Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=17a33ef1880000
kernel config:
https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link:
https://syzkaller.appspot.com/bug?extid=d9b6f317213856ee7736
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+d9b6f3...@syzkaller.appspotmail.com
loop4: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop4, logical block 6756798, async page read
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
Buffer I/O error on dev loop4, logical block 575894, async page read
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7814, name: syz-executor.4
2 locks held by syz-executor.4/7814:
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7814 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
Buffer I/O error on dev loop4, logical block 10310909, async page read
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop1
loop4: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop4, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7870, name: syz-executor.4
2 locks held by syz-executor.4/7870:
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7870 Comm: syz-executor.4 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop4: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
loop4: rw=0, want=9216536, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7977, name: syz-executor.1
2 locks held by syz-executor.1/7977:
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 7977 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
VFS: Found a V7 FS (block size = 512) on device loop4
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8149, name: syz-executor.1
2 locks held by syz-executor.1/8149:
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8149 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
buffer_io_error: 58 callbacks suppressed
Buffer I/O error on dev loop1, logical block 10310909, async page read
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop1, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
Buffer I/O error on dev loop1, logical block 9698051, async page read
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
Buffer I/O error on dev loop1, logical block 565369, async page read
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
Buffer I/O error on dev loop1, logical block 10282937, async page read
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
Buffer I/O error on dev loop1, logical block 7284997, async page read
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
Buffer I/O error on dev loop1, logical block 3984203, async page read
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
Buffer I/O error on dev loop1, logical block 6992026, async page read
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop1, logical block 6756798, async page read
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
Buffer I/O error on dev loop1, logical block 575894, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8264, name: syz-executor.1
2 locks held by syz-executor.1/8264:
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 8264 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8397, name: syz-executor.1
2 locks held by syz-executor.1/8397:
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8397 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop4
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.