kernel BUG at fs/buffer.c:LINE!

[upstream] kernel BUG at fs/buffer.c:LINE!
Status: upstream: reported on 2018/04/19 16:02
Reported-by: syzbot+cfed5b56649bddf80d6e@syzkaller.appspotmail.com
First: 107d, last: 28d

Sample crash report:

FAT-fs (loop0): Directory bread(block 14) failed
FAT-fs (loop0): Directory bread(block 15) failed
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
------------[ cut here ]------------
kernel BUG at fs/buffer.c:3058!
invalid opcode: 0000 [#1] SMP KASAN
VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop3.
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 16389 Comm: syz-executor0 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x5a0/0x710 fs/buffer.c:3058
RSP: 0018:ffff8801c737f6c0 EFLAGS: 00010212
RAX: 0000000000040000 RBX: ffff88017247f3f0 RCX: ffffffff81bfe2b0
RDX: 000000000001b35c RSI: ffffc90001ea8000 RDI: 0000000000000001
RBP: ffff8801c737f708 R08: 0000000000000000 R09: ffffed002e48fe8b
R10: 0000000000000001 R11: ffffed002e48fe8a R12: 1ffff10038e6fee4
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fb154769700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000ddce80 CR3: 00000001c4034004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3105 [inline]
 __sync_dirty_buffer+0x175/0x350 fs/buffer.c:3191
 sync_dirty_buffer+0x1a/0x20 fs/buffer.c:3204
 fat_set_state+0x1ec/0x300 fs/fat/inode.c:696
 fat_fill_super+0x2cf9/0x4940 fs/fat/inode.c:1855
 vfat_fill_super+0x31/0x40 fs/fat/namei_vfat.c:1059
 mount_bdev+0x2b7/0x370 fs/super.c:1119
 vfat_mount+0x34/0x40 fs/fat/namei_vfat.c:1066
 mount_fs+0x66/0x2d0 fs/super.c:1222
 vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0xea4/0x2bb0 fs/namespace.c:2842
 SYSC_mount fs/namespace.c:3058 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3035
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457d0a
RSP: 002b:00007fb154768bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a
RDX: 0000000020000000 RSI: 0000000020000140 RDI: 00007fb154768c00
RBP: 0000000000000001 R08: 0000000020000240 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 000000000000066e R14: 00000000006fcaf0 R15: 0000000000000000
Code: 89 45 d0 48 8d 43 10 48 89 45 c0 e9 52 fc ff ff e8 46 46 b1 ff f0 80 63 01 f7 e9 34 fb ff ff e8 37 46 b1 ff 0f 0b e8 30 46 b1 ff <0f> 0b e8 29 46 b1 ff 0f 0b e8 22 46 b1 ff 0f 0b e8 1b 46 b1 ff 
RIP: submit_bh_wbc+0x5a0/0x710 fs/buffer.c:3058 RSP: ffff8801c737f6c0
---[ end trace 56c650f20e19f6bf ]---

All crashes (6):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kasan-gce-root	2018/04/02 20:37	upstream	86bbbebac1933e6e95e8234c4f7d220c5ddd38bc	676bd07e7e80f8a270af7f0276443c68f4a99e25	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
ci-upstream-kasan-gce-root	2018/06/20 14:17	upstream	81e97f01371f4e1701feeafe484665112cd9ddc2	095ef80678981c78c6726af6a3a50a7c8f667d52	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
ci-upstream-kasan-gce-root	2018/06/16 18:15	upstream	35773c93817c5f2df264d013978e7551056a063a	27c5f59f504f562333e3cd5e715fea5cb69c396e	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
ci-upstream-kasan-gce-root	2018/06/06 19:29	upstream	af6c5d5e01ad9f2c9ca38cccaae6b5d67ddd241f	41f9540d7aea0348e4c4bdba6d6c0a7fa0f24a68	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
ci-upstream-kasan-gce-root	2018/04/28 04:31	upstream	46dc111dfe47bf47f23884cade3c8a355be87c8c	d5a5d045176c34bd1066e2b8ce843b3dc8a67ee0	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
ci-upstream-kasan-gce	2018/04/17 20:10	upstream	a27fc14219f2e3c4a46ba9177b04d9b52c875532	b80fd3b5d429f4d59731a40bf2bcda0c571365e0	.config	log	report	["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]