BUG: sleeping function called from invalid context in __bread_gfp
11 views
Skip to first unread message
syzbot
Nov 15, 2022, 3:37:43 PM11/15/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17a33ef1880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=d9b6f317213856ee7736
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9b6f3...@syzkaller.appspotmail.com
loop4: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop4, logical block 6756798, async page read
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
Buffer I/O error on dev loop4, logical block 575894, async page read
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7814, name: syz-executor.4
2 locks held by syz-executor.4/7814:
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7814 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
Buffer I/O error on dev loop4, logical block 10310909, async page read
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop1
loop4: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop4, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7870, name: syz-executor.4
2 locks held by syz-executor.4/7870:
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7870 Comm: syz-executor.4 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop4: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
loop4: rw=0, want=9216536, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7977, name: syz-executor.1
2 locks held by syz-executor.1/7977:
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 7977 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
VFS: Found a V7 FS (block size = 512) on device loop4
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8149, name: syz-executor.1
2 locks held by syz-executor.1/8149:
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8149 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
buffer_io_error: 58 callbacks suppressed
Buffer I/O error on dev loop1, logical block 10310909, async page read
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop1, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
Buffer I/O error on dev loop1, logical block 9698051, async page read
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
Buffer I/O error on dev loop1, logical block 565369, async page read
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
Buffer I/O error on dev loop1, logical block 10282937, async page read
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
Buffer I/O error on dev loop1, logical block 7284997, async page read
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
Buffer I/O error on dev loop1, logical block 3984203, async page read
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
Buffer I/O error on dev loop1, logical block 6992026, async page read
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop1, logical block 6756798, async page read
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
Buffer I/O error on dev loop1, logical block 575894, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8264, name: syz-executor.1
2 locks held by syz-executor.1/8264:
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 8264 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8397, name: syz-executor.1
2 locks held by syz-executor.1/8397:
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8397 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop4
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17a33ef1880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=d9b6f317213856ee7736
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9b6f3...@syzkaller.appspotmail.com
loop4: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop4, logical block 6756798, async page read
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
Buffer I/O error on dev loop4, logical block 575894, async page read
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7814, name: syz-executor.4
2 locks held by syz-executor.4/7814:
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000b62aa002 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7814 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
Buffer I/O error on dev loop4, logical block 10310909, async page read
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop1
loop4: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop4, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7870, name: syz-executor.4
2 locks held by syz-executor.4/7870:
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000c95482e7 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 7870 Comm: syz-executor.4 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbc9ed74639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc9d2e7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbc9ee94f80 RCX: 00007fbc9ed74639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007fbc9edcfae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8912407f R14: 00007fbc9d2e7300 R15: 0000000000022000
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop4: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
loop4: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop4: rw=0, want=565370, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
loop4: rw=0, want=10282938, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
loop4: rw=0, want=3984204, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop4: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
loop4: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop4: rw=0, want=575895, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=0, want=10310910, limit=112
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
loop4: rw=0, want=9216536, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 7977, name: syz-executor.1
2 locks held by syz-executor.1/7977:
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 000000009d2884c5 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 7977 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
VFS: Found a V7 FS (block size = 512) on device loop4
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000100
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8149, name: syz-executor.1
2 locks held by syz-executor.1/8149:
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000220bc59c (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8149 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
buffer_io_error: 58 callbacks suppressed
Buffer I/O error on dev loop1, logical block 10310909, async page read
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop1, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: could not find a valid V7 on loop4.
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
Buffer I/O error on dev loop1, logical block 9698051, async page read
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
Buffer I/O error on dev loop1, logical block 565369, async page read
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
Buffer I/O error on dev loop1, logical block 10282937, async page read
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
Buffer I/O error on dev loop1, logical block 7284997, async page read
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
Buffer I/O error on dev loop1, logical block 3984203, async page read
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
Buffer I/O error on dev loop1, logical block 6992026, async page read
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop1, logical block 6756798, async page read
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
Buffer I/O error on dev loop1, logical block 575894, async page read
VFS: Found a V7 FS (block size = 512) on device loop4
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8264, name: syz-executor.1
2 locks held by syz-executor.1/8264:
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000d513ae91 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 8264 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000020000280 R09: 0000000000000000
R10: 0000000002002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8397, name: syz-executor.1
2 locks held by syz-executor.1/8397:
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000e4bf6842 (&type->i_mutex_dir_key#10){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 0000000056a7183d (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 0 PID: 8397 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
__getblk_gfp fs/buffer.c:1319 [inline]
__bread_gfp+0x3f/0x300 fs/buffer.c:1366
sb_bread include/linux/buffer_head.h:309 [inline]
get_branch+0x2cd/0x640 fs/sysv/itree.c:104
get_block+0x194/0x1510 fs/sysv/itree.c:218
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x21a/0x6f0 fs/sysv/dir.c:146
sysv_inode_by_name+0x6d/0x3d0 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x7c/0x100 fs/sysv/namei.c:46
__lookup_slow+0x246/0x4a0 fs/namei.c:1672
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3056749639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3054cbc168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f3056869f80 RCX: 00007f3056749639
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007f30567a4ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff19f90bef R14: 00007f3054cbc300 R15: 0000000000022000
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
VFS: Found a V7 FS (block size = 512) on device loop4
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop4
VFS: Found a V7 FS (block size = 512) on device loop1
VFS: Found a V7 FS (block size = 512) on device loop4
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 15, 2022, 3:41:42 PM11/15/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e911713e40ca Linux 4.14.299
syzbot found the following issue on:
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1461e71e880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d7ed9728cc57838
dashboard link: https://syzkaller.appspot.com/bug?extid=6b929f4559ece29ef479
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c8588259d654/disk-e911713e.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/700d08072e5e/vmlinux-e911713e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/844ad5da2ed5/bzImage-e911713e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
loop1: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop1, logical block 6756798, async page read
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
Buffer I/O error on dev loop1, logical block 575894, async page read
in_atomic(): 1, irqs_disabled(): 0, pid: 10196, name: syz-executor.1
2 locks held by syz-executor.1/10196:
#0: (&type->i_mutex_dir_key#8){.+.+}, at: [<ffffffff81892da9>] inode_lock_shared include/linux/fs.h:729 [inline]
#0: (&type->i_mutex_dir_key#8){.+.+}, at: [<ffffffff81892da9>] lookup_slow+0x129/0x400 fs/namei.c:1674
#1: (pointers_lock){.+.+}, at: [<ffffffff81fd9043>] get_block+0x153/0x1230 fs/sysv/itree.c:217
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10196 Comm: syz-executor.1 Not tainted 4.14.299-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
Call Trace:
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041
__getblk_gfp fs/buffer.c:1381 [inline]
__bread_gfp+0x3e/0x2e0 fs/buffer.c:1428
sb_bread include/linux/buffer_head.h:343 [inline]
get_branch+0x2ac/0x600 fs/sysv/itree.c:104
get_block+0x176/0x1230 fs/sysv/itree.c:218
block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316
do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
read_mapping_page include/linux/pagemap.h:398 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x20d/0x610 fs/sysv/dir.c:146
sysv_inode_by_name+0x5b/0x330 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x64/0xe0 fs/sysv/namei.c:46
lookup_slow+0x20a/0x400 fs/namei.c:1696
walk_component+0x6a1/0xbc0 fs/namei.c:1825
lookup_last fs/namei.c:2293 [inline]
path_lookupat+0x1bb/0x780 fs/namei.c:2343
filename_lookup+0x18a/0x510 fs/namei.c:2377
user_path include/linux/namei.h:62 [inline]
do_mount+0x118/0x2a30 fs/namespace.c:2845
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
loop1: rw=0, want=10310910, limit=112
Buffer I/O error on dev loop1, logical block 10310909, async page read
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop1, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop1
9pnet: Insufficient options for proto=fd
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
Buffer I/O error on dev loop1, logical block 9216535, async page read
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
ip6tnl0: Invalid MTU 536872256 requested, hw max 65407
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
9pnet: Insufficient options for proto=fd
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
BUG: sleeping function called from invalid context at fs/buffer.c:1381
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
in_atomic(): 1, irqs_disabled(): 0, pid: 10271, name: syz-executor.1
2 locks held by syz-executor.1/10271:
#0: (&type->i_mutex_dir_key#8){.+.+}, at: [<ffffffff81892da9>] inode_lock_shared include/linux/fs.h:729 [inline]
#0: (&type->i_mutex_dir_key#8){.+.+}, at: [<ffffffff81892da9>] lookup_slow+0x129/0x400 fs/namei.c:1674
#1: (pointers_lock){.+.+}, at: [<ffffffff81fd9043>] get_block+0x153/0x1230 fs/sysv/itree.c:217
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10271 Comm: syz-executor.1 Tainted: G W 4.14.299-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
Call Trace:
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041
__getblk_gfp fs/buffer.c:1381 [inline]
__bread_gfp+0x3e/0x2e0 fs/buffer.c:1428
sb_bread include/linux/buffer_head.h:343 [inline]
get_branch+0x2ac/0x600 fs/sysv/itree.c:104
get_block+0x176/0x1230 fs/sysv/itree.c:218
block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316
do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
read_mapping_page include/linux/pagemap.h:398 [inline]
dir_get_page fs/sysv/dir.c:58 [inline]
sysv_find_entry+0x20d/0x610 fs/sysv/dir.c:146
sysv_inode_by_name+0x5b/0x330 fs/sysv/dir.c:360
sysv_lookup fs/sysv/namei.c:53 [inline]
sysv_lookup+0x64/0xe0 fs/sysv/namei.c:46
lookup_slow+0x20a/0x400 fs/namei.c:1696
walk_component+0x6a1/0xbc0 fs/namei.c:1825
lookup_last fs/namei.c:2293 [inline]
path_lookupat+0x1bb/0x780 fs/namei.c:2343
filename_lookup+0x18a/0x510 fs/namei.c:2377
user_path include/linux/namei.h:62 [inline]
do_mount+0x118/0x2a30 fs/namespace.c:2845
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
VFS: Found a V7 FS (block size = 512) on device loop1
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
bridge0: port 1(bridge_slave_0) entered disabled state
attempt to access beyond end of device
loop1: rw=0, want=9698052, limit=112
attempt to access beyond end of device
loop1: rw=0, want=565370, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10282938, limit=112
attempt to access beyond end of device
loop1: rw=0, want=7284998, limit=112
attempt to access beyond end of device
loop1: rw=0, want=3984204, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6992027, limit=112
attempt to access beyond end of device
loop1: rw=0, want=6756799, limit=112
attempt to access beyond end of device
loop1: rw=0, want=575895, limit=112
attempt to access beyond end of device
loop1: rw=0, want=10310910, limit=112
attempt to access beyond end of device
loop1: rw=0, want=9216536, limit=112
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (8000)
nbd: must specify an index to disconnect
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 112 bytes leftover after parsing attributes in process `syz-executor.5'.
audit: type=1800 audit(1668544868.709:2): pid=10882 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14074 res=0
audit: type=1804 audit(1668544868.719:3): pid=10882 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1640548947/syzkaller.8ojada/56/file0" dev="sda1" ino=14074 res=1
syz-executor.2 (10882) used greatest stack depth: 24272 bytes left
audit: type=1800 audit(1668544869.039:4): pid=10906 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14051 res=0
audit: type=1804 audit(1668544869.049:5): pid=10906 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1640548947/syzkaller.8ojada/57/file0" dev="sda1" ino=14051 res=1
[U]
audit: type=1800 audit(1668544869.349:6): pid=10933 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14097 res=0
audit: type=1804 audit(1668544869.379:7): pid=10933 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1640548947/syzkaller.8ojada/58/file0" dev="sda1" ino=14097 res=1
audit: type=1800 audit(1668544869.569:8): pid=10968 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14054 res=0
audit: type=1804 audit(1668544869.599:9): pid=10968 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir1640548947/syzkaller.8ojada/59/file0" dev="sda1" ino=14054 res=1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
syzbot
Nov 15, 2022, 3:48:39 PM11/15/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=174ed959880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=151ddf69880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b06bad614451/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9b6f3...@syzkaller.appspotmail.com
loop0: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop0, logical block 6756798, async page read
Buffer I/O error on dev loop0, logical block 575894, async page read
2 locks held by syz-executor116/8077:
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 000000002a33c643 (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
RIP: 0033:0x7fce8d200049
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe7ab6dc98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fce8d200049
R10: 000000000200200
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=d9b6f317213856ee7736
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13da26f1880000
dashboard link: https://syzkaller.appspot.com/bug?extid=d9b6f317213856ee7736
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=151ddf69880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9b6f3...@syzkaller.appspotmail.com
Buffer I/O error on dev loop0, logical block 6756798, async page read
attempt to access beyond end of device
loop0: rw=0, want=575895, limit=112
Buffer I/O error on dev loop0, logical block 575894, async page read
BUG: sleeping function called from invalid context at fs/buffer.c:1319
in_atomic(): 1, irqs_disabled(): 0, pid: 8077, name: syz-executor116
2 locks held by syz-executor116/8077:
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 000000005b77337e (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
#1: 000000002a33c643 (pointers_lock){.+.+}, at: get_block+0x171/0x1510 fs/sysv/itree.c:217
Preemption disabled at:
[<0000000000000000>] (null)
CPU: 1 PID: 8077 Comm: syz-executor116 Not tainted 4.19.211-syzkaller #0
[<0000000000000000>] (null)
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe7ab6dc98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fce8d200049
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007fce8d1bf620 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000200200
syzbot
Nov 15, 2022, 3:50:43 PM11/15/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e911713e40ca Linux 4.14.299
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10eca559880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1027c335880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c8588259d654/disk-e911713e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/700d08072e5e/vmlinux-e911713e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/844ad5da2ed5/bzImage-e911713e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a9e7bb5f6514/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6b929f...@syzkaller.appspotmail.com
loop0: rw=0, want=6756799, limit=112
Buffer I/O error on dev loop0, logical block 6756798, async page read
Buffer I/O error on dev loop0, logical block 575894, async page read
2 locks held by syz-executor304/7984:
#0: (&type->i_mutex_dir_key#7){.+.+}, at: [<ffffffff81892da9>] inode_lock_shared include/linux/fs.h:729 [inline]
#0: (&type->i_mutex_dir_key#7){.+.+}, at: [<ffffffff81892da9>] lookup_slow+0x129/0x400 fs/namei.c:1674
HEAD commit: e911713e40ca Linux 4.14.299
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=1d7ed9728cc57838
dashboard link: https://syzkaller.appspot.com/bug?extid=6b929f4559ece29ef479
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=131ddf69880000
dashboard link: https://syzkaller.appspot.com/bug?extid=6b929f4559ece29ef479
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1027c335880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c8588259d654/disk-e911713e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/700d08072e5e/vmlinux-e911713e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/844ad5da2ed5/bzImage-e911713e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6b929f...@syzkaller.appspotmail.com
Buffer I/O error on dev loop0, logical block 6756798, async page read
attempt to access beyond end of device
loop0: rw=0, want=575895, limit=112
Buffer I/O error on dev loop0, logical block 575894, async page read
BUG: sleeping function called from invalid context at fs/buffer.c:1381
in_atomic(): 1, irqs_disabled(): 0, pid: 7984, name: syz-executor304
2 locks held by syz-executor304/7984:
#0: (&type->i_mutex_dir_key#7){.+.+}, at: [<ffffffff81892da9>] inode_lock_shared include/linux/fs.h:729 [inline]
#0: (&type->i_mutex_dir_key#7){.+.+}, at: [<ffffffff81892da9>] lookup_slow+0x129/0x400 fs/namei.c:1674
#1: (pointers_lock){.+.+}, at: [<ffffffff81fd9043>] get_block+0x153/0x1230 fs/sysv/itree.c:217
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 7984 Comm: syz-executor304 Not tainted 4.14.299-syzkaller #0
Preemption disabled at:
[< (null)>] (null)
Reply all
Reply to author
Forward
0 new messages