         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   45.689819][ T6853] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0"
[   45.697976][ T6853] gfs2: fsid=loop0: Now mounting FS...
[   45.704939][ T6853] ==================================================================
[   45.713092][ T6853] BUG: KASAN: slab-out-of-bounds in gfs2_fill_super+0x1db5/0x3fe0
[   45.720876][ T6853] Write of size 8 at addr ffff88809073d548 by task syz-executor940/6853
[   45.729186][ T6853] 
[   45.731508][ T6853] CPU: 1 PID: 6853 Comm: syz-executor940 Not tainted 5.9.0-rc7-syzkaller #0
[   45.740176][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.750226][ T6853] Call Trace:
[   45.753509][ T6853]  dump_stack+0x1d6/0x29e
[   45.757825][ T6853]  print_address_description+0x66/0x620
[   45.763362][ T6853]  ? printk+0x62/0x83
[   45.767321][ T6853]  ? _raw_spin_lock_irqsave+0x84/0xd0
[   45.772741][ T6853]  ? vprintk_emit+0x2f0/0x370
[   45.777415][ T6853]  kasan_report+0x132/0x1d0
[   45.781898][ T6853]  ? gfs2_fill_super+0x1db5/0x3fe0
[   45.786989][ T6853]  gfs2_fill_super+0x1db5/0x3fe0
[   45.791938][ T6853]  ? gfs2_glock_nq_num+0xaa/0x1d0
[   45.796947][ T6853]  ? gfs2_glock_nq_num+0xaa/0x1d0
[   45.801957][ T6853]  ? snprintf+0x6f/0x90
[   45.806083][ T6853]  ? set_blocksize+0x1f5/0x3c0
[   45.810844][ T6853]  get_tree_bdev+0x3e9/0x5f0
[   45.815421][ T6853]  ? gfs2_reconfigure+0xe10/0xe10
[   45.820430][ T6853]  gfs2_get_tree+0x4c/0x1f0
[   45.824938][ T6853]  vfs_get_tree+0x88/0x270
[   45.829357][ T6853]  path_mount+0x179d/0x29e0
[   45.833876][ T6853]  __se_sys_mount+0x126/0x180
[   45.838558][ T6853]  do_syscall_64+0x31/0x70
[   45.842973][ T6853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   45.848864][ T6853] RIP: 0033:0x446dba
[   45.852754][ T6853] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   45.872354][ T6853] RSP: 002b:00007fff4c56e748 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[   45.880779][ T6853] RAX: ffffffffffffffda RBX: 00007fff4c56e7a0 RCX: 0000000000446dba
[   45.888727][ T6853] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff4c56e760
[   45.896681][ T6853] RBP: 00007fff4c56e760 R08: 00007fff4c56e7a0 R09: 00007fff00000015
[   45.904633][ T6853] R10: 0000000002200000 R11: 0000000000000293 R12: 0000000000000001
[   45.912585][ T6853] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   45.920541][ T6853] 
[   45.922856][ T6853] Allocated by task 6853:
[   45.927163][ T6853]  __kasan_kmalloc+0x100/0x130
[   45.931902][ T6853]  kmem_cache_alloc_trace+0x1e4/0x2e0
[   45.937254][ T6853]  gfs2_fill_super+0xb6/0x3fe0
[   45.941989][ T6853]  get_tree_bdev+0x3e9/0x5f0
[   45.946551][ T6853]  gfs2_get_tree+0x4c/0x1f0
[   45.951027][ T6853]  vfs_get_tree+0x88/0x270
[   45.955417][ T6853]  path_mount+0x179d/0x29e0
[   45.959902][ T6853]  __se_sys_mount+0x126/0x180
[   45.964554][ T6853]  do_syscall_64+0x31/0x70
[   45.968945][ T6853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   45.974814][ T6853] 
[   45.977117][ T6853] The buggy address belongs to the object at ffff88809073c000
[   45.977117][ T6853]  which belongs to the cache kmalloc-8k of size 8192
[   45.991172][ T6853] The buggy address is located 5448 bytes inside of
[   45.991172][ T6853]  8192-byte region [ffff88809073c000, ffff88809073e000)
[   46.004683][ T6853] The buggy address belongs to the page:
[   46.010301][ T6853] page:00000000bd4b0b2d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9073c
[   46.020423][ T6853] head:00000000bd4b0b2d order:2 compound_mapcount:0 compound_pincount:0
[   46.028720][ T6853] flags: 0xfffe0000010200(slab|head)
[   46.033985][ T6853] raw: 00fffe0000010200 ffffea00028e5608 ffff8880aa441b50 ffff8880aa440a00
[   46.042643][ T6853] raw: 0000000000000000 ffff88809073c000 0000000100000001 0000000000000000
[   46.051195][ T6853] page dumped because: kasan: bad access detected
[   46.057592][ T6853] 
[   46.059900][ T6853] Memory state around the buggy address:
[   46.065500][ T6853]  ffff88809073d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.073543][ T6853]  ffff88809073d480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.081576][ T6853] >ffff88809073d500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   46.089623][ T6853]                                               ^
[   46.096026][ T6853]  ffff88809073d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.104058][ T6853]  ffff88809073d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.112090][ T6853] ==================================================================
[   46.120128][ T6853] Disabling lock debugging due to kernel taint
[   46.127056][ T6853] Kernel panic - not syncing: panic_on_warn set ...
[   46.133644][ T6853] CPU: 1 PID: 6853 Comm: syz-executor940 Tainted: G    B             5.9.0-rc7-syzkaller #0
[   46.143691][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.153741][ T6853] Call Trace:
[   46.157004][ T6853]  dump_stack+0x1d6/0x29e
[   46.161307][ T6853]  panic+0x2c0/0x800
[   46.165267][ T6853]  ? trace_hardirqs_on+0x30/0x80
[   46.170707][ T6853]  kasan_report+0x1c9/0x1d0
[   46.175188][ T6853]  ? gfs2_fill_super+0x1db5/0x3fe0
[   46.180284][ T6853]  gfs2_fill_super+0x1db5/0x3fe0
[   46.185211][ T6853]  ? gfs2_glock_nq_num+0xaa/0x1d0
[   46.190207][ T6853]  ? gfs2_glock_nq_num+0xaa/0x1d0
[   46.195202][ T6853]  ? snprintf+0x6f/0x90
[   46.199340][ T6853]  ? set_blocksize+0x1f5/0x3c0
[   46.204082][ T6853]  get_tree_bdev+0x3e9/0x5f0
[   46.208645][ T6853]  ? gfs2_reconfigure+0xe10/0xe10
[   46.213638][ T6853]  gfs2_get_tree+0x4c/0x1f0
[   46.218111][ T6853]  vfs_get_tree+0x88/0x270
[   46.222499][ T6853]  path_mount+0x179d/0x29e0
[   46.227144][ T6853]  __se_sys_mount+0x126/0x180
[   46.231804][ T6853]  do_syscall_64+0x31/0x70
[   46.236202][ T6853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   46.242064][ T6853] RIP: 0033:0x446dba
[   46.245928][ T6853] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   46.265505][ T6853] RSP: 002b:00007fff4c56e748 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[   46.273900][ T6853] RAX: ffffffffffffffda RBX: 00007fff4c56e7a0 RCX: 0000000000446dba
[   46.281868][ T6853] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff4c56e760
[   46.289833][ T6853] RBP: 00007fff4c56e760 R08: 00007fff4c56e7a0 R09: 00007fff00000015
[   46.297782][ T6853] R10: 0000000002200000 R11: 0000000000000293 R12: 0000000000000001
[   46.305730][ T6853] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   46.314662][ T6853] Kernel Offset: disabled
[   46.318985][ T6853] Rebooting in 86400 seconds..