program: syz_read_part_table(0x5e2, &(0x7f0000000b00)="$eJzs3L+rHFUUB/DvndlfD6LPP8DiQRpR8Al24sNY6DNdEO0EbS2eSCzEQnYXFcEff0Ba0cIohFhbKEgQ01mJ8NBCxN7CFIYrOzuzG1CrfSiBz6fYe+6de86Z4U47G+5udT+pJbnZzT5qu2HUJNNV8GvyzjhZvvhkv5CM+8SS5PmrTz198eBSmW7WVquL/up022XSj6Mc9NGXo3x49fjdLl6kZJ4+zPjzSUarvXWdd+XvN32rpO328D8bfVXXBzHJ9/kiyUlpV4c/TZb5JLkvs27fYZK21tod8yLZS9rNW7GDa0c3lk/08V76N228ns3fK/WR/to4tdbaZH5+yGyT+x8/vPxPRbv8Zfd4w1KtdXxuyG22F05uT4bw0W9/nmc521RPbbYlT/eSV0+ffbi7k7KuMd798QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGMPvPbg180wudD9lk38zKdptlsXyZ9DfDA7o/7Xjm7sv/X25SZvHL38wytv/nL8W35P0ubw+Fwy3ex7aT1cf78bRv1qu3P/k9vN5LOPv9nbLPSlS/Ld+R9v1aHDaT++/tgdyUfNzv0BAAAAAAAAAAAAAAAAAABg5XouHlxq8lxS8kK2n/vXzJJShuksqbXWP2pn+Ph/cuXePrr5U8oqKbXcWf1Csn9PUqcfPNT9rcA6sdY66lqU/+YZ+Xd/BQAA//8EFGMK") r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) r1 = gettid() syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x1) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x29) ioctl$KVM_CAP_XEN_HVM(r2, 0x4068aea3, &(0x7f0000000180)={0x26, 0x0, 0x41}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x54, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x54}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x2000) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r5, &(0x7f0000000040)=""/148, 0xffffff96) r6 = syz_open_procfs(r1, &(0x7f00000000c0)='net/rt6_stats\x00') read$FUSE(r6, &(0x7f0000001300)={0x2020}, 0x2020) add_key(&(0x7f0000000080)='rxrpc\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000300)="c2a0f66165f27e80ce01be619cf5dcc6aef0a5d874d1f4cfeec48a6b8c603fcaa6d93f540c95bcb16f4b2dc5a9713b5a12e4167fe81e7386cfb32cd6690ebeb5c153bfb15ff9943960ea518df088cb0c88a21bbb8db777ae2bad17c58b3c95e9f66414a31aafa6d46d2047a70e418e32003d2a193e82a24af82b0deb6b9bc9bb65e75346ca2a572125ca69699cd05338e77412ed01e6440ba8615983a7bc317197c987630e8e9ea9742aacdee6df6c64c7717198134f0a71b637aa66afab0e5938", 0xc1, 0xfffffffffffffffb) ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) ioctl$SNDCTL_TMR_START(r6, 0x5402) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3) getsockopt$ax25_int(r7, 0x101, 0x6, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x8000) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0) [ 86.966863][ T5320] loop0: detected capacity change from 0 to 2048 [ 87.048485][ T5299] Bluetooth: hci0: command tx timeout [ 87.074163][ T5320] loop0: p2 p3 < > p4 < p5 > [ 87.076276][ T5320] loop0: partition table partially beyond EOD, truncated [ 87.094197][ T5320] loop0: p3 start 4284289 is beyond EOD, truncated [ 87.175153][ T5320] mmap: syz.0.0 (5320) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 87.422121][ T5320] ------------[ cut here ]------------ [ 87.424957][ T5320] kernel BUG at fs/buffer.c:1579! [ 87.427637][ T5320] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 87.430755][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.434955][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 87.439857][ T5320] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 87.442522][ T5320] Code: 4c 89 e2 e8 26 e0 95 02 e9 42 ff ff ff e8 2c 0d 6e ff 48 89 df 48 c7 c6 20 e8 de 8b e8 ed 58 d0 fe 90 0f 0b e8 15 0d 6e ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 87.452100][ T5320] RSP: 0018:ffffc9000f6779d0 EFLAGS: 00010287 [ 87.455185][ T5320] RAX: ffffffff8257c25b RBX: ffffea00007d2280 RCX: 0000000000100000 [ 87.459349][ T5320] RDX: ffffc9000ed0a000 RSI: 0000000000000c80 RDI: 0000000000000c81 [ 87.463335][ T5320] RBP: dffffc0000000000 R08: ffffea00007d2287 R09: 1ffffd40000fa450 [ 87.466949][ T5320] R10: dffffc0000000000 R11: fffff940000fa451 R12: 0000000000000000 [ 87.471210][ T5320] R13: 0000000000001000 R14: ffff8880127bae80 R15: 0000000000001000 [ 87.475356][ T5320] FS: 00007f87071ed6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 87.479423][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.482632][ T5320] CR2: 00007f870af53b70 CR3: 00000000131c0000 CR4: 0000000000352ef0 [ 87.486533][ T5320] Call Trace: [ 87.488817][ T5320] [ 87.490460][ T5320] folio_alloc_buffers+0x39f/0x640 [ 87.492726][ T5320] bdev_getblk+0x2cb/0x6e0 [ 87.494742][ T5320] __bread_gfp+0x89/0x3b0 [ 87.496834][ T5320] qnx4_fill_super+0x1c6/0x770 [ 87.499163][ T5320] get_tree_bdev_flags+0x431/0x4f0 [ 87.501769][ T5320] ? __pfx_qnx4_fill_super+0x10/0x10 [ 87.504704][ T5320] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 87.507552][ T5320] vfs_get_tree+0x92/0x2a0 [ 87.509701][ T5320] do_new_mount+0x341/0xd30 [ 87.511603][ T5320] ? apparmor_capable+0x126/0x170 [ 87.513794][ T5320] ? __pfx_do_new_mount+0x10/0x10 [ 87.516191][ T5320] ? ns_capable+0x89/0xe0 [ 87.518227][ T5320] ? user_path_at+0xd4/0x160 [ 87.520489][ T5320] __se_sys_mount+0x31d/0x420 [ 87.522823][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 87.525228][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 87.527716][ T5320] do_syscall_64+0x14d/0xf80 [ 87.529720][ T5320] ? trace_irq_disable+0x3b/0x150 [ 87.532173][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.535251][ T5320] ? clear_bhb_loop+0x40/0x90 [ 87.537508][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.540069][ T5320] RIP: 0033:0x7f870ad9c819 [ 87.542064][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.550861][ T5320] RSP: 002b:00007f87071ecfe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.554389][ T5320] RAX: ffffffffffffffda RBX: 00007f870b015fa0 RCX: 00007f870ad9c819 [ 87.558156][ T5320] RDX: 0000200000000040 RSI: 00002000000002c0 RDI: 0000200000000000 [ 87.561909][ T5320] RBP: 00007f870ae32c91 R08: 0000000000000000 R09: 0000000000000000 [ 87.565405][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.569666][ T5320] R13: 00007f870b016038 R14: 00007f870b015fa0 R15: 00007ffdb19b0a88 [ 87.573852][ T5320] [ 87.575366][ T5320] Modules linked in: [ 87.577639][ T5320] ---[ end trace 0000000000000000 ]--- [ 87.603784][ T5320] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 87.607341][ T5320] Code: 4c 89 e2 e8 26 e0 95 02 e9 42 ff ff ff e8 2c 0d 6e ff 48 89 df 48 c7 c6 20 e8 de 8b e8 ed 58 d0 fe 90 0f 0b e8 15 0d 6e ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 87.618463][ T5320] RSP: 0018:ffffc9000f6779d0 EFLAGS: 00010287 [ 87.622345][ T5320] RAX: ffffffff8257c25b RBX: ffffea00007d2280 RCX: 0000000000100000 [ 87.626285][ T5320] RDX: ffffc9000ed0a000 RSI: 0000000000000c80 RDI: 0000000000000c81 [ 87.630227][ T5320] RBP: dffffc0000000000 R08: ffffea00007d2287 R09: 1ffffd40000fa450 [ 87.633703][ T5320] R10: dffffc0000000000 R11: fffff940000fa451 R12: 0000000000000000 [ 87.637577][ T5320] R13: 0000000000001000 R14: ffff8880127bae80 R15: 0000000000001000 [ 87.641703][ T5320] FS: 00007f87071ed6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 87.645777][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.649351][ T5320] CR2: 00007fefaff51fb3 CR3: 00000000131c0000 CR4: 0000000000352ef0 [ 87.653116][ T5320] Kernel panic - not syncing: Fatal exception [ 87.656268][ T5320] Kernel Offset: disabled [ 87.658289][ T5320] Rebooting in 86400 seconds..