program: r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) r1 = getpgrp(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100)) r2 = syz_open_procfs$namespace(r1, &(0x7f0000000180)='ns/cgroup\x00') syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./bus\x00', 0xc080, &(0x7f0000002700)=ANY=[], 0x1, 0x288, &(0x7f0000000400)="$eJzs3U9rE08cx/HPbNJf87Olbv+IIJ6qBU/S1ot4EaTPwIsnUZsIxaWCVlBP1bP4ALyLz8AH4Um8CYI3Tz6A3CIzO5tskp1sjInbxvcLEjbZ+e7MZGeZ+W4IEYB/1q297++v/bAPI9VUk3RDiiQ1pLqkczrfeHZ4dHCUtJqjDlRzEfZhlEaaoTL7h62iUBvnIrzYvqprOf8eZqPxreoW4CRwV3+BY2nRX51uf+Ovt2w2jqtuQMVMW20910rV7QAAVMvP/5Gb542W/fo9iqQtP+33z/+nfAJtV92AiuXmf5dldYw9v2fdrl6+Z4fAV7s/yrLESer6T+nI6ltgmrKs0rUl+v/hQdK6uv84aUZ6rZtertiGe26mQzeTb+2r4UNvFuSmI0ze9yXXhwXbh91A+9ezjQ9TqbGc+WQ+m7sm1js1u+u/esfY0+TOVDxwptL2b4eP6HoZp6UCvVx1lVzwNXgje1lTICNRNqJW1X+DIC5rp4taG4hKe7dTErVeGLVbErUxGNUbzeHIGXKj3rw1d8ymfuqj9nLr/8h+2lsa58q0ZVxJPzJG9qfuSsaudn/VHV8sLBlN2Ct0LSyOXfSNHui6Vp6+ePnofpK0nkxjQ9JUjsNGeKM+jeNkg6D67szjRvfTTdzt7kqakc07f94LzLPeSf/NQL6bmRd23WXS/C+Xr2yni0W7duut04cW5J2yg+eOuBPIDdbc85n8AtCEcwPjbj0shTO4cXOuS1eky7k3C2vsfd0R+3bOCbOnL7rH/X8AAAAAAAAAAAAAAAAAAIDTZno/OWgotMtXFfw1HwAAAAAAAAAAAAAAAAAAAAAAGO3E/f/vbaWv+P9fYOZ+BQAA//9QbXPp") truncate(&(0x7f0000000000)='./file1\x00', 0x8800000) setns(r2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_team\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000040)={r5, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000002c0)={r5, 0x1, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, 0x10) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x414b80640d8ab5a0, 0x0) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000080)=0x5) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0xc, &(0x7f0000000280)={[{@acl}, {@cache_strategy_readaround}, {@dax}, {@cache_strategy_disabled}, {@dax_always}, {@acl}]}, 0x3, 0x1b1, &(0x7f00000000c0)="$eJzsmM1LG0EYxp+Z3WxIT+21FFpooOmhm91NWwql0Jxy6KXQD/EiBrOG6MZIsgcTEOLRk3+Df4J4Fw9evQleVRC8ePS8MrOjOxrzISRB8P0d3jwz82Y+3t08AwFBEM+Ws9Ork/XN81cc6GaQRVr1XxhJDtfymzu/cm8OS+7e3MH3493S0f353gGIotHXF3PvFw2Eqh1Fd7+dVZ9/wZFFRup/4Pio+mfAYCs9D47/SvtgmFV6SdMNkW/bi7XAtxcaQUUIRwRXBE+Egr6+CeByg6Gi7Y9p4612Z7kcBH6zV1j9hx4nBtVP7q/I8QOI1COL9Od1UxtH1i/GBYerdAEMf5T+hrSqDe85/2szOb8x2vnHKVLi1RuUszW51U1M4YAkhgh0Y5FGMsSn9fpNRojfzxPYxoRE4h/RNsMHzT9NzT/yYX31Z6vd+VSrl6t+1V/xvMJX57PjfPHy0pvjOMD/MtKfXmjzp/rkWszCWjkMm24cb9teHB9yXEv6H0fufdxmqk9H3gcvmbj6kDNUmyAIgiAIgiAIgiAIgiAIYuy8BZP/gg7B+y2zrwMAAP//Ub9tHw==") r7 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0x800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) [ 114.272904][ T5322] Bluetooth: hci0: command tx timeout [ 114.314670][ T5344] loop0: detected capacity change from 0 to 64 [ 114.376461][ T5344] veth1_to_team: entered promiscuous mode [ 114.456383][ T5344] veth1_to_team: left promiscuous mode [ 114.465884][ T1035] Buffer I/O error on dev loop0, logical block 15, lost async page write [ 114.469471][ T1035] Buffer I/O error on dev loop0, logical block 18, lost async page write [ 114.483451][ T1035] Buffer I/O error on dev loop0, logical block 19, lost async page write [ 114.493543][ T1035] Buffer I/O error on dev loop0, logical block 20, lost async page write [ 114.498961][ T1035] Buffer I/O error on dev loop0, logical block 21, lost async page write [ 114.503881][ T1035] Buffer I/O error on dev loop0, logical block 22, lost async page write [ 114.506946][ T1035] Buffer I/O error on dev loop0, logical block 23, lost async page write [ 114.510375][ T1035] Buffer I/O error on dev loop0, logical block 24, lost async page write [ 114.516104][ T1035] Buffer I/O error on dev loop0, logical block 57, lost async page write [ 114.519624][ T1035] Buffer I/O error on dev loop0, logical block 58, lost async page write [ 114.528236][ T5344] ------------[ cut here ]------------ [ 114.530646][ T5344] WARNING: CPU: 0 PID: 5344 at fs/buffer.c:1189 mark_buffer_dirty+0x2a9/0x410 [ 114.535005][ T5344] Modules linked in: [ 114.536894][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 114.542315][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.546964][ T5344] RIP: 0010:mark_buffer_dirty+0x2a9/0x410 [ 114.549569][ T5344] Code: 4c 89 f7 e8 c9 b9 dd ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 94 33 fc ff e8 df 36 7a ff eb 8c e8 d8 36 7a ff 90 <0f> 0b 90 e9 95 fd ff ff e8 ca 36 7a ff 90 0f 0b 90 e9 bf fd ff ff [ 114.558495][ T5344] RSP: 0018:ffffc9000d307900 EFLAGS: 00010293 [ 114.561229][ T5344] RAX: ffffffff82461648 RBX: ffff888000864658 RCX: ffff8880002c0000 [ 114.565295][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 114.568838][ T5344] RBP: 1ffff110022c5c01 R08: ffff88800086465f R09: 1ffff1100010c8cb [ 114.573022][ T5344] R10: dffffc0000000000 R11: ffffed100010c8cc R12: 0000000000000000 [ 114.576633][ T5344] R13: dffffc0000000000 R14: ffffffff829b17f0 R15: ffff88801162e788 [ 114.580211][ T5344] FS: 0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 114.584047][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.586749][ T5344] CR2: 00007f492cb589a0 CR3: 0000000051294000 CR4: 0000000000352ef0 [ 114.589947][ T5344] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 114.593246][ T5344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.596593][ T5344] Call Trace: [ 114.598030][ T5344] [ 114.599278][ T5344] ? __pfx_hfs_put_super+0x10/0x10 [ 114.601344][ T5344] hfs_put_super+0x49/0x60 [ 114.603408][ T5344] generic_shutdown_super+0x132/0x2c0 [ 114.605649][ T5344] kill_block_super+0x44/0x90 [ 114.607716][ T5344] deactivate_locked_super+0xbc/0x130 [ 114.610012][ T5344] cleanup_mnt+0x425/0x4c0 [ 114.611794][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.614158][ T5344] task_work_run+0x1d1/0x260 [ 114.616072][ T5344] ? __pfx_task_work_run+0x10/0x10 [ 114.618217][ T5344] ? kmem_cache_free+0x18f/0x400 [ 114.620482][ T5344] do_exit+0x6b5/0x22e0 [ 114.622434][ T5344] ? do_raw_spin_lock+0x121/0x290 [ 114.624669][ T5344] ? __pfx_do_exit+0x10/0x10 [ 114.626757][ T5344] do_group_exit+0x21c/0x2d0 [ 114.628724][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.630758][ T5344] get_signal+0x1286/0x1340 [ 114.632758][ T5344] arch_do_signal_or_restart+0x9a/0x750 [ 114.635162][ T5344] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.637711][ T5344] ? exit_to_user_mode_loop+0x40/0x110 [ 114.639984][ T5344] exit_to_user_mode_loop+0x75/0x110 [ 114.642517][ T5344] do_syscall_64+0x2bd/0x3b0 [ 114.644586][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.646972][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.649619][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 114.651677][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.654296][ T5344] RIP: 0033:0x7f492bd8e929 [ 114.656155][ T5344] Code: Unable to access opcode bytes at 0x7f492bd8e8ff. [ 114.659183][ T5344] RSP: 002b:00007f492cb790e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.663421][ T5344] RAX: 0000000000000001 RBX: 00007f492bfb5fa8 RCX: 00007f492bd8e929 [ 114.666982][ T5344] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f492bfb5fac [ 114.670031][ T5344] RBP: 00007f492bfb5fa0 R08: 7fffffffffffffff R09: 0000000000000000 [ 114.673555][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f492bfb5fac [ 114.677007][ T5344] R13: 0000000000000000 R14: 00007ffd0a353de0 R15: 00007ffd0a353ec8 [ 114.679975][ T5344] [ 114.681417][ T5344] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 114.684591][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 114.689276][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.693642][ T5344] Call Trace: [ 114.695180][ T5344] [ 114.696504][ T5344] dump_stack_lvl+0x99/0x250 [ 114.698485][ T5344] ? __asan_memcpy+0x40/0x70 [ 114.700416][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.702629][ T5344] ? __pfx__printk+0x10/0x10 [ 114.704760][ T5344] panic+0x2db/0x790 [ 114.706407][ T5344] ? __pfx_panic+0x10/0x10 [ 114.708226][ T5344] ? show_trace_log_lvl+0x4fb/0x550 [ 114.710599][ T5344] __warn+0x31b/0x4b0 [ 114.712480][ T5344] ? mark_buffer_dirty+0x2a9/0x410 [ 114.714531][ T5344] ? mark_buffer_dirty+0x2a9/0x410 [ 114.716638][ T5344] report_bug+0x2be/0x4f0 [ 114.718445][ T5344] ? mark_buffer_dirty+0x2a9/0x410 [ 114.720555][ T5344] ? mark_buffer_dirty+0x2a9/0x410 [ 114.722654][ T5344] ? mark_buffer_dirty+0x2ab/0x410 [ 114.724890][ T5344] handle_bug+0x84/0x160 [ 114.726778][ T5344] exc_invalid_op+0x1a/0x50 [ 114.728667][ T5344] asm_exc_invalid_op+0x1a/0x20 [ 114.730699][ T5344] RIP: 0010:mark_buffer_dirty+0x2a9/0x410 [ 114.732986][ T5344] Code: 4c 89 f7 e8 c9 b9 dd ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 94 33 fc ff e8 df 36 7a ff eb 8c e8 d8 36 7a ff 90 <0f> 0b 90 e9 95 fd ff ff e8 ca 36 7a ff 90 0f 0b 90 e9 bf fd ff ff [ 114.740797][ T5344] RSP: 0018:ffffc9000d307900 EFLAGS: 00010293 [ 114.743333][ T5344] RAX: ffffffff82461648 RBX: ffff888000864658 RCX: ffff8880002c0000 [ 114.746618][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 114.749680][ T5344] RBP: 1ffff110022c5c01 R08: ffff88800086465f R09: 1ffff1100010c8cb [ 114.753532][ T5344] R10: dffffc0000000000 R11: ffffed100010c8cc R12: 0000000000000000 [ 114.756742][ T5344] R13: dffffc0000000000 R14: ffffffff829b17f0 R15: ffff88801162e788 [ 114.759672][ T5344] ? __pfx_hfs_put_super+0x10/0x10 [ 114.761951][ T5344] ? mark_buffer_dirty+0x2a8/0x410 [ 114.764073][ T5344] ? __pfx_hfs_put_super+0x10/0x10 [ 114.766128][ T5344] hfs_put_super+0x49/0x60 [ 114.767636][ T5344] generic_shutdown_super+0x132/0x2c0 [ 114.769618][ T5344] kill_block_super+0x44/0x90 [ 114.771659][ T5344] deactivate_locked_super+0xbc/0x130 [ 114.774031][ T5344] cleanup_mnt+0x425/0x4c0 [ 114.775854][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.777739][ T5344] task_work_run+0x1d1/0x260 [ 114.779443][ T5344] ? __pfx_task_work_run+0x10/0x10 [ 114.781569][ T5344] ? kmem_cache_free+0x18f/0x400 [ 114.783780][ T5344] do_exit+0x6b5/0x22e0 [ 114.785444][ T5344] ? do_raw_spin_lock+0x121/0x290 [ 114.787698][ T5344] ? __pfx_do_exit+0x10/0x10 [ 114.789772][ T5344] do_group_exit+0x21c/0x2d0 [ 114.791869][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.794214][ T5344] get_signal+0x1286/0x1340 [ 114.796270][ T5344] arch_do_signal_or_restart+0x9a/0x750 [ 114.798607][ T5344] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.801330][ T5344] ? exit_to_user_mode_loop+0x40/0x110 [ 114.803737][ T5344] exit_to_user_mode_loop+0x75/0x110 [ 114.806036][ T5344] do_syscall_64+0x2bd/0x3b0 [ 114.808186][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.810626][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.812932][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 114.814925][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.817496][ T5344] RIP: 0033:0x7f492bd8e929 [ 114.819468][ T5344] Code: Unable to access opcode bytes at 0x7f492bd8e8ff. [ 114.822943][ T5344] RSP: 002b:00007f492cb790e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.826948][ T5344] RAX: 0000000000000001 RBX: 00007f492bfb5fa8 RCX: 00007f492bd8e929 [ 114.830234][ T5344] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f492bfb5fac [ 114.833666][ T5344] RBP: 00007f492bfb5fa0 R08: 7fffffffffffffff R09: 0000000000000000 [ 114.837238][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f492bfb5fac [ 114.840665][ T5344] R13: 0000000000000000 R14: 00007ffd0a353de0 R15: 00007ffd0a353ec8 [ 114.844109][ T5344] [ 114.845906][ T5344] Kernel Offset: disabled [ 114.847905][ T5344] Rebooting in 86400 seconds..