attempt to access beyond end of device attempt to access beyond end of device loop2: rw=0, want=8073606, limit=128 loop4: rw=0, want=13466418, limit=128 NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds BUG: sleeping function called from invalid context at fs/buffer.c:1381 loop5: rw=0, want=13466418, limit=128 in_atomic(): 1, irqs_disabled(): 0, pid: 11461, name: syz-executor.2 2 locks held by syz-executor.2/11461: #0: ( attempt to access beyond end of device &iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: ( loop4: rw=0, want=8073606, limit=128 pointers_lock attempt to access beyond end of device ){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) loop5: rw=0, want=8073606, limit=128 CPU: 0 PID: 11461 Comm: syz-executor.2 Not tainted 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 sysv_free_block: flc_count > flc_size get_block+0x176/0x1230 fs/sysv/itree.c:218 sysv_free_block: flc_count > flc_size block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 sysv_free_block: flc_count > flc_size read_pages mm/readahead.c:131 [inline] __do_page_cache_readahead+0x69b/0x940 mm/readahead.c:199 sysv_free_block: flc_count > flc_size ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 sysv_free_block: flc_count > flc_size page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 sysv_free_block: flc_count > flc_size generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 sysv_free_block: flc_count > flc_size integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 sysv_free_block: flc_count > flc_size do_filp_open+0x179/0x3c0 fs/namei.c:3605 sysv_free_block: flc_count > flc_size do_sys_open+0x296/0x410 fs/open.c:1081 sysv_free_block: flc_count > flc_size do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 attempt to access beyond end of device sysv_free_block: flc_count > flc_size NILFS (loop3): nilfs_palloc_commit_free_entry (ino=6): entry number 13 already freed loop2: rw=0, want=3245519, limit=128 sysv_free_block: flc_count > flc_size EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop2: rw=0, want=8769404, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device loop2: rw=0, want=3245513, limit=128 attempt to access beyond end of device loop2: rw=0, want=8767868, limit=128 attempt to access beyond end of device EXT4-fs error (device loop0): ext4_xattr_block_get:533: inode #13: comm syz-executor.0: corrupted xattr block 63 loop2: rw=0, want=13269810, limit=128 EXT4-fs warning (device sda1): ext4_group_extend:1795: can't shrink FS - resize aborted attempt to access beyond end of device EXT4-fs error (device loop0): ext4_get_inode_usage:835: inode #13: comm syz-executor.0: corrupted xattr block 63 loop2: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop2: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop2: rw=0, want=8768636, limit=128 attempt to access beyond end of device loop2: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop2: rw=0, want=8073606, limit=128 audit: type=1800 audit(1669716218.568:5): pid=11461 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="/" dev="loop2" ino=2 res=0 VFS: Found a Xenix FS (block size = 512) on device loop5 attempt to access beyond end of device loop5: rw=0, want=3245513, limit=128 VFS: Found a Xenix FS (block size = 512) on device loop4 attempt to access beyond end of device audit: type=1804 audit(1669716218.698:6): pid=11558 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir2842010244/syzkaller.EmDxIZ/107/file0" dev="loop5" ino=2 res=1 attempt to access beyond end of device EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue loop5: rw=0, want=8767868, limit=128 loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device attempt to access beyond end of device EXT4-fs error (device loop0): ext4_xattr_block_get:533: inode #13: comm syz-executor.0: corrupted xattr block 63 loop5: rw=0, want=13269810, limit=128 loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device audit: type=1804 audit(1669716218.758:7): pid=11566 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir3535207935/syzkaller.gvKbiv/98/file0" dev="loop4" ino=2 res=1 attempt to access beyond end of device EXT4-fs error (device loop0): ext4_get_inode_usage:835: inode #13: comm syz-executor.0: corrupted xattr block 63 loop5: rw=0, want=8073606, limit=128 attempt to access beyond end of device loop5: rw=0, want=3245516, limit=128 attempt to access beyond end of device loop5: rw=0, want=8768636, limit=128 loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=13466418, limit=128 attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 loop4: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size loop4: rw=0, want=3245516, limit=128 sysv_free_block: flc_count > flc_size attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device sysv_free_block: flc_count > flc_size loop4: rw=0, want=8073606, limit=128 sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size VFS: Found a Xenix FS (block size = 512) on device loop5 attempt to access beyond end of device EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue loop5: rw=0, want=3245513, limit=128 VFS: Found a Xenix FS (block size = 512) on device loop4 attempt to access beyond end of device audit: type=1804 audit(1669716219.538:8): pid=11614 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir2842010244/syzkaller.EmDxIZ/108/file0" dev="loop5" ino=2 res=1 loop5: rw=0, want=8767868, limit=128 attempt to access beyond end of device loop4: rw=0, want=3245513, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=13269810, limit=128 loop4: rw=0, want=8767868, limit=128 attempt to access beyond end of device attempt to access beyond end of device audit: type=1804 audit(1669716219.678:9): pid=11628 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir3535207935/syzkaller.gvKbiv/99/file0" dev="loop4" ino=2 res=1 loop5: rw=0, want=8073606, limit=128 loop4: rw=0, want=13269810, limit=128 attempt to access beyond end of device EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue loop4: rw=0, want=8073606, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=3245516, limit=128 loop4: rw=0, want=3245516, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=8768636, limit=128 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 loop4: rw=0, want=8768636, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=13466418, limit=128 loop4: rw=0, want=13466418, limit=128 attempt to access beyond end of device attempt to access beyond end of device loop5: rw=0, want=8073606, limit=128 loop4: rw=0, want=8073606, limit=128 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size sysv_free_block: flc_count > flc_size XFS (loop3): unknown mount option [lazytime]. BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 BTRFS info (device loop2): using free space tree BTRFS error (device loop2): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop2): open_ctree failed audit: type=1804 audit(1669716220.828:10): pid=11661 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1262403769/syzkaller.ela8L9/111/bus" dev="sda1" ino=14076 res=1 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1669716220.858:11): pid=11661 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir1262403769/syzkaller.ela8L9/111/bus" dev="sda1" ino=14076 res=1 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue BTRFS error (device loop5): unsupported checksum algorithm 2 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue BTRFS error (device loop5): superblock checksum mismatch BTRFS error (device loop5): open_ctree failed BTRFS: device fsid a830dcec-d20e-42dc-8160-bf13f3286f97 devid 1 transid 8 /dev/loop2 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue BTRFS info (device loop1): using free space tree BTRFS error (device loop2): unsupported checksum algorithm 1 XFS (loop4): Superblock has unknown read-only compatible features (0x8) enabled. BTRFS info (device loop1): has skinny extents XFS (loop4): Attempted to mount read-only compatible filesystem read-write. BTRFS error (device loop2): superblock checksum mismatch XFS (loop4): Filesystem can only be safely mounted read only. XFS (loop3): Superblock has unknown read-only compatible features (0x8) enabled. XFS (loop4): SB validate failed with error -22. XFS (loop3): Attempted to mount read-only compatible filesystem read-write. XFS (loop3): Filesystem can only be safely mounted read only. BTRFS error (device loop2): open_ctree failed XFS (loop3): SB validate failed with error -22. EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents kauditd_printk_skb: 4 callbacks suppressed audit: type=1800 audit(1669716222.268:16): pid=11854 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 audit: type=1804 audit(1669716222.278:17): pid=11854 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir3475910887/syzkaller.Mu18Q4/115/file0/bus" dev="loop1" ino=263 res=1 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents audit: type=1800 audit(1669716222.668:18): pid=11948 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 audit: type=1804 audit(1669716222.668:19): pid=11948 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir3475910887/syzkaller.Mu18Q4/116/file0/bus" dev="loop1" ino=263 res=1 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue syz-executor.3 (12008) used greatest stack depth: 24536 bytes left BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents audit: type=1800 audit(1669716223.189:20): pid=11992 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 audit: type=1804 audit(1669716223.189:21): pid=11992 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir3475910887/syzkaller.Mu18Q4/117/file0/bus" dev="loop1" ino=263 res=1 sctp: [Deprecated]: syz-executor.0 (pid 12071) Use of int in maxseg socket option. Use struct sctp_assoc_value instead isofs_fill_super: get root inode failed isofs_fill_super: get root inode failed isofs_fill_super: get root inode failed isofs_fill_super: get root inode failed usb usb2: usbfs: process 12245 (syz-executor.2) did not claim interface 0 before use print_req_error: I/O error, dev loop0, sector 0 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. XFS (loop1): unknown mount option [lazytime]. overlayfs: unrecognized mount option "metacopy=on" or missing value input: syz1 as /devices/virtual/input/input8 audit: type=1326 audit(1669716225.649:22): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=12321 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f2f4c20d9 code=0x0 usb usb9: usbfs: process 12327 (syz-executor.0) did not claim interface 0 before use usb usb2: usbfs: process 12359 (syz-executor.1) did not claim interface 0 before use usb usb2: usbfs: process 12367 (syz-executor.3) did not claim interface 0 before use audit: type=1326 audit(1669716226.529:23): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=12385 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f2f4c20d9 code=0x0 audit: type=1326 audit(1669716227.389:24): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=12440 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f2f4c20d9 code=0x0 usb usb2: usbfs: interface 0 claimed by hub while 'syz-executor.0' resets device input: syz1 as /devices/virtual/input/input10