program: mkdir(&(0x7f0000005800)='./file0\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x2, 0xffffffffffffffff, 'id1\x00'}) recvmsg$can_j1939(r0, &(0x7f0000001380)={&(0x7f00000001c0)=@x25, 0x80, &(0x7f0000000100)=[{&(0x7f00000013c0)=""/4112, 0x1010}, {&(0x7f0000001240)=""/232, 0xe8}, {&(0x7f0000000080)=""/32, 0x20}], 0x3, &(0x7f0000001340)}, 0x2000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x336) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) close(r1) syz_read_part_table(0x5e2, &(0x7f0000000b00)="$eJzs3L+rHFUUB/DvndlfD6LPP8DiQRpR8Al24sNY6DNdEO0EbS2eSCzEQnYXFcEff0Ba0cIohFhbKEgQ01mJ8NBCxN7CFIYrOzuzG1CrfSiBz6fYe+6de86Z4U47G+5udT+pJbnZzT5qu2HUJNNV8GvyzjhZvvhkv5CM+8SS5PmrTz198eBSmW7WVquL/up022XSj6Mc9NGXo3x49fjdLl6kZJ4+zPjzSUarvXWdd+XvN32rpO328D8bfVXXBzHJ9/kiyUlpV4c/TZb5JLkvs27fYZK21tod8yLZS9rNW7GDa0c3lk/08V76N228ns3fK/WR/to4tdbaZH5+yGyT+x8/vPxPRbv8Zfd4w1KtdXxuyG22F05uT4bw0W9/nmc521RPbbYlT/eSV0+ffbi7k7KuMd798QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGMPvPbg180wudD9lk38zKdptlsXyZ9DfDA7o/7Xjm7sv/X25SZvHL38wytv/nL8W35P0ubw+Fwy3ex7aT1cf78bRv1qu3P/k9vN5LOPv9nbLPSlS/Ld+R9v1aHDaT++/tgdyUfNzv0BAAAAAAAAAAAAAAAAAABg5XouHlxq8lxS8kK2n/vXzJJShuksqbXWP2pn+Ph/cuXePrr5U8oqKbXcWf1Csn9PUqcfPNT9rcA6sdY66lqU/+YZ+Xd/BQAA//8EFGMK") r3 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x8000) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='squashfs\x00', 0x0, 0x0) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='vfat\x00', 0x0, 0x0) [ 85.493227][ T5334] Bluetooth: hci0: command tx timeout [ 85.573187][ T5357] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 85.638821][ T5357] loop0: detected capacity change from 0 to 2048 [ 85.678152][ T5357] loop0: p2 p3 < > p4 < p5 > [ 85.681344][ T5357] loop0: partition table partially beyond EOD, truncated [ 85.688196][ T5357] loop0: p3 start 4284289 is beyond EOD, truncated [ 85.727156][ T5357] squashfs: unable to set blocksize [ 85.727156][ T5357] [ 85.744364][ T5357] ------------[ cut here ]------------ [ 85.746991][ T5357] kernel BUG at fs/buffer.c:1582! [ 85.750133][ T5357] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.753131][ T5357] CPU: 0 UID: 0 PID: 5357 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) [ 85.758116][ T5357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.762647][ T5357] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 85.765020][ T5357] Code: 4c 89 e2 e8 d6 ad b7 02 e9 42 ff ff ff e8 9c 78 78 ff 48 89 df 48 c7 c6 e0 fc 99 8b e8 ed c4 e0 fe 90 0f 0b e8 85 78 78 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 85.773937][ T5357] RSP: 0018:ffffc9000d3c7840 EFLAGS: 00010283 [ 85.776882][ T5357] RAX: ffffffff8247361b RBX: ffffea000132bc40 RCX: 0000000000100000 [ 85.780375][ T5357] RDX: ffffc9000df42000 RSI: 0000000000000be5 RDI: 0000000000000be6 [ 85.783715][ T5357] RBP: dffffc0000000000 R08: ffffea000132bc47 R09: 1ffffd4000265788 [ 85.787007][ T5357] R10: dffffc0000000000 R11: fffff94000265789 R12: 0000000000000000 [ 85.790457][ T5357] R13: 0000000000001000 R14: ffff888032147e80 R15: 0000000000001000 [ 85.794139][ T5357] FS: 00007fd2567b46c0(0000) GS:ffff88808d21f000(0000) knlGS:0000000000000000 [ 85.798235][ T5357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.801281][ T5357] CR2: 00007fd255972920 CR3: 0000000035896000 CR4: 0000000000352ef0 [ 85.804953][ T5357] Call Trace: [ 85.806451][ T5357] [ 85.807750][ T5357] folio_alloc_buffers+0x3a0/0x640 [ 85.809945][ T5357] bdev_getblk+0x286/0x660 [ 85.811871][ T5357] __bread_gfp+0x89/0x3c0 [ 85.813828][ T5357] fat_fill_super+0x5e2/0x3570 [ 85.815844][ T5357] ? __pfx_setup+0x10/0x10 [ 85.817795][ T5357] ? __pfx_fat_fill_super+0x10/0x10 [ 85.819953][ T5357] ? snprintf+0xda/0x120 [ 85.821870][ T5357] ? sb_set_blocksize+0xc7/0x180 [ 85.824015][ T5357] ? setup_bdev_super+0x4c1/0x5b0 [ 85.826224][ T5357] get_tree_bdev_flags+0x40b/0x4d0 [ 85.828419][ T5357] ? __pfx_vfat_fill_super+0x10/0x10 [ 85.830733][ T5357] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 85.833158][ T5357] vfs_get_tree+0x8f/0x2b0 [ 85.835123][ T5357] do_new_mount+0x2a2/0x9e0 [ 85.837252][ T5357] ? ns_capable+0x8a/0xf0 [ 85.839263][ T5357] ? __pfx_do_new_mount+0x10/0x10 [ 85.841348][ T5357] ? path_mount+0x61c/0xfe0 [ 85.843211][ T5357] ? user_path_at+0x44/0x60 [ 85.845178][ T5357] __se_sys_mount+0x317/0x410 [ 85.847230][ T5357] ? __pfx___se_sys_mount+0x10/0x10 [ 85.849603][ T5357] ? rcu_is_watching+0x15/0xb0 [ 85.851699][ T5357] ? do_syscall_64+0xbe/0x3b0 [ 85.853931][ T5357] ? __x64_sys_mount+0x20/0xc0 [ 85.856219][ T5357] do_syscall_64+0xfa/0x3b0 [ 85.858093][ T5357] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.860364][ T5357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.863289][ T5357] ? clear_bhb_loop+0x60/0xb0 [ 85.865339][ T5357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.868181][ T5357] RIP: 0033:0x7fd25598eb69 [ 85.870443][ T5357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.879284][ T5357] RSP: 002b:00007fd2567b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.882871][ T5357] RAX: ffffffffffffffda RBX: 00007fd255bb5fa0 RCX: 00007fd25598eb69 [ 85.886294][ T5357] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00002000000000c0 [ 85.889602][ T5357] RBP: 00007fd255a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 85.892784][ T5357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.895947][ T5357] R13: 0000000000000000 R14: 00007fd255bb5fa0 R15: 00007ffe1558f438 [ 85.899223][ T5357] [ 85.900567][ T5357] Modules linked in: [ 85.902821][ T5357] ---[ end trace 0000000000000000 ]--- [ 85.921492][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.928219][ T5326] Buffer I/O error on dev loop0p2, logical block 0, async page read [ 85.936472][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.940036][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.948502][ T5360] Buffer I/O error on dev loop0p5, logical block 0, async page read [ 85.960278][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.967865][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.971013][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.975046][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.978743][ T5328] Buffer I/O error on dev loop0p4, logical block 0, async page read [ 85.984835][ T5357] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 85.987604][ T5357] Code: 4c 89 e2 e8 d6 ad b7 02 e9 42 ff ff ff e8 9c 78 78 ff 48 89 df 48 c7 c6 e0 fc 99 8b e8 ed c4 e0 fe 90 0f 0b e8 85 78 78 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 85.996854][ T5357] RSP: 0018:ffffc9000d3c7840 EFLAGS: 00010283 [ 86.000168][ T5357] RAX: ffffffff8247361b RBX: ffffea000132bc40 RCX: 0000000000100000 [ 86.005362][ T5357] RDX: ffffc9000df42000 RSI: 0000000000000be5 RDI: 0000000000000be6 [ 86.008875][ T5357] RBP: dffffc0000000000 R08: ffffea000132bc47 R09: 1ffffd4000265788 [ 86.012498][ T5357] R10: dffffc0000000000 R11: fffff94000265789 R12: 0000000000000000 [ 86.016406][ T5357] R13: 0000000000001000 R14: ffff888032147e80 R15: 0000000000001000 [ 86.019929][ T5357] FS: 00007fd2567b46c0(0000) GS:ffff88808d21f000(0000) knlGS:0000000000000000 [ 86.024781][ T5357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.027671][ T5357] CR2: 0000563a300b4500 CR3: 0000000035896000 CR4: 0000000000352ef0 [ 86.031138][ T5357] Kernel panic - not syncing: Fatal exception [ 86.034480][ T5357] Kernel Offset: disabled [ 86.036612][ T5357] Rebooting in 86400 seconds..