Xenix FS (block size = 512) on device loop5 IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9444, name: syz-executor.5 3 locks held by syz-executor.5/9444: #0: (sb_writers#13){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#13){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 9444 Comm: syz-executor.5 Not tainted 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f9a055010f9 RSP: 002b:00007f9a03a73168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f9a05620f80 RCX: 00007f9a055010f9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f9a0555cae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd8a0c8f4f R14: 00007f9a03a73300 R15: 0000000000022000 IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready device veth1_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready device veth1_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready print_req_error: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, async page read Bluetooth: hci1 command 0x0419 tx timeout Bluetooth: hci2 command 0x0419 tx timeout IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready Bluetooth: hci0 command 0x0419 tx timeout VFS: Found a Xenix FS (block size = 512) on device loop5 IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready Bluetooth: hci4 command 0x0419 tx timeout Bluetooth: hci3 command 0x0419 tx timeout IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready Bluetooth: hci5 command 0x0419 tx timeout batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! VFS: Found a Xenix FS (block size = 512) on device loop5 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! print_req_error: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, async page read batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 hrtimer: interrupt took 35377 ns batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_0 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_0 IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready VFS: Found a Xenix FS (block size = 512) on device loop5 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 9567, name: syz-executor.5 3 locks held by syz-executor.5/9567: #0: (sb_writers#13){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#13){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){++++}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 9567 Comm: syz-executor.5 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f9a055010f9 RSP: 002b:00007f9a03a73168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f9a05620f80 RCX: 00007f9a055010f9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007f9a0555cae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd8a0c8f4f R14: 00007f9a03a73300 R15: 0000000000022000 device erspan0 entered promiscuous mode device erspan0 left promiscuous mode device erspan0 entered promiscuous mode device erspan0 left promiscuous mode omfs: Invalid superblock (7b3184f9) device erspan0 entered promiscuous mode device erspan0 left promiscuous mode device erspan0 entered promiscuous mode device erspan0 left promiscuous mode L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents syz-executor.3 (9864) used greatest stack depth: 24648 bytes left kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns attempt to access beyond end of device loop5: rw=1, want=2052, limit=2048 Buffer I/O error on dev loop5, logical block 512, lost async page write attempt to access beyond end of device loop5: rw=1, want=2056, limit=2048 Buffer I/O error on dev loop5, logical block 513, lost async page write attempt to access beyond end of device loop5: rw=1, want=2060, limit=2048 Buffer I/O error on dev loop5, logical block 514, lost async page write attempt to access beyond end of device loop5: rw=1, want=2064, limit=2048 Buffer I/O error on dev loop5, logical block 515, lost async page write kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns attempt to access beyond end of device loop5: rw=1, want=2052, limit=2048 Buffer I/O error on dev loop5, logical block 512, lost async page write attempt to access beyond end of device loop5: rw=1, want=2056, limit=2048 Buffer I/O error on dev loop5, logical block 513, lost async page write attempt to access beyond end of device loop5: rw=1, want=2060, limit=2048 BTRFS info (device loop0): using free space tree Buffer I/O error on dev loop5, logical block 514, lost async page write BTRFS info (device loop0): has skinny extents attempt to access beyond end of device loop5: rw=1, want=2064, limit=2048 Buffer I/O error on dev loop5, logical block 515, lost async page write attempt to access beyond end of device loop2: rw=1, want=2052, limit=2048 Buffer I/O error on dev loop2, logical block 512, lost async page write attempt to access beyond end of device loop2: rw=1, want=2056, limit=2048 Buffer I/O error on dev loop2, logical block 513, lost async page write attempt to access beyond end of device loop2: rw=1, want=2060, limit=2048 Buffer I/O error on dev loop2, logical block 514, lost async page write attempt to access beyond end of device loop2: rw=1, want=2064, limit=2048 Buffer I/O error on dev loop2, logical block 515, lost async page write attempt to access beyond end of device loop5: rw=1, want=2052, limit=2048 Buffer I/O error on dev loop5, logical block 512, lost async page write attempt to access beyond end of device loop5: rw=1, want=2056, limit=2048 Buffer I/O error on dev loop5, logical block 513, lost async page write attempt to access beyond end of device loop5: rw=1, want=2060, limit=2048 attempt to access beyond end of device loop5: rw=1, want=2064, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2052, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2056, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2060, limit=2048 attempt to access beyond end of device BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents loop2: rw=1, want=2064, limit=2048 attempt to access beyond end of device loop5: rw=1, want=2052, limit=2048 attempt to access beyond end of device loop5: rw=1, want=2056, limit=2048 attempt to access beyond end of device loop5: rw=1, want=2060, limit=2048 attempt to access beyond end of device loop5: rw=1, want=2064, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2052, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2056, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2060, limit=2048 attempt to access beyond end of device loop2: rw=1, want=2064, limit=2048 BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.