WARNING: CPU: 0 PID: 8141 at kernel/workqueue.c:1384 __queue_work+0xc8d/0x1100 kernel/workqueue.c:1384 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8141 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 panic+0x26a/0x50e kernel/panic.c:186 audit: type=1800 audit(1649017253.867:309): pid=19444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=14163 res=0 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:__queue_work+0xc8d/0x1100 kernel/workqueue.c:1384 Code: 03 38 d0 7c 09 84 d2 74 05 e8 0f 3a 5a 00 8b 5b 24 31 ff 83 e3 20 89 de e8 10 5f 24 00 85 db 0f 85 c2 00 00 00 e8 93 5d 24 00 <0f> 0b e9 5d f9 ff ff e8 87 5d 24 00 4c 8d 75 60 41 83 cd 02 e9 02 RSP: 0018:ffff8880ba007ca8 EFLAGS: 00010006 RAX: ffff888096588600 RBX: 0000000000000100 RCX: ffffffff813e2780 RDX: 0000000000000100 RSI: ffffffff813e27dd RDI: 0000000000000005 RBP: 0000000000010000 R08: 0000000000000000 R09: 0000000000000000 audit: type=1800 audit(1649017253.867:310): pid=19476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=14130 res=0 R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880915588e0 R13: 1ffff11017400fa7 R14: 0000000000000000 R15: 0000000000000008 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x97/0x4e0 kernel/time/timer.c:1371 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:149 [inline] RIP: 0010:unwind_next_frame+0x24a/0x1400 arch/x86/kernel/unwind_orc.c:422 Code: 8d 43 ff 39 c6 0f 83 06 0e 00 00 48 b8 00 00 00 00 00 fc ff df 89 f2 48 8d 3c 95 bc 91 17 8c 48 89 f9 48 c1 e9 03 0f b6 0c 01 <48> 89 f8 83 e0 07 83 c0 03 38 c8 7c 27 84 c9 74 23 48 89 54 24 30 RSP: 0018:ffff888096fcf5d0 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff11012df9ec3 RCX: 0000000000000000 RDX: 000000000000b175 RSI: 000000000000b175 RDI: ffffffff8c1a5790 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 R10: ffff888096fcf75f R11: 0000000000074071 R12: ffff888096fcf748 R13: ffff888096fcf735 R14: ffff888096fcf700 R15: ffffffff81b1755d __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc mm/slab.c:3397 [inline] kmem_cache_alloc+0x110/0x370 mm/slab.c:3557 mempool_alloc+0x146/0x350 mm/mempool.c:385 bio_alloc_bioset+0x389/0x5e0 block/bio.c:489 netlink: 'syz-executor.4': attribute type 4 has an invalid length. bio_alloc include/linux/bio.h:437 [inline] submit_bh_wbc+0x141/0x760 fs/buffer.c:3064 submit_bh fs/buffer.c:3096 [inline] __sync_dirty_buffer+0x14e/0x320 fs/buffer.c:3191 ext4_commit_super+0x777/0xb90 fs/ext4/super.c:5025 ext4_put_super+0x205/0x1010 fs/ext4/super.c:1001 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f706169e4b7 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc9e3cac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f706169e4b7 RDX: 00007ffc9e3cad4b RSI: 000000000000000a RDI: 00007ffc9e3cad40 RBP: 00007ffc9e3cad40 R08: 00000000ffffffff R09: 00007ffc9e3cab10 R10: 000055555741c903 R11: 0000000000000246 R12: 00007f70616f61ea R13: 00007ffc9e3cbe00 R14: 000055555741c810 R15: 00007ffc9e3cbe40 Kernel Offset: disabled Rebooting in 86400 seconds.. ---------------- Code disassembly (best guess): 0: 8d 43 ff lea -0x1(%rbx),%eax 3: 39 c6 cmp %eax,%esi 5: 0f 83 06 0e 00 00 jae 0xe11 b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 12: fc ff df 15: 89 f2 mov %esi,%edx 17: 48 8d 3c 95 bc 91 17 lea -0x73e86e44(,%rdx,4),%rdi 1e: 8c 1f: 48 89 f9 mov %rdi,%rcx 22: 48 c1 e9 03 shr $0x3,%rcx 26: 0f b6 0c 01 movzbl (%rcx,%rax,1),%ecx * 2a: 48 89 f8 mov %rdi,%rax <-- trapping instruction 2d: 83 e0 07 and $0x7,%eax 30: 83 c0 03 add $0x3,%eax 33: 38 c8 cmp %cl,%al 35: 7c 27 jl 0x5e 37: 84 c9 test %cl,%cl 39: 74 23 je 0x5e 3b: 48 89 54 24 30 mov %rdx,0x30(%rsp)