program: openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0) (async) r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) (async, rerun: 32) r1 = socket(0x2, 0x1, 0x0) (async, rerun: 32) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r4, 0xc11, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x3, 0x6}, {0x9, 0x6}, {0x7}, {0x20, 0x2}, {0x4, 0x5}, {0x0, 0x5}], "d4b6230d6ac98cc9"}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) r6 = socket$l2tp(0x2, 0x2, 0x73) (async) r7 = syz_mount_image$iso9660(&(0x7f0000000940), &(0x7f0000000980)='./file0\x00', 0x4, &(0x7f00000009c0), 0x1, 0x92d, &(0x7f0000001340)="$eJzs3c1vHOUdB/DvOHZxDYIAKY0iIJvQgAmus3ZKqMWljr12tvWLZDsSUQ8NJaGKYpUKWglQD6lU9VTUHqpKbW8ce0LiApcqf0UPvfAvoJ5yczWz62RDvF7HON7gfj7WeN5+8zy/2ZmdR/s2T/gm29jYqIZdzl/8534my8Pn/OwXH3/yUTn87ka+lUN5tfgsGU5SSwaTHE2GZmZXlhd7FHQ9uZzkZlIkeSSt8Y5cTvGnPHZn/maKf5T18uBt8H+t3+cfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8jIqZ2Xp9oshCc+niG7Xuqi7At1m/Wd7nVa/fxec9602Kcsjw8GZX30eP3Fn9TPnvZJ5tzT1bdUie4Xz46DOHX396cGBz+20S2hfvffDh9TfX16++2+9E+mS+sdRcXW4uTs83as3V5drUuXP1MxfmVmtzzYXG6qXVtcZibWalMb22vFIbnXm5NjE1dbbWGL+0fHFpfnZ6obG58LXvT9br52rX2kd/6cyPx1dnLjQXFppL81VMubqMea08EX/SXKutNaYXa7W3r61fPdsryTJootvK0x1Bk71KmqxPTk5MTE5OnHt16tXX6vXBexbUvyL3RPT/pKW/9vT6DV/HQLv9z0KaWcrFvJHaln8zmc1KlrPYZX3bZvt/6kxj23o72//NVv7ondXHUrX/z7fmnu/W/nfJ5b7//vZEdlfWe/kgH+Z63sx61nM17+5VRt+Qv/k0spRmVrOcZhYzXS2ptZfUMpVzOZd6fpYLmctqaplLMwtpZDWXspq1NKozaiYraWQ6a1nOSmoZzUxeTi0TmcpUzqaWRsZzKcu5mKXMZzbTVSlv51r1uJ/dJsfbQRM7CZrcJkj7z9f3IC7jsCsbm+0/AAAAcGAV1bvv5ev/oTxXTc01Fxr1fqcFAAAA7KHqk/9ny9FQOfVcCq//AQAA4KApqt/YFUlGcrw1tflLKG8CAAAAwAFRff7/fDkaKaeOp/D6HwAAAA6a3vfY7xlRjG3e/rd2pTW+0o5o3+d3ZK650BifWV54fSIvVncZqH5psGVpQ9XPD07nRCvqxEhrPHJ3icNl1MT46xM5nZPtHRl9oRy9MLpF5GQr8qVW5EvbRJ4tIwHgoDvZoz3eSft/OmOtiLFjZWOawWNbtKx1LSsAPCx697HTM6L4QY/X/0/d/krBeN7KO1nPlYxVvzaovnGwZakjHV9DGOvxbsBIRw8vYz3eDxjp6OhlrMc7AiMd3csAwEFyskc7vJP2f6zH6/8RXykEgIfK7R7sH+BEv/cRALibVhoAAAAAAAAAAAAAAAAAAAAAAAAAAAD23n7c/9+EibsnNh5pnX0PSz4m7p3o95UJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/VAkh7ZaPpA8kqSe5Mz+Z/Xg3Oh3An1W3MqtvJ/H+50HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB077//0Ba40dbizI4kJxKcjnJT/ud41661e8E+qzj/v/lMc9GkcHWYU8xNDO7srxYHv6q74eBLz7+5KNy2E09ZQFlDXd1LtGuoftWT1Zbjcxefe/6r9/5VW32fJXk+bW5hdnF+ZUf3Ql8pvg0qaU1bNrM97en/vXnLfb803JPd1bvXFXv7L31fnerrbevdzvX1q9OljWtNd5Y+80vr73fseqpnEheGE1G767pF+XQpaYTGdqutuLL4g/F4/lrLlfHv3w0io2iPERPVPv/7bevrV8df+ud9Stdcjqc40muJMM7z+l4dT3ZUnXWDQyVtdaroPLfkR7lbaujxIku+/BkdcqM3Nc+1LrvQ6XH497O6GyXjJ7Oi/d9pF/sUeOWii+L/xQX8u/8vqP/j4Hy+J/KTp6dZUwV2XGmdI0caEVWez65bZldn5U8AH/Mz/PD28d/oOP63z5W+3M96qhxn54XVYt05CstUvvq022bdp5HWlFd8vxOXkkGj93XFeWVHleUB/X8/3sxmv/mhv5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh1+RHNpq+UByKsnhJE+U87VkYy/qGxgp9qKYXbvR19r7r7iVW3k/j/c7DwAAAAAAAAD2xvnZLz7+5KNyqD6PP5TvFZ8lw61P+geTHC7+MjQzu7K82KOgoeRykpu7yKHcLo/dmb9Zzh3dRUEAwI78LwAA//8tWGMj") ioctl$FICLONE(r7, 0x40049409, 0xffffffffffffffff) (async) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) (async) connect$inet(r6, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) (async) sendmmsg$inet(r6, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) ioctl$NBD_DO_IT(r2, 0xab03) (async) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='qnx6\x00', 0x2008087, 0x0) [ 149.909796][ T4666] Bluetooth: hci0: command tx timeout [ 149.914159][ T5336] loop0: detected capacity change from 0 to 1764 [ 149.939490][ T4666] block nbd0: Receive control failed (result -107) [ 149.961399][ T5337] qnx6: unable to read the first superblock [ 149.964339][ T5337] ------------[ cut here ]------------ [ 149.966817][ T5337] WARNING: CPU: 0 PID: 5337 at fs/buffer.c:1125 bdev_getblk+0x580/0x660 [ 149.970964][ T5337] Modules linked in: [ 149.972919][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 149.976949][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 149.981869][ T5337] RIP: 0010:bdev_getblk+0x580/0x660 [ 149.984080][ T5337] Code: 26 fb ff ff e8 71 a8 75 ff 48 c7 c7 20 29 7a 8b 48 c7 c6 77 d0 83 8d 4c 89 fa 4c 89 e9 e8 08 96 dd fe eb bd e8 51 a8 75 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89 [ 149.994646][ T5337] RSP: 0018:ffffc9000d3ef9d8 EFLAGS: 00010293 [ 149.997270][ T5337] RAX: ffffffff8249fb4f RBX: ffff88803214d098 RCX: ffff888000d22480 [ 150.001264][ T5337] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 [ 150.004660][ T5337] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8218eb4d [ 150.008078][ T5337] R10: 0000000000000406 R11: 0000000000000000 R12: ffff88803214d9f0 [ 150.011859][ T5337] R13: ffff88803214d080 R14: 0000000000000200 R15: 1ffff11006429a13 [ 150.015398][ T5337] FS: 00007f5dd2cbb6c0(0000) GS:ffff88808d304000(0000) knlGS:0000000000000000 [ 150.019223][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.022055][ T5337] CR2: 0000200000004a00 CR3: 000000000dc6c000 CR4: 0000000000352ef0 [ 150.025599][ T5337] Call Trace: [ 150.027080][ T5337] [ 150.028893][ T5337] __bread_gfp+0x89/0x3c0 [ 150.031169][ T5337] qnx6_check_first_superblock+0xa1/0x330 [ 150.033588][ T5337] ? sb_set_blocksize+0x120/0x180 [ 150.035594][ T5337] qnx6_fill_super+0x4c8/0x1280 [ 150.037381][ T5337] ? setup_bdev_super+0x4c1/0x5b0 [ 150.039383][ T5337] get_tree_bdev_flags+0x40b/0x4d0 [ 150.041309][ T5337] ? __pfx_qnx6_fill_super+0x10/0x10 [ 150.043216][ T5337] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 150.045399][ T5337] vfs_get_tree+0x8f/0x2b0 [ 150.047051][ T5337] do_new_mount+0x302/0xa10 [ 150.048981][ T5337] ? apparmor_capable+0x137/0x1b0 [ 150.050922][ T5337] ? __pfx_do_new_mount+0x10/0x10 [ 150.053113][ T5337] ? ns_capable+0x8a/0xf0 [ 150.054995][ T5337] ? kmem_cache_free+0x19b/0x690 [ 150.057218][ T5337] __se_sys_mount+0x313/0x410 [ 150.059516][ T5337] ? __pfx___se_sys_mount+0x10/0x10 [ 150.061896][ T5337] ? do_syscall_64+0xbe/0xfa0 [ 150.064020][ T5337] ? __x64_sys_mount+0x20/0xc0 [ 150.066144][ T5337] do_syscall_64+0xfa/0xfa0 [ 150.068194][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.071408][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.074222][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 150.076338][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.079038][ T5337] RIP: 0033:0x7f5dd1d8eec9 [ 150.080891][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.088693][ T5337] RSP: 002b:00007f5dd2cbb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 150.092066][ T5337] RAX: ffffffffffffffda RBX: 00007f5dd1fe6180 RCX: 00007f5dd1d8eec9 [ 150.095475][ T5337] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000000 [ 150.099114][ T5337] RBP: 00007f5dd1e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.103024][ T5337] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000 [ 150.106496][ T5337] R13: 00007f5dd1fe6218 R14: 00007f5dd1fe6180 R15: 00007ffc862c9bd8 [ 150.110474][ T5337] [ 150.111952][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 150.115033][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 150.118957][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 150.123517][ T5337] Call Trace: [ 150.125060][ T5337] [ 150.126362][ T5337] dump_stack_lvl+0x99/0x250 [ 150.128501][ T5337] ? __asan_memcpy+0x40/0x70 [ 150.130506][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.132834][ T5337] ? __pfx__printk+0x10/0x10 [ 150.134897][ T5337] vpanic+0x237/0x6d0 [ 150.136613][ T5337] ? __pfx_vpanic+0x10/0x10 [ 150.138617][ T5337] panic+0xb9/0xc0 [ 150.140263][ T5337] ? __pfx_panic+0x10/0x10 [ 150.142250][ T5337] __warn+0x31b/0x4b0 [ 150.144020][ T5337] ? bdev_getblk+0x580/0x660 [ 150.146086][ T5337] ? bdev_getblk+0x580/0x660 [ 150.148003][ T5337] report_bug+0x2be/0x4f0 [ 150.149818][ T5337] ? bdev_getblk+0x580/0x660 [ 150.151616][ T5337] ? bdev_getblk+0x580/0x660 [ 150.153494][ T5337] ? bdev_getblk+0x582/0x660 [ 150.155160][ T5337] handle_bug+0x84/0x160 [ 150.156834][ T5337] exc_invalid_op+0x1a/0x50 [ 150.158572][ T5337] asm_exc_invalid_op+0x1a/0x20 [ 150.160694][ T5337] RIP: 0010:bdev_getblk+0x580/0x660 [ 150.162810][ T5337] Code: 26 fb ff ff e8 71 a8 75 ff 48 c7 c7 20 29 7a 8b 48 c7 c6 77 d0 83 8d 4c 89 fa 4c 89 e9 e8 08 96 dd fe eb bd e8 51 a8 75 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89 [ 150.170751][ T5337] RSP: 0018:ffffc9000d3ef9d8 EFLAGS: 00010293 [ 150.173358][ T5337] RAX: ffffffff8249fb4f RBX: ffff88803214d098 RCX: ffff888000d22480 [ 150.176663][ T5337] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 [ 150.180139][ T5337] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8218eb4d [ 150.183416][ T5337] R10: 0000000000000406 R11: 0000000000000000 R12: ffff88803214d9f0 [ 150.186843][ T5337] R13: ffff88803214d080 R14: 0000000000000200 R15: 1ffff11006429a13 [ 150.190218][ T5337] ? fs_reclaim_acquire+0x7d/0x100 [ 150.192414][ T5337] ? bdev_getblk+0x57f/0x660 [ 150.194435][ T5337] ? bdev_getblk+0x57f/0x660 [ 150.196359][ T5337] __bread_gfp+0x89/0x3c0 [ 150.198226][ T5337] qnx6_check_first_superblock+0xa1/0x330 [ 150.200737][ T5337] ? sb_set_blocksize+0x120/0x180 [ 150.202951][ T5337] qnx6_fill_super+0x4c8/0x1280 [ 150.205076][ T5337] ? setup_bdev_super+0x4c1/0x5b0 [ 150.207209][ T5337] get_tree_bdev_flags+0x40b/0x4d0 [ 150.209477][ T5337] ? __pfx_qnx6_fill_super+0x10/0x10 [ 150.211841][ T5337] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 150.214349][ T5337] vfs_get_tree+0x8f/0x2b0 [ 150.216379][ T5337] do_new_mount+0x302/0xa10 [ 150.218330][ T5337] ? apparmor_capable+0x137/0x1b0 [ 150.220395][ T5337] ? __pfx_do_new_mount+0x10/0x10 [ 150.223162][ T5337] ? ns_capable+0x8a/0xf0 [ 150.225056][ T5337] ? kmem_cache_free+0x19b/0x690 [ 150.227138][ T5337] __se_sys_mount+0x313/0x410 [ 150.229094][ T5337] ? __pfx___se_sys_mount+0x10/0x10 [ 150.231346][ T5337] ? do_syscall_64+0xbe/0xfa0 [ 150.233224][ T5337] ? __x64_sys_mount+0x20/0xc0 [ 150.235314][ T5337] do_syscall_64+0xfa/0xfa0 [ 150.237194][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.239881][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.242580][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 150.244607][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.247127][ T5337] RIP: 0033:0x7f5dd1d8eec9 [ 150.248884][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.256900][ T5337] RSP: 002b:00007f5dd2cbb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 150.260555][ T5337] RAX: ffffffffffffffda RBX: 00007f5dd1fe6180 RCX: 00007f5dd1d8eec9 [ 150.263798][ T5337] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000000 [ 150.266943][ T5337] RBP: 00007f5dd1e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.269955][ T5337] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000 [ 150.273308][ T5337] R13: 00007f5dd1fe6218 R14: 00007f5dd1fe6180 R15: 00007ffc862c9bd8 [ 150.276657][ T5337] [ 150.278333][ T5337] Kernel Offset: disabled [ 150.280214][ T5337] Rebooting in 86400 seconds..