bond1634: making interface bridge1394 the new active one bond1634: Enslaving bridge1394 as an active interface with an up link netlink: 'syz-executor.3': attribute type 1 has an invalid length. ============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.1/1604 is trying to acquire lock: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 but task is already holding lock: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((fb_notifier_list).rwsem); lock((fb_notifier_list).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.1/1604: #0: 0000000009531dc0 (console_lock){+.+.}, at: do_fb_ioctl+0x772/0xb50 drivers/video/fbdev/core/fbmem.c:1210 #1: 000000000f0913ad (&fb_info->lock){+.+.}, at: lock_fb_info drivers/video/fbdev/core/fbmem.c:81 [inline] #1: 000000000f0913ad (&fb_info->lock){+.+.}, at: do_fb_ioctl+0x77c/0xb50 drivers/video/fbdev/core/fbmem.c:1211 #2: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] #2: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] #2: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] #2: 0000000067e3d959 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 stack backtrace: CPU: 1 PID: 1604 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_set_var+0xd9a/0xf90 drivers/video/fbdev/core/fbmem.c:1052 fbcon_switch+0x425/0x1ba0 drivers/video/fbdev/core/fbcon.c:2088 redraw_screen+0x37d/0x870 drivers/tty/vt/vt.c:1015 fbcon_blank+0xae6/0xec0 drivers/video/fbdev/core/fbcon.c:2226 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 fbcon_fb_blanked drivers/video/fbdev/core/fbcon.c:2973 [inline] fbcon_event_notify+0x1a3a/0x1d80 drivers/video/fbdev/core/fbcon.c:3091 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 __blocking_notifier_call_chain kernel/notifier.c:317 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x85/0xa0 kernel/notifier.c:325 fb_blank+0x195/0x1d0 drivers/video/fbdev/core/fbmem.c:1080 do_fb_ioctl+0x7ec/0xb50 drivers/video/fbdev/core/fbmem.c:1216 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1240 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fc99344e0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc9919c0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fc99356df80 RCX: 00007fc99344e0c9 RDX: 0000000000000000 RSI: 0000000000004611 RDI: 0000000000000003 RBP: 00007fc9934a9ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd4d7757f R14: 00007fc9919c0300 R15: 0000000000022000 IPv6: ADDRCONF(NETDEV_UP): bond1711: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1711 bond1711: making interface bridge1369 the new active one bond1711: Enslaving bridge1369 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1634: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bond1711: link becomes ready netlink: 'syz-executor.5': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1635: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1635 bond1635: making interface bridge1395 the new active one bond1635: Enslaving bridge1395 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): bond1712: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1712 IPv6: ADDRCONF(NETDEV_CHANGE): bond1635: link becomes ready bond1712: making interface bridge1370 the new active one bond1712: Enslaving bridge1370 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1712: link becomes ready IPv6: ADDRCONF(NETDEV_UP): bond1636: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1636 bond1636: making interface bridge1396 the new active one bond1636: Enslaving bridge1396 as an active interface with an up link caif:caif_disconnect_client(): nothing to disconnect IPv6: ADDRCONF(NETDEV_UP): bond1713: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1713 IPv6: ADDRCONF(NETDEV_CHANGE): bond1636: link becomes ready bond1713: making interface bridge1371 the new active one bond1713: Enslaving bridge1371 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): bond1637: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1637 bond1637: making interface bridge1397 the new active one bond1637: Enslaving bridge1397 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1713: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bond1637: link becomes ready IPv6: ADDRCONF(NETDEV_UP): bond1714: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1714 bond1714: making interface bridge1372 the new active one bond1714: Enslaving bridge1372 as an active interface with an up link validate_nla: 5 callbacks suppressed netlink: 'syz-executor.5': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_CHANGE): bond1714: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1715: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1715 bond1715: making interface bridge1373 the new active one bond1715: Enslaving bridge1373 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1715: link becomes ready netlink: 'syz-executor.5': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1638: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1638 netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1716: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1716 nla_parse: 4 callbacks suppressed netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. bond1716: making interface bridge1374 the new active one bond1716: Enslaving bridge1374 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1716: link becomes ready netlink: 'syz-executor.5': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1639: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1639 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1717: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1717 bond1717: making interface bridge1375 the new active one bond1717: Enslaving bridge1375 as an active interface with an up link netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. IPv6: ADDRCONF(NETDEV_CHANGE): bond1717: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) vhci_hcd vhci_hcd.0: Device attached vhci_hcd: connection closed vhci_hcd: stop threads vhci_hcd: release socket vhci_hcd: disconnect device IPv6: ADDRCONF(NETDEV_UP): bond1718: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1718 bond1718: making interface bridge1376 the new active one bond1718: Enslaving bridge1376 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1718: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1719: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1719 IPVS: ftp: loaded support on port[0] = 21 bond1719: making interface bridge1377 the new active one bond1719: Enslaving bridge1377 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1719: link becomes ready vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) vhci_hcd vhci_hcd.0: Device attached vhci_hcd: connection closed vhci_hcd: stop threads vhci_hcd: release socket vhci_hcd: disconnect device netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1720: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1720 bond1720: making interface bridge1378 the new active one bond1720: Enslaving bridge1378 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1720: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1721: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1721 bond1721: making interface bridge1379 the new active one bond1721: Enslaving bridge1379 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1721: link becomes ready vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) vhci_hcd vhci_hcd.0: Device attached vhci_hcd: connection closed vhci_hcd: stop threads vhci_hcd: release socket vhci_hcd: disconnect device IPv6: ADDRCONF(NETDEV_UP): bond1722: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1722 bond1722: making interface bridge1380 the new active one bond1722: Enslaving bridge1380 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1722: link becomes ready IPv6: ADDRCONF(NETDEV_UP): bond1723: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1723 audit: type=1804 audit(1675618579.404:32712): pid=2999 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir4013322465/syzkaller.HEnjmF/3437/file0" dev="sda1" ino=15446 res=1 bond1723: making interface bridge1381 the new active one vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) bond1723: Enslaving bridge1381 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1723: link becomes ready vhci_hcd vhci_hcd.0: Device attached vhci_hcd: connection closed vhci_hcd: stop threads vhci_hcd: release socket vhci_hcd: disconnect device IPv6: ADDRCONF(NETDEV_UP): bond1724: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1724 bond1724: making interface bridge1382 the new active one bond1724: Enslaving bridge1382 as an active interface with an up link audit: type=1800 audit(1675618579.864:32713): pid=2982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=15446 res=0 IPv6: ADDRCONF(NETDEV_CHANGE): bond1724: link becomes ready IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_UP): bond1725: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1725 audit: type=1800 audit(1675618580.344:32714): pid=3148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17278 res=0 bond1725: making interface bridge1383 the new active one bond1725: Enslaving bridge1383 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1725: link becomes ready audit: type=1804 audit(1675618580.414:32715): pid=3148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir4013322465/syzkaller.HEnjmF/3438/file0" dev="sda1" ino=17278 res=1 IPv6: ADDRCONF(NETDEV_UP): bond1640: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1640 IPv6: ADDRCONF(NETDEV_UP): bond1726: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1726 bond1640: making interface bridge1398 the new active one bond1640: Enslaving bridge1398 as an active interface with an up link bond1726: making interface bridge1384 the new active one bond1726: Enslaving bridge1384 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1640: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bond1726: link becomes ready IPv6: ADDRCONF(NETDEV_UP): bond1727: link is not ready IPVS: ftp: loaded support on port[0] = 21 8021q: adding VLAN 0 to HW filter on device bond1727 audit: type=1800 audit(1675618581.274:32716): pid=3350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17271 res=0 bond1727: making interface bridge1385 the new active one audit: type=1804 audit(1675618581.314:32717): pid=3365 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir4013322465/syzkaller.HEnjmF/3439/file0" dev="sda1" ino=17271 res=1 bond1727: Enslaving bridge1385 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1727: link becomes ready validate_nla: 8 callbacks suppressed netlink: 'syz-executor.5': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1641: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1641 bond1641: making interface bridge1399 the new active one bond1641: Enslaving bridge1399 as an active interface with an up link netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1728: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1728 IPv6: ADDRCONF(NETDEV_CHANGE): bond1641: link becomes ready bond1641: Enslaving bridge1400 as a backup interface with an up link bond1728: making interface bridge1386 the new active one bond1728: Enslaving bridge1386 as an active interface with an up link bond1641: Enslaving bridge1401 as a backup interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1728: link becomes ready bond1641: Enslaving bridge1402 as a backup interface with an up link bond1641: Enslaving bridge1403 as a backup interface with an up link bond1641: Enslaving bridge1404 as a backup interface with an up link bond1641: Enslaving bridge1405 as a backup interface with an up link bond1641: Enslaving bridge1406 as a backup interface with an up link bond1641: Enslaving bridge1407 as a backup interface with an up link netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 'syz-executor.3': attribute type 1 has an invalid length. audit: type=1800 audit(1675618582.274:32718): pid=3526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=15800 res=0 IPv6: ADDRCONF(NETDEV_UP): bond1729: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1729 bond1729: making interface bridge1387 the new active one bond1729: Enslaving bridge1387 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1729: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1730: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1730 VFS: Found a Xenix FS (block size = 1024) on device loop1 bond1730: making interface bridge1388 the new active one attempt to access beyond end of device bond1730: Enslaving bridge1388 as an active interface with an up link loop1: rw=0, want=6491538, limit=128 Buffer I/O error on dev loop1, logical block 3245768, async page read attempt to access beyond end of device loop1: rw=0, want=17666808, limit=128 Buffer I/O error on dev loop1, logical block 8833403, async page read attempt to access beyond end of device loop1: rw=0, want=26539620, limit=128 Buffer I/O error on dev loop1, logical block 13269809, async page read attempt to access beyond end of device loop1: rw=0, want=16147214, limit=128 Buffer I/O error on dev loop1, logical block 8073606, async page read IPv6: ADDRCONF(NETDEV_CHANGE): bond1730: link becomes ready attempt to access beyond end of device loop1: rw=0, want=6491544, limit=128 Buffer I/O error on dev loop1, logical block 3245771, async page read attempt to access beyond end of device loop1: rw=0, want=17668344, limit=128 Buffer I/O error on dev loop1, logical block 8834171, async page read attempt to access beyond end of device netlink: 'syz-executor.3': attribute type 1 has an invalid length. loop1: rw=0, want=26932836, limit=128 Buffer I/O error on dev loop1, logical block 13466417, async page read attempt to access beyond end of device loop1: rw=0, want=16147214, limit=128 Buffer I/O error on dev loop1, logical block 8073606, async page read BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 3699, name: syz-executor.1 INFO: lockdep is turned off. Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 3699 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] dir_get_page fs/sysv/dir.c:58 [inline] sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146 sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360 sysv_lookup fs/sysv/namei.c:53 [inline] sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46 __lookup_slow+0x246/0x4a0 fs/namei.c:1672 lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2270 [inline] path_lookupat+0xe4/0x8d0 fs/namei.c:2318 do_o_path fs/namei.c:3511 [inline] path_openat+0x1f92/0x2df0 fs/namei.c:3533 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fc99344e0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc9919c0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007fc99356df80 RCX: 00007fc99344e0c9 RDX: 0000000000000000 RSI: 0000000000200040 RDI: 0000000020003a80 RBP: 00007fc9934a9ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd4d7757f R14: 00007fc9919c0300 R15: 0000000000022000 attempt to access beyond end of device loop1: rw=0, want=6491550, limit=128 Buffer I/O error on dev loop1, logical block 3245774, async page read attempt to access beyond end of device loop1: rw=0, want=17669880, limit=128 Buffer I/O error on dev loop1, logical block 8834939, async page read IPv6: ADDRCONF(NETDEV_UP): bond1731: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1731 bond1731: making interface bridge1389 the new active one bond1731: Enslaving bridge1389 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1731: link becomes ready netlink: 'syz-executor.3': attribute type 1 has an invalid length. IPv6: ADDRCONF(NETDEV_UP): bond1732: link is not ready ieee802154 phy0 wpan0: encryption failed: -22 8021q: adding VLAN 0 to HW filter on device bond1732 ieee802154 phy1 wpan1: encryption failed: -22 bond1732: making interface bridge1390 the new active one bond1732: Enslaving bridge1390 as an active interface with an up link IPv6: ADDRCONF(NETDEV_CHANGE): bond1732: link becomes ready BUG: sleeping function called from invalid context at fs/buffer.c:1319 in_atomic(): 1, irqs_disabled(): 0, pid: 3699, name: syz-executor.1 INFO: lockdep is turned off. Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 3699 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 __getblk_gfp fs/buffer.c:1319 [inline] __bread_gfp+0x3f/0x300 fs/buffer.c:1366 sb_bread include/linux/buffer_head.h:309 [inline] get_branch+0x2cd/0x640 fs/sysv/itree.c:104 get_block+0x194/0x1510 fs/sysv/itree.c:218