loop3: rw=0, want=6756799, limit=112 Buffer I/O error on dev loop3, logical block 6756798, async page read attempt to access beyond end of device loop3: rw=0, want=575895, limit=112 Buffer I/O error on dev loop3, logical block 575894, async page read BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10357, name: syz-executor.3 2 locks held by syz-executor.3/10357: #0: (&type->i_mutex_dir_key#8){.+.+}, at: [] inode_lock_shared include/linux/fs.h:729 [inline] #0: (&type->i_mutex_dir_key#8){.+.+}, at: [] lookup_slow+0x129/0x400 fs/namei.c:1674 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10357 Comm: syz-executor.3 Not tainted 4.14.299-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 PF_BRIDGE: RTM_NEWNEIGH with invalid address __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 PF_BRIDGE: RTM_NEWNEIGH with invalid address do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713 read_mapping_page include/linux/pagemap.h:398 [inline] dir_get_page fs/sysv/dir.c:58 [inline] sysv_find_entry+0x20d/0x610 fs/sysv/dir.c:146 sysv_inode_by_name+0x5b/0x330 fs/sysv/dir.c:360 sysv_lookup fs/sysv/namei.c:53 [inline] sysv_lookup+0x64/0xe0 fs/sysv/namei.c:46 lookup_slow+0x20a/0x400 fs/namei.c:1696 walk_component+0x6a1/0xbc0 fs/namei.c:1825 PF_BRIDGE: RTM_NEWNEIGH with invalid address lookup_last fs/namei.c:2293 [inline] path_lookupat+0x1bb/0x780 fs/namei.c:2343 filename_lookup+0x18a/0x510 fs/namei.c:2377 user_path include/linux/namei.h:62 [inline] do_mount+0x118/0x2a30 fs/namespace.c:2845 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 overlayfs: missing 'workdir' attempt to access beyond end of device loop3: rw=0, want=10310910, limit=112 Buffer I/O error on dev loop3, logical block 10310909, async page read attempt to access beyond end of device loop3: rw=0, want=9216536, limit=112 Buffer I/O error on dev loop3, logical block 9216535, async page read PF_BRIDGE: RTM_NEWNEIGH with invalid address netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. VFS: Found a V7 FS (block size = 512) on device loop3 attempt to access beyond end of device loop3: rw=0, want=9698052, limit=112 attempt to access beyond end of device loop3: rw=0, want=565370, limit=112 attempt to access beyond end of device loop3: rw=0, want=10282938, limit=112 attempt to access beyond end of device loop3: rw=0, want=7284998, limit=112 attempt to access beyond end of device loop3: rw=0, want=3984204, limit=112 attempt to access beyond end of device loop3: rw=0, want=6992027, limit=112 attempt to access beyond end of device loop3: rw=0, want=6756799, limit=112 attempt to access beyond end of device loop3: rw=0, want=575895, limit=112 attempt to access beyond end of device loop3: rw=0, want=10310910, limit=112 attempt to access beyond end of device loop3: rw=0, want=9216536, limit=112 overlayfs: missing 'workdir' netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. VFS: Found a V7 FS (block size = 512) on device loop3 attempt to access beyond end of device loop3: rw=0, want=9698052, limit=112 attempt to access beyond end of device loop3: rw=0, want=565370, limit=112 attempt to access beyond end of device loop3: rw=0, want=10282938, limit=112 attempt to access beyond end of device loop3: rw=0, want=7284998, limit=112 attempt to access beyond end of device loop3: rw=0, want=3984204, limit=112 attempt to access beyond end of device loop3: rw=0, want=6992027, limit=112 attempt to access beyond end of device loop3: rw=0, want=6756799, limit=112 attempt to access beyond end of device loop3: rw=0, want=575895, limit=112 BUG: sleeping function called from invalid context at fs/buffer.c:1381 in_atomic(): 1, irqs_disabled(): 0, pid: 10481, name: syz-executor.3 2 locks held by syz-executor.3/10481: #0: (&type->i_mutex_dir_key#8){.+.+}, at: [] inode_lock_shared include/linux/fs.h:729 [inline] #0: (&type->i_mutex_dir_key#8){.+.+}, at: [] lookup_slow+0x129/0x400 fs/namei.c:1674 #1: (pointers_lock){.+.+}, at: [] get_block+0x153/0x1230 fs/sysv/itree.c:217 Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10481 Comm: syz-executor.3 Tainted: G W 4.14.299-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 __getblk_gfp fs/buffer.c:1381 [inline] __bread_gfp+0x3e/0x2e0 fs/buffer.c:1428 sb_bread include/linux/buffer_head.h:343 [inline] get_branch+0x2ac/0x600 fs/sysv/itree.c:104 get_block+0x176/0x1230 fs/sysv/itree.c:218 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713 read_mapping_page include/linux/pagemap.h:398 [inline] dir_get_page fs/sysv/dir.c:58 [inline] sysv_find_entry+0x20d/0x610 fs/sysv/dir.c:146 sysv_inode_by_name+0x5b/0x330 fs/sysv/dir.c:360 sysv_lookup fs/sysv/namei.c:53 [inline] sysv_lookup+0x64/0xe0 fs/sysv/namei.c:46 lookup_slow+0x20a/0x400 fs/namei.c:1696 walk_component+0x6a1/0xbc0 fs/namei.c:1825 lookup_last fs/namei.c:2293 [inline] path_lookupat+0x1bb/0x780 fs/namei.c:2343 filename_lookup+0x18a/0x510 fs/namei.c:2377 user_path include/linux/namei.h:62 [inline] do_mount+0x118/0x2a30 fs/namespace.c:2845 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 attempt to access beyond end of device loop3: rw=0, want=10310910, limit=112 attempt to access beyond end of device loop3: rw=0, want=9216536, limit=112 dlm: non-version read from control device 0 VFS: Found a V7 FS (block size = 512) on device loop3 attempt to access beyond end of device loop3: rw=0, want=9698052, limit=112 attempt to access beyond end of device loop3: rw=0, want=565370, limit=112 attempt to access beyond end of device loop3: rw=0, want=10282938, limit=112 attempt to access beyond end of device loop3: rw=0, want=7284998, limit=112 attempt to access beyond end of device loop3: rw=0, want=3984204, limit=112 attempt to access beyond end of device loop3: rw=0, want=6992027, limit=112 attempt to access beyond end of device loop3: rw=0, want=6756799, limit=112 attempt to access beyond end of device loop3: rw=0, want=575895, limit=112 attempt to access beyond end of device loop3: rw=0, want=10310910, limit=112 attempt to access beyond end of device loop3: rw=0, want=9216536, limit=112 FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop3): Using rupasov hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal dlm: non-version read from control device 0 dlm: non-version read from control device 0 REISERFS (device loop3): using ordered data mode FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 dlm: non-version read from control device 0 dlm: non-version read from control device 0 REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop3): Using rupasov hash to sort names FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) dlm: non-version read from control device 0 REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) dlm: non-version read from control device 0 FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop3): Using rupasov hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) REISERFS (device loop4): using ordered data mode FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): Using rupasov hash to sort names REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): using ordered data mode REISERFS (device loop0): checking transaction log (loop0) FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) reiserfs: using flush barriers REISERFS (device loop0): Using rupasov hash to sort names REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop3): Using rupasov hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop0): Using rupasov hash to sort names REISERFS (device loop4): Using rupasov hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 reiserfs: using flush barriers REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): Using rupasov hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using rupasov hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS warning (device loop4): sh-457 journal_init_dev: journal_init_dev: Cannot open './file0$': -2 REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS warning (device loop4): sh-457 journal_init_dev: journal_init_dev: Cannot open './file0$': -2 REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS warning (device loop4): sh-457 journal_init_dev: journal_init_dev: Cannot open './file0$': -2 REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS warning (device loop4): sh-457 journal_init_dev: journal_init_dev: Cannot open './file0$': -2 REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.