program: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x3) r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0x2) r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x32]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d434cf8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x1f}, 0x48, r1) keyctl$KEYCTL_MOVE(0x9, r3, r1, 0x0, 0x0) r4 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f00000001c0)={0x0, "3d326dc23e3275d66b687c77c7e36f0a5664534dcd8bda46fc9fc46c527a297dd1fc5a016d75464fcee3a072b8a87fd10cc1af8552f251cecd9eb612e84d3215", 0x37}, 0x48, 0xfffffffffffffffa) keyctl$link(0x8, r3, r4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r9 = syz_pidfd_open(r8, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r9, 0xff01, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(r6, 0x8010aebb, &(0x7f0000000080)={0xfec00000, 0x800}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) ioctl$FS_IOC_SETFLAGS(r10, 0x40081271, &(0x7f0000000040)=0x10000) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000001c0)='ntfs3\x00', 0x208040, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r12, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r13, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) [ 86.654707][ T5306] Bluetooth: hci0: command tx timeout [ 86.674655][ T9] cfg80211: failed to load regulatory.db [ 86.694596][ T5328] ======================================================= [ 86.694596][ T5328] WARNING: The mand mount option has been deprecated and [ 86.694596][ T5328] and is ignored by this kernel. Remove the mand [ 86.694596][ T5328] option from the mount to silence this warning. [ 86.694596][ T5328] ======================================================= [ 86.737201][ T5328] ------------[ cut here ]------------ [ 86.740329][ T5328] kernel BUG at fs/buffer.c:1582! [ 86.742882][ T5328] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 86.745631][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.749353][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.754127][ T5328] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 86.756617][ T5328] Code: 4c 89 e2 e8 96 44 79 02 e9 42 ff ff ff e8 8c a6 75 ff 48 89 df 48 c7 c6 e0 24 7a 8b e8 cd 81 dd fe 90 0f 0b e8 75 a6 75 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 86.764110][ T5328] RSP: 0018:ffffc9000d2df750 EFLAGS: 00010283 [ 86.766429][ T5328] RAX: ffffffff824a6cdb RBX: ffffea0001456800 RCX: 0000000000100000 [ 86.769501][ T5328] RDX: ffffc9000e08a000 RSI: 00000000000021a6 RDI: 00000000000021a7 [ 86.772690][ T5328] RBP: dffffc0000000000 R08: ffffea0001456807 R09: 1ffffd400028ad00 [ 86.776065][ T5328] R10: dffffc0000000000 R11: fffff9400028ad01 R12: 0000000000000004 [ 86.779493][ T5328] R13: 0000000000010000 R14: ffff888042778bc8 R15: 0000000000010000 [ 86.782931][ T5328] FS: 00007fa6c31a56c0(0000) GS:ffff88808d72d000(0000) knlGS:0000000000000000 [ 86.786737][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.789804][ T5328] CR2: 00007fa6c3184fe8 CR3: 00000000113cd000 CR4: 0000000000352ef0 [ 86.793405][ T5328] Call Trace: [ 86.794770][ T5328] [ 86.796099][ T5328] folio_alloc_buffers+0x3a0/0x640 [ 86.798318][ T5328] bdev_getblk+0x286/0x660 [ 86.800197][ T5328] __bread_gfp+0x89/0x3c0 [ 86.802125][ T5328] ntfs_bread+0xc2/0x1e0 [ 86.803944][ T5328] ntfs_fill_super+0x63d/0x40b0 [ 86.806184][ T5328] ? format_decode+0x5ee/0xe30 [ 86.808487][ T5328] ? vsnprintf+0xe11/0xf00 [ 86.810365][ T5328] ? __pfx_ntfs_fill_super+0x10/0x10 [ 86.812720][ T5328] ? sb_set_blocksize+0x85/0x180 [ 86.814946][ T5328] ? setup_bdev_super+0x4c1/0x5b0 [ 86.817148][ T5328] get_tree_bdev_flags+0x40e/0x4d0 [ 86.819567][ T5328] ? __pfx_ntfs_fill_super+0x10/0x10 [ 86.821931][ T5328] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 86.824216][ T5328] vfs_get_tree+0x92/0x2b0 [ 86.826089][ T5328] do_new_mount+0x302/0xa10 [ 86.827714][ T5328] ? __pfx_do_new_mount+0x10/0x10 [ 86.829639][ T5328] ? kmem_cache_free+0x19b/0x690 [ 86.831594][ T5328] __se_sys_mount+0x313/0x410 [ 86.833390][ T5328] ? __pfx___se_sys_mount+0x10/0x10 [ 86.835472][ T5328] ? do_syscall_64+0xbe/0xfa0 [ 86.837422][ T5328] ? __x64_sys_mount+0x20/0xc0 [ 86.839494][ T5328] do_syscall_64+0xfa/0xfa0 [ 86.841366][ T5328] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.843550][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.846318][ T5328] ? clear_bhb_loop+0x60/0xb0 [ 86.848398][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.850826][ T5328] RIP: 0033:0x7fa6c238f7c9 [ 86.852653][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.860598][ T5328] RSP: 002b:00007fa6c31a5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.864067][ T5328] RAX: ffffffffffffffda RBX: 00007fa6c25e5fa0 RCX: 00007fa6c238f7c9 [ 86.867777][ T5328] RDX: 00002000000001c0 RSI: 0000200000000000 RDI: 0000200000000080 [ 86.871202][ T5328] RBP: 00007fa6c2413f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.874725][ T5328] R10: 0000000000208040 R11: 0000000000000246 R12: 0000000000000000 [ 86.878242][ T5328] R13: 00007fa6c25e6038 R14: 00007fa6c25e5fa0 R15: 00007ffe7673cfb8 [ 86.881501][ T5328] [ 86.882772][ T5328] Modules linked in: [ 86.885016][ T5328] ---[ end trace 0000000000000000 ]--- [ 86.943515][ T5328] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 86.948065][ T5328] Code: 4c 89 e2 e8 96 44 79 02 e9 42 ff ff ff e8 8c a6 75 ff 48 89 df 48 c7 c6 e0 24 7a 8b e8 cd 81 dd fe 90 0f 0b e8 75 a6 75 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 86.964385][ T5328] RSP: 0018:ffffc9000d2df750 EFLAGS: 00010283 [ 86.967177][ T5328] RAX: ffffffff824a6cdb RBX: ffffea0001456800 RCX: 0000000000100000 [ 86.970545][ T5328] RDX: ffffc9000e08a000 RSI: 00000000000021a6 RDI: 00000000000021a7 [ 86.974494][ T5328] RBP: dffffc0000000000 R08: ffffea0001456807 R09: 1ffffd400028ad00 [ 86.978015][ T5328] R10: dffffc0000000000 R11: fffff9400028ad01 R12: 0000000000000004 [ 86.981460][ T5328] R13: 0000000000010000 R14: ffff888042778bc8 R15: 0000000000010000 [ 86.986249][ T5328] FS: 00007fa6c31a56c0(0000) GS:ffff88808d72d000(0000) knlGS:0000000000000000 [ 86.990450][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.993864][ T5328] CR2: 00007fa6c3182fb8 CR3: 00000000113cd000 CR4: 0000000000352ef0 [ 86.997251][ T5328] Kernel panic - not syncing: Fatal exception [ 87.000200][ T5328] Kernel Offset: disabled [ 87.002024][ T5328] Rebooting in 86400 seconds..