------------[ cut here ]------------
kernel BUG at fs/buffer.c:3054!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6003 Comm: syz-executor.0 Not tainted 4.19.85-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x61d/0x790 fs/buffer.c:3054
Code: 45 d0 48 8d 43 10 48 89 45 c0 e9 1b fc ff ff e8 69 e3 b1 ff f0 80 63 01 f7 e9 1f fb ff ff e8 5a e3 b1 ff 0f 0b e8 53 e3 b1 ff <0f> 0b e8 4c e3 b1 ff 0f 0b e8 45 e3 b1 ff 0f 0b e8 3e e3 b1 ff 0f
RSP: 0018:ffff88808a0cf260 EFLAGS: 00010212
RAX: 0000000000040000 RBX: ffff888019c870a8 RCX: ffffc9000a072000
RDX: 000000000001abc5 RSI: ffffffff81b93b6d RDI: 0000000000000001
RBP: ffff88808a0cf2a8 R08: ffff88803d328200 R09: ffffed1003390e22
R10: ffffed1003390e21 R11: ffff888019c8710b R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fb2c82f8700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000004e995000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3101 [inline]
 __sync_dirty_buffer+0x111/0x2e0 fs/buffer.c:3187
 sync_dirty_buffer+0x1b/0x20 fs/buffer.c:3200
 __fat_write_inode+0x883/0xa70 fs/fat/inode.c:892
 fat_write_inode+0x96/0x190 fs/fat/inode.c:908
 write_inode fs/fs-writeback.c:1230 [inline]
 __writeback_single_inode+0xc74/0x12c0 fs/fs-writeback.c:1429
 writeback_single_inode+0x2c1/0x420 fs/fs-writeback.c:1483
 sync_inode fs/fs-writeback.c:2520 [inline]
 sync_inode_metadata+0xa8/0xe0 fs/fs-writeback.c:2540
 __generic_file_fsync+0x169/0x200 fs/libfs.c:992
 fat_file_fsync+0x78/0x210 fs/fat/file.c:198
 vfs_fsync_range+0x141/0x230 fs/sync.c:197
 generic_write_sync include/linux/fs.h:2746 [inline]
 generic_file_write_iter+0x521/0x72f mm/filemap.c:3319
 call_write_iter include/linux/fs.h:1820 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x587/0x810 fs/read_write.c:487
 __kernel_write+0x110/0x390 fs/read_write.c:506
 write_pipe_buf+0x15d/0x1f0 fs/splice.c:798
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x391/0x7d0 fs/splice.c:627
 splice_from_pipe+0x108/0x170 fs/splice.c:662
 default_file_splice_write+0x3c/0x90 fs/splice.c:810
 do_splice_from fs/splice.c:852 [inline]
 direct_splice_actor+0x123/0x190 fs/splice.c:1019
 splice_direct_to_actor+0x2e7/0x890 fs/splice.c:974
 do_splice_direct+0x1da/0x2a0 fs/splice.c:1062
 do_sendfile+0x597/0xce0 fs/read_write.c:1447
 __do_sys_sendfile64 fs/read_write.c:1502 [inline]
 __se_sys_sendfile64 fs/read_write.c:1494 [inline]
 __x64_sys_sendfile64+0x15a/0x220 fs/read_write.c:1494
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb2c82f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639
RDX: 0000000020000000 RSI: 0000000000000006 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 00008080fffffffe R11: 0000000000000246 R12: 00007fb2c82f86d4
R13: 00000000004c85aa R14: 00000000004dec38 R15: 00000000ffffffff
Modules linked in:
---[ end trace 180568b263fb861e ]---
RIP: 0010:submit_bh_wbc+0x61d/0x790 fs/buffer.c:3054
Code: 45 d0 48 8d 43 10 48 89 45 c0 e9 1b fc ff ff e8 69 e3 b1 ff f0 80 63 01 f7 e9 1f fb ff ff e8 5a e3 b1 ff 0f 0b e8 53 e3 b1 ff <0f> 0b e8 4c e3 b1 ff 0f 0b e8 45 e3 b1 ff 0f 0b e8 3e e3 b1 ff 0f
kobject: 'loop2' (0000000053062e8e): kobject_uevent_env
kobject: 'loop2' (0000000053062e8e): fill_kobj_path: path = '/devices/virtual/block/loop2'
RSP: 0018:ffff88808a0cf260 EFLAGS: 00010212
kobject: 'loop4' (00000000b2fc7beb): kobject_uevent_env
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
kobject: 'loop4' (00000000b2fc7beb): fill_kobj_path: path = '/devices/virtual/block/loop4'
RAX: 0000000000040000 RBX: ffff888019c870a8 RCX: ffffc9000a072000
RDX: 000000000001abc5 RSI: ffffffff81b93b6d RDI: 0000000000000001
RBP: ffff88808a0cf2a8 R08: ffff88803d328200 R09: ffffed1003390e22
R10: ffffed1003390e21 R11: ffff888019c8710b R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fb2c82f8700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30c3a000 CR3: 000000004e995000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400