program:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0xf, 0x8, 0x80, 0x1, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x8, 0x4c75, 0x80000000, 0x2, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x6, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0xb94, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x403, 0x200006, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e2, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x8200, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x4, 0x3, 0x50, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0xb, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x4, 0x6d01, 0x2, 0x38, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x6, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x2, 0x5, 0x3, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x1, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40007, 0xaf, 0x5, 0x6, 0x227, 0x2, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0x2000d7, 0x201, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000002880)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
syz_read_part_table(0x5e2, &(0x7f0000000b00)="$eJzs3L+rHFUUB/DvndlfD6LPP8DiQRpR8Al24sNY6DNdEO0EbS2eSCzEQnYXFcEff0Ba0cIohFhbKEgQ01mJ8NBCxN7CFIYrOzuzG1CrfSiBz6fYe+6de86Z4U47G+5udT+pJbnZzT5qu2HUJNNV8GvyzjhZvvhkv5CM+8SS5PmrTz198eBSmW7WVquL/up022XSj6Mc9NGXo3x49fjdLl6kZJ4+zPjzSUarvXWdd+XvN32rpO328D8bfVXXBzHJ9/kiyUlpV4c/TZb5JLkvs27fYZK21tod8yLZS9rNW7GDa0c3lk/08V76N228ns3fK/WR/to4tdbaZH5+yGyT+x8/vPxPRbv8Zfd4w1KtdXxuyG22F05uT4bw0W9/nmc521RPbbYlT/eSV0+ffbi7k7KuMd798QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGMPvPbg180wudD9lk38zKdptlsXyZ9DfDA7o/7Xjm7sv/X25SZvHL38wytv/nL8W35P0ubw+Fwy3ex7aT1cf78bRv1qu3P/k9vN5LOPv9nbLPSlS/Ld+R9v1aHDaT++/tgdyUfNzv0BAAAAAAAAAAAAAAAAAABg5XouHlxq8lxS8kK2n/vXzJJShuksqbXWP2pn+Ph/cuXePrr5U8oqKbXcWf1Csn9PUqcfPNT9rcA6sdY66lqU/+YZ+Xd/BQAA//8EFGMK")
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x8000)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='ntfs3\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@can_delroute={0x1c, 0x19, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@CGW_DST_IF={0x8, 0xa, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80)

[   74.917479][ T5298] Bluetooth: hci0: command tx timeout
[   75.050393][ T5319] loop0: detected capacity change from 0 to 2048
[   75.084865][ T5293]  loop0: p2 p3 < > p4 < p5 >
[   75.087556][ T5293] loop0: partition table partially beyond EOD, truncated
[   75.093809][ T5293] loop0: p3 start 4284289 is beyond EOD, truncated
[   75.119016][ T5319]  loop0: p2 p3 < > p4 < p5 >
[   75.123818][ T5319] loop0: partition table partially beyond EOD, truncated
[   75.141076][ T5319] loop0: p3 start 4284289 is beyond EOD, truncated
[   75.182120][ T5319] ------------[ cut here ]------------
[   75.184685][ T5319] kernel BUG at fs/buffer.c:1582!
[   75.195848][ T5319] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   75.198596][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.202379][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.206859][ T5319] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[   75.209246][ T5319] Code: 4c 89 e2 e8 e6 2b 79 02 e9 42 ff ff ff e8 bc ab 75 ff 48 89 df 48 c7 c6 20 25 7a 8b e8 9d 86 dd fe 90 0f 0b e8 a5 ab 75 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   75.217395][ T5319] RSP: 0018:ffffc9000d5cf750 EFLAGS: 00010283
[   75.220006][ T5319] RAX: ffffffff824a680b RBX: ffffea0000466dc0 RCX: 0000000000100000
[   75.223313][ T5319] RDX: ffffc9000e112000 RSI: 0000000000001519 RDI: 000000000000151a
[   75.226684][ T5319] RBP: dffffc0000000000 R08: ffffea0000466dc7 R09: 1ffffd400008cdb8
[   75.230006][ T5319] R10: dffffc0000000000 R11: fffff9400008cdb9 R12: 0000000000000000
[   75.233466][ T5319] R13: 0000000000001000 R14: ffff888041ff5d98 R15: 0000000000001000
[   75.236962][ T5319] FS:  00007fe5607996c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   75.240847][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.243591][ T5319] CR2: 00005590fe91ade4 CR3: 0000000011faf000 CR4: 0000000000352ef0
[   75.247043][ T5319] Call Trace:
[   75.248536][ T5319]  <TASK>
[   75.249854][ T5319]  folio_alloc_buffers+0x3a0/0x640
[   75.252088][ T5319]  bdev_getblk+0x286/0x660
[   75.254049][ T5319]  __bread_gfp+0x89/0x3c0
[   75.255960][ T5319]  ntfs_bread+0xc2/0x1e0
[   75.257828][ T5319]  ntfs_fill_super+0x63d/0x40b0
[   75.259765][ T5319]  ? format_decode+0x5ee/0xe30
[   75.261771][ T5319]  ? vsnprintf+0xe11/0xf00
[   75.263563][ T5319]  ? __pfx_ntfs_fill_super+0x10/0x10
[   75.265699][ T5319]  ? set_blocksize+0x158/0x500
[   75.267622][ T5319]  ? sb_set_blocksize+0xc7/0x180
[   75.269591][ T5319]  ? setup_bdev_super+0x4c1/0x5b0
[   75.271567][ T5319]  get_tree_bdev_flags+0x40e/0x4d0
[   75.273718][ T5319]  ? __pfx_ntfs_fill_super+0x10/0x10
[   75.275842][ T5319]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   75.278182][ T5319]  vfs_get_tree+0x92/0x2b0
[   75.280061][ T5319]  do_new_mount+0x302/0xa10
[   75.281737][ T5319]  ? apparmor_capable+0x137/0x1b0
[   75.283681][ T5319]  ? __pfx_do_new_mount+0x10/0x10
[   75.285839][ T5319]  ? ns_capable+0x8a/0xf0
[   75.287678][ T5319]  ? kmem_cache_free+0x19b/0x690
[   75.289931][ T5319]  __se_sys_mount+0x313/0x410
[   75.291965][ T5319]  ? __pfx___se_sys_mount+0x10/0x10
[   75.294147][ T5319]  ? do_syscall_64+0xbe/0xfa0
[   75.296142][ T5319]  ? __x64_sys_mount+0x20/0xc0
[   75.298125][ T5319]  do_syscall_64+0xfa/0xfa0
[   75.299998][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.302305][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.304865][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   75.306913][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.309424][ T5319] RIP: 0033:0x7fe55f98f6c9
[   75.311384][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.319424][ T5319] RSP: 002b:00007fe560799038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.322907][ T5319] RAX: ffffffffffffffda RBX: 00007fe55fbe5fa0 RCX: 00007fe55f98f6c9
[   75.326284][ T5319] RDX: 0000200000000080 RSI: 00002000000002c0 RDI: 0000200000000000
[   75.329397][ T5319] RBP: 00007fe55fa11f91 R08: 0000000000000000 R09: 0000000000000000
[   75.332685][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.335977][ T5319] R13: 00007fe55fbe6038 R14: 00007fe55fbe5fa0 R15: 00007fff2f53d9d8
[   75.339313][ T5319]  </TASK>
[   75.340694][ T5319] Modules linked in:
[   75.342987][ T5319] ---[ end trace 0000000000000000 ]---
[   75.386554][ T5319] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[   75.388962][ T5319] Code: 4c 89 e2 e8 e6 2b 79 02 e9 42 ff ff ff e8 bc ab 75 ff 48 89 df 48 c7 c6 20 25 7a 8b e8 9d 86 dd fe 90 0f 0b e8 a5 ab 75 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   75.397611][ T5319] RSP: 0018:ffffc9000d5cf750 EFLAGS: 00010283
[   75.400732][ T5319] RAX: ffffffff824a680b RBX: ffffea0000466dc0 RCX: 0000000000100000
[   75.404247][ T5319] RDX: ffffc9000e112000 RSI: 0000000000001519 RDI: 000000000000151a
[   75.409005][ T5319] RBP: dffffc0000000000 R08: ffffea0000466dc7 R09: 1ffffd400008cdb8
[   75.412251][ T5319] R10: dffffc0000000000 R11: fffff9400008cdb9 R12: 0000000000000000
[   75.415542][ T5319] R13: 0000000000001000 R14: ffff888041ff5d98 R15: 0000000000001000
[   75.419442][ T5319] FS:  00007fe5607996c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   75.423553][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.426643][ T5319] CR2: 00007fe560777fc8 CR3: 0000000011faf000 CR4: 0000000000352ef0
[   75.430630][ T5319] Kernel panic - not syncing: Fatal exception
[   75.433478][ T5319] Kernel Offset: disabled
[   75.435377][ T5319] Rebooting in 86400 seconds..