BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10101, name: syz-executor.2 3 locks held by syz-executor.2/10101: #0: (sb_writers#15){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#15){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10101 Comm: syz-executor.2 Not tainted 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fafd9d050c9 RSP: 002b:00007fafd8277168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fafd9e24f80 RCX: 00007fafd9d050c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007fafd9d60ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffde94130ff R14: 00007fafd8277300 R15: 0000000000022000 kauditd_printk_skb: 20 callbacks suppressed audit: type=1800 audit(1675258246.271:47): pid=10131 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name=".log" dev="sda1" ino=13986 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1675258246.301:48): pid=10130 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name=".log" dev="sda1" ino=13987 res=0 audit: type=1800 audit(1675258246.421:49): pid=10144 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=8 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored VFS: Found a Xenix FS (block size = 512) on device loop2 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored VFS: Found a Xenix FS (block size = 512) on device loop2 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10202, name: syz-executor.2 3 locks held by syz-executor.2/10202: #0: (sb_writers#15){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#15){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (pointers_lock){++++}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10202 Comm: syz-executor.2 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_truncate_page+0x2a8/0x8f0 fs/buffer.c:2944 sysv_truncate+0x1c4/0xd70 fs/sysv/itree.c:383 sysv_setattr+0x115/0x180 fs/sysv/file.c:47 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fafd9d050c9 RSP: 002b:00007fafd8277168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007fafd9e24f80 RCX: 00007fafd9d050c9 RDX: 0000000000000000 RSI: 000000000000317b RDI: 00000000200001c0 RBP: 00007fafd9d60ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffde94130ff R14: 00007fafd8277300 R15: 0000000000022000 device lo entered promiscuous mode VFS: Found a Xenix FS (block size = 512) on device loop2 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 10363 Comm: syz-executor.3 Tainted: G W 4.14.304-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 register_lock_class+0x389/0x1180 kernel/locking/lockdep.c:768 __lock_acquire+0x167/0x3f20 kernel/locking/lockdep.c:3378 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 smc_close_active+0x7e2/0xbb0 net/smc/smc_close.c:207 smc_release+0x3e1/0x5d0 net/smc/af_smc.c:131 __sock_release+0xcd/0x2b0 net/socket.c:602 sock_close+0x15/0x20 net/socket.c:1139 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f7ec4a340c9 RSP: 002b:00007f7ec2fa6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f7ec4b53f80 RCX: 00007f7ec4a340c9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f7ec4a8fae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccd069f6f R14: 00007f7ec2fa6300 R15: 0000000000022000 REISERFS (device loop5): found reiserfs format "3.6" with standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) IPVS: ftp: loaded support on port[0] = 21 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) REISERFS (device loop5): found reiserfs format "3.6" with standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) REISERFS (device loop5): found reiserfs format "3.6" with standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount audit: type=1804 audit(1675258254.271:50): pid=10618 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/35/file0/bus" dev="loop2" ino=41 res=1 audit: type=1804 audit(1675258254.351:51): pid=10659 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/35/file0/bus" dev="loop2" ino=41 res=1 REISERFS (device loop5): found reiserfs format "3.6" with standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 syz-executor.2 (10659) used greatest stack depth: 23544 bytes left XFS (loop2): Unmounting Filesystem REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,nodelalloc,journal_ioprio=0x0000000000000002,,errors=continue audit: type=1804 audit(1675258255.941:52): pid=10686 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir3731788280/syzkaller.FlJ2nP/36/file0/bus" dev="loop2" ino=41 res=1 XFS (loop4): Mounting V4 Filesystem