BUG: sleeping function called from invalid context at fs/buffer.c:1381
in_atomic(): 1, irqs_disabled(): 0, pid: 10101, name: syz-executor.2
3 locks held by syz-executor.2/10101:
 #0:  (sb_writers#15){.+.+}, at: [<ffffffff818e1d0a>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#15){.+.+}, at: [<ffffffff818e1d0a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1:  (&sb->s_type->i_mutex_key#23){+.+.}, at: [<ffffffff81867180>] inode_lock include/linux/fs.h:719 [inline]
 #1:  (&sb->s_type->i_mutex_key#23){+.+.}, at: [<ffffffff81867180>] do_truncate+0xf0/0x1a0 fs/open.c:61
 #2:  (pointers_lock){.+.+}, at: [<ffffffff81fd9513>] get_block+0x153/0x1230 fs/sysv/itree.c:217
Preemption disabled at:
[<          (null)>]           (null)
CPU: 1 PID: 10101 Comm: syz-executor.2 Not tainted 4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041
 __getblk_gfp fs/buffer.c:1381 [inline]
 __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428
 sb_bread include/linux/buffer_head.h:343 [inline]
 get_branch+0x2ac/0x600 fs/sysv/itree.c:104
 get_block+0x176/0x1230 fs/sysv/itree.c:218
 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944
 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383
 sysv_setattr+0x115/0x180 fs/sysv/file.c:47
 notify_change+0x56b/0xd10 fs/attr.c:315
 do_truncate+0xff/0x1a0 fs/open.c:63
 vfs_truncate+0x456/0x680 fs/open.c:120
 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
 do_sys_truncate fs/open.c:137 [inline]
 SYSC_truncate fs/open.c:155 [inline]
 SyS_truncate+0x23/0x40 fs/open.c:153
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fafd9d050c9
RSP: 002b:00007fafd8277168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fafd9e24f80 RCX: 00007fafd9d050c9
RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0
RBP: 00007fafd9d60ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde94130ff R14: 00007fafd8277300 R15: 0000000000022000
kauditd_printk_skb: 20 callbacks suppressed
audit: type=1800 audit(1675258246.271:47): pid=10131 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name=".log" dev="sda1" ino=13986 res=0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
audit: type=1800 audit(1675258246.301:48): pid=10130 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name=".log" dev="sda1" ino=13987 res=0
audit: type=1800 audit(1675258246.421:49): pid=10144 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=8 res=0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
VFS: Found a Xenix FS (block size = 512) on device loop2
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
VFS: Found a Xenix FS (block size = 512) on device loop2
BUG: sleeping function called from invalid context at fs/buffer.c:1381
in_atomic(): 1, irqs_disabled(): 0, pid: 10202, name: syz-executor.2
3 locks held by syz-executor.2/10202:
 #0:  (sb_writers#15){.+.+}, at: [<ffffffff818e1d0a>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#15){.+.+}, at: [<ffffffff818e1d0a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1:  (&sb->s_type->i_mutex_key#23){+.+.}, at: [<ffffffff81867180>] inode_lock include/linux/fs.h:719 [inline]
 #1:  (&sb->s_type->i_mutex_key#23){+.+.}, at: [<ffffffff81867180>] do_truncate+0xf0/0x1a0 fs/open.c:61
 #2:  (pointers_lock){++++}, at: [<ffffffff81fd9513>] get_block+0x153/0x1230 fs/sysv/itree.c:217
Preemption disabled at:
[<          (null)>]           (null)
CPU: 0 PID: 10202 Comm: syz-executor.2 Tainted: G        W       4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041
 __getblk_gfp fs/buffer.c:1381 [inline]
 __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428
 sb_bread include/linux/buffer_head.h:343 [inline]
 get_branch+0x2ac/0x600 fs/sysv/itree.c:104
 get_block+0x176/0x1230 fs/sysv/itree.c:218
 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944
 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383
 sysv_setattr+0x115/0x180 fs/sysv/file.c:47
 notify_change+0x56b/0xd10 fs/attr.c:315
 do_truncate+0xff/0x1a0 fs/open.c:63
 vfs_truncate+0x456/0x680 fs/open.c:120
 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
 do_sys_truncate fs/open.c:137 [inline]
 SYSC_truncate fs/open.c:155 [inline]
 SyS_truncate+0x23/0x40 fs/open.c:153
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fafd9d050c9
RSP: 002b:00007fafd8277168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007fafd9e24f80 RCX: 00007fafd9d050c9
RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0
RBP: 00007fafd9d60ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde94130ff R14: 00007fafd8277300 R15: 0000000000022000
device lo entered promiscuous mode
VFS: Found a Xenix FS (block size = 512) on device loop2
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 1 PID: 10363 Comm: syz-executor.3 Tainted: G        W       4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 register_lock_class+0x389/0x1180 kernel/locking/lockdep.c:768
 __lock_acquire+0x167/0x3f20 kernel/locking/lockdep.c:3378
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 flush_work+0xad/0x770 kernel/workqueue.c:2890
 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
 smc_close_active+0x7e2/0xbb0 net/smc/smc_close.c:207
 smc_release+0x3e1/0x5d0 net/smc/af_smc.c:131
 __sock_release+0xcd/0x2b0 net/socket.c:602
 sock_close+0x15/0x20 net/socket.c:1139
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f7ec4a340c9
RSP: 002b:00007f7ec2fa6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f7ec4b53f80 RCX: 00007f7ec4a340c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7ec4a8fae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffccd069f6f R14: 00007f7ec2fa6300 R15: 0000000000022000
REISERFS (device loop5): found reiserfs format "3.6" with standard journal
REISERFS (device loop5): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
IPVS: ftp: loaded support on port[0] = 21
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
REISERFS (device loop5): found reiserfs format "3.6" with standard journal
REISERFS (device loop5): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
REISERFS (device loop5): found reiserfs format "3.6" with standard journal
REISERFS (device loop5): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
XFS (loop2): Mounting V4 Filesystem
XFS (loop2): Ending clean mount
audit: type=1804 audit(1675258254.271:50): pid=10618 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/35/file0/bus" dev="loop2" ino=41 res=1
audit: type=1804 audit(1675258254.351:51): pid=10659 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/35/file0/bus" dev="loop2" ino=41 res=1
REISERFS (device loop5): found reiserfs format "3.6" with standard journal
REISERFS (device loop5): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
syz-executor.2 (10659) used greatest stack depth: 23544 bytes left
XFS (loop2): Unmounting Filesystem
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
XFS (loop2): Mounting V4 Filesystem
XFS (loop2): Ending clean mount
EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue
audit: type=1804 audit(1675258255.941:52): pid=10686 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/36/file0/bus" dev="loop2" ino=41 res=1
XFS (loop4): Mounting V4 Filesystem