syzbot

------------[ cut here ]------------
kernel BUG at fs/buffer.c:3094!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9180 Comm: syz-executor393 Not tainted 5.5.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x71c/0x900 fs/buffer.c:3094
Code: 14 e5 ff f0 80 63 01 f7 e9 ab fa ff ff e8 bc a5 a7 ff 41 81 cd 00 10 00 00 e9 4d fe ff ff e8 ab a5 a7 ff 0f 0b e8 a4 a5 a7 ff <0f> 0b e8 9d a5 a7 ff 0f 0b e8 96 a5 a7 ff 0f 0b e8 8f a5 a7 ff 0f
RSP: 0018:ffffc90001d77bf8 EFLAGS: 00010293
RAX: ffff888094538640 RBX: ffff88809218a5e8 RCX: ffffffff81cd7f8d
RDX: 0000000000000000 RSI: ffffffff81cd85fc RDI: 0000000000000001
RBP: ffffc90001d77c40 R08: ffff888094538640 R09: ffffed10124314be
R10: ffffed10124314bd R11: ffff88809218a5ef R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000001561940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d1090 CR3: 00000000a0539000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3141 [inline]
 __sync_dirty_buffer+0x12b/0x350 fs/buffer.c:3227
 sync_dirty_buffer+0x1b/0x20 fs/buffer.c:3240
 fat_set_state+0x242/0x330 fs/fat/inode.c:708
 fat_put_super+0x46/0xd0 fs/fat/inode.c:734
 generic_shutdown_super+0x14c/0x370 fs/super.c:462
 kill_block_super+0xa0/0x100 fs/super.c:1442
 deactivate_locked_super+0x95/0x100 fs/super.c:335
 deactivate_super fs/super.c:366 [inline]
 deactivate_super+0x1b2/0x1d0 fs/super.c:362
 cleanup_mnt+0x351/0x4c0 fs/namespace.c:1102
 __cleanup_mnt+0x16/0x20 fs/namespace.c:1109
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
 do_syscall_64+0x676/0x790 arch/x86/entry/common.c:304
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448c07
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 5d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 3d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffee36fc1a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000018755 RCX: 0000000000448c07
RDX: 0000000000400c80 RSI: 0000000000000002 RDI: 00007ffee36fc250
RBP: 00000000000023e2 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffee36fd2b0
R13: 0000000001562940 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace cba1ad7e39cd7b0f ]---
RIP: 0010:submit_bh_wbc+0x71c/0x900 fs/buffer.c:3094
Code: 14 e5 ff f0 80 63 01 f7 e9 ab fa ff ff e8 bc a5 a7 ff 41 81 cd 00 10 00 00 e9 4d fe ff ff e8 ab a5 a7 ff 0f 0b e8 a4 a5 a7 ff <0f> 0b e8 9d a5 a7 ff 0f 0b e8 96 a5 a7 ff 0f 0b e8 8f a5 a7 ff 0f
RSP: 0018:ffffc90001d77bf8 EFLAGS: 00010293
RAX: ffff888094538640 RBX: ffff88809218a5e8 RCX: ffffffff81cd7f8d
RDX: 0000000000000000 RSI: ffffffff81cd85fc RDI: 0000000000000001
RBP: ffffc90001d77c40 R08: ffff888094538640 R09: ffffed10124314be
R10: ffffed10124314bd R11: ffff88809218a5ef R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000001561940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0aadca9000 CR3: 00000000a0539000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400