kernel BUG at fs/buffer.c:LINE!

[upstream] kernel BUG at fs/buffer.c:LINE!
Status: upstream: reported on 2018/04/19 16:02
Reported-by: syzbot+cfed5b56649bddf80d6e@syzkaller.appspotmail.com
First: 173d, last: 24d

Sample crash report:

FAT-fs (loop0): Directory bread(block 14) failed
FAT-fs (loop0): Directory bread(block 15) failed
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
------------[ cut here ]------------
kernel BUG at fs/buffer.c:3058!
invalid opcode: 0000 [#1] SMP KASAN
VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop3.
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 16389 Comm: syz-executor0 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x5a0/0x710 fs/buffer.c:3058
RSP: 0018:ffff8801c737f6c0 EFLAGS: 00010212
RAX: 0000000000040000 RBX: ffff88017247f3f0 RCX: ffffffff81bfe2b0
RDX: 000000000001b35c RSI: ffffc90001ea8000 RDI: 0000000000000001
RBP: ffff8801c737f708 R08: 0000000000000000 R09: ffffed002e48fe8b
R10: 0000000000000001 R11: ffffed002e48fe8a R12: 1ffff10038e6fee4
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fb154769700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000ddce80 CR3: 00000001c4034004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3105 [inline]
 __sync_dirty_buffer+0x175/0x350 fs/buffer.c:3191
 sync_dirty_buffer+0x1a/0x20 fs/buffer.c:3204
 fat_set_state+0x1ec/0x300 fs/fat/inode.c:696
 fat_fill_super+0x2cf9/0x4940 fs/fat/inode.c:1855
 vfat_fill_super+0x31/0x40 fs/fat/namei_vfat.c:1059
 mount_bdev+0x2b7/0x370 fs/super.c:1119
 vfat_mount+0x34/0x40 fs/fat/namei_vfat.c:1066
 mount_fs+0x66/0x2d0 fs/super.c:1222
 vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0xea4/0x2bb0 fs/namespace.c:2842
 SYSC_mount fs/namespace.c:3058 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3035
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457d0a
RSP: 002b:00007fb154768bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a
RDX: 0000000020000000 RSI: 0000000020000140 RDI: 00007fb154768c00
RBP: 0000000000000001 R08: 0000000020000240 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 000000000000066e R14: 00000000006fcaf0 R15: 0000000000000000
Code: 89 45 d0 48 8d 43 10 48 89 45 c0 e9 52 fc ff ff e8 46 46 b1 ff f0 80 63 01 f7 e9 34 fb ff ff e8 37 46 b1 ff 0f 0b e8 30 46 b1 ff <0f> 0b e8 29 46 b1 ff 0f 0b e8 22 46 b1 ff 0f 0b e8 1b 46 b1 ff 
RIP: submit_bh_wbc+0x5a0/0x710 fs/buffer.c:3058 RSP: ffff8801c737f6c0
---[ end trace 56c650f20e19f6bf ]---

All crashes (16):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kasan-gce-root	2018/04/02 20:37	upstream	86bbbeba	676bd07e	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/08/29 17:48	upstream	3f16503b	4937cb2b	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/08/23 04:35	upstream	899fbc33	95b5c82b	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/08/19 22:55	upstream	2ad0d526	2dc4378f	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/07/20 22:37	upstream	28c20cc7	af255b09	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/06/20 14:17	upstream	81e97f01	095ef806	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/06/16 18:15	upstream	35773c93	27c5f59f	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/06/06 19:29	upstream	af6c5d5e	41f9540d	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2018/04/28 04:31	upstream	46dc111d	d5a5d045	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2018/04/17 20:10	upstream	a27fc142	b80fd3b5	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/08/26 14:52	linux-next	e27bc174	758cd203	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/08/26 05:48	linux-next	e27bc174	76e7c3df	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/08/04 05:09	linux-next	116b181b	df7f6947	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/07/31 03:07	linux-next	d1e0b8e0	1a381291	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/07/30 02:37	linux-next	d1e0b8e0	1a381291	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2018/07/22 11:37	linux-next	89cf5535	8cc079c3	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk