program:
r0 = syz_open_dev$dri(&(0x7f0000001780), 0x10002, 0x27aa01)
ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f00000000c0)={0x0, 0x13, 0x4, 0x6162f01a, 0x20, 0x18, 0xfca})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000001200)={&(0x7f0000001180)=[0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000011c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, 0xc0c0c0c0})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000001240)={0x9, r1, 0x0, 0xb0b0b0b0})
syz_read_part_table(0x5e2, &(0x7f0000000b00)="$eJzs3L+rHFUUB/DvndlfD6LPP8DiQRpR8Al24sNY6DNdEO0EbS2eSCzEQnYXFcEff0Ba0cIohFhbKEgQ01mJ8NBCxN7CFIYrOzuzG1CrfSiBz6fYe+6de86Z4U47G+5udT+pJbnZzT5qu2HUJNNV8GvyzjhZvvhkv5CM+8SS5PmrTz198eBSmW7WVquL/up022XSj6Mc9NGXo3x49fjdLl6kZJ4+zPjzSUarvXWdd+XvN32rpO328D8bfVXXBzHJ9/kiyUlpV4c/TZb5JLkvs27fYZK21tod8yLZS9rNW7GDa0c3lk/08V76N228ns3fK/WR/to4tdbaZH5+yGyT+x8/vPxPRbv8Zfd4w1KtdXxuyG22F05uT4bw0W9/nmc521RPbbYlT/eSV0+ffbi7k7KuMd798QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGMPvPbg180wudD9lk38zKdptlsXyZ9DfDA7o/7Xjm7sv/X25SZvHL38wytv/nL8W35P0ubw+Fwy3ex7aT1cf78bRv1qu3P/k9vN5LOPv9nbLPSlS/Ld+R9v1aHDaT++/tgdyUfNzv0BAAAAAAAAAAAAAAAAAABg5XouHlxq8lxS8kK2n/vXzJJShuksqbXWP2pn+Ph/cuXePrr5U8oqKbXcWf1Csn9PUqcfPNT9rcA6sdY66lqU/+YZ+Xd/BQAA//8EFGMK")
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000001540)={0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x4, &(0x7f0000001500)=[0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000001580)={<r4=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f00000015c0)={0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000001600)={0x0, 0x0, 0x40, 0x1, 0x3, [0x0, <r6=>0x0], [0x3, 0x1, 0xff, 0xe], [0x1ff, 0x0, 0x80000000, 0x3], [0x10001, 0x100000001, 0xffffffffffffffff, 0x6]})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000001680)={0x0, 0x4, 0x7ff, 0x80000000, 0x1, [0x0, 0x0, 0x0, <r7=>0x0], [0x2, 0xe, 0x4, 0x400], [0x90, 0x9, 0x7, 0x40], [0x1000000000, 0x3, 0x2, 0xfffffffffffffffc]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000001700)={r3, 0x7, 0xc05a, 0x3, 0x1, [r4, r5, r6, r7], [0x1, 0x8, 0x0, 0x8], [0x8, 0x0, 0xeade, 0x401], [0xc645, 0x5, 0x8, 0x95fe]})
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x8000)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3M9vHFcdAPDvG3vdtQvUbUNqSiWMfIhp6sg/mjhgVGGSmFaqQGrqHhAScmI7WPWPyHaqpuJHuXHjhMSJC6pUIagqJCTUAyeE+AOQQBSJcEGCA/IJjqAZ7+yu7SU2rNeO489HSnZ29juz7432O++98bwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDii9emR8fScZcCADhKX77+yui49h8ATpVXjf8BAOC0SJHFvUjx9z9upXPF+23Vl5dW77w5e3Wm9Wa9qdiyq4jP/1XHxieev3hp8nL5ev/tD9sn4ivXX50evLK2cnt9YWNjYX5wdnXp5tr8woH30O72uz1bHIDBldfvzC8ubgyOX5jY8fGb/X995NGz/VOXRybOl7GzV2dmrjfFdFf+72/fwwiPVnoii59Hih9+7r00HBFZtJ8L+5w7Oq03uvP8Kyoxe3WmqMjy0tzqZv5hKhOhe2dO9JQ5cgS52JbhiJG8rD0ymvZVIovpSPGp2EqfiYiuMg/OF38Y3H8H3UdQyBbyck5GxItxAnIWHlCPRBa/jBQrj1Xj2eNLZ+AYdEcW34sU517YSueL/kDenubd5pdfG3xpdXGtKTalWot60scHR0nfhAdYNbIYLnr8W+m54y4McKR6I4vFSJH94o3iulIU16Ufm7o888LF5itMT+2znzz2QkRMHHBMXimvNebbZodbJwAAAAAAAAAAAHjYVVMWP40U3/pktXj/Yv0G+Xv/Lhxz+YAOSln8IFK89NpWMTW++bkUXU3P96g76XN/Olv+3uqVtdt315dufWOz5ed91ekbG5vrczdbfxy9UW3cF13Y7zkG0IZKyuJKpPjLe+82bsPvT/lvsDYVuKse+87nG7/N6u7fX3He+Nj282zKOQTXvjrUvNzyJ/s/zI/LvzOlLH4bKb50Y6AoS4q+2JMzsR13LY/78JlaXNaT16ic39y/vcfFpeWF0Tz295HiT38oY6OILScKPtmIHctjs0jx6V/tjO2rxZ5pxI6XZbjzs9axH2/ETuSxP44UA/ODZWxfHnumFnu2EXvh5tryfKtDCQAHlbf/r0SKv00NprJt7N5uf/a2/99sjAXe3r2j/9Lmt9v+9zete7vWrk9HisUPBmrl7CtK2qr9fy5S3HjnmbI+RdtbdiseL/5vtP8jkeLpf+yMrdZin2jEjh34wMIJkOf/1yLFu/98v54btRyovW1kbXP+P107OzTGDJ3J/8eb1vXXvrfncKoOp97G3bden1teXli3YMGChfrCcZ+ZgE7L+/8/ihRD3/+wPt6t9f8/sv2uMf7/17cb/f+p3TvqUP//iaZ1U7XRSCUfm2+u3K48FVHduPvWyNLK3K2FWwurE8+PXhybvPTZS5OVnnJw31hq+1jBwybP/z9Hiq//+if1v3ftHP+3vv7Xt3tHHcr/J5vW9e0Yr7RddTj18vz/aKT43Rvv13P6ftf/yut9w0Pbr/WH6XYo/880reuvfe+jh1N1AAAAAAAAAAAAOLEqKYvfRIrvDnWn8l67g9z/u+cBNB26/+9s07r5I5qv2PZBBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYI8ssliLFB98YSt9J18xEHGu+RV4aP0nAAD//5okKSs=")
mount(&(0x7f0000000500)=@loop={'/dev/loop', 0x0}, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='romfs\x00', 0xa00010, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x400)
setresuid(r9, r9, 0x0)
quotactl$Q_GETQUOTA(0xffffffff80000701, &(0x7f0000001380)=@rnullb, r9, &(0x7f0000001480))
close(r8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'vxcan1\x00', @local})
r10 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000001000)=0x10)
getsockopt$bt_hci(r10, 0x84, 0x76, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000001100)="2e00000010008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}, {&(0x7f0000001280)="94271a848d2dbce87cb317c08b452f6c95467c6325fc96fc6227ff42f34b7650ce5244676b01a57c1193d7f8c1d164af1309ab7b1df5abc2cd52dab9f7dd625fa18b4a4308fffc0b0a2d3c623db562e69e43f175e3247a3f755be850c7bef2bf5b15694c858e585299f350f640651577e1203f7032648c28e4926bae4326d04abbbfe98b818d993e451a3f851d12983ea14721d550d81a681daa823ea0139a08b9b29c2ca9c333d9879e918ed516c697fcb6b0e8f169aa0322a7999c0e1c9c9455", 0xc1}, {&(0x7f00000013c0)="f5032012e12ec34e5f739f3901bff5e6b1b0be9c98fc182d0cbbdfd25ab58a5d188730d4ab913ccab7a8e82b257d6d28b4b2c5cd3d35230a5c96f247905e0f4ce3b036ee5e9a068e2ffcf3f2dec02e8799f603b5f52ef8ff7619c91fa85020661286ec211bdcf47571674a3d09e34d69a5cddcd2716a7a05fde1e1dccc9a59112b506672c725f488bb0cc4ebf58eed02120d6d9530151a93d0be6355b47c6f388f085623e76ff6d5f5f3210513c26e0b0286a4b3ff4128ae20bd8c", 0xbb}], 0x3}, 0x4000)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r12, 0x2, 0x70bd28, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x400a055}, 0x10)

[   75.855256][ T4704] Bluetooth: hci0: command tx timeout
[   75.952448][ T5356] loop0: detected capacity change from 0 to 2048
[   75.994141][ T5331]  loop0: p2 p3 < > p4 < p5 >
[   76.001895][ T5331] loop0: partition table partially beyond EOD, truncated
[   76.019647][ T5331] loop0: p3 start 4284289 is beyond EOD, truncated
[   76.043728][ T5356]  loop0: p2 p3 < > p4 < p5 >
[   76.046099][ T5356] loop0: partition table partially beyond EOD, truncated
[   76.053862][ T5356] loop0: p3 start 4284289 is beyond EOD, truncated
[   76.105048][ T5356] EXT4-fs (loop0): unable to set blocksize
[   76.123494][ T5356] MTD: Attempt to mount non-MTD device "/dev/loop0"
[   76.128701][ T5356] ------------[ cut here ]------------
[   76.131532][ T5356] kernel BUG at fs/buffer.c:1582!
[   76.144752][ T5356] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   76.147549][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[   76.151337][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.155888][ T5356] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[   76.158402][ T5356] Code: 4c 89 e2 e8 a6 3f b9 02 e9 42 ff ff ff e8 0c 51 78 ff 48 89 df 48 c7 c6 60 01 9a 8b e8 1d 92 e0 fe 90 0f 0b e8 f5 50 78 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   76.166735][ T5356] RSP: 0018:ffffc9000fddf980 EFLAGS: 00010287
[   76.169127][ T5356] RAX: ffffffff82476a6b RBX: ffffea000133ec40 RCX: 0000000000100000
[   76.172791][ T5356] RDX: ffffc9000ddd2000 RSI: 00000000000010b3 RDI: 00000000000010b4
[   76.176204][ T5356] RBP: dffffc0000000000 R08: ffffea000133ec47 R09: 1ffffd4000267d88
[   76.179528][ T5356] R10: dffffc0000000000 R11: fffff94000267d89 R12: 0000000000000000
[   76.182796][ T5356] R13: 0000000000001000 R14: ffff88804483d488 R15: 0000000000001000
[   76.186124][ T5356] FS:  00007fdf195176c0(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
[   76.190004][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.193270][ T5356] CR2: 0000557c8b2b58c0 CR3: 000000004339e000 CR4: 0000000000352ef0
[   76.197509][ T5356] Call Trace:
[   76.198952][ T5356]  <TASK>
[   76.200411][ T5356]  folio_alloc_buffers+0x3a0/0x640
[   76.202645][ T5356]  bdev_getblk+0x286/0x660
[   76.204625][ T5356]  __bread_gfp+0x89/0x3c0
[   76.206696][ T5356]  romfs_dev_read+0x22b/0x350
[   76.208943][ T5356]  ? __pfx_romfs_dev_read+0x10/0x10
[   76.211214][ T5356]  ? __kmalloc_cache_noprof+0x230/0x3d0
[   76.213654][ T5356]  ? romfs_fill_super+0x1c4/0x720
[   76.216377][ T5356]  romfs_fill_super+0x20e/0x720
[   76.218586][ T5356]  get_tree_bdev_flags+0x40e/0x4d0
[   76.221018][ T5356]  ? __pfx_romfs_fill_super+0x10/0x10
[   76.223496][ T5356]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   76.226004][ T5356]  vfs_get_tree+0x8f/0x2b0
[   76.227949][ T5356]  do_new_mount+0x2a2/0x9e0
[   76.230032][ T5356]  ? ns_capable+0x8a/0xf0
[   76.232068][ T5356]  ? __pfx_do_new_mount+0x10/0x10
[   76.234570][ T5356]  ? path_mount+0x61c/0xfe0
[   76.236673][ T5356]  ? user_path_at+0x44/0x60
[   76.238727][ T5356]  __se_sys_mount+0x317/0x410
[   76.240787][ T5356]  ? __pfx___se_sys_mount+0x10/0x10
[   76.242967][ T5356]  ? rcu_is_watching+0x15/0xb0
[   76.245061][ T5356]  ? do_syscall_64+0xbe/0x3b0
[   76.247125][ T5356]  ? __x64_sys_mount+0x20/0xc0
[   76.249216][ T5356]  do_syscall_64+0xfa/0x3b0
[   76.251106][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.253664][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.256262][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   76.258266][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.260728][ T5356] RIP: 0033:0x7fdf1878ebe9
[   76.262617][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.271484][ T5356] RSP: 002b:00007fdf19517038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.275536][ T5356] RAX: ffffffffffffffda RBX: 00007fdf189b5fa0 RCX: 00007fdf1878ebe9
[   76.279071][ T5356] RDX: 0000200000000580 RSI: 0000200000000540 RDI: 0000200000000500
[   76.282204][ T5356] RBP: 00007fdf18811e19 R08: 0000000000000000 R09: 0000000000000000
[   76.285218][ T5356] R10: 0000000000a00010 R11: 0000000000000246 R12: 0000000000000000
[   76.288506][ T5356] R13: 00007fdf189b6038 R14: 00007fdf189b5fa0 R15: 00007ffdc7a71388
[   76.292048][ T5356]  </TASK>
[   76.293429][ T5356] Modules linked in:
[   76.296007][ T5356] ---[ end trace 0000000000000000 ]---
[   76.307061][ T5357] vxcan1: entered allmulticast mode
[   76.310318][ T5356] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[   76.315979][ T5356] Code: 4c 89 e2 e8 a6 3f b9 02 e9 42 ff ff ff e8 0c 51 78 ff 48 89 df 48 c7 c6 60 01 9a 8b e8 1d 92 e0 fe 90 0f 0b e8 f5 50 78 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   76.325216][ T5357] netlink: 'syz.0.0': attribute type 39 has an invalid length.
[   76.328836][ T5357] vxcan1: left allmulticast mode
[   76.333852][ T5356] RSP: 0018:ffffc9000fddf980 EFLAGS: 00010287
[   76.336599][ T5356] RAX: ffffffff82476a6b RBX: ffffea000133ec40 RCX: 0000000000100000
[   76.341110][ T5356] RDX: ffffc9000ddd2000 RSI: 00000000000010b3 RDI: 00000000000010b4
[   76.344608][ T5356] RBP: dffffc0000000000 R08: ffffea000133ec47 R09: 1ffffd4000267d88
[   76.347900][ T5356] R10: dffffc0000000000 R11: fffff94000267d89 R12: 0000000000000000
[   76.352230][ T5356] R13: 0000000000001000 R14: ffff88804483d488 R15: 0000000000001000
[   76.355929][ T5356] FS:  00007fdf195176c0(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
[   76.359990][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.363567][ T5356] CR2: 00007fdf14bf3fb8 CR3: 000000004339e000 CR4: 0000000000352ef0
[   76.366889][ T5356] Kernel panic - not syncing: Fatal exception
[   76.369431][ T5356] Kernel Offset: disabled
[   76.371501][ T5356] Rebooting in 86400 seconds..