[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.098583] can: request_module (can-proto-0) failed. [ 44.107757] can: request_module (can-proto-0) failed. [ 44.903297] IPVS: ftp: loaded support on port[0] = 21 [ 45.505397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.570647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.859776] tipc: TX() has been purged, node left! [ 47.380618] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. 2020/01/13 03:37:42 parsed 1 programs 2020/01/13 03:37:42 executed programs: 0 [ 52.632976] IPVS: ftp: loaded support on port[0] = 21 [ 52.700732] IPVS: ftp: loaded support on port[0] = 21 [ 52.708908] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 52.716167] gfs2: fsid=loop0: Now mounting FS... [ 52.743322] IPVS: ftp: loaded support on port[0] = 21 [ 52.744793] gfs2: fsid=loop0.0: journal 0 mapped with 1 extents in 0ms [ 52.755966] gfs2: fsid=loop0.0: jid=0, already locked for use [ 52.762109] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 52.764387] IPVS: ftp: loaded support on port[0] = 21 [ 52.777434] IPVS: ftp: loaded support on port[0] = 21 [ 52.817447] IPVS: ftp: loaded support on port[0] = 21 [ 52.878654] gfs2: fsid=loop0.0: jid=0: Journal head lookup took 116ms [ 52.892459] gfs2: fsid=loop0.0: jid=0: Done [ 52.898533] gfs2: fsid=loop0.0: first mount done, others may mount [ 53.004537] gfs2: fsid=loop2: Trying to join cluster "lock_nolock", "loop2" [ 53.011782] gfs2: fsid=loop2: Now mounting FS... [ 53.025861] gfs2: fsid=loop3: Trying to join cluster "lock_nolock", "loop3" [ 53.033063] gfs2: fsid=loop3: Now mounting FS... [ 53.045177] gfs2: fsid=loop2.0: journal 0 mapped with 1 extents in 0ms [ 53.051963] gfs2: fsid=loop2.0: jid=0, already locked for use [ 53.057913] gfs2: fsid=loop2.0: jid=0: Looking at journal... [ 53.064903] gfs2: fsid=loop3.0: journal 0 mapped with 1 extents in 0ms [ 53.092667] gfs2: fsid=loop3.0: jid=0, already locked for use [ 53.098752] gfs2: fsid=loop3.0: jid=0: Looking at journal... [ 53.130575] gfs2: fsid=loop2.0: jid=0: Journal head lookup took 72ms [ 53.163884] gfs2: fsid=loop2.0: jid=0: Done [ 53.168946] gfs2: fsid=loop2.0: first mount done, others may mount [ 53.221058] gfs2: fsid=loop4: Trying to join cluster "lock_nolock", "loop4" [ 53.223460] gfs2: fsid=loop5: Trying to join cluster "lock_nolock", "loop5" [ 53.228389] gfs2: fsid=loop4: Now mounting FS... [ 53.235504] gfs2: fsid=loop5: Now mounting FS... [ 53.245619] gfs2: fsid=loop1: Trying to join cluster "lock_nolock", "loop1" [ 53.252823] gfs2: fsid=loop1: Now mounting FS... [ 53.261841] gfs2: fsid=loop0.0: found 1 quota changes [ 53.286260] gfs2: fsid=loop3.0: jid=0: Journal head lookup took 187ms [ 53.301257] gfs2: fsid=loop3.0: jid=0: Done [ 53.307773] gfs2: fsid=loop3.0: first mount done, others may mount [ 53.310390] gfs2: fsid=loop4.0: journal 0 mapped with 1 extents in 0ms [ 53.322038] gfs2: fsid=loop4.0: jid=0, already locked for use [ 53.328059] gfs2: fsid=loop4.0: jid=0: Looking at journal... RESULT: signal 0, coverage 0 errno 0 [ 53.339858] gfs2: fsid=loop1.0: journal 0 mapped with 1 extents in 0ms [ 53.348997] gfs2: fsid=loop1.0: jid=0, already locked for use [ 53.354991] gfs2: fsid=loop1.0: jid=0: Looking at journal... [ 53.363822] gfs2: fsid=loop5.0: journal 0 mapped with 1 extents in 0ms [ 53.424873] gfs2: fsid=loop5.0: jid=0, already locked for use [ 53.430974] gfs2: fsid=loop5.0: jid=0: Looking at journal... [ 53.457573] gfs2: fsid=loop1.0: jid=0: Journal head lookup took 102ms [ 53.459403] gfs2: fsid=loop4.0: jid=0: Journal head lookup took 131ms [ 53.480808] gfs2: fsid=loop4.0: jid=0: Done [ 53.484761] gfs2: fsid=loop1.0: jid=0: Done [ 53.485213] gfs2: fsid=loop4.0: first mount done, others may mount [ 53.490086] gfs2: fsid=loop1.0: first mount done, others may mount [ 53.533976] gfs2: fsid=loop2.0: found 1 quota changes [ 53.535996] gfs2: fsid=loop5.0: jid=0: Journal head lookup took 105ms [ 53.547953] gfs2: fsid=loop5.0: jid=0: Done [ 53.552553] gfs2: fsid=loop5.0: first mount done, others may mount [ 53.562572] ------------[ cut here ]------------ [ 53.567476] WARNING: CPU: 1 PID: 4433 at include/linux/backing-dev.h:348 account_page_dirtied+0x65a/0x870 [ 53.577256] Kernel panic - not syncing: panic_on_warn set ... [ 53.583145] CPU: 1 PID: 4433 Comm: syz-executor Not tainted 5.5.0-rc6-syzkaller #0 [ 53.590851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.600292] Call Trace: [ 53.602885] dump_stack+0x12f/0x187 [ 53.606516] ? account_page_dirtied+0x65a/0x870 [ 53.611182] panic+0x22a/0x4f5 [ 53.614385] ? add_taint.cold.7+0x11/0x11 [ 53.618547] __warn.cold.10+0x25/0x28 [ 53.622348] ? account_page_dirtied+0x65a/0x870 [ 53.627014] report_bug+0x1b0/0x270 [ 53.630643] do_error_trap+0x11b/0x200 RESULT: signal 0, coverage 0 errno 0 [ 53.634534] do_invalid_op+0x36/0x40 [ 53.638253] ? account_page_dirtied+0x65a/0x870 [ 53.642922] invalid_op+0x23/0x30 [ 53.646377] RIP: 0010:account_page_dirtied+0x65a/0x870 [ 53.648806] gfs2: fsid=loop3.0: found 1 quota changes [ 53.652022] Code: c1 ea 03 80 3c 02 00 0f 85 25 02 00 00 49 8b 86 90 01 00 00 be ff ff ff ff 48 8d 78 70 e8 6e e9 cb ff 85 c0 0f 85 60 fb ff ff <0f> 0b e9 59 fb ff ff 4c 89 ee 4c 89 f7 e8 54 54 28 00 e9 0a fb ff [ 53.652083] RSP: 0018:ffff8881c588f790 EFLAGS: 00010046 [ 53.652089] RAX: 0000000000000000 RBX: ffff8881c74a7ca8 RCX: ffff8881c57d8e18 [ 53.652093] RDX: 1ffffffff1065973 RSI: ffff8881b2f30070 RDI: 0000000000000086 [ 53.652097] RBP: ffff8881c588f7c0 R08: ffffed1038e94f96 R09: ffffed1038e94f96 [ 53.652100] R10: ffffed1038e94f95 R11: ffff8881c74a7caf R12: ffff8881c74a7b18 [ 53.652103] R13: ffffea0006cbca00 R14: ffff8881c74a7b18 R15: 0000000000000286 [ 53.652126] __set_page_dirty+0x6f/0x250 [ 53.652135] mark_buffer_dirty+0x2c4/0x3c0 [ 53.652143] gfs2_unpin+0xdf/0xe00 [ 53.652153] buf_lo_after_commit+0x129/0x210 [ 53.652162] gfs2_log_flush+0x9c4/0x1fa0 [ 53.745782] ? lock_downgrade+0x900/0x900 [ 53.749953] ? log_write_header+0xeb0/0xeb0 [ 53.754419] ? mark_held_locks+0xb7/0x130 [ 53.758673] ? kfree+0x132/0x290 [ 53.762180] ? do_sync+0x48b/0xa60 [ 53.765727] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 53.770311] ? kfree+0x132/0x290 [ 53.773768] ? trace_hardirqs_on+0x28/0x180 [ 53.778101] ? do_sync+0x48b/0xa60 [ 53.781643] do_sync+0x4dc/0xa60 RESULT: signal 0, coverage 0 errno 0 [ 53.785019] ? gfs2_set_dqblk+0xb60/0xb60 [ 53.789164] ? lock_downgrade+0x900/0x900 [ 53.793319] ? rwlock_bug.part.0+0x90/0x90 [ 53.797557] ? lock_acquire+0x194/0x3e0 [ 53.801543] ? do_raw_spin_unlock+0x177/0x260 [ 53.806049] gfs2_quota_sync+0x254/0x4f0 [ 53.810114] gfs2_sync_fs+0x41/0xa0 [ 53.813767] sync_filesystem+0xd7/0x200 [ 53.817757] generic_shutdown_super+0x69/0x330 [ 53.822348] kill_block_super+0x96/0xe0 [ 53.826323] gfs2_kill_sb+0x100/0x150 [ 53.830128] deactivate_locked_super+0x7c/0xd0 [ 53.834711] deactivate_super+0x136/0x150 [ 53.839404] ? mount_bdev+0x340/0x340 [ 53.842192] gfs2: fsid=loop4.0: found 1 quota changes [ 53.843197] ? dput.part.30+0x12d/0xab0 [ 53.843204] ? mnt_get_writers.isra.29+0xb3/0x140 [ 53.843213] cleanup_mnt+0x204/0x440 [ 53.843221] ? trace_hardirqs_on+0x28/0x180 [ 53.843230] __cleanup_mnt+0xd/0x10 [ 53.843236] task_work_run+0x10e/0x190 [ 53.843247] exit_to_usermode_loop+0x1be/0x210 [ 53.843256] do_syscall_64+0x50b/0x600 [ 53.843265] entry_SYSCALL_64_after_hwframe+0x49/0xbe RESULT: signal 0, coverage 0 errno -1 [ 53.843272] RIP: 0033:0x4579d7 [ 53.889566] Code: 44 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.908730] RSP: 002b:00007fffd77b13f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 53.916465] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004579d7 [ 53.923738] RDX: 00000000028099e3 RSI: 0000000000000002 RDI: 00007fffd77b2560 [ 53.931049] RBP: 00007fffd77b2560 R08: 0000000000000000 R09: 0000000000000009 [ 53.938321] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000002809940 [ 53.945772] R13: 0000000000000000 R14: 0000000000000002 R15: 000000000000cda7 [ 53.954175] Kernel Offset: disabled [ 53.957853] Rebooting in 86400 seconds..