program: r0 = syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0xfd, 0x1e9, &(0x7f0000000700)="$eJzsmT2LE0EYx/8zu9nkDhFsLGwUPPCEu83uRuUai/MLKNz51hm89Tjdu0huiyQgGGxs/Bh+BYtUKezsbLVQQbAwpfXI7DzZDHkjiQkKPj+4ud/OPPvMSzZPIAHDMP8t377++vLm1s7+FoAz2ECR+n84gxhpxX8ukXx6+/7k7IvOcD4dK4x2Z11Dd9dBSq6UUvbYBv3fh8z9LiSukt+HgE/+CBL3yGMIPCR/anltjSSJ/ce15ODJURIHugl1E+mmYs/vAui1BQ4AlGh9who/bbaeVZMkrg9LQfXnGRmaV6adnQu4vV2Jm9b56dfgwetXbX3dP5vAOr8QEiF5BQJ75Dsowvd9/QiYI7H2f8Ed5Hdm2f8icruwnDwejJzbnha8tZS5FhQPwN+bfW5p/xvLWI4Iq2dNi35D5z3ne50Po3d9X+XCLq12y6CaPTL0cf3PMntUBMbGDOqnLrlXrPrkws3rRzk9fl4+bba2j46rh/FhfBJFlRvBtSC4HpWz2mzaKfWvlNWndSt/YUKsJzw0qmlaDxtAWg/z68i0VsXde1f7md0js/onsXnZ5NCPSrbt4vg5BP2Zz0Ftm87ExTMMwzAMwzAMwzAMwzAMw8zFRYjsW1D6oUophZdmRNlEd7K+3wEAAP//zPhXeA==") syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x8, 0x0, 0x2}}}}}}, 0x0) syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x3000080, &(0x7f0000000280)=ANY=[], 0x1, 0x2e0, &(0x7f0000000880)="$eJzs3c1qE10cx/HfmSRt+jT0mb48POCyWtCN1LoRNymSixAXojYRiqGiraBurOJKRPfuvQVvQXCjeAO6cuUFRBBGzpnJa+cljUmmod8PGCYz85/zP5m38x+wIwCn1rXat/eXf9h/RiqoIL26KnmSylJR0n/6v/xo72D3oNmop2ynFTg2yiiMNEdW2tlrxMWWFUVEfPutqErvPExGEATb3yXt550IcuXO/hieNB+dnW55eeqZpXs+YtzhmPOYNaallh5rKe88AAD5iu7/XnSfr0Tjd8+TNqLb/om8/4+qlXcCExekLu25/7sqKzB2//7rFnXrPVfC2eVeu0ocpuXSwPc5hUdW3wDTZFWVLhdv4e5us3Fx536z7umFqpGe1dbcZz08dNsysl2PqU1TDNF3Ez+iXHR9KNk+bCXkvzpiiyMzn8wXc9P4eqd6Z/xXDIzdTW5P+QN7Ksx/M3mLrpe+XUvRZaNarXp9qyy7Rs5ELUQyelmOr0jUPqKW1f+AwM/K00WtDESFvbuUEbUaRm0v9EVttb8lRK31tWV70zmak9ubNPPGXDfr+qkPqvWM/z2b34ZSz8zuWWM2wluB+8XD/szFN1d02/SP3DkOdaPSP6fzK84npf4r/Zp2OqX8Js9Swl7rjq5oaf/J03uFZrPx0E7cjpl4UOnMKb2UYtc55kT7JPqb7XjqztFhd9G8wgeRR6JKY2j0uBMXxrpBe/3IXNmeZVPp4FiOhFmdqH2ewoFkL5I59nSc1yicVN2dnrnqx6kkhGlz466w/uupVzbdYM9++Cnj9MwBWbTFwI6xOxVQuS9+xU39E1vBJT1uWEyu4Iatuc6el851Zv0OMqoRP8pzNgRpQz/L1PRVt3j+DwAAAAAAAAAAAAAAAAAAMGum8d8J8u4jAAAAAAAAAAAAAAAAAAAAAACzrvP+X7Xf/6vh3v87+Je/C+EbXsby/t+3e+L9v8Dk/QkAAP//TN6FzA==") openat(0xffffffffffffff9c, 0x0, 0x48942, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x8000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) sendto$inet6(r3, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549935ade4a460c20b6ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x0, 0x0, 0xf) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r4, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000900)={0x2020, 0x0, 0x0}, 0x2020) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) write$FUSE_ENTRY(r4, &(0x7f00000001c0)={0x90, 0xfffffffffffffff5, r5, {0x1, 0x2, 0x3a, 0x2, 0xbd, 0x9, {0x0, 0x7, 0x0, 0x6, 0x6, 0x7f69, 0x7, 0x3, 0xc000000, 0x4000, 0x6, r6, r7, 0x56, 0x5}}}, 0x90) [ 75.887910][ T4661] Bluetooth: hci0: command tx timeout [ 75.916242][ T5321] loop0: detected capacity change from 0 to 16 [ 75.962557][ T5321] erofs (device loop0): too large lz4 pclusterblks 16832 [ 75.995432][ T5321] loop0: detected capacity change from 0 to 64 [ 76.054382][ T5301] Buffer I/O error on dev loop0, logical block 24, async page read [ 76.059818][ T1037] Buffer I/O error on dev loop0, logical block 8, lost async page write [ 76.063282][ T1037] Buffer I/O error on dev loop0, logical block 9, lost async page write [ 76.066233][ T1037] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 76.071620][ T5301] Buffer I/O error on dev loop0, logical block 25, async page read [ 76.074268][ T5301] Buffer I/O error on dev loop0, logical block 26, async page read [ 76.077168][ T5301] Buffer I/O error on dev loop0, logical block 27, async page read [ 76.080534][ T1037] Buffer I/O error on dev loop0, logical block 11, lost async page write [ 76.083755][ T1037] Buffer I/O error on dev loop0, logical block 16, lost async page write [ 76.087023][ T1037] Buffer I/O error on dev loop0, logical block 17, lost async page write [ 76.103408][ T5321] getblk(): invalid block size 512 requested [ 76.105719][ T5321] logical block size: 32768 [ 76.107523][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 76.107537][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.107545][ T5321] Call Trace: [ 76.107550][ T5321] [ 76.107569][ T5321] dump_stack_lvl+0x189/0x250 [ 76.107671][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.107687][ T5321] ? __pfx__printk+0x10/0x10 [ 76.107699][ T5321] ? fs_reclaim_acquire+0x7d/0x100 [ 76.107731][ T5321] bdev_getblk+0x59e/0x670 [ 76.107741][ T5321] ? __pfx_wake_up_bit+0x10/0x10 [ 76.107758][ T5321] __bread_gfp+0x89/0x3c0 [ 76.107773][ T5321] hfs_mdb_commit+0xc0a/0x1160 [ 76.107794][ T5321] hfs_sync_fs+0x15/0x20 [ 76.107806][ T5321] sync_filesystem+0xeb/0x230 [ 76.107821][ T5321] hfs_reconfigure+0x66/0x270 [ 76.107836][ T5321] reconfigure_super+0x224/0x890 [ 76.107849][ T5321] vfs_fsconfig_locked+0x171/0x320 [ 76.107860][ T5321] __se_sys_fsconfig+0x78e/0x8d0 [ 76.107871][ T5321] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 76.107892][ T5321] ? do_syscall_64+0xba/0x210 [ 76.107930][ T5321] ? __x64_sys_fsconfig+0x20/0xc0 [ 76.107947][ T5321] do_syscall_64+0xf6/0x210 [ 76.107958][ T5321] ? clear_bhb_loop+0x45/0xa0 [ 76.107972][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.107982][ T5321] RIP: 0033:0x7eff5538e969 [ 76.107992][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.108002][ T5321] RSP: 002b:00007eff517f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 76.108015][ T5321] RAX: ffffffffffffffda RBX: 00007eff555b5fa0 RCX: 00007eff5538e969 [ 76.108023][ T5321] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 76.108029][ T5321] RBP: 00007eff55410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 76.108035][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.108040][ T5321] R13: 0000000000000000 R14: 00007eff555b5fa0 R15: 00007fff25c4f0e8 [ 76.108056][ T5321] [ 76.189073][ T5322] netlink: 'syz.0.0': attribute type 15 has an invalid length. [ 76.192066][ T5322] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'. [ 76.196593][ T5321] hfs: unable to read volume bitmap [ 76.205482][ T26] audit: type=1800 audit(1745795111.196:2): pid=5322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=22 res=0 errno=0 [ 76.214410][ T5321] ------------[ cut here ]------------ [ 76.216449][ T5321] WARNING: CPU: 0 PID: 5321 at fs/buffer.c:1186 mark_buffer_dirty+0x2a9/0x410 [ 76.220252][ T5321] Modules linked in: [ 76.221932][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 76.225970][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.229845][ T5321] RIP: 0010:mark_buffer_dirty+0x2a9/0x410 [ 76.232045][ T5321] Code: 4c 89 f7 e8 79 0d de ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 c4 34 fc ff e8 5f 18 7c ff eb 8c e8 58 18 7c ff 90 <0f> 0b 90 e9 95 fd ff ff e8 4a 18 7c ff 90 0f 0b 90 e9 bf fd ff ff [ 76.239488][ T5321] RSP: 0018:ffffc9000d52fbe8 EFLAGS: 00010287 [ 76.241925][ T5321] RAX: ffffffff8243a678 RBX: ffff888042ff6658 RCX: 0000000000100000 [ 76.245193][ T5321] RDX: ffffc9000e0da000 RSI: 00000000000098b6 RDI: 00000000000098b7 [ 76.248454][ T5321] RBP: 1ffff1100a296c01 R08: ffff888042ff665f R09: 1ffff110085feccb [ 76.251593][ T5321] R10: dffffc0000000000 R11: ffffed10085feccc R12: dffffc0000000000 [ 76.254753][ T5321] R13: ffff8880514b6638 R14: ffff88804c27a45b R15: ffff88804c27a400 [ 76.258175][ T5321] FS: 00007eff517f56c0(0000) GS:ffff88808d6cc000(0000) knlGS:0000000000000000 [ 76.261745][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.264197][ T5321] CR2: 00007eff517d3fc8 CR3: 00000000414f2000 CR4: 0000000000352ef0 [ 76.267447][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.270743][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.273696][ T5321] Call Trace: [ 76.274908][ T5321] [ 76.276063][ T5321] hfs_mdb_commit+0x489/0x1160 [ 76.278011][ T5321] hfs_sync_fs+0x15/0x20 [ 76.279741][ T5321] sync_filesystem+0x1cc/0x230 [ 76.281629][ T5321] hfs_reconfigure+0x66/0x270 [ 76.283577][ T5321] reconfigure_super+0x224/0x890 [ 76.285578][ T5321] vfs_fsconfig_locked+0x171/0x320 [ 76.287814][ T5321] __se_sys_fsconfig+0x78e/0x8d0 [ 76.289678][ T5321] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 76.291647][ T5321] ? do_syscall_64+0xba/0x210 [ 76.293558][ T5321] ? __x64_sys_fsconfig+0x20/0xc0 [ 76.295584][ T5321] do_syscall_64+0xf6/0x210 [ 76.297449][ T5321] ? clear_bhb_loop+0x45/0xa0 [ 76.299707][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.301995][ T5321] RIP: 0033:0x7eff5538e969 [ 76.303616][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.311173][ T5321] RSP: 002b:00007eff517f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 76.314047][ T5321] RAX: ffffffffffffffda RBX: 00007eff555b5fa0 RCX: 00007eff5538e969 [ 76.317000][ T5321] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 76.320115][ T5321] RBP: 00007eff55410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 76.323326][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.326342][ T5321] R13: 0000000000000000 R14: 00007eff555b5fa0 R15: 00007fff25c4f0e8 [ 76.329936][ T5321] [ 76.331192][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.333811][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 76.337503][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.341313][ T5321] Call Trace: [ 76.342606][ T5321] [ 76.343828][ T5321] dump_stack_lvl+0x99/0x250 [ 76.345755][ T5321] ? __asan_memcpy+0x40/0x70 [ 76.347583][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.349360][ T5321] ? __pfx__printk+0x10/0x10 [ 76.351012][ T5321] panic+0x2db/0x790 [ 76.352481][ T5321] ? __pfx_panic+0x10/0x10 [ 76.354190][ T5321] ? show_trace_log_lvl+0x4fb/0x550 [ 76.356038][ T5321] __warn+0x31b/0x4b0 [ 76.357630][ T5321] ? mark_buffer_dirty+0x2a9/0x410 [ 76.359630][ T5321] ? mark_buffer_dirty+0x2a9/0x410 [ 76.361812][ T5321] report_bug+0x2be/0x4f0 [ 76.363502][ T5321] ? mark_buffer_dirty+0x2a9/0x410 [ 76.365443][ T5321] ? mark_buffer_dirty+0x2a9/0x410 [ 76.367480][ T5321] ? mark_buffer_dirty+0x2ab/0x410 [ 76.369383][ T5321] handle_bug+0x84/0x160 [ 76.370979][ T5321] exc_invalid_op+0x1a/0x50 [ 76.372804][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 76.374576][ T5321] RIP: 0010:mark_buffer_dirty+0x2a9/0x410 [ 76.376770][ T5321] Code: 4c 89 f7 e8 79 0d de ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 c4 34 fc ff e8 5f 18 7c ff eb 8c e8 58 18 7c ff 90 <0f> 0b 90 e9 95 fd ff ff e8 4a 18 7c ff 90 0f 0b 90 e9 bf fd ff ff [ 76.386234][ T5321] RSP: 0018:ffffc9000d52fbe8 EFLAGS: 00010287 [ 76.389302][ T5321] RAX: ffffffff8243a678 RBX: ffff888042ff6658 RCX: 0000000000100000 [ 76.393068][ T5321] RDX: ffffc9000e0da000 RSI: 00000000000098b6 RDI: 00000000000098b7 [ 76.396412][ T5321] RBP: 1ffff1100a296c01 R08: ffff888042ff665f R09: 1ffff110085feccb [ 76.399778][ T5321] R10: dffffc0000000000 R11: ffffed10085feccc R12: dffffc0000000000 [ 76.403074][ T5321] R13: ffff8880514b6638 R14: ffff88804c27a45b R15: ffff88804c27a400 [ 76.406025][ T5321] ? mark_buffer_dirty+0x2a8/0x410 [ 76.408427][ T5321] ? mark_buffer_dirty+0x2a8/0x410 [ 76.410578][ T5321] hfs_mdb_commit+0x489/0x1160 [ 76.412614][ T5321] hfs_sync_fs+0x15/0x20 [ 76.414423][ T5321] sync_filesystem+0x1cc/0x230 [ 76.416463][ T5321] hfs_reconfigure+0x66/0x270 [ 76.418270][ T5321] reconfigure_super+0x224/0x890 [ 76.420374][ T5321] vfs_fsconfig_locked+0x171/0x320 [ 76.422455][ T5321] __se_sys_fsconfig+0x78e/0x8d0 [ 76.424499][ T5321] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 76.426747][ T5321] ? do_syscall_64+0xba/0x210 [ 76.428643][ T5321] ? __x64_sys_fsconfig+0x20/0xc0 [ 76.430806][ T5321] do_syscall_64+0xf6/0x210 [ 76.432680][ T5321] ? clear_bhb_loop+0x45/0xa0 [ 76.434625][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.436969][ T5321] RIP: 0033:0x7eff5538e969 [ 76.438705][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.446278][ T5321] RSP: 002b:00007eff517f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 76.449612][ T5321] RAX: ffffffffffffffda RBX: 00007eff555b5fa0 RCX: 00007eff5538e969 [ 76.452689][ T5321] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 76.455922][ T5321] RBP: 00007eff55410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 76.459033][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.462171][ T5321] R13: 0000000000000000 R14: 00007eff555b5fa0 R15: 00007fff25c4f0e8 [ 76.465334][ T5321] [ 76.466909][ T5321] Kernel Offset: disabled [ 76.468665][ T5321] Rebooting in 86400 seconds..