kernel BUG at fs/buffer.c:LINE!

kernel BUG at fs/buffer.c:LINE!
Status: upstream: reported C repro on 2018/04/19 16:02
Reported-by: syzbot+cfed5b56649bddf80d6e@syzkaller.appspotmail.com
First crash: 1133d, last: 311d

Cause bisection: introduced by (bisect log) :
commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3
Author: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Thu Jan 10 03:17:14 2019 +0000

loop: drop caches if offset or block_size are changed

Crash: kernel BUG at fs/buffer.c:LINE! (log)
Repro: C syz .config

Fix bisection: failed (bisect log)

similar bugs (5):
Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
android-49	kernel BUG at fs/buffer.c:LINE!			5	1015d	1070d	0/3	auto-closed as invalid on 2019/02/22 13:09
linux-4.14	kernel BUG at fs/buffer.c:LINE!	C	error	55	29d	743d	0/1	upstream: reported C repro on 2019/04/27 19:47
linux-4.19	kernel BUG at fs/buffer.c:LINE!	syz	done	23	281d	735d	1/1	fixed on 2020/09/01 18:34
linux-4.19	kernel BUG at fs/buffer.c:LINE! (2)	C		4	2d16h	170d	0/1	upstream: reported C repro on 2020/11/21 07:48
android-54	kernel BUG at fs/buffer.c:LINE!	C		41	44d	475d	0/1	upstream: reported C repro on 2020/01/21 13:12

Sample crash report:

------------[ cut here ]------------
kernel BUG at fs/buffer.c:3094!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9180 Comm: syz-executor393 Not tainted 5.5.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x71c/0x900 fs/buffer.c:3094
Code: 14 e5 ff f0 80 63 01 f7 e9 ab fa ff ff e8 bc a5 a7 ff 41 81 cd 00 10 00 00 e9 4d fe ff ff e8 ab a5 a7 ff 0f 0b e8 a4 a5 a7 ff <0f> 0b e8 9d a5 a7 ff 0f 0b e8 96 a5 a7 ff 0f 0b e8 8f a5 a7 ff 0f
RSP: 0018:ffffc90001d77bf8 EFLAGS: 00010293
RAX: ffff888094538640 RBX: ffff88809218a5e8 RCX: ffffffff81cd7f8d
RDX: 0000000000000000 RSI: ffffffff81cd85fc RDI: 0000000000000001
RBP: ffffc90001d77c40 R08: ffff888094538640 R09: ffffed10124314be
R10: ffffed10124314bd R11: ffff88809218a5ef R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000001561940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d1090 CR3: 00000000a0539000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3141 [inline]
 __sync_dirty_buffer+0x12b/0x350 fs/buffer.c:3227
 sync_dirty_buffer+0x1b/0x20 fs/buffer.c:3240
 fat_set_state+0x242/0x330 fs/fat/inode.c:708
 fat_put_super+0x46/0xd0 fs/fat/inode.c:734
 generic_shutdown_super+0x14c/0x370 fs/super.c:462
 kill_block_super+0xa0/0x100 fs/super.c:1442
 deactivate_locked_super+0x95/0x100 fs/super.c:335
 deactivate_super fs/super.c:366 [inline]
 deactivate_super+0x1b2/0x1d0 fs/super.c:362
 cleanup_mnt+0x351/0x4c0 fs/namespace.c:1102
 __cleanup_mnt+0x16/0x20 fs/namespace.c:1109
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
 do_syscall_64+0x676/0x790 arch/x86/entry/common.c:304
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448c07
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 5d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 3d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffee36fc1a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000018755 RCX: 0000000000448c07
RDX: 0000000000400c80 RSI: 0000000000000002 RDI: 00007ffee36fc250
RBP: 00000000000023e2 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffee36fd2b0
R13: 0000000001562940 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace cba1ad7e39cd7b0f ]---
RIP: 0010:submit_bh_wbc+0x71c/0x900 fs/buffer.c:3094
Code: 14 e5 ff f0 80 63 01 f7 e9 ab fa ff ff e8 bc a5 a7 ff 41 81 cd 00 10 00 00 e9 4d fe ff ff e8 ab a5 a7 ff 0f 0b e8 a4 a5 a7 ff <0f> 0b e8 9d a5 a7 ff 0f 0b e8 96 a5 a7 ff 0f 0b e8 8f a5 a7 ff 0f
RSP: 0018:ffffc90001d77bf8 EFLAGS: 00010293
RAX: ffff888094538640 RBX: ffff88809218a5e8 RCX: ffffffff81cd7f8d
RDX: 0000000000000000 RSI: ffffffff81cd85fc RDI: 0000000000000001
RBP: ffffc90001d77c40 R08: ffff888094538640 R09: ffffed10124314be
R10: ffffed10124314bd R11: ffff88809218a5ef R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000001561940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0aadca9000 CR3: 00000000a0539000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (112):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-root	2019/12/18 11:56	upstream	2187f215	f2fe0772	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2019/12/18 11:35	upstream	2187f215	f2fe0772	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/12/27 06:54	linux-next	7ddd09fc	be5c2c81	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/07/03 02:09	linux-next	aab20039	bed10395	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2020/07/03 03:32	upstream	cd77006e	bed10395	.config	log	report
ci-upstream-kasan-gce-root	2020/06/03 19:09	upstream	d6f9469a	a5ce5de0	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/05/31 16:19	upstream	ffeb595d	a0331e89	.config	log	report
ci-upstream-kasan-gce-root	2020/05/23 01:03	upstream	051143e1	9682898d	.config	log	report
ci-upstream-kasan-gce-root	2020/05/17 05:07	upstream	3d1c1e59	37bccd4e	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/05/09 20:03	upstream	d5eeab8d	88cb3e92	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/04/15 19:03	upstream	8632e9b5	3f3c5574	.config	log	report
ci-upstream-kasan-gce-root	2020/04/09 07:29	upstream	ae46d2aa	a8c6a3f8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/04/03 18:03	upstream	bef7b2a7	5ed396e6	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/04/02 17:27	upstream	919dce24	a34e2c33	.config	log	report
ci-upstream-kasan-gce-root	2020/04/01 14:01	upstream	56a451b7	a34e2c33	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/03/09 08:40	upstream	2c523b34	2e9971bb	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/02/27 02:34	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/02/26 18:46	upstream	f8788d86	59b57593	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/02/21 00:48	upstream	ca7e1fd1	bd2a74a3	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/02/18 07:54	upstream	11a48a5a	1ce142dc	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/02/07 15:22	upstream	90568ecf	06150bf1	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/01/27 18:22	upstream	d5226fa6	dd56146d	.config	log	report
ci-upstream-kasan-gce-root	2019/12/16 21:55	upstream	510c9788	b80769fc	.config	log	report
ci-upstream-kasan-gce-root	2019/11/03 21:49	upstream	56cfd250	c9610487	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/11/01 12:09	upstream	e472c64a	a41ca8fa	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/30 13:01	upstream	97f9a3c4	c7a4fb99	.config	log	report
ci-upstream-kasan-gce-root	2019/09/28 07:37	upstream	8f744bde	d8074e0b	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/25 20:01	upstream	f41def39	a3355dba	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/23 03:04	upstream	f7c3bf8f	d96e88f3	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/22 03:46	upstream	227c3e9e	d96e88f3	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/19 23:50	upstream	3c2edc36	4d3ae0b7	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/17 09:30	upstream	cef72982	51ca0454	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/16 20:06	upstream	4d856f72	cb936299	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/12 00:20	upstream	3120b9a6	f4e53c10	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/06 13:01	upstream	3b47fd5c	040fda58	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/06 07:32	upstream	3b47fd5c	040fda58	.config	log	report
ci-upstream-kasan-gce-root	2019/09/05 13:53	upstream	3b47fd5c	040fda58	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/04 13:56	upstream	089cf7f6	12381952	.config	log	report
ci-upstream-kasan-gce-root	2019/09/02 23:24	upstream	089cf7f6	14544a56	.config	log	report
ci-upstream-kasan-gce-root	2019/09/02 10:41	upstream	9f159ae0	db7c31ca	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/08/31 11:48	upstream	6525771f	fd37b39e	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/08/31 01:28	upstream	6525771f	fd37b39e	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/08/24 17:27	upstream	9140d8bd	78ded196	.config	log	report
ci-upstream-kasan-gce	2018/04/17 20:10	upstream	a27fc142	b80fd3b5	.config	log	report
ci-upstream-kasan-gce-root	2018/04/02 20:37	upstream	86bbbeba	676bd07e	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/05/15 06:58	linux-next	ac935d22	2d572622	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/11/16 20:59	linux-next	5a6fcbea	d5696d51	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/10/14 12:31	linux-next	4eeb5abd	a6aef847	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/09/06 05:30	linux-next	6d028043	040fda58	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/09/03 02:34	linux-next	6d028043	14544a56	.config	log	report