program: syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x226, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2DkhDiGQXemnQFvNxPUzOLKquzEnJzUouIzDKjmT2bcz6TICFJ35u/V4AeMdgzdsQyMDHIb/NUWf/sjVblxU33k9KqImqndTTeXro9j2Kb/94qJ1PuJGWH/HxwS1LLIy/8wT0bp++aGOR9q6p6YOHY2Ks/lb7389937mNriBDWmx+JdhWz8CW5aNZ+cndwsH89Nr27fUqy4ICvNZeKxqRf/Jhxfy8Aw+cITW/2aM4fiFWM4pdwq58bcdYsX5Fqmfr7uDQPDwajPExkYlzPuZ2JgmBm2cw+yv8oboJHBwMzAwKDCwMDAxMDCkJaZk2rgwcDIwAzlGLJAVcFUMzFwgCX0kvNzUtoZGMFJAKxtOQML3AzDxwyscI4RMsfYogFqEkM7lFaB0h5QejmUfgyl5dGSDUsDKKr6oTyNBgYGNoaKxJKSIkM2BgYoCy5mBBczEoDbzAS1dS4TqueOMzGMglEwCkbBKBgFo2AUjIJRMApGwUgGgAAAAP//Nfi4SQ==") (async) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./file0\x00', 0x18008, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") (async) link(&(0x7f00000000c0)='./file2\x00', 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x8000) (async) creat(&(0x7f0000000280)='./file2\x00', 0x0) open(&(0x7f0000000080)='./file0/file0\x00', 0x103000, 0x2) [ 69.061417][ T49] Bluetooth: hci0: command tx timeout [ 69.095548][ T5322] loop0: detected capacity change from 0 to 8 [ 69.144958][ T5322] ------------[ cut here ]------------ [ 69.153961][ T5322] UBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36 [ 69.168300][ T5322] shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') [ 69.171861][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-13443-g56f944529ec2 #0 PREEMPT(full) [ 69.171877][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.171883][ T5322] Call Trace: [ 69.171889][ T5322] <TASK> [ 69.171894][ T5322] dump_stack_lvl+0x241/0x360 [ 69.171988][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.171998][ T5322] ? __pfx__printk+0x10/0x10 [ 69.172012][ T5322] ? stack_depot_save_flags+0x43f/0x940 [ 69.172046][ T5322] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 [ 69.172062][ T5322] ? __kasan_kmalloc+0x9d/0xb0 [ 69.172076][ T5322] ? vfs_get_tree+0x90/0x2b0 [ 69.172092][ T5322] squashfs_bio_read+0xf7e/0x10b0 [ 69.172118][ T5322] squashfs_read_data+0x2e7/0xba0 [ 69.172137][ T5322] ? __pfx_squashfs_read_data+0x10/0x10 [ 69.172147][ T5322] ? __kasan_kmalloc+0x9d/0xb0 [ 69.172160][ T5322] ? squashfs_page_actor_init+0x5a/0x1e0 [ 69.172175][ T5322] ? squashfs_page_actor_init+0x75/0x1e0 [ 69.172190][ T5322] squashfs_read_table+0x338/0x390 [ 69.172207][ T5322] squashfs_fill_super+0x238/0x21e0 [ 69.172223][ T5322] ? set_blocksize+0x14b/0x410 [ 69.172235][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.172252][ T5322] ? sb_set_blocksize+0xc9/0x180 [ 69.172270][ T5322] ? setup_bdev_super+0x4e6/0x5d0 [ 69.172284][ T5322] get_tree_bdev_flags+0x490/0x5c0 [ 69.172297][ T5322] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 69.172307][ T5322] ? __pfx_squashfs_fill_super+0x10/0x10 [ 69.172320][ T5322] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 69.172333][ T5322] ? apparmor_capable+0x13b/0x1b0 [ 69.172348][ T5322] vfs_get_tree+0x90/0x2b0 [ 69.172362][ T5322] do_new_mount+0x2cf/0xb70 [ 69.172380][ T5322] ? __pfx_do_new_mount+0x10/0x10 [ 69.172399][ T5322] __se_sys_mount+0x38c/0x400 [ 69.172417][ T5322] ? __pfx___se_sys_mount+0x10/0x10 [ 69.172440][ T5322] ? __x64_sys_mount+0x20/0xc0 [ 69.172455][ T5322] do_syscall_64+0xf3/0x230 [ 69.172505][ T5322] ? clear_bhb_loop+0x45/0xa0 [ 69.172515][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.172522][ T5322] RIP: 0033:0x7f9448b8e90a [ 69.172530][ T5322] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.172538][ T5322] RSP: 002b:00007f9444ff4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.172550][ T5322] RAX: ffffffffffffffda RBX: 00007f9444ff4ef0 RCX: 00007f9448b8e90a [ 69.172557][ T5322] RDX: 0000200000000240 RSI: 0000200000000280 RDI: 00007f9444ff4eb0 [ 69.172563][ T5322] RBP: 0000200000000240 R08: 00007f9444ff4ef0 R09: 0000000000000000 [ 69.172569][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000280 [ 69.172575][ T5322] R13: 00007f9444ff4eb0 R14: 0000000000000226 R15: 00002000000002c0 [ 69.172591][ T5322] </TASK> [ 69.172595][ T5322] ---[ end trace ]--- [ 69.284690][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.289240][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.292228][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.295138][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.299819][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.303239][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.306283][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.311679][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.314936][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.318988][ T5304] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.329121][ T5322] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 69.332088][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-13443-g56f944529ec2 #0 PREEMPT(full) [ 69.336602][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.340740][ T5322] Call Trace: [ 69.342085][ T5322] <TASK> [ 69.343264][ T5322] dump_stack_lvl+0x241/0x360 [ 69.345040][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.347015][ T5322] ? __pfx__printk+0x10/0x10 [ 69.348715][ T5322] ? vscnprintf+0x5d/0x90 [ 69.350419][ T5322] panic+0x349/0x880 [ 69.352012][ T5322] ? check_panic_on_warn+0x21/0xb0 [ 69.353997][ T5322] ? __pfx_panic+0x10/0x10 [ 69.355901][ T5322] ? _printk+0xd5/0x120 [ 69.357432][ T5322] ? __pfx__printk+0x10/0x10 [ 69.359267][ T5322] check_panic_on_warn+0x86/0xb0 [ 69.361197][ T5322] __ubsan_handle_shift_out_of_bounds+0x3e7/0x420 [ 69.363857][ T5322] ? __kasan_kmalloc+0x9d/0xb0 [ 69.365732][ T5322] ? vfs_get_tree+0x90/0x2b0 [ 69.367689][ T5322] squashfs_bio_read+0xf7e/0x10b0 [ 69.369773][ T5322] squashfs_read_data+0x2e7/0xba0 [ 69.371853][ T5322] ? __pfx_squashfs_read_data+0x10/0x10 [ 69.374520][ T5322] ? __kasan_kmalloc+0x9d/0xb0 [ 69.376758][ T5322] ? squashfs_page_actor_init+0x5a/0x1e0 [ 69.379049][ T5322] ? squashfs_page_actor_init+0x75/0x1e0 [ 69.381264][ T5322] squashfs_read_table+0x338/0x390 [ 69.383345][ T5322] squashfs_fill_super+0x238/0x21e0 [ 69.385407][ T5322] ? set_blocksize+0x14b/0x410 [ 69.387680][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.390189][ T5322] ? sb_set_blocksize+0xc9/0x180 [ 69.392185][ T5322] ? setup_bdev_super+0x4e6/0x5d0 [ 69.394192][ T5322] get_tree_bdev_flags+0x490/0x5c0 [ 69.396498][ T5322] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 69.398860][ T5322] ? __pfx_squashfs_fill_super+0x10/0x10 [ 69.400916][ T5322] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 69.402981][ T5322] ? apparmor_capable+0x13b/0x1b0 [ 69.404885][ T5322] vfs_get_tree+0x90/0x2b0 [ 69.406449][ T5322] do_new_mount+0x2cf/0xb70 [ 69.408014][ T5322] ? __pfx_do_new_mount+0x10/0x10 [ 69.410077][ T5322] __se_sys_mount+0x38c/0x400 [ 69.412042][ T5322] ? __pfx___se_sys_mount+0x10/0x10 [ 69.414253][ T5322] ? __x64_sys_mount+0x20/0xc0 [ 69.416207][ T5322] do_syscall_64+0xf3/0x230 [ 69.418056][ T5322] ? clear_bhb_loop+0x45/0xa0 [ 69.419881][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.422294][ T5322] RIP: 0033:0x7f9448b8e90a [ 69.424115][ T5322] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.431421][ T5322] RSP: 002b:00007f9444ff4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.434804][ T5322] RAX: ffffffffffffffda RBX: 00007f9444ff4ef0 RCX: 00007f9448b8e90a [ 69.437955][ T5322] RDX: 0000200000000240 RSI: 0000200000000280 RDI: 00007f9444ff4eb0 [ 69.441056][ T5322] RBP: 0000200000000240 R08: 00007f9444ff4ef0 R09: 0000000000000000 [ 69.444296][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000280 [ 69.447348][ T5322] R13: 00007f9444ff4eb0 R14: 0000000000000226 R15: 00002000000002c0 [ 69.450247][ T5322] </TASK> [ 69.451650][ T5322] Kernel Offset: disabled [ 69.453393][ T5322] Rebooting in 86400 seconds..